Data Protection

Facebook  Twitter  LinkedIn  Slideshare

Convention & Protocol


Jrg Polakiewicz
Opening intervention
International Data Protection Conference,
21 September 2011, Warsaw

Ladies and Gentlemen,
It is a pleasure to be here in Warsaw today among so many friends and colleagues dedicated to the cause of data protection.
Being part of such a distinguished panel I would first like to thank the Polish authorities, the European Union as well as all the other organisers and sponsors who made this event possible.
The political importance of the issues we shall discuss today can hardly be exaggerated. At elections in my home town of Berlin last weekend, one out of ten voted for a party that focuses almost exclusively on internet freedom.
For the Council of Europe, this conference forms part of the celebrations of the 30th anniversary of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108”). 30 years after its adoption it still attracts new Parties, most recently Ukraine, soon to be followed by Russia, according to the announcement made by the President of the Russian Federation.
It is not 30, but more than 60 years that the Council of Europe has been a forum of choice for pioneering work on data protection and privacy. The 1950 European Convention on Human Rights guarantees an enforceable right to privacy to every person in Europe, citizens and non-citizens alike.
Numerous legal standards beyond Convention 108 have been developed. As examples, I would like to mention the Committee of Ministers’ recommendations on profiling, adopted only last year, and the one on the use of data by the police. This latter recommendation R(87) 15, which will be discussed in working session II, took into account the particular requirements of effective crime fighting. It became even legally binding for EU member states under the Schengen Agreements.
Ladies and gentlemen, we are currently at a defining moment for data protection worldwide. We face an unprecedented challenge to our privacy, but also exceptional efforts by regulators.
The revision of normative frameworks is underway in the Council of Europe, the EU and the OECD. New data protection laws have recently been adopted in many countries such as Costa Rica, India, Hungary and Russia. Bills are being debated in various African countries, Brazil, Singapore or the USA.
I am convinced that despite conceptual differences, the frameworks for regulating privacy are on the path to convergence. All these developments highlight two things:
Firstly, where human rights and essential aspects of private life are at stake, self-regulation is not enough. Take the example of the USA, where the Children’s Online Privacy Protection Act (‘Coppa’) drawn up over a decade ago is currently being revised by the Federal Trade Commission due to, “an explosion in children’s use of mobile devices, the proliferation of online social networking and interactive gaming.” Many of the proposals made by the FTC echo concerns expressed in Europe as well, such as updating the definition of “personal information” to include geolocation information or introducing more reliable methods to obtain parental consent.
Secondly, ensuring data protection in the age of the internet requires international responses. When calling for the modernisation of Convention 108 at their conference in Istanbul in November 2010, European Ministers of Justice therefore encouraged states from all over the world, NGOs and the private sector to actively participate in this process.
The forthcoming International Conference of Data Protection and Privacy Commissioners in Mexico City will be a further opportunity for consultations and discussions that we are preparing with the active support of the Federal Institute for Access to Information and Data Protection (IFAI). In this context, I am delighted to mention that in July Uruguay has become the first non-European country invited to accede to Convention 108.
Ladies and gentlemen, the Council of Europe is not only making sure that its standards are in line with the new technological environment and habits of modern life. It also helps to ensure that those standards are effectively implemented and that national authorities have the capacity to do so.
We are currently supporting the Ukrainian authorities with a 12-month project co-financed by the European Commission aiming at ensuring that the Ukrainian data protection system complies with the principles set forth by Convention 108.
Another project has been prepared in cooperation with ECOWAS, the Economic Community of West African States. Its aim is to implement the regional legal framework, in compliance with internationally recognised standards. We hope to rapidly ensure funding for this important project which translates so well the borderless nature of data flows and the need for international cooperation.
Finally, let me underline the importance of close cooperation with the European Union. Data protection is a good example of the complementarity between the activities of both institutions. On the basis of shared values and human rights standards, the EU adopts comprehensive legislation for its member states, while the Council of Europe sets international standards and provides a dynamic framework for cooperation including like-minded countries well beyond Europe.
I am convinced that we shall work even closer in the future to ensure that our normative frameworks complement and reinforce each other. We owe it to the citizens of Europe for whom the protection of personal data is a basic value. However, attempting to enforce European standards worldwide would be a wrong approach. Instead there is an imperative need to have a set of common minimum standards and collaborate in their effective implementation.
A set of core data protection principles, drafted in a simple and technologically-neutral way - what could be a more fitting description of Convention 108? When modernising it, we shall proceed carefully, maintaining its essential features, complementing and updating them only where necessary. In order to have internationally agreeable standards, it will be essential to build on the experiences gained not only in Europe, but also in other regions of the world.
Our aim is a truly international regulatory framework for privacy that is human rights based, facilitates transparency, promotes international cooperation and strengthens multi-stakeholder governance.
Thank you.