heise PlusAbo
Anzeige

Data watchdogs: Mass reliability checks at Euro Championship deemed unlawful

Data watchdogs in NRW and Berlin say mass background checks for Euro 2024 were unlawful and should never have been conducted on hundreds of thousands of people.

listen Print view
Soccer fans in the stadium

(Image: Csaba Peterdi/Shutterstock.com)

5 min. read
By
Contents

Last year, mass reliability tests on hundreds of thousands of people were supposed to ensure that the European Football Championship in Germany would be a summer fairytale. However, the data protection authorities in North Rhine-Westphalia (NRW) and Berlin have since criticized the fact that there was no legal basis for this screening, which impaired fundamental rights. At the time, the police and the Office for the Protection of the Constitution had screened a six-figure number of people who worked in the background of the tournament and had access to sensitive areas.

A background check is known as a background check (ZĂśP). The police check whether there is any security-relevant information about a person. This information is then passed on to the event organizer. In principle, the persons concerned must be informed and give their consent before such a measure is taken. Although the legal situation varies from state to state, the Federal Office for the Protection of the Constitution was involved in many cases during the European Championships. According to a report by Netzpolitik.org, the Federal Office for the Protection of the Constitution (BfV) even automatically compared the data of the persons to be accredited with its file systems in a "mass data procedure" and transmitted an overall vote to the responsible approval authorities.

According to Berlin data protection officer Meike Kamp, ZĂśP affected a large number of groups of people "by default", including UEFA volunteers, private security personnel, catering and cleaning staff, media representatives, sponsors and medical staff. The exact number of people checked is difficult to determine. The BfV speaks of a "large number". Inquiries by Netzpolitik.org in several federal states indicate that well over 100,000 people were checked: The Berlin police checked over 75,000 data records for the Olympic stadium, the fan zone and team hotels alone. The North Rhine-Westphalia Ministry of the Interior recorded 90,000 CIPs. In Hamburg, there were over 53,000 checks.

There were also multiple checks and repetitions due to differing personal data. Despite these duplications, it seems plausible that the Office for the Protection of the Constitution checked a six-digit number of people – and the police forces of the federal states checked significantly more.

NRW: No legal basis

NRW Data Protection Commissioner Bettina Gayk complains that there was no sufficient legal basis for these mass checks. The Ministry of the Interior and the NRW State Office of Criminal Investigation refer to Section 9 of the Police Act. Although this allows data processing under certain conditions, it does not explicitly mention background checks or major events.

Gayk argues that the mere consent of those affected is not sufficient: This would not be given voluntarily if participation in the European Championship organization depended on it. The inspector calls on the state government and parliament to create a "viable" legal basis. The Ministry of the Interior, on the other hand, sees no need for this, as other countries also adhere to consent.

Videos by heise

Berlin: constitutional protection request not covered

In Berlin, Section 45 of the Berlin General Security and Order Act (ASOG) regulates ZĂśPs. However, Kamp criticizes the fact that it does not provide for requests to the Office for the Protection of the Constitution or other intelligence services. Although the possibility was mentioned in the data protection information, it was not sufficient.

Any interference with the right to informational self-determination requires a clear and specific legal basis, emphasizes the data protection officer. This applies in particular to the transfer of data between the police and intelligence services. The Berlin police take a different view and want to maintain their practice.

Different approaches in the federal states

The federal states treat ZĂśPs very differently. In Hamburg, the law on police data processing (PolDVG) stipulates that requests must be made to the Office for the Protection of the Constitution. In Saxony, the state data protection commissioner was able to convince the police to refrain from making regular requests to the Office for the Protection of the Constitution. Such requests are only permissible in individual cases where there are concrete indications of a propensity for violence, according to the Saxony police. The Bavarian police have also not made any regular inquiries, as the Police Act only permits such transfers on the grounds of necessity.

The questions raised at the European Championships about the checks also affect other major events such as music festivals or Christopher Street Day (CSD). In general, the procedure that has become apparent illustrates the complexity and the legal gray areas in dealing with sensitive data at major events.

(emw)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten