Harmonising Data Protection Laws With The EU

2018 went down in history as the year of important privacy developments. Several months after the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') had come into effect, the CoE introduced noteworthy amendments to Convention 108 through the Protocol. Russia was among the first signatories, and this may eventually facilitate cross-border transfers of personal data between Russia and other countries.

Convention 108

The CoE opened Convention 108 for signature in 1981. This is the first binding international instrument establishing global standards for protecting individuals' privacy and balancing their privacy rights with the concept of free flows of personal data across national borders. It is one of the frontrunners of the GDPR.

The CoE is an international organisation comprising 47 countries of Europe, including non-Member States such as Russia. It is sometimes confused with the Council of the European Union because of their similar names. The Council of the European Union is the main decision-making body of the EU, which enacted the GDPR (together with the European Parliament), and not an international organisation.

The Protocol

The world has changed much since Convention 108 was first adopted, so amendments were highly expected. On 10 October 2018, the first 22 countries signed the Protocol, with the aim to 'address the challenges to privacy resulting from the use of new information and communication technologies, and strengthen Convention 108's mechanism to ensure its effective implementation1.'

The Protocol should enter into force three months following the date on which all parties to Convention 108 have given their consentto be bound by the Protocol (53 countries in total, including several non-members of the CoE, such as Uruguay). Giving such consent implies ratification, acceptance or approval, depending on national laws. If at least 38 parties join the Protocol and the remaining states fail to do so within the next five years, the Protocol should be binding only on those parties who gave their consent. As of today, the Protocol has been signed by Austria, Bulgaria, Finland, France, Germany, Iceland, Ireland, Netherlands, and Sweden, among others.

The Protocol does not copy the wording of the GDPR, but reflects similar concepts. Thus, the provisions of the Protocol were obviously formulated taking into account the basic data processing principles formulated under the GDPR (lawfulness, fairness and transparency, purpose limitation, accountability, and others). All countries signing the Protocol must harmonise...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT