The 2013 revelation that the National Security Agency (NSA) spied on individuals in allied nations, such as German Chancellor Angela Merkel, through the PRISM program, sparked outrage through-out Europe. Compounding this crisis, known as the “NSA-Affäre” in Germany, are the recent allegations that the German foreign intelligence agency, the Bundesnachrichtendienst (BND), assisted NSA efforts to spy on various governmental and industry concerns in the European Union, including the European Commission, the French president, and Airbus. In Germany, these allegations sparked demands for greater accountability and structural reforms to improve oversight and limit infringements on privacy.

In the United States, the public reacted with similar disapproval to the NSA’s domestic surveillance programs. A PEW Research survey indicates that in 2014, nearly 54% of Americans disapproved of the government’s collection of telephone and internet metadata. On June 2nd, 2015, Congress passed the USA FREEDOM Act, which limits the NSA’s ability to collect domestic metadata and increases transparency and accountability in the Foreign Intelligence Surveillance Court (FISC), which is the American equivalent of the German G10 Commission. The USA FREEDOM Act ended Section 215, the controversial provision of the 2001 USA PATRIOT Act that allowed domestic metadata collection. Many regard the act as a bipartisan victory for individual privacy rights, spearheaded by Senators Rand Paul (R-KY) and Ron Wyden (D-OR). The success of recent privacy legislation indicates that although constitutional protections of privacy in the U.S. might seem limited from a German perspective (for example the ability for the NSA to constitutionally access data stored by telecommunications companies under the “3rd Party Disclosure Rule” discussed below), Congress can act to protect individuals’ privacy rights.

A “Thick Codification” – The Constitutional Right to Privacy in Germany

On both sides of the Atlantic, debate over privacy and security issues focus primarily on protecting the domestic privacy rights of citizens within national borders. The German and U.S. constitutions both provide protections for their own citizen’s privacy; however, Germany’s Grundgesetz (Basic Law) protects privacy “more profoundly” according to Professor Russell Miller, an AICGS/DAAD Research Fellow and Professor of law at the Washington & Lee University School of Law. Article 10 of the Basic Law declares that “the privacy of correspondence, posts and telecommunications shall be inviolable.” The specific enumeration of privacy rights in telecommunications provides a historical and constitutional basis for strong privacy rights in Germany. Yet, expanding jurisprudence on privacy stems from the first and second articles of the Grundgesetz, which guarantee human dignity and personal freedoms, respectively. These articles form the basis of the landmark 1983 case which found that citizens have a “right to informational self-determination” when personal data is collected. In this case, “technology and data collection” were viewed as a “grave new threat to human autonomy”, according to Prof. Miller, establishing a precedent in German law of affirming individuals’ right to privacy over personal information collected by the state and other large entities, such as telecommunications companies.

Despite the protection of certain aspects of privacy in the Grundgesetz and generally pro-privacy rulings by the German Federal Constitutional Court (FCC), Prof. Miller emphasizes that privacy is, contrary to popular sentiment, “not an absolute right.” Proportionality (“Verhältnismäßigkeit”), a legal principle of measuring the relative merits of the state’s ends compared to the harms incurred by citizens, represents a central component of the FCC’s juris-prudence and has, in some cases, limited privacy rights, such as in a 2005 ruling that determined GPS tracking of a suspect’s vehicle to be constitutional. Prof. Miller stresses that the most recent rulings on privacy stem from cases begun prior to 9/11 and predicts that future rulings by the FCC on privacy cases would likely extend higher privacy protections to citizens in response to the sophisticated and invasive surveillance techniques available to the state.

An Evolving Interpretation – Constitutional Privacy in the United States

Professor David Cole, Honorable George J. Mitchell Professor in Law and Public Policy at the Georgetown University Law Center suggests that U.S. constitutional law is reassessing privacy rights, drawing on historical evolutions in the interpretation of constitutional privacy. The 4th Amendment of the U.S. Constitution protects against unreasonable searches and seizures without warrants and probable cause. Initially designed to protect citizens against trespass by the state on private property, the 4th Amendment establishes the right to privacy in American constitutional law. The Supreme Court must periodically examine cases pertaining to privacy rights in order to define contemporary instances of trespass. However, the Supreme Court is not the sole determinant of privacy rights for American citizens. The U.S. Congress plays a defining role in crafting legislation, such as the USA FREEDOM Act, that establishes statutory protections of privacy, while protecting national security interests. This approach, which allows for democratic input from concerned citizens, presents the challenge that advances in technology and surveillance often outpace legislative efforts to regulate and limit their potential infringements on individual privacy.

Worth noting is that the German and American constitutions stem from different legal approaches. The Grundgesetz follows a tradition of civil law, in which legal codes provide extensive, textual guidance for addressing issues and judges serve to apply statutes to the cases before them. By contrast, the United States utilizes a common law approach, which draws heavily on judicial precedent and grants judges greater ability to determine how statutes apply in given circumstances. The “flexibility” of the Supreme Court to interpret laws based on precedent and individual cases, rather than strictly adhering to written statutes, allows for contemporary interpretations of privacy rights. The common law system also welcomes active legislative efforts to establish frameworks for privacy rights, as demonstrated by the USA FREEDOM Act.

