Social media accounts are part of everyday life and typically offer many functions, from communication to data storage. It was thus only a matter of time before state investigators became interested in the data stored in such accounts.
A recent high-profile trial centred on the legal requirements for the judicial seizure of social media accounts.
The Reutlingen District Court charted new territory by trying to seize the Facebook account of a 20-year-old who was accused of burglary. The public prosecutor believed that the man (who had a criminal record) had sent instructions to an accomplice via private Facebook messages.
A seizure of the accused's smartphone revealed nothing. Therefore, the judge ordered the seizure of "messages", as well as "friends, notes, chats, emails" and "all photos" from his Facebook account. Hence, contrary to widespread media reports, the court – strictly speaking – did not seize the Facebook account as such, but only specific content.
The court's approach has raised several legal questions.
According to a 2005 Federal Constitutional Court decision, data can be subject to seizure in Germany, although the relevant provision in the Code of Criminal Procedure refers only to physical 'items'.
Messages can also be subject to seizure. In 2009 the Federal Constitutional Court held that emails are still protected by telecommunications secrecy even if they have already been read, but can be lawfully seized just like a postal item without meeting the higher requirements for wiretapping telecommunications. Clearly, private Facebook messages are practically identical to regular emails from a constitutional perspective; thus, the 2009 decision is applicable by analogy.
However, as a basic principle, statutory seizure must be proportionate: the court must not access more data than necessary. This requirement clearly presents difficulties for the Reutlingen District Court. It is likely the reason why the court did not seize the whole account as such, but specified only certain types of information. However, the specification of what was specifically subject to seizure was something of a linguistic conundrum in this decision.
Simply put, the seizure of messages depends on their recipients, general relevance and content (eg, no religious meaning); certain other data (eg, IP addresses or political views) is expressly excluded.
With such detailed linguistic distinction, now obviously necessary, courts essentially pass responsibility to social media service providers: it is up to them to research the relevant data, virtually acting as involuntary governmental delegates. However, the question of liability remains: what if the providers collect too much data, or not enough?
The case was also characterised by questions of responsibility. Initially addressed at Facebook in Hamburg, the latter then referred the case to Facebook in Ireland. However, the Irish entity explained that the data was hosted in the United States. The judge then made vague allusions to the obstruction of justice by Facebook officials, which is a criminal offence in Germany. Theoretically, such officials could thus be subject to extradition.
Despite the controversy, the case ended rather unspectacularly. The court found the defendant guilty – even without having received the seized data. Nonetheless, apart from this individual case, observers agree that Germany will see an increase in account seizures in the future. This recent court decision provides a working guide for both public authorities and service providers.
For further information on this topic please contact Marc Störing at Osborne Clarke by telephone (+49 221 5108 4168), fax (+49 221 5108 4169) or email ([email protected]).