Headnotes
to the Order of the Second Senate of 12 April 2005
2BvR 1027/02
- The Code of Criminal Procedure provides a statutory basis for the securing and seizure of data storage devices and of the data stored on them as evidence in criminal proceedings.
- When searching, securing and seizing data storage devices and the data stored on them, reasonable efforts must be made to prevent access to information that is irrelevant to the criminal proceedings.
- At least in cases of serious, deliberate or arbitrary violations of procedure, unlawful searches and seizures of data storage devices and of the data stored on them must result in a prohibition to use the data as evidence.
FEDERAL CONSTITUTIONAL COURT
- 2 BvR 1027/02 -
IN THE NAME OF THE PEOPLE
In the proceedings
on the constitutional complaint of
1. |
Mr P…, 2. Mr U…, 3. Mr B…, 4. the company R… mbH, represented by the managing directors B… and P…, |
– authorised representatives (no. 4): …
against |
a) |
the Order of the Hamburg Regional Court of 25 June 2002 |
b) |
the Order of the Hamburg Regional Court of 20 June 2002 |
|
c) |
the Order of the Hamburg Regional Court of 14 June 2002 |
|
d) |
the Order of the Hamburg Local Court of 4 June 2002 |
|
e) |
the Orders of the Hamburg Local Court of 7 May 2002 |
the Federal Constitutional Court – Second Senate –
with the participation of Justices
Vice-President Hassemer,
Jentsch,
Broß,
Osterloh,
Di Fabio,
Mellinghoff,
Lübbe-Wolff,
Gerhardt
held on 12 April 2005:
- The Orders of the Hamburg Regional Court of 14 June 2002 - 618 Qs 52/02 -, of 20 June 2002 - 618 Qs 54/02 - and of 25 June 2002 - 618 Qs 52/02 - violate the complainants’ fundamental right under Article 2(1) of the Basic Law to the extent that they concern the securing of evidence. They are reversed and the matter is remanded to the Hamburg Regional Court.
- For the rest, the constitutional complaint is rejected.
- […]
REASONS:
A.
The constitutional complaint concerns the search and seizure of the electronic data records of a law firm and a tax consultancy firm in the context of criminal investigations against a lawyer-tax consultant, who is a partner in both firms. The current proceedings raise the question to what extent the relationship of trust between the directly affected professionals, who are bound by confidentiality obligations, and their clients bears on the permissibility of granting authorities full data access in the course of criminal proceedings.
I.
[…]
II.
1. The Hamburg Public Prosecution Office and the fraud investigation unit of the Hamburg-Neustadt-St. Pauli Tax Office conducted criminal investigations against complainant no. 2, a lawyer and tax consultant. He is a partner in the joint law firm of complainants nos. 1 to 3, and authorised signatory and partner of complainant no. 4, a tax consultancy firm registered at the same address.
The investigating authorities believed that, together with [two] other suspects, complainant no. 2 was involved in payments made to letterbox companies on the British Island of Jersey by [three] companies […], all with registered headquarters in Germany, for goods and services that had in fact never been provided. […]
[…] There were grounds for suspecting that the other two suspects, who filed joint income tax returns, had fraudulently reduced their income tax liabilities by a total of DM 1,390,874.00.
2. a) Against this backdrop, the Hamburg Local Court issued two identically worded search warrants on 7 May 2002 in accordance with § 102 of the Code of Criminal Procedure for the workplace of complainant no. 2 in the law firm and for the offices of the tax consultancy firm […]. Complainant no. 2 was suspected of having devised the tax evasion scheme for the other two suspects, aided by one of his tax assistants. […].
b) […]
3. The search was carried out on 14 May 2002 in the offices of the law firm and of the tax consultancy, which complainant no. 2 at least partially shares with the other partners of the law firm. Written documents […] were secured, along with “various data stored on separate devices”. This included copies made by the investigating officers on site of all data stored on the hard drives of the law firm’s and the tax consultancy’s computers.
4. […]
5. By order of 4 June 2002, the Hamburg Local Court […] upheld the seizure […].
[…]
6. […]
7. a) […]
b) […]
c) By separate order […], the Hamburg Regional Court rejected the complaints of complainants nos. 2 and 4 against the decision upholding the seizure […].
8. […]
9. […]
III.
1. With their constitutional complaint, the complainants claim a violation of their fundamental rights under Art. 2(1) of the Basic Law in conjunction with Art. 20(3), Art. 12(1) and Art. 13(1) and (2) of the Basic Law. […]
[…]
IV.
[…]
V.
Statements on the constitutional complaint and the procedural practice were submitted by the Federal Ministry of Justice, the Public Prosecutor General (Generalbundesanwalt ), the Federal Criminal Police Office (Bundeskriminalamt ), the Länder Brandenburg, Bremen, Hamburg, Hesse, Mecklenburg-Western Pomerania, Lower Saxony, North Rhine-Westphalia and Saxony as well as the Federal Chamber of Tax Advisers (Bundessteuerberaterkammer ), the German Association of Tax Advisers (Deutscher Steuerberaterverband ), the Federal Bar Association (Bundesrechtsanwaltskammer ), and the German Lawyers Association (Deutscher Anwaltverein ).
[…]
B.
To the extent that it is directed against the seizure of the complainants’ data, the constitutional complaint is admissible.
[…]
C.
The challenged decisions of the Hamburg Regional Court […] violate the complainants’ fundamental right under Art. 2(1) of the Basic Law.
The seizure of the complainants’ data must be measured against the fundamental right enshrined in Art. 2(1) of the Basic Law (see I below). In principle, the investigatory powers regime set out in the Code of Criminal Procedure provides a statutory basis for the securing and seizure of data storage devices and the data stored on them (see II below). However, the Hamburg Regional Court failed to consider (see V below) that, in case of seizure of data storage devices and of all data stored on them, the principle of proportionality is particularly significant (see III below). Besides, a blanket seizure of data storage devices and of the data stored on them is only permissible if procedural safeguards are in place (see IV below).
I.
With their constitutional complaint, the complainants challenge, in particular, that the public prosecution office had copied and retained their data in the course of the search and seizure. Thus, the entire data and information stored by the law firm and the tax consultancy was made available to the public prosecution office. The complainants do not object, on grounds of ownership, to being deprived of the physical possession of the data storage devices as such. Rather, the constitutional complaint seeks to prevent the law enforcement authorities from gaining full access to all data belonging to the law firm and the tax consultancy.
1. The challenged decisions must be measured against Art. 2(1) of the Basic Law.
a) Art. 2(1) of the Basic Law does not only protect the core of personality, but all human behaviour. Art. 2(1) of the Basic Law affords individuals a fundamental right to only be affected by intrusive state measures if the measure in question has a statutory basis that is formally and substantively compatible with the Constitution (cf. BVerfGE 29, 402 <408>). Since Art. 2(1) of the Basic Law does not distinguish between different types of activities, this right also protects commercial (cf. BVerfGE 10, 89 <99>) and professional activities; it protects natural and legal persons as well as groups of persons (cf. BVerfGE 10, 89 <99>; 23, 12 <30>).
Searches by law enforcement authorities generally interfere with the inviolability of the home guaranteed by Art. 13 of the Basic Law. To the extent that the authorities, beyond the actual search of the premises, carry out further measures relating to the documents or data found, the general right of personality, which applies subsidiarily, may be affected as well. […]
b) In particular, the seizure of the complainants’ entire data records interferes with the right to informational self-determination guaranteed by Art. 2(1) of the Basic Law in conjunction with Art. 1(1) of the Basic Law.
aa) The securing and seizure of the complainants’ data records allows for automatic processing of the collected data. The increased risk associated with such technical possibilities is reflected in the level of fundamental rights protection afforded in this respect (cf. BVerfGE 65, 1 <42>). In the context of modern data processing, the free development of one’s personality requires that the individual be protected against the unlimited collection, storage, use and sharing of their personal data. This protection is part of the fundamental right under Art. 2(1) of the Basic Law in conjunction with Art. 1(1) of the Basic Law. This fundamental right confers upon the individual the authority to, in principle, decide themselves on the disclosure and use of their personal data (cf. BVerfGE 65, 1 <43>).
