|
|
Data protection Building privacy safeguards that are widely respected is an important aspect of human rights protection. Today the protection of personal data is an autonomous right which is firmly upheld by article 8 of the European Convention on Human Rights. The aim of the Council of Europe’s Data Protection Convention (ETS no. 108) is precisely to protect personal data. Launched in 1981, the Convention has served as the backbone of international law in more than 40 European countries and influenced policy and legislation far beyond Europe’s shores. With new data protection challenges arising everyday, the treaty is being updated to ensure its principles remain fully valid to technological developments. It still is today the only legally binding international treaty in the field with a worldwide scope of application, open to any country, and therefore with the potential to become a global standard. And that is why the Council of Europe is encouraging non-European states with adequate data protection laws to apply for accession. What does the Convention say? Thanks to the Convention, almost all Council of Europe member states have passed legislation or are in the process of drafting data protection laws. By following the convention’s principles, states ensure that data is accurate, that it is collected and used fairly for a specific purpose, and stored only for as long as necessary. People have the right to access and correct data, and data of a sensitive nature (religion, political beliefs, genetics or medical information) is given special protection. The legislation covers citizens´ personal data whether processed by the public administration or the private sector, and protects against intrusions both on-line and off-line. An additional protocol (ETS No. 181) requires states to set up independent authorities to ensure compliance and contains safeguards for transborder data flows to third countries, which allow data to be transferred to another country only when an adequate level of protection is ensured. What are the main challenges for the future? The use of personal data is becoming ever more sophisticated as online transactions and e-commerce mushroom, and social networking changes the way people share personal information such as photographs and videos. Borderlines between national authorities are disappearing as cloud computing allows organisations and companies to store and process personal data in different countries with varied data protection legislation, without users being properly informed. When the convention was drafted, it was clear that this was an area where rapid development was certain, and a committee was established from the outset to look at best practice and keep ahead of trends. Their work has meant that new developments in technology have been matched by Council of Europe recommendations to governments to help them adapt their legislation and practice. These recommendations cover such issues as medical data; scientific research; direct marketing; social security; data use by police, employers and insurers, and internet privacy. The most recent recommendation covers profiling, the technique of harvesting people’s personal data whilst they are online, often as a way of targeting marketing and advertising operations. The expert committee has also adopted a series of reports on issues such as biometrics, smart cards, video surveillance, judicial data in criminal matters, and personal identification numbers. Why and when do we celebrate the Data Protection Day? The aim of Data Protection Day is to raise public awareness on the need to protect personal data and privacy. At the initiative of the Council of Europe, it is celebrated worldwide on 28 January as it is on that day that the data protection convention was opened for signature. It is also called ‘Privacy Day’, in particular outside Europe. What will be updated in the convention? Work on the modernisation of the convention has started with a broad consultation with governments, business and the civil society. We still are at an early stage, but the first analysis points to the need for maintaining technologically neutral provisions, ensuring the continued compatibility with European Union regulations, reaffirming its potential as a global treaty and reinforcing its follow-up system. Some specific proposals are already under discussion, for example, securing that any flow of data around the globe is subject to an adequate protection, enhancing the rights of the individuals and promoting transparency and accountability of those who process personal data. Further information on: Data protection - Council of Europe ContactCouncil of Europe Press Office Tel. +33 (0) 388 41 25 60
Updated: January 2012 |
