§ 12 TDDDG
Disruptions of Telecommunications Installations and Misuse of Telecommunications Services
(1)Insofar as necessary, persons obliged under Section 3(2) sentence 1 may process traffic data of end users and the control data of an information technology protocol for data transmission, which are transmitted independently of the content of a communication process or stored on the servers involved in the communication process and which are necessary to ensure communication between recipient and sender, in order to detect, localise, or eliminate disruptions or faults in telecommunications installations. This also applies to disruptions that may lead to a restriction of the availability of information and telecommunications services or to unauthorised access to the telecommunications and data processing systems of users. Processing of the traffic data and control data for other purposes is not permissible. Where the traffic data are not collected and used in an automated manner, the data protection officer of the person obliged under Section 3(2) sentence 1 must be informed without delay about the procedures and circumstances of the measure. Affected end users must be notified by the person obliged under Section 3(2) sentence 1, insofar as they can be identified.
(2)The traffic data and control data must be deleted without delay as soon as they are no longer necessary for the elimination of the disruption.
(3)For the purpose of carrying out switchovers and for detecting and localising disruptions in the network, the operator of telecommunications networks or its authorised representative is permitted to tap into existing connections insofar as this is operationally necessary. Any recordings made during the tapping must be deleted without delay. The tapping must be simultaneously indicated to the affected communication participants by an audible or other signal and expressly communicated. Where this is not technically possible, the operational data protection officer of the operator of the telecommunications network must be informed without delay in detail about the procedures and circumstances of the measure. The operational data protection officer must retain this information for two years.
(4)Where there are actual indications of unlawful use of a telecommunications network or telecommunications service, in particular fraud or obtaining services by deception, or unacceptable nuisance under Section 7 of the Act against Unfair Competition, the person obliged under Section 3(2) sentence 1 may, for the purpose of securing its claim to charges and for the protection of end users against unlawful use of the telecommunications service or telecommunications network, process traffic data that are necessary to detect and prevent the unlawful use of the telecommunications network or telecommunications service. The indications of unlawful use of the telecommunications network or telecommunications service must be documented by the person obliged under Section 3(2) sentence 1. The person obliged under Section 3(2) sentence 1 may create from the traffic data under sentence 1 a pseudonymised aggregate data set that provides information on the revenue generated by individual end users and, on the basis of suitable criteria, enables the identification of those connections in the network in respect of which there is a suspicion of unlawful use. The traffic data of other connections must be deleted without delay. The supervisory authority must be notified without delay of the introduction of or changes to a procedure under sentence 1.