Beyond the immediate protection it affords, this fundamental right serves to prevent a chilling effect that could arise and impair the exercise of other fundamental rights if individuals were no longer able to tell who knows what kind of personal information about them, at what time and on which occasion. This could greatly impede their freedom to make self-determined plans or decisions.
A deterrent effect on the exercise of fundamental rights stemming from the secret knowledge of third parties [regarding one’s personal data] must be avoided, not only in the interest of the affected individuals. Such a deterrent effect would also affect the common good because self-determination is a fundamental prerequisite for the functioning of a free and democratic society which relies on the agency and participation of its citizens (cf. BVerfGE 65, 1 <43>).
bb) In addition, the securing and seizure of the data storage devices and of the data stored on them affects the right to informational self-determination of the complainants’ clients.
[…]
[…] The possibility of unrestricted state access to the data records of a law firm or tax consultancy might deter clients from engaging in confidential communication or even from hiring the lawyer or tax consultant in the first place, including in cases that are completely unrelated to the criminal charges against the suspect under investigation.
2. Access to the data also affects the right to a fair trial under the rule of law deriving from Art. 2(1) of the Basic Law (cf. BVerfGE 26, 66 <71>; 38, 105 <111>; 40, 95 <99>; 65, 171 <174>; 66, 313 <318>; 77, 65 <76>; 86, 288 <317 et seq .>; 110, 226 <253 et seq .>), which gives rise to a right to confidential communication between defence lawyers and their clients. […] It is important in this respect as well that unrestricted access to information by law enforcement authorities must not prevent clients from communicating with their defence lawyers in an unfettered, unreserved and trust-based manner (cf. BVerfGE 110, 226 <260>).
Due to its scale, access to all data records of a law firm and a tax consultancy severely impairs the legally privileged relationship of trust between clients and their lawyer or tax consultant that is integral to any such consultant-client relationship.
3. Although the challenged decisions do not interfere with the complainants’ fundamental right to occupational freedom (Art. 12 of the Basic Law), the specific nature of the complainants’ professional activities as lawyers and tax consultants must be taken into account in the constitutional review of the measures at issue.
[…]
II.
1. Restrictions of Art. 2(1) of the Basic Law require a statutory basis specifying the underlying prerequisites and scope in a manner that is clear and recognisable for citizens in accordance with the principle of legal clarity deriving from the rule of law. §§ 94 et seq . of the Code of Criminal Procedure satisfy these constitutional requirements with regard to the securing and seizing of data storage devices and the data stored on them.
2. §§ 94 et seq . of the Code of Criminal Procedure provide a statutory basis for the securing and seizure of data storage devices and the data stored on them as evidence in criminal proceedings.
a) It is true that the powers to interfere [with fundamental rights] were originally designed for [the search and seizure of] physical objects. […]
b) [Yet] § 94 of the Code of Criminal Procedure can also serve as a statutory basis for the securing of data on storage devices provided by the authorities. The literal meaning of ‘object’ allows for an understanding that includes non-physical objects. […]
[…]
c) It is sufficiently recognisable for persons affected by such data access that §§ 94 et seq . of the Code of Criminal Procedure allow for the securing and seizure of data storage devices and of the data stored on them. § 94 of the Code of Criminal Procedure generally covers all objects that could serve as evidence in the investigation. Given the diverse range of possible scenarios, the legislator was not required to differentiate further. Under constitutional law, it is incumbent upon the competent judge to make, to the extent possible, further determinations in the search or seizure warrant issued in the respective criminal proceedings (cf. BVerfGE 42, 212 <220 et seq .>; 44, 353 <371>; 45, 82; 50, 48 <49>; 71, 64 <65>).
d) The provisions of criminal procedure governing the seizure of objects as evidence also satisfy the requirement, applicable in particular to [interferences with] the right to informational self-determination, that the legislator specify precisely the purposes for which the collected data may be used (cf. BVerfGE 65, 1 <46>; 100, 313 <359 et seq .>). The legislative framework in which §§ 94 et seq . of the Code of Criminal Procedure are embedded (cf. § 152(2), § 155(1), § 160, § 170, § 244(2) and § 264 of the Code of Criminal Procedure) formulates the designated purpose that serves to restrict data access with sufficient precision.
While the investigatory powers for obtaining data and their scope are defined rather broadly in the Code of Criminal Procedure, they are strictly limited by the purpose of the investigation. Investigation measures in criminal proceedings are only permissible to the extent necessary to inform the authorities’ decisions regarding the criminal charges in question. The powers do not extend to the investigation of other situations and circumstances. […] Therefore, in connection with criminal proceedings, no facts or personal circumstances may be investigated that are irrelevant for determining culpability and assessing the legal consequences of the offence (cf. § 244(3) second sentence, second alternative of the Code of Criminal Procedure). […]
With the strict limitation of all investigation measures, including any collection of data, to the purpose of investigating the criminal acts committed, the Code of Criminal Procedure generally restricts interferences with the right [to informational self-determination] regarding one’s data to data that is relevant to the specific case under investigation. […]
III.
The restrictions of the complainants’ fundamental rights not only require a sufficiently specific statutory basis. The principle of proportionality sets [further] limits to state action, especially in the field of criminal procedure. In this respect, it must be taken into account that the securing and seizure of data storage devices and of the data stored on them gives rise to particularly intrusive interferences.
1. a) The particular intensity of the interference follows from the fact that this law enforcement measure involves a significant amount of data that is irrelevant to the proceedings, affecting a considerable number of persons who have no connection to the criminal charges and who did not prompt the interference with their conduct (cf. BVerfGE 100, 313 <380>; 107, 299 <320 et seq .>). Moreover, the measure affects relationships of trusts that merit special protection against excessive data access. In the individual case, the particularly intrusive interference resulting from access to data storage devices – especially devices belonging to lawyers and tax consultants, who are bound by professional confidentiality – must therefore be subject to especially strict limitations.
b) The principle of proportionality sets limits to state action. It requires not only that the securing and seizure of data storage devices and the data stored on them must have real prospects of success with regard to achieving the statutory purpose of law enforcement. It also requires that use of this specific coercive measure must be necessary for investigating and prosecuting the crime in question; this is not the case if other, less restrictive means are available. Finally, the respective interference must be proportionate to the severity of the charges and the strength of suspicion (cf. BVerfGE 96, 44 <51>).
c) Where it has been established that a data storage device does not contain any data relevant to the criminal proceedings, securing the storage device would per se be unsuitable. Where data storage devices are presumed to contain information of evidentiary value – albeit to varying degrees –, they will generally also contain a considerable amount of irrelevant data besides the information that has potential value as evidence. […]
d) The prohibition of excessive measures (Übermaßverbot ) prohibits interferences with fundamental rights that are of such intensity that they are disproportionate to the importance of the affected interests. Fundamental rights and their restrictions must be brought into appropriate balance. In an overall balancing of the severity of the interference on the one hand, and the weight and urgency of the reasons invoked to justify it on the other hand, the limits of what is reasonable (zumutbar ) must be observed (cf. BVerfGE 67, 157 <173, 178>; 100, 313 <391>; established case-law).
aa) On the one hand, the state’s interest in effective law enforcement must be taken into account. Safeguarding the peaceful legal order (Rechtsfrieden ) by means of criminal law has always been an important responsibility of the state. […] The Basic Law accords great importance to the prevention and investigation of criminal acts (cf. BVerfGE 100, 313 <388>).
bb) On the other hand, the balancing of interests must take into account protected legal interests of third parties that are affected by coercive state measures without having prompted them in any way. According to the principle of proportionality, interferences with the rights of non-suspects require special justification. [By securing data storage devices,] law enforcement authorities might obtain knowledge of data concerning indirectly affected third parties; this often includes excess data that is protected by special confidentiality privileges. Therefore, the right to informational self-determination of third parties and the risks to legally privileged relationships of trust between persons bound by professional confidentiality and their clients must also be taken into account. […]
2. When searching, securing and seizing data storage devices and the data stored on them, there are various ways to give effect to the principle of proportionality.
a) If the data storage devices targeted by the measure do contain information of potentially evidentiary value, it must be assessed whether securing the data storage devices and all data stored on them is necessary. […] Reasonable efforts must be made to avoid the obtaining of excessive and confidential information that is irrelevant to the proceedings.
