• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
ITMediaLaw - Rechtsanwalt Marian Härtel
Warenkorb
Plugin Install : Cart Icon need WooCommerce plugin to be installed.
  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
ITMediaLaw - Rechtsanwalt Marian Härtel
Home Other

Unsuccessful constitutional complaint against obligation to transmit IP addresses

7. November 2022
in Other
Reading Time: 7 mins read
0 0
A A
0
karlsruhe bundesverfassungsgericht

It does not violate the German Basic Law that the provider of an e-mail service is obliged, in the context of a duly ordered telecommunications surveillance, to provide the investigating authorities with the Internet protocol addresses (hereinafter: IP addresses) of the customers accessing their account even if, for data protection reasons, it has organized its service in such a way that it does not log them. This was the decision of the 3rd Chamber of the Second Senate in a resolution published today and the constitutional complaint of such a service provider was not accepted for decision. In support of its claim, it argued that this would also be unacceptable from the point of view of Art. 12 para. 1 of the German Basic Law (GG), which is fundamentally worthy of protection, cannot release the company from its obligation to comply with the legal requirements that take into account the constitutional requirement of a functioning administration of criminal justice.

Facts:

The complainant operates an e-mail service that advertises particularly effective protection of customer data and is committed to the principles of data security and data economy. It only collects and stores data if this is necessary for technical reasons or – in its view – is required by law. The Stuttgart public prosecutor’s office conducted a preliminary investigation on suspicion of violations of the Narcotics Act and the War Weapons Control Act. In an order dated July 25, 2016, the local court, at the request of the public prosecutor’s office pursuant to Sections 100a, 100b of the German Code of Criminal Procedure (StPO) as amended at that time, ordered the backup, mirroring and surrender of all data electronically stored on the Service’s servers with respect to the e-mail account in question “as well as all data accruing in the future with respect to this account.” The State Criminal Police Office notified the complainant of the ordered monitoring measure and the account to be monitored. In response, the complainant set up telecommunications monitoring, but pointed out that traffic data of users was not “logged” and such data, including IP addresses, could therefore not be provided, they were not available. The complainant contradicted the public prosecutor’s assumption that the IP addresses were available at the provider’s premises, outlining its system structure. For security reasons, it strictly separates its internal network from the Internet using a so-called NAT (Network Address Translation) process, in which the address information in data packets is automatically replaced by other information. The IP addresses of the customers were therefore already discarded at the outer limits of the system and were removed from the complainant’s access. By order of August 9, 2016, the Local Court imposed an administrative fine of 500 euros, or seven days’ administrative detention, on the complainant. Based on the decision of July 25, 2016, the complainant was obliged to collect the traffic data and in particular the IP addresses in the future. The Regional Court dismissed the appeal against this as unfounded by order of September 1, 2016. In November 2016, the State Criminal Police Office informed the complainant that the monitoring of the connection could be switched off. The fine was eventually paid.

The Board’s main considerations are:

Insofar as the constitutional complaint is directed against the appeal decision, it is in any case unfounded. It is true that the imposition of the administrative fine interferes with the rights guaranteed by Art. 12 para. 1 sentence 2 of the German Basic Law (GG) interferes with the complainant’s freedom to exercise his profession. The assumption of the Regional Court that the encroachment on the scope of protection of Art. 12 para. 1 sentence 2 GG is justified in accordance with the relevant statutory provisions, but does not meet with any constitutional objections.

Art. Section 1 sentence 2 of the German Basic Law permits interference with the freedom of occupation only on the basis of a statutory regulation that indicates the scope and limits of the interference. In this context, the legislature itself must make all essential decisions insofar as they are amenable to statutory regulation. The greater the encroachment on areas protected by fundamental rights, the more clearly the legislative intent must be expressed. Accordingly, a violation of fundamental rights is not evident. The specialized courts have interpreted the provisions on the obligations of telecommunications service providers to cooperate and withhold information in a constitutionally defensible manner. They were allowed to assume, without violating the constitution, that the complainant was obligated to design its operation in such a way that it could provide the investigating authorities with the external IP addresses accruing at the monitored account from the time of the order. This is because the interception of telecommunications within the meaning of Section 100a of the Code of Criminal Procedure covers not only the contents of communications, but also the more detailed circumstances of the telecommunications, including the IP addresses in question.

(1) The provision of Section 100a of the Code of Criminal Procedure – which is in conformity with the Constitution – authorizes the interception and recording of telecommunications. Against the backdrop of the “broad” concept of telecommunications, access to e-mail communication, at least insofar as it involves the transmission of the message from the sender’s device via the sender’s mail server to the e-mail provider’s mail server and the subsequent retrieval of the message by the recipient, indisputably falls within the scope of Section 100a of the Code of Criminal Procedure.

