Convention for the Protection of Humans with regard to Automatic Processing of Personal Data

from Wikipedia, the free encyclopedia

The European Data Protection Convention is an international treaty that regulates the protection and cross-border exchange of personal data. Its official name is "Convention for the Protection of Human Beings with regard to Automatic Processing of Personal Data (Convention No. 108)" .

history

The convention was agreed on January 28, 1981 by the then member states of the Council of Europe and entered into force on October 1, 1985. As a result of this signature, January 28th has been European Data Protection Day since 2007 .

With the convention, the signatory states wanted to ensure data protection within the scope of the convention. In view of the increasing cross-border data traffic, a uniform level of data protection should be established within the signatory states. In the background, however, there was also the consideration that excessive data protection could inhibit the exchange of information between the individual states.

The signatory states were therefore obliged by the convention to protect the rights and fundamental freedoms - in particular the personal rights - of the people living on their territory during the automated processing of personal data and at the same time to fundamentally allow the free transfer of data to other signatory states .

The convention contains certain elementary data protection principles that had to be implemented in national law, including the principle of data processing in good faith, the principle of purpose limitation, the principle of necessity and the data subject's right to information. However, these principles only apply to personal data that is processed automatically - i.e. with IT support. Personal data that is only processed manually - for example employee data in personnel files - are not subject to the European Data Protection Convention.

The Federal Republic of Germany was one of the first to sign, but it was not until June 19, 1985 that it ratified the Convention as the fifth state after Sweden , France , Spain and Norway . With ratification by Germany, the Convention entered into force in these five states on October 1, 1985.

In Austria the convention came into force on July 1, 1988, in Switzerland on February 1, 1998. 38 countries have now acceded to the European Data Protection Convention, most recently Montenegro on June 6, 2006.

The Convention was supplemented on November 8, 2001 by the “Additional Protocol to the European Convention for the Protection of Human Beings with regard to the Automatic Processing of Personal Data with regard to Control Points and Cross-Border Data Traffic” (Additional Protocol). According to its Art. 1, the contracting states see completely independent supervisory bodies to guarantee the rights and fundamental freedoms in the processing of personal data, i. H. state data protection officers or commissions. According to Art. 2, personal data should only be allowed to be transmitted to third countries or organizations if an adequate level of data protection is guaranteed there, whereby deviations from this principle are permitted under broad conditions. Finally, Article 3 regulates that Articles 1 and 2 are to be regarded as additional articles to the Convention. The additional agreement entered into force for Germany on July 1, 2004, for Austria on August 1, 2008 and for Switzerland on April 1, 2008.

The convention is currently being revised to adapt it to technological developments since 1981. The aim is to achieve a certain consistency with the legal development in the EU, which is currently being shaped by the discussion of the drafts for a General Data Protection Regulation and a directive for the police and judiciary. As part of a public consultation process, 50 opinions were received by the Convention's Advisory Committee by June 2012. On November 30, 2012, he recommended his amendments, with which u. a.

  • abandoned the restriction on automated data processing,
  • the principle of legal reservation in data processing strengthened,
  • genetic and biometric data better protected,
  • the powers of the data protection supervisory authorities are strengthened and
  • the convention for the accession of the EU and international organizations should be opened to the Council of Ministers for final decision-making by an ad hoc committee

literature

  • Marie-Theres Tinnefeld, Eugen Ehmann, Rainer W. Gerling: Introduction to data protection law . Data protection and freedom of information from a European perspective. 4th, completely revised and enlarged edition. Oldenbourg, Munich / Vienna 2005, ISBN 978-3-486-27303-8 (5th edition 2011, ISBN 978-3-486-59656-4 ).

Web links

supporting documents

  1. http://www.conventions.coe.int/Treaty/GER/Treaties/Html/181.htm
  2. http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
  3. http://ec.europa.eu/home-affairs/doc_centre/police/docs/com_2012_10_en.pdf
  4. http://www.coe.int/t/dghl/standardsetting/dataprotection/TPD_documents/T-PD-BUR_2011_01_%20MOS6%20Results.pdf
  5. http://www.coe.int/t/dghl/standardsetting/dataprotection/TPD_documents/T-PD(2012)RAP29Abr%20E%20-%20Abridged%20report%20of%20the%2029th%20T-PD%20meeting% 20 (Strasbourg% 2027-30% 2011% 202012) .pdf .