Privacy & Information Security Law Blog

On June 28-30, 2011, the Council of Europe’s Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (known as the “T-PD-Bureau”) met in Strasbourg, France, to discuss, among other things, amending the Council of Europe’s Convention 108.  Convention 108, which underlies the European Union’s legal framework for data protection, is the only legally-binding international convention that addresses data protection.  Amendment of the Convention is thus closely linked to the current review of the EU data protection framework, and many of the same actors are involved in both exercises.

The T-PD-Bureau is comprised primarily of representatives from government ministries and European data protection authorities.  Observers in the meeting represented governments of countries such as Mexico, Russia and the United States, and organizations such as the European Commission, the European Data Protection Supervisor, the Organization for Economic Cooperation and Development and Interpol.  An agenda for the meeting, and a compilation of comments the Council of Europe has received in response to its open consultation on review of the Convention, are available on the Council of Europe’s website.

The group spent the majority of the meeting reviewing comments that have been received in connection with its consultation on Convention 108.  Among the topics discussed were the need to clarify existing definitions in the Convention or introduce new ones, the processing of sensitive data, whether new rights (such as the “right to be forgotten”) should be adopted in the Convention, and the regulation of transborder data flows.  The T-PD-Bureau hopes to develop written proposals for amending the Convention by the end of 2011, with a hearing for stakeholders to take place in early 2012 and final proposals to be presented in late 2012.

In addition, the group continued work on its “Draft Recommendation regulating the use of personal data used for employment purposes” and discussed draft opinions by the Council of Europe’s Committee of Experts on New Media addressing search engines and social networking, respectively.  Mention was made of the fact that Uruguay has applied to be the first non-European country to accede to Convention 108, and that the Council of Europe Committee of Ministers will make its decision on this request on July 6.

Richard Thomas, Global Strategy Advisor of the Centre for Information Policy Leadership at Hunton & Williams, gave a presentation regarding his proposal for developing “binding global codes” to facilitate international data transfers.  This proposal would allow an organization to develop and implement its own bespoke code with a set of binding rules for demonstrating and ensuring compliance with data protection principles and their practical implementation on a worldwide basis.

The next meeting of the T-PD-Bureau will be held October 10-12, 2011, and the Plenary of the Council of Europe’s Consultative Committee will meet November 29 to December 2, 2011.  Both meetings will be held in Strasbourg.