b) To the extent that data can be filtered based on its relevance to the proceedings, the authorities are constitutionally required to consider the possibility of separating the potentially relevant from the irrelevant data. The data relevant to the proceedings could be (partially) copied, and the irrelevant data deleted or returned. […]
c) Depending on the circumstances of the individual case, there are different means that can be used, and possibly combined, to categorise the data in order to limit access. Such means must be exhausted before a definitive decision to seize all data can be considered. […] For example, the data can be categorised according to subject, time, client or case. It may also be possible to categorise the data according to its relevance to the proceedings by using search terms or programmes.
d) It will not always be possible to thoroughly examine and separate the data on site according to their relevance to the proceedings. If, in a particular case, the specifics of the respective criminal charges and the options available to search the data, including the technical means, do not allow for a swift categorisation, the temporary securing of the data storage device for the purpose of determining the relevance of the stored data must be considered.
In any event, the examination stage pursuant to § 110 of the Code of Criminal Procedure must precede the final decision on the scope of the seizure (cf. BVerfGE 77, 1 <55>). In line with the purpose of § 110 of the Code of Criminal Procedure, reasonable efforts must be made to only expose data to a permanent and therefore more intrusive interference if it is relevant to the proceedings and admissible as evidence. […]
e) Given the particular technical features of electronic data processing and the often substantial data volume, the problems associated with uncovering and restoring concealed, mixed-up, encrypted or deleted data cannot be ignored. Yet [the decision to] seize the entire data or data processing system may not be based on the generalised assumption that there is a possibility that data might have been concealed. […]
f) The principle of proportionality, at least under the element of necessity, does not preclude the seizure of the entire data if during the examination stage the law enforcement authorities are, despite reasonable efforts, either unable to identify the data that is relevant to the proceedings, […] or to delete or return the data that is irrelevant. However, it must then be assessed in each individual case whether full data access is compatible with the prohibition of excessive measures.
The resulting interference must be proportionate to the severity of the criminal offence and the strength of suspicion (cf. BVerfGE 96, 44 <51>). This assessment must take into account how important the potential evidence that the search measure aims to obtain is for the criminal proceedings, and how likely it is that evidence relevant to the proceedings will be found. In the individual case, seizure of data may be impermissible where the criminal act under investigation is a minor offence, the evidentiary value of the information that will presumably be found on the data storage device is insignificant, or the basis for presuming that evidence will indeed be found is vague.
IV.
The principle of proportionality […] alone is not sufficient to effectively prevent impermissible interferences with the right to informational self-determination. Fundamental rights protection must also be ensured by adequate procedural means (cf. BVerfGE 73, 280 <296>; 82, 209 <227>). The applicable procedural law must be designed in line with the objective demands of effective fundamental rights protection (cf. BVerfGE 63, 131 <143>).
1. In the context of interferences with the right to informational self-determination, great significance has always been attributed to procedural safeguards. Recognised procedural safeguards include notification, information and deletion requirements and prohibitions to use data as evidence (cf. BVerfGE 65, 1 <46>). In addition, the state is in principle required, in view of the right to informational self-determination, to monitor developments in data collection, storage and use and, where appropriate, to consider amending the legal framework (cf. regarding documentation obligations, BVerfGE 112, 304 <320> with further references).
In principle, the purpose limitation applicable to the data collection requires that all copied data that is not necessary to achieve the purpose pursued be deleted. In certain cases, the Basic Law gives rise to a prohibition to use data as evidence, giving effect to the principle of proportionality and to procedural rights (see C IV 3 below).
2. The currently applicable law of criminal procedure already contains procedural safeguards that are designed to prevent or minimise interferences with fundamental rights.
a) The examination pursuant to § 110 of the Code of Criminal Procedure serves to avoid excessive data collection for long-term storage, and thus to reduce the intensity of the interference with the right to informational self-determination.
