Protection of personal data and privacy - The Council of Europe

The frontier-less nature of the internet, which enables the free flow of data across countries, also brings new challenges. Personal Data Protection Convention. SkiptoContent Youarehere: Portal/Themefiles/Forums,conferences,meetings/InternetGovernanceForum/Protectionofpersonaldataandprivacy/ Protectionofpersonaldataandprivacy TheInternethasmadetheaccessandexchangeofinformation–includingpersonaldata–easierandfasterthanever.Individualsareprovidingtheirpersonaldataonline,knowinglyandsometimesunknowinglyformanydifferentpurposes,suchaspurchasinggoodsandservices,playing,e-learningorpayingtaxes. Socialinteractionsarealsoincreasinglytakingplaceoverthenet–notablyinsocialmediaplatforms,creatingnewopportunities,butalsoriskstoprivacy.Thefrontier-lessnatureoftheinternet,whichenablesthefreeflowofdataacrosscountries,alsobringsnewchallenges. PersonalDataProtectionConvention In1981theCouncilofEuropeadoptedthefirstinternationaltreatytoaddresstherightofindividualstotheprotectionoftheirpersonaldata:ConventionfortheProtectionofIndividualswithregardtoAutomaticProcessingofPersonalData,knownas“Convention108”. Thetreatywasdraftedinatechnologicallyneutralstyle,whichenablesitsprovisionstobefullyvalidtoday,regardlessoftechnologicaldevelopments.In2018,thetreatywasupdatedbyanamendingprotocol,notyetinforce,aimedatensuringthatitsdataprotectionprinciplesarestilladaptedtonewtoolsandnewpractices. Tothisday,“Convention108”stillremainstheonlylegallybindinginternationalinstrumentwithaworldwidescopeofapplication,opentoanycountry,andwiththepotentialtobecomeaglobalstandard. Thetreatyestablishesanumberofprinciplesforstatestotransposeintotheirdomesticlegislationtoensurethatdataiscollectedandprocessedfairlyandthroughproceduresestablishedbylaw,foraspecificpurpose,thatitisstoredfornolongerthanisrequiredforthispurpose,andthatindividualshavearighttohaveaccessto,rectifyorerasetheirdata. Anadditionalprotocolrequireseachpartytoestablishanindependentauthoritytoensurecompliancewithdataprotectionprinciples,andlaysdownrulesontrans-borderdataflows. Sofar,55countrieshaveratified“Convention108”andmanyothershaveuseditasamodelfornewdataprotectionlegislation. Inaddition,theCouncilofEuropehasadoptedanumberofrecommendationsaimedatapplyingthegeneralprinciplessetoutintheconventiontothespecificrequirementsofvariousareasofsociety: protectionofhealth-relateddata(2019) Guidelinestorespect,protectandfulfilltherightsofthechildinthedigitalenvironment(2018) therolesandresponsibilitiesofinternetintermediaries(2018) theprocessingofpersonalhealth-relateddataforinsurancepurposes,includingdataresultingfromgenetictests(2016) protectingandpromotingtherighttofreedomofexpressionandtherighttoprivatelifewithregardtonetworkneutrality(2016) theprocessingofpersonaldatainthecontextofemployment(2015); aGuidetohumanrightsforInternetusers(2014); protectionofhumanrightswithregardtosocialnetworkingservices(2013); protectionofhumanrightswithregardtosearchengines(2013); profiling(2010); ontheprotectionofpersonaldatacollectedandprocessedforinsurancepurposes(2002) privacyontheInternet(1999); personaldatacollectedandprocessedforstatisticalpurposes(1997); medicalandgeneticdata(1997); personaldataintheareaoftelecommunicationservices,telephoneinparticular(1995) communicationtothirdpartiesofpersonaldataheldbypublicbodies(1991); paymentsandotherrelatedoperations(1990); datausedforemploymentpurposes(1989) policefiles(1987); socialsecurity(1986); directmarketing(1985); scientificresearchandanalysis(1983); automatedmedicaldatabanks(1981). In2013theCommitteeofMinistersadoptedaDeclarationonRiskstoFundamentalRightsstemmingfromDigitalTrackingandotherSurveillanceTechnologies.