From the protection of the secrecy of telecommunications according to Art. 10 para. 1 GG, however, covers not only the content of the communication, but also the detailed circumstances of the telecommunication. Against this background, the interception of telecommunications pursuant to Section 100a of the Code of Criminal Procedure also concerns traffic data within the meaning of Section 3 No. 30 of the Telecommunications Act (TKG), insofar as this data is generated in the course of the telecommunications to be intercepted. Traffic data in this sense also and especially includes the IP addresses that are generated. Accordingly, these are set out in § 96 para. 1 sentence 1 TKG are listed as numbers of the lines or facilities involved. Dynamic or static IP addresses used by the customers of a provider of e-mail services to access their e-mail account with their Internet-capable end devices are therefore in principle subject to the scope of Section 100a of the Code of Criminal Procedure.

However, the fact that the monitoring of e-mail traffic in the context of an order under Section 100a of the Code of Criminal Procedure also includes the designated IP addresses does not necessarily mean that the complainant, as the operator of a telecommunications system, is already obliged to take precautions to make these IP addresses also and precisely available to the investigating authorities. § 100b para. 3 sentence 2 StPO old refers in this respect to the provisions of the TKG and the TKÜV.

According to § 110 para. 1 sentence 1 no. 1 TKG, operators of publicly available telecommunications services are required to maintain, at their own expense, technical facilities for implementing telecommunications monitoring from the time they commence operations and to take the appropriate organizational precautions for its immediate implementation. The basic technical requirements and organizational key points for the implementation of the monitoring measures are governed by the authorization in Section 110 (1) of the German Data Protection Act. 2 TKG enacted TKÜV. According to this, the complainant is also subject to the obligation to produce evidence; the fact that the provisions of Section 3 para. The fact that the exceptions provided for in Section 2 of the TKÜV apply to certain types of telecommunications equipment has neither been presented nor is it apparent.

The scope of the data to be provided is determined in accordance with § 5 para. 1 and 2 in connection with § 7 para. 1 TKÜV. According to § 5 para. 1 TKÜV, the telecommunications to be monitored consist – in accordance with the broad definition of telecommunications in Section 100a of the Code of Criminal Procedure – of the content and the data on the detailed circumstances of the telecommunications. Pursuant to paragraph 2 of the provision, the obligated party shall provide a complete copy of the telecommunications that are handled through its telecommunications equipment. As part of this monitoring copy, the obligated party shall, pursuant to § 7 para. 1 sentence 1 nos. 2, 3 and 4 of the TKÜV must also provide the data it holds on a dialed telephone number or other addressing information. According to the language used in the TKG, IP addresses that are generated in the course of telecommunications fall under the term “other addressing information” without further ado, because they are used precisely for addressing, i.e., for reaching or locating a specific destination on the Internet. For example, IP addresses are indisputably subject to the legal definition of § 3 No. 13 TKG, according to which numbers within the meaning of the TKG are strings of characters that serve addressing purposes in telecommunications networks.

It is also at any rate constitutionally justifiable to assume that the data are available to the complainant within the meaning of Section 7 para. 1 sentence 1 TKÜV and to be provided by the latter as part of the complete copy of the monitored telecommunications handled via its telecommunications system. It already follows from the system structure described by him that the complainant must store the public IP addresses of its customers at least for the duration of the communication, as otherwise it would not be able to send the retrieved data packets to its customers at all. In any case, the data accrues when accessing the monitored e-mail account, is known to the complainant’s telecommunications system at least at times, and is also used by it to establish successful communication with the requesting customer.

The monitoring of – future – telecommunications pursuant to Section 100a of the Code of Criminal Procedure is – unlike the collection of traffic data pursuant to Section 100g of the Code of Criminal Procedure – also not limited to the traffic data that is collected pursuant to Section 96 para. 1 TKG may be permissibly collected by the service provider.

The fact that the complainant cannot access the external IP addresses – at present – does not prevent this. This is because this is not because the data itself is not available, but solely because the complainant has chosen to hide it from its internal systems and not log it for data protection reasons. However, this is solely due to the business and system model deliberately chosen by the complainant. It is true that the complainant’s concern to offer a business model that optimizes data protection and is therefore attractive to many users also appears to be justified from the point of view of Art. 12 Par. 1 GG is in principle well worth protecting. However, this cannot release him from the requirements of the TKG and the TKÜV, which are obtained within the framework of a reasonable interpretation and which take into account the constitutional requirement of a functioning administration of criminal justice.

