Convention 108 and 108+

People are living in increasingly digitised societies and require control over their own data. The Council of Europe recognised this need long ago, and on 28 January 1981 opened the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, also known as Convention 108. It was the first legally binding instrument in the field of data protection, and currently boasts 55 member states, having outgrown the borders of the Council of Europe. The reasons for this wide adoption hinge on several factors. At its core, it simply exists to safeguard the personal data of individual persons, but it goes further than that.

It establishes key principles in the processing of data, among others: fairness, lawfulness, and transparency. This allowed for the real-life dynamic of the processing of personal data to exist, since it means that, by following these principles, it is also possible to legitimately process data. New rights were recognised: persons should have access to their own data, be allowed to rectify false information, and object to certain types of processing.

Mechanisms were outlined allowing for oversight and enforcement of the Convention’s provisions, including the establishment of independent Data Protection Authorities in all members states. The final piece of the puzzle came in the form of international cooperation: the Convention encouraged member states to work together to develop common standards and practices for protecting personal data across borders.

In 2018 the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Protocol CETS No. 223) was adopted which will allow the subsequent entry into force of the Modernised Convention for the Protection of Individuals with regard to the Processing of Personal Data (“Convention 108+”).

Convention 108+ is a unique, global tool for regulatory harmonisation and convergence. Most importantly, it was once again an early reaction to developments in the high-tech sector, updating Convention 108 to ensure that it stays relevant in a fully digital age, guaranteeing every person’s right to informational self-determination while protecting their privacy and dignity.

Joining the Convention 108 and 108+ is an opportunity for countries worldwide to ensure international recognition for their level of data protection.

 

 Developing new standards and policies

While Convention 108+ can lay the groundwork, addressing emerging challenges requires reactive and practical guidance for all actors of the digital ecosystem. The COVID-19 pandemic pushed structures that were otherwise resistant to digitisation to go digital; as a result, the risks posed by data leaks, hacking, or active spyware such as Pegasus have increased. Meanwhile, AI and other emerging technologies, while providing solutions to many problems, also pose new risks.

In response to many of the above challenges, the Council of Europe has delivered numerous studies, guidelines and recommendations concerning a wide range of topics related to the digital environment, such as:

These tools exist to enable to states to react to the changing environment while protecting their citizens, regardless of whether they are member States or not.

 

 Enhancing international cooperation

Convention 108 provides a unique legal basis for international cooperation between the competent independent authorities.

Besides the member states of the Council of Europe, several third countries have become parties to Convention 108.

The Committee of Convention 108 brings together 55 state parties from four continents and over 40 observers committed to the evolution of data protection and promoting cooperation and multilateral exchange beyond regional borders.

Non-state actors also contribute to the work of the Committee.

The Parties to the Convention commit to a mutual co-operation and ensuring the highest level of data protection.  Joining Convention 108 and Convention 108+ offers the possibility to rely on a strong network of peers providing assistance, advice and support.

In an era of increasing digitisation, it is crucial to allow the competent authorities to work hand in hand on common challenges.

 

 Building national capacity

The Council of Europe is implementing several cooperation projects aimed at providing legal and technical assistance in the field of data protection to countries which express interest in such bilateral or regional cooperation. This form of targeted cooperation promotes the implementation of the Council of Europe’s standards in the field of privacy and data protection, enabling individuals to exercise their rights.

Besides improving national capacities, cooperation projects are an opportunity for member states to exchange their good practices in a practical manner, sharing their experiences, preventing others from making their mistakes, and bringing the two – or more – states closer together.

 

 Raising awareness

The Data Protection Day, which is celebrated annually and globally on 28 January. It marks the anniversary of the opening for signature of Convention 108. Especially around then, the Council of Europe promotes activities and events to increase awareness about issues related to the protection of personal data.

The Stefano Rodotà Award is awarded annually on the Data Protection Day by the Committee of Convention 108 in honour and memory of the leading Italian law Professor and politician, Stefano Rodotà.  

This Award honours innovative and original academic research projects in the field of data protection. The competition is open to students and researchers from members and observers states of the Committee data protection committee.

Protecting human rights, democracy, and the rule of law in the digital environment

 

WWW.COE.INT/DIGITAL

Resources & Updates
Follow us