[…] Nonetheless, to ensure that the interference is proportionate in the individual case, it may be required to involve the owner of the data in question in the examination of whether the secured data is relevant to the proceedings. [In the present case,] specific, comprehensible and verifiable information concerning the data structure and the relevance of the data in question could be provided, in particular, by the law firm partners who are not themselves under suspicion; this could simplify the categorisation of the data and reduce the amount of data to be secured by the authorities. […]
b) The provisions on [law enforcement] databases in §§ 483 et seq . of the Code of Criminal Procedure […] serve to ensure the data protection rights of persons affected by data collection in criminal proceedings. In addition to § 483 of the Code of Criminal Procedure, which limits data collection to the purpose of the criminal proceedings, the provisions on data deletion in § 489 of the Code of Criminal Procedure and the obligation to provide information to the data subjects in § 491 of the Code of Criminal Procedure are of particular importance.
aa) § 489 of the Code of Criminal Procedure provides for the correction, blocking, and, most notably, deletion of personal data. According to § 489(2) of the Code of Criminal Procedure, data is to be deleted ex officio if its storage is not permissible or if the examination in the individual case shows that knowledge of the data is no longer necessary for the respective statutory purpose. […]
bb) § 491 of the Code of Criminal Procedure governs the obligation to provide information on the storage of their data to persons who are not themselves part of the criminal investigation […].
If it does not jeopardise the purpose of the investigation or contravene overriding protected interests of third parties, persons affected by the data storage must be provided with the relevant information pursuant to § 19 of the Federal Data Protection Act upon request. The request may only be refused if providing the information would specifically jeopardise the purpose of the investigation. […]
3. In principle, when the authorities secure a data storage device, they can obtain knowledge of all information it contains. The large amount of information alone may already lead to a considerable number of coincidental findings within the meaning of § 108 of the Code of Criminal Procedure. The seizure of the entire data belonging to persons bound by professional confidentiality thus necessarily entails special risks to the integrity of third-party data and thus also to the public interest in the proper administration of justice, for which the privileged relationship of trust between independent lawyers and their clients is crucial.
[…] Nonetheless, securing the data storage device and all available data is permissible if the relevant information cannot be separated from other data during the search by using the available technical means and undertaking reasonable efforts (see C III 2 f above). Even if, as required under constitutional law, the data relevant to the investigation is separated from other data, it cannot be ruled out that the authorities obtain knowledge of irrelevant data.
In certain cases, the existing prohibitions to use as evidence data obtained by search and seizure measures, which have already been developed and recognised in the case-law, afford protection against unauthorised interferences with fundamental rights. Yet the question arises whether an additional prohibition to use the data as evidence should be recognised in order to effectively protect the fundamental right to informational self-determination, at least of third parties, and to effectively safeguard the relationship of trust between persons bound by professional confidentiality and their clients. This would strengthen the fundamental right under Art. 2(1) of the Basic Law in conjunction with Art. 1(1) of the Basic Law and the constitutionally protected relationship of trust between lawyers and their clients.
At least in cases of serious, deliberate or arbitrary violations of procedure, where the limitation to the investigation purpose prompting the seizure of data storage devices is disregarded deliberately or systematically, the wrongful search and seizure of data storage devices and of the data stored on them must result in a prohibition to use the data as evidence.
V.
The decisions of the Hamburg Regional Court do not satisfy these constitutional requirements.
1. The Hamburg Regional Court argued that it was not possible to sort the data into different categories because the entire data stored on a data storage device was considered evidence […]. This does not satisfy the constitutional requirements set forth above regarding the securing and seizure of data belonging to persons bound by professional confidentiality. When following the view of the Regional Court, there would be no examination of the particular circumstances of the individual case, yet such an examination is required under constitutional law. The Regional Court disregarded aspects significant to the balancing of interests such as the protected confidentiality of third-party data, the specific criminal charges, the quality of the suspicion, the evidentiary value of the information stored and the probability that relevant evidence will indeed be found. It failed to recognise the high intensity of the interference and the considerable number of third parties affected. […] The Regional Court accorded absolute priority to law enforcement interests – which may indeed prove to be significant in the individual case – over other legitimate interests that merit special legal protection, excluding them from the requirement of balancing conflicting interests. It failed to examine the relevance of the secured data to the proceedings and the possibility of separating it from irrelevant data, which would have been required. It thus did not even consider any limitation of the excessive data collection measures. […]
2. […]
VI.
[…]
Hassemer | Jentsch | Broß | |||||||||
Osterloh | Di Fabio | Mellinghoff | |||||||||
Lübbe-Wolff | Gerhardt |