To mark Data Protection Day (28 January), the Council of Europe (CoE) organised with the European Data Protection Supervisor (EDPS) a one-day event focused on exploring the current and future landscape of data protection.
Data Protection Day this year underscored the pivotal moment in data protection that Europe faces. The modernisation of the CoE Convention 108 through Convention 108+ set the global standard for privacy. Nearly a decade after the entry into application of the GDPR, discussions on its future invite reflection on how Europe can maintain leadership in data protection in a rapidly changing technological landscape while also ensuring agility, coherence and trust. The 2026 edition of the conference examined the example of existing law to explore how it can inform the next generation of legislation, asking how the EU can modernise and ensure a human-centric digital future without compromising on core principles. The event brought together policymakers, regulators, academics and practitioners to discuss the lessons from the CoE and EU acquis in the field of data protection.
The opening remarks delivered by the EDPS was be followed by the keynote speech given by Ms Beatriz DE ANCHORENA (for the transcript see below), Chair of the Consultative Committee of Convention 108 (T-PD) and the panel session on “How does Convention 108+ fit in the international regulatory framework on data protection?”. The session focused on retrospective and perspective analysis of the CoE legal instruments on privacy and data protection and examined the topical challenges that Convention 108 faces as a global treaty. The event’s recording will soon be available at the EDPS webpage and social media accounts.
In celebration of the 20th Data Protection Day, the Secretariat of the Committee of Convention 108 also hold an online event, where the participating competent authorities broadcasted their activities dedicated to this occasion and livestreamed their initiatives through the CoE Data Protection Day webpage. The event was contributed by AZOP – Croatian data protection supervisory authority, CNIL – French data protection supervisory authority, URCDP – data protection authority of Uruguay, and NPC – data protection supervisory authority of the Philippines. The recordings of the event are accessible here: <Data Protection Day - 28 January - Data Protection>.
As usual the Secretariat of the Committee of Convention 108 prepared the 2026 edition of the Complication of Data Protection Initiatives in the World which is available here: Data Protection Day - 28 January - Data Protection . The complication outlines and presents activities and initiatives undertaken by Parties to Convention 108 world widely.
Plus, the National Center for Personal Data Protection (NCPDP) organised on January 28, 2026 in the context of the Republic of Moldova taking over the presidency of the Committee of Ministers of the Council of Europe a national conference entitled "Implementation of the legal framework on data protection: challenges, benefits, resilience" to which the Secretariat has also contributed. More info: National Conference „Implementation of the Legal Framework on Data Protection: Challenges, Benefits, Resilience”
It is also in this spirit that the Chair of the Committee of Convention 108 as well as the independent Data Protection Commissioner of the Council of Europe has issued respectively a statement.
Speech from Beatriz de Anchorena, chair of the Committee of Convention 108
Good morning everyone. Thanks to the EDPS and to the COE for organizing this conference. It is an honour to be part of this discussion in the context of the International Data Protection Day.
If we look back just one year ago, from the previous Data Protection Day to today, we have witnessed profound geopolitical shifts, together with an acceleration of technological change and new citizen demands that are reshaping both the political agenda and the regulatory landscape.
Over the past year, Convention 108+ has advanced, welcoming two new ratifications - Greece and Monaco - and new observers, such as Ecuador, Colombia, the African Network and the Chilean association of professionals, alongside a sustained work carried out within the Committee of Convention 108. This includes the adoption of key documents and an ongoing work on guidelines to safeguard fundamental rights in the context of emerging technologies. All of this work reinforces Convention 108+ as a living and evolving instrument: a level playing field for the protection of personal data.
In this scenario, the guiding question for this conference: “reset or refine?” is one that demands strategic direction. Is it necessary to reset the data protection model in the name of competitiveness and simplification? or we must move towards a refining strategy, preserving a human-rights-based foundation while adapting it to new realities? I find this question quite challenging.
From a public policy perspective, regulation should be understood as a product; an output of the political system. It is a specific type of public policy, it is more than enforcement. In practice, public policies rarely change through abrupt resets. More often, they evolve through incremental adjustments (I like to say incremental modernization) that builds on existing frameworks, allowing for stability, political agreements, consensus and collective learning over time.
I believe that incremental change is about gradual improvement, calibration and refinement. By contrast, resets tend to introduce radical changes that make it more difficult to rebuild institutions and sustain public action.
To refine, in this sense, means adapting to new contexts. It is about adding value while safeguarding human rights. In this sense, the governance of data protection means listening to a variety of stakeholders but making the final decision on the public sector to protect people's common good.
This logic of refinement does not apply only to regulatory models or legal frameworks. It also applies to a way of understanding international relations and international cooperation. A refine strategy helps to manage changes in a gradual way, mitigating risks while safeguarding fundamental rights.
This kind of strategy requires timing, institutional capacities and effective leadership. And in a complex international context it also requires cooperation, which becomes an invaluable asset to achieve a common strategy.
