For the half-year to 30 June 2014, the IPKat's regular team is supplemented by contributions from guest bloggers Alberto Bellan, Darren Meale and Nadia Zegze.

Two of our regular Kats are currently on blogging sabbaticals. They are David Brophy and Catherine Lee.

Wednesday, 27 February 2008

Stop das press! No more surreptitious state surveillance

The IPKat's amiable and scholarly friend Dr Guido Westkamp (pictured right, together with his highly-trained news hound) has just written to inform him as follows:

"Today the German Constitutional Court decided that the state may not engage in surreptitious surveillance of information technology systems. The case, a constitutional complaint against a law permitting such surveillance by intelligence services, was decided on the basis of a new human right in the confidentiality and integrity of information technology systems. The court emphasises that this right, which applies where other fundamental rights affecting privacy are inapplicable (such as the rights in confidentiality of telecommunication communications or the right to inviolability of ones home), is derived from the fundamental rights in personal dignity and personality rights under the constitution. The right can only be restricted where significant higher ranking fundamental values need be protected, such as the life and integrity of others (that is, as a means to prevent acts of terrorism provided there are sufficient reason to believe that surveillance will the state to prevent such acts, but only if the surveillance measure is permitted by a judge on a case by case basis).

The decision may have a dramatic impact in relation to the constitutionality of protected rights management information systems deemed to protect copyright. Where a supplier of copyright works manipulates data stored on a customers computer, or where personal data are being collected in order to allow the right holder to trace the use of works supplied online, it appears that if the customer can invoke the new right there is little left to argue for right holders that such means are necessary to protect copyright. It seems most unlikely that the protection of copyright can serve as a basis for higher ranking interests that would provide a legitimate purpose for justifying such intrusion. I incidentally wonder what would happen if the German Constitutional Court would find the DRM provisions under copyright unconstitutional and thereby void, given that it is derived both from the WCT and the Information Society Directive".
The link to the decision is here. The IPKat imagines that this decision may have repercussions for more than copyright management systems, since it may come into conflict with scenarios in which, on the face of it, IP Enforcement Directive 2004/48 would contemplate the disclosure of infringement-sensitive materials held by internet service providers and regular database holders. Merpel sniffs, surely it would be a good idea if matters of this sort -- given their fundamental nature -- were resolved by the Commission and by pan-European legislation before they arose, rather than by national courts after they arose ...

2 comments:

Birgit said...

It is amazing how quickly Guido reported this case!

The BVerfG states for the first time that the general personality right under Art 2(1), 1(1) German Basic Law also encompasses the basic (human) right of confidentiality and integrity of information technology systems.

That does not mean however, that this basic (human) right cannot be balanced against other rights. The court makes it clear that such "online searches" or surveillances are legal in such cases where the is concrete danger for other rights of paramount importance ("überragend wichtige Rechtsgüter") like human lives or the existance of the state. In such cases, where other basic rights are colliding the "online search" must be sanctioned by a judge.

I can see why Guido is worried about the consequences of this broadening of the general personality right, but at the same I cannot see how the court could have decided any differently without fundamentally changing its view of how Art 2(1), 1(1) Basic Law should be interpreted. Articles 10 and 13 just did not cover this aspect of modern life.

The court must have been aware of the potential consequences of this new interpretation. I assume that if conflicts with the IP Enforcement Directive 2004/48 or the DRM provisions under copyright/WCT and the Information Society Directive ever came to be decided by the BVerfG things might pan out slighlty differently.

I am not at all sure that today's decision allows a definite predicition as to how such conflicts would be decided by the BverfG or whether this new aspect of the General personality right could then indeed be invoked.

Birgit said...

The above case was mentioned at a conference organised by the Academy of European Law (ERA) in cooperation with the Office of the European Data Protection Supervisor on 26-27 May 2008 in Trier, Germany. Topic was "Data protection in the EU: How to strike the right balance between mobility, security and privacy".

An interesting newsitem or ERA's website sets out what was dicussed at the conference; it can be retrieved here: http://www.era.int/web/en/html/nodes_main/4_1649_459/4_2153_462/5_1625_7703.htm

Subscribe to the IPKat's posts by email here

Just pop your email address into the box and click 'Subscribe':