Jusletter IT

The Austrian laws on data retention are unconstitutional. They contradict the fundamental right to data protection as well as Article 8 of the European Convention on Human Rights (ECHR) («Right to Respect of Private and Family Life»).  

A deadline for rectification is not granted. The repeal takes effect upon its promulgation, which shall be made by the Federal Chancellor immediately. 

• Any interference with fundamental rights which is as massive as data retention must be designed to conform with the Data Protection Act (DSG) and the ECHR.
• Whether such interference is constitutionally admissible depends on the stipulated conditions for the storage of such data, on the requirements governing their deletion, and the security measures in place for access to retained data. The challenged provisions of the Telecommunications Act (TKG), of the Code of Criminal Procedure (StPO), and of the Security Police Act (SPG) do not meet these requirements.
• Several specific legal safeguards regarding, in particular, the precise clarification of the retention duty, the requirements applying to data access, or the obligation to delete data, are in fact lacking.
• The broad scope of data retention exceeds all interferences with the fundamental right to data protection which the Constitutional Court had to judge upon in its jurisdiction to date, in terms of both the group of persons affected – almost the entire population is affected – and the nature of the data concerned, as well as the way the data is used.
• According to the Constitutional Court, the fundamental right to data protection in a democratic society is designed to allow and protect confidential communication between individuals.
• Individuals and their free personal development rely not only on public communication within society; moreover, freedom – understood as an entitlement of the individual and as a state of a society – is determined by the quality of information relations.
• The Constitutional Court is aware that new communication technologies present new challenges to fighting crime, which is a public interest. This has always been a consideration for the Constitutional Court. However, extended technical means at the same time imply that the inherent dangers for individual freedom must be countered in a manner that is commensurate with such risks.
• Regulations like those on data retention may be admissible to fight serious crime. However, they need to conform with the requirements of data protection and with the Convention on Human Rights. In their context, the data retention provisions in the TKG, in the StPO, and in the SPG now challenged constitute an excessive interference and such a violation of the fundamental right to data protection. How a regulation could be designed that is in conformity with the constitution is an issue that does not pose itself for the Constitutional Court at present.

Judgements of the VFGH G 47/2012-49, G 59/2012-38, G 62/2012-46, G 70/2012-40 and G 71/2012-36 of 27 June 2014

Source: Press Release of the VFGH of 27 June 2014