The German GPS case provides an interesting comparison between German and American constitutional law. In 2012, the U.S. Supreme Court ruled in United States v. Jones that the government’s use of a GPS tracker on a suspect’s car for 28 days constituted a breach of the 4th Amendment’s protection against unreason-able search and seizure. The Supreme Court drew on the “mosaic theory”, a legal concept regarding the use of aggregated data of a citizen’s actions in the public sphere to construct an in-depth portrait of the individual, to uphold individual privacy rights. Prof. Cole opined that the court’s ruling indicates that the U.S. Supreme Court recognizes that “analog precedents” regarding privacy rights no longer suffice in the modern digital age. The evolution of what constitutes a violation of constitutional privacy signals that the U.S. recognizes the importance of protecting privacy rights against state infringement.

The U.S. Constitution is “state-centric,” while the Grundgesetz’s clearly enumerated privacy rights can apply to private entities, such as telecommunications companies, presenting a critical difference between the German and American constitutional approaches to privacy. The Supreme Court can (and does) rule in favor of individual privacy rights violated by the modern surveillance capabilities of the state; however, there is no constitutional protection for an individual’s data provided to a 3rd party, such as an internet provider or telephone company. This means that while the state cannot place a GPS tracker on an individual’s car and proceed to monitor their movements for an extended period of time, the state can access data about an individual’s whereabouts from the records of a telecommunications company without infringing on the individual’s constitutional right to privacy. Through this “3rd Party Disclosure Rule,” citizens have no constitutional “expectation of privacy” over metadata provided to commercial third-parties in the United States, according to Prof. Cole. In order to prevent technology from taking away individuals’ “reasonable expectation of privacy,” in the current digital era, Prof. Cole indicates that the U.S. Congress must fill the gaps in privacy protections which exist under current U.S. constitutional law.

The USA FREEDOM Act limits domestic metadata collection by the NSA and offers moderate reforms of the FISC, providing increased legislative protection for Americans’ privacy; nonetheless, Prof. Cole believes that the bill “addresses only a small fraction of the NSA’s domestic surveillance program and will leave most of the problematic programs…untouched.” Indeed, both Prof. Miller and Prof. Cole emphasize that one of the greatest limitations in the transatlantic discourse about privacy is the focus solely on privacy rights within national borders. The G10 Commission and FISC exist to review requests on domestic surveillance – even with reforms, surveillance of “agents of a foreign power”, requires no review considering potential privacy violations. Similarly, although Prof. Miller indicates that many German scholars believe that the privacy protections enumerated in the Grundgesetz, “ought to apply” to all state actions both within German borders and abroad, attempts to limit the ability of surveillance agencies to monitor foreign parties raise concerns over national security and lacks political rewards, as citizens advocate primarily for their own privacy rights, rather than those of foreigners; subsequently, politicians prioritize domestic privacy concerns.

Privacy Beyond Borders – The Transatlantic Challenge

Prof. Cole emphasizes that without transatlantic agreement to actively protect individual’s privacy rights in the digital age, “trans-border surveillance” will continue and constitutional protections of privacy within national borders will “no longer be very salient.” Prof. Miller suggests that Europe’s efforts, in the wake of the Snowden revelations, to require American companies to protect consumer data and privacy offer a “consumer-driven” solution to preserving privacy rights in the digital age, even if U.S. constitutional juris-prudence fails to guarantee privacy rights. Free trade agreements such as the Transatlantic Trade and Investment Partnership (TTIP) might serve as a vehicle for establishing a transnational system of privacy protection from the speakers’ perspectives, although Prof. Miller acknowledges that recent spying scandals have harmed European trust in existing transatlantic privacy agreements, such as the Safe Harbor Framework, raising questions about the feasibility of satisfactory privacy protections for European consumers in TTIP.

Ultimately, the discussion indicates that fundamental differences in the American and German constitutions on privacy rights must be understood and considered in transatlantic consideration of privacy and security. Germany’s Grundgesetz codifies individual privacy in telecommunications and personal activities placing, in Prof. Miller’s analysis, “an obligation” on the state to actively protect individuals’ right to informational self-determination from intrusion by the state and private entities. In the U.S., on the other hand, constitutional protection of privacy centers on the concept of preventing the state from trespassing into individuals’ private affairs and possessions without due process; this difference means that the U.S. Congress plays a central role in determining citizens’ privacy rights in telecommunications and other areas. Prof. Cole summarizes the mentality on privacy in the U.S. as one which recognizes the reality that “privacy is almost never absolute,” while German jurisprudence shapes a cultural assumption that privacy is absolute and that the government should behave accordingly when considering surveillance and other privacy infringements. Yet, despite these diverging cultural approaches, the challenges facing the two nations are strikingly similar: governments that weigh national interests against citizen’s rights to privacy, through proportionality in court decisions and laws designed to protect citizens from terrorism; a lack of transparency and accountability from the FISC and G10 Commission; and an absence of public discourse on how to promote international privacy rights in the digital age. Constitutional law provides each nation with a foundation from which to protect individuals’ right to privacy, but these rights only serve as a starting point for broader conversations on privacy and security across national borders and in the increasingly borderless realm of telecommunications.

By: Soleil Sykes

Verantwortlich und Redaktion Dr. Lars Hänsel