From these, the Federal Constitutional Court (FCC) crafted the right of informational self-determination that permits the processing of personal data only if authorized by statue or by consent of the data subject.
In 2008, the FCC expanded these principles by articulating a constitutional guarantee of the confidentiality and integrity of IT systems.
If the provider intends to use an automated process that will allow the identification of the user, then this information has to be provided when data collection commences, and the user must at any time have access to this instruction.
This provision of the TMA has been interpreted as applying only to contract and utilization data, thus leaving content data under the governance of Section 4(3) of the FDPA.
They apply therefore, to Facebook and other social media. Utilization data are the personal data that a telemedia service provider may collect and use to facilitate use of the service and for accounting purposes.
The service provider may use these data to create user profiles for market research and advertising, unless the user objects after having been duly informed.
In keeping with the Directives, Germany generally prohibits the collection and use of personal data unless the law specifically permits this or the data subject has given his or her informed consent.
Of these, only the private sector rules (FDAP §§ 27–38a) and the general provisions (§§ 1–11) apply to telemedia service providers.
Germany transposed the e-privacy Directive (Directive 2002/58) primarily through the Telecommunications Act. Germany had transposed the EU Data Retention Directive in sections 113a and 113b of the Telecommunications Act, but the Federal Constitutional Court voided these provisions as unconstitutional, and German politicians have since then been unable to agree on how to reword these provisions, while the EU Commission initiated proceedings against Germany’s tardiness. Germany transposed Directive 2009/136 only in part through amendments to the Telecommunications Act. In particular, Parliament could not reach an agreement on the transposition of the all-important “cookie provision” (see below, section VI). Like the United States, Germany became aware in the late 1960’s of the need to protect the privacy of individuals against the data collection capabilities of electronic data processing. In 1970, the German State of Hesse enacted the first Data Protection Act and several German states shortly followed this example. In 1977, Germany enacted the first Data Protection Act at the federal level. German data protection developed a new dimension in 1983, with the of the German Federal Constitutional Court (FCC). In this decision, the Court held that the individual has a constitutional right to “informational self-determination.” The decision prohibits the handling of personal data unless specific statutory authorization is given or the data subject consents (see below, section IV).
All these laws apply to some extent to the providers of online services.
Through these laws Germany transposed European Union (EU) Directives 95//58, albeit in a very complex and differentiated manner.