Home | Databases | WorldLII | Search | Feedback University of New South Wales Faculty of Law Research Series

Greenleaf, Graham --- "Strengthening and ‘Modernising’ Council of Europe Data Privacy Convention 108" [2012] UNSWLRS 27

Last Updated: 27 July 2012

Strengthening and ‘Modernising’
Council of Europe Data Privacy Convention 108

Graham Greenleaf, Professor of Law & Information Systems, University of New South Wales
This paper is available for download at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2118348

Citation

This article was published as ‘Scope remains to further strengthen Council of Europe data privacy Convention 108’ Privacy Laws & Business International Report, Issue 117, 21-24 June 2012. This paper may also be referenced as [2012] UNSWLRS 27.

Abstract

The Consultative Committee of the Council of Europe data protection Convention 108 issued a draft of its ‘New Proposals’ for ‘modernisation’ of the Convention in March 2012, calling for final submisisons before it finalises its proposals in June. This article provides a perspective from outside Europe, one which supports the objectives of the review to ‘reaffirm the Convention’s potential as a universal standard and its open character.’ The advantages of the ‘globalisation’ of Convention 108 (developing it into a global data privacy agreement, open to all contries providing an appropriate level of data protection) to countries outside Europe are significant, but only if an appropriately high level of privacy protection is required for non-European accessions. This article focuses on those of the proposals that need criticism from this perspective, and various positive changes that are of particular importance, but otherwise supports the ‘New Proposals’. Many of the new proposals concern the procedures and standards for accession to the Convention, and the role of the Convention’s Consultative Committee in that process. Almost all new parties are likely to come from outside the Council of Europe.
Some of the main criticisms of the proposals made in the article are as follows. There needs to be an explicit statement that accession to the Convention by States not members of the Council of Europe is ‘on the basis that the State has taken the necessary measures in its domestic law to give effect to the basic principles for data protection set out in this Convention’. The Explanatory Statement should also set out in detail what factors the Consultative Committee is likely to take into account in preparing its opinion, and in particular that that it is an opinion not only on formal legal measures but also includes an assessment of the extent to which data protection is delivered in practice in order to ‘give effect’ to the ‘basic principles’. The proposal that the Consultative Committee should be able to invite observers to attend its meetings, by a two thirds majorithy vote will allow Civil Society and Business observers be able to be invited, but the change should refer to “voting” members, not those “entitled to vote”.

Changes concerning data export limitations are also substantial, and, as always, contentious. The Committee says the proposed provisions are still based on the well-known notion of an “adequate level of protection”, which is to be presumed where data is exported to another party to the Convention, unless it can be shown that the other party has not complied with its Convention obligiations, and such protection therefore does not exist. The revision proposed by the Consultative Committee is clearly preferable to the alternative they mention which would allow disclosure to an overseas ‘recipient that has adduced appropriate safeguards’, without any reference to ‘adequacy’ or explanation of what are ‘appropriate’ safeguards. The article argues that adoption of the ‘Alternative proposal’ would considerably weaken the Convention in comparison with the existing Additional Protocol, and should be rejected completely.