Convention 108+, the only legally binding instrument in data protection, is the instrument we have to achieve a common international strategy regarding data protection. On this background, Convention 108+ provides a robust framework that has enabled countries to operate changes, align standards, and strengthen institutional capacities over time.
In this context, the discussion on the ratifications needed for its entry into force becomes particularly relevant. Ratification is a strategic and political choice to continue elevating data protection standards and to consolidate a shared framework for many countries ready to step in.
At its core, the Convention establishes a clear set of basic guarantees for the processing of personal data, grounded in human rights. These guarantees apply across different legal systems and regulatory approaches, providing a common reference point beyond national or regional characteristics.
Convention 108+ also offers a platform for dialogue and cooperation that transcends borders, open to all continents, applicable to both public and private actors. Article 17 of Convention 108+ explicitly establishes a legal basis for international cooperation, giving a central role in shaping the global data protection landscape to foster regulatory convergence.
This is precisely why ongoing discussions on data protection reform do not weaken the role of Convention 108+. On the contrary, as regulatory frameworks evolve, the need for a shared instrument defining minimum standards becomes even more important. In other words, in a changing world, binding international commitments provide sustainability, legal certainty, and trust.
Convention 108+ is a concrete platform for international cooperation. It enables the exchange of experiences, mutual support and coordinated action among data protection authorities around the world. A clear example of this “network effect”, is the dynamic of the Ibero-American Data Protection Network (RIPD), which we, from the Argentinian Agency, take part as members of its Executive Committee. The Standards of this network were strongly inspired by the principles of Convention 108+. There is a mutual recognition between both spaces and sustained efforts to build convergence.
Within Latin America, this cooperation is driven by a strategic and situated vision of privacy and data protection: one that seeks to develop regional harmonization while combining the protection of fundamental rights with innovation, trade and economic development. Convention 108+ provides a shared reference that supports this balance and enables incremental alignment over time.
These days there is a lot going on between Latin America and the EU. On one hand, we have initiatives as the Mercosur / EU agreement. But also to the traditional countries as Uruguay and Argentina (that has the adequacy decision since 2003), Brazil is now joining this group following yesterday’s announcement by the European Commission.
To sum up: Brasil, Ecuador and Colombia are observers to Convention 108 and eager to ratify 108+ once it comes into force. Hopefully Chile and Peru will follow this path. Also, the Committee of Convention 108 is actively working to build strategic alliances with other regional and global networks, reinforcing synergies.
Cooperation also translates into practical regulatory tools. Standard Contractual Clauses, for example, are a key instrument for convergence in cross-border data transfers. The compatibility between the RIPD’s clauses and those developed under Convention 108+, as well as their alignment with other existing models, makes them a modern and effective mechanism to facilitate data flows while ensuring a high level of protection.
Building on this convergence, will continue to ensure that the Council of Europe’s Standard Contractual Clauses become increasingly accessible and widely used, supporting safe and trusted data flows between countries.
Looking ahead, the Committee of Convention 108 is also exploring ways to strengthen its international presence, including the appointment of rapporteurs to engage more deeply with other global and regional networks.
This work reflects a clear understanding: that raising data protection standards today relies on sustained cooperation within a broader international ecosystem. Because cooperation is one of the strongest tools we have to address shared challenges.
For countries that are actively committed with the international cooperation fora, the ratification of Convention 108+ is a concrete way to give that commitment a legal and institutional expression. Advancing in the ratification of Convention 108+ means committing to a shared framework that continues to evolve, that supports cooperation and trust, and that allows data protection to remain a cornerstone of democratic governance in a changing digital environment.
Today, Convention 108 brings together 55 countries and 41 observers. Convention 108+ has already received 46 signatures and 33 ratifications, and is now only five ratifications away from its entry into force. In addition, 5 Parties are already applying voluntarily the provisions of the amending Protocol, demonstrating strong commitment and confidence in the Convention’s modernized framework.
Each ratification strengthens this ecosystem. It reinforces convergence, expands the network, and sends a clear signal to those countries that are already aligning their frameworks with the Convention’s principles and are ready to move forward.
In this sense, the future application of Convention 108+ will depend on our collective political commitment to achieve an effective international cooperation. Addressing challenges such as emerging technologies, cross-border data flows and public security requires sustained dialogue and cooperation.
This is precisely what the next panel will explore: the topical challenges facing Convention 108+ as a global treaty, and the most pressing priorities for its future application. I am very pleased to hand over the floor to this discussion, which will be moderated by the Secretary to the Committee of Convention 108, Peter Kimpian.
So, on a day like today, dedicated to reflection and dialogue, the invitation is opened to all countries and stakeholders to join, to engage, and to actively participate in this shared mission. The world is changing, and international cooperation can help us refine our strategies, policies and regulatory approaches, while, more importantly, reaffirming our shared values, our democratic commitments, and the consensus on human rights.
Thank you very much for your attention and I wish you all a nice Data Protection Day.