Finally, this result is not precluded by the fact that the data to be provided is defined in accordance with the new provision in Section 7 (1) of the TKÜV, which was added as part of the new announcement of July 11, 2017. 1 Sentence 1 No. 9 TKÜV now explicitly extend to the public IP addresses of the users involved that are known to the telecommunications system of the obligated party. In any case, this new provision does not permit a constitutionally compelling conclusion that the IP addresses in question had previously been excluded from the group of data to be provided. Rather, the newly inserted Section 7 para. 1 sentence 1 no. 9 TKÜV obviously has a clarifying function.

2 Contrary to the complainant’s view, Section 100g para. 1 StPO, as far as the (real-time) interception of future telecommunications is concerned, the provision of Section 100a StPO does not apply.

(3) In the specific case, there is likewise nothing to be recalled on constitutional grounds against the setting of the administrative fine in the amount of 500 euros.

Tags: E‑mailEntscheidungenInformationinternetIP addressMailModelPrivacyServerSicherheit

Weitere spannende Blogposts

No advertising with a manufacturer’s warranty = no information required?

Manufacturer’s information when applying for electrical appliances
25. September 2019

Until now, one of the biggest risks of a warning was when online retailers did not provide information about the...

Read moreDetails

MDR may delete comments without broadcast reference on its Facebook page

MDR may delete comments without broadcast reference on its Facebook page
2. December 2022

Public broadcasters are entitled to delete non-broadcast-related comments made by users in forums on their corporate social media pages. This...

Read moreDetails

Artificial intelligence in esports: legal challenges and solutions for fan engagement, game improvement and sponsorship.

Artificial intelligence in esports: legal challenges and solutions for fan engagement, game improvement and sponsorship.
9. June 2023

Introduction The rapid development of artificial intelligence (AI) is having a profound impact on various industries, and esports is no...

Read moreDetails

No Google deletion claim from DSGVO

LG Munich: Data protection consent on dating platform
7. November 2022

The Dresden Higher Regional Court has ruled that the General Data Protection Regulation does not give rise to a claim...

Read moreDetails

BaFin and the regulation of e-money (including computer games)

BaFin and the regulation of e-money (including computer games)
11. December 2022

What is BaFin? BaFin is the Federal Financial Supervisory Authority and is the German supervisory authority for credit institutions, insurance...

Read moreDetails

Agent commissions in esport – Attention!

Transfer sums in esport?
13. February 2019

As a supplement to my article from yesterday , I would also like to add a brief outline of commissions...

Read moreDetails

Ritter-Sport square shape continues with trademark protection

International trademark application at WIPO
7. November 2022

The I. Civil Senate of the Federal Court of Justice, which is responsible among other things for trademark law, today...

Read moreDetails

BGH rejects delisting request against Google!

District Court Frankfurt a.M. on the right to be forgotten
7. November 2022

The BGH has ruled in two cases, rejecting the delisting request in one case (confirming the first two instances) and...

Read moreDetails

Google doesn’t have to remove illegal search results worldwide

Publication of sales advertisements and classification as a trader
25. September 2019

The ECJ has ruled that Google is not obliged to make a delisting in all versions of its search engine,...

Read moreDetails
signatures download clipart 29

Electronic signature

29. March 2025

Definition and types of electronic signature The electronic signature is a digital procedure for ensuring the authenticity of electronic declarations...

Read moreDetails
Loss deduction

Loss deduction

16. October 2024
Federal Administrative Court

Federal Administrative Court

27. June 2023

Memorandum / Articles of Association

24. June 2023
Greenwashing: what it is and why it might violate competition law

Greenwashing

29. March 2025

Podcast Folgen

9e9bbb286e0d24cb5ca04eccc9b0c902

Legal challenges of innovative business models

1. October 2024

In this captivating podcast episode, I dive deep into the world of legal challenges associated with innovative business models as...

092def0649c76ad70f0883df970929cb

Influencers and gaming: legal challenges in the digital entertainment world

26. September 2024

In this captivating episode, lawyer Marian Härtel takes listeners on an exciting journey through the dynamic world of influencers and...

8ffe8f2a4228de20d20238899b3d922e

Web3, blockchain and law – a critical review

26. September 2024

  In this insightful episode of the ITmedialaw podcast, we take an in-depth look at the intersection of Web3, blockchain...

AI in law: opportunities, risks and regulation – the IT Media Law Podcast Episode 3

AI in law: opportunities, risks and regulation – the IT Media Law Podcast Episode 3

24. September 2024

Welcome to the third episode of our podcast "IT Media Law"! In this episode, we delve into the fascinating world...

  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung