People's personal data are being processed every second; at work, in their relations with public authorities, in the health field, when they buy goods or services, travel or surf the Internet. Individuals are generally unfamiliar with the risks related to the protection of their personal data and of their rights in this respect. They are seldom aware of what they can do if they consider that their rights have been breached, or of the role of national data protection agencies. “Respecting Privacy, Safeguarding Data and Enabling Trust” is the theme for Data Privacy Day 2018. This day, annually held on January 28, aims to raise awareness of the importance of privacy and data protection as well as to unite privacy professionals worldwide in celebrating Convention 108 of the Council of Europe, the first legally binding international treaty dealing with the protection of personal data. The day, known as Data Protection Day in Europe, is celebrated across the USA, Canada, and 27 countries in the EU.
Convention 108 and Data Privacy Day
In 2006 the Council of Europe launched a Data Protection Day to be celebrated each year on 28 January, the date on which the Council of Europe’s data protection convention, known as “Convention 108”, was opened to signature. Data Protection Day is now celebrated globally and is called Privacy Day outside Europe. On this date, governments, parliaments, national data protection bodies and other actors carry out activities to raise awareness about the rights to personal data protection and privacy. These may include campaigns targeting the general public, educational projects for teachers and students, open doors at data protection agencies and conferences. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. The National Cyber Security Alliance (NCSA) officially leads the Data Privacy Day campaign and is advised by a distinguished advisory committee of privacy professionals to help the campaign align with the most current privacy issues in a thoughtful and meaningful way. Data Privacy Day is the signature event in a greater privacy awareness and education effort.
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) was opened for signature on 28 January 1981 and is still today the only binding international treaty in this field. It is open to any country, and has the potential to become a global standard. 46 member states of the Council of Europe and Uruguay are state parties, whereas Mauritius, Morocco, Senegal and Tunisia have been invited to accede. The treaty establishes a number of principles for states to transpose into their domestic legislation to ensure notably that data are processed through procedures set for by law, for a specific purpose, that data are stored for no longer than is necessary for the intended purpose, and that are not excessive in relation to the purposes for which they are stored. An additional protocol requires each party to establish an independent authority to ensure compliance with data protection principles, and lays down rules on transborder data flows to non Parties.
There are a number of international instruments that continue to have a significant influence on the development of privacy and data protection laws. The main international instruments are the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (Convention 108) of the Council of Europe, the OECD Privacy Recommendations and Guidelines (the OECD Guidelines), the European Union General Data Protection Regulation (the EU GDPR), the Asia-Pacific Economic Cooperation Privacy Framework (the Framework), and the African Union Convention on Cyber Security and Personal Data Protection.
The EU GDPR, is considered to be a ‘game changer’ and probably one of the most significant developments in the history of EU data protection law. The impact of the GDPR will not be confined to businesses based in the EU. The new rules will apply to any processing of personal information conducted from outside the EU that involves the offering of goods or services to individuals in the EU or the monitoring of individuals in the EU. This ambitious approach to jurisdiction, coupled with the potentially high level of fines (calculated on worldwide revenues) has ultimately prevailed, notwithstanding the plethora of concerns raised outside as well as within the EU. After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It entered in force 20 days after its publication in the EU Official Journal and is of direct effect in all members states two years after this date. The enforcement date is very near: 25 May 2018.
We have created a bibliographic overview on privacy and data protection intended as a starting point for research. It provides materials available in the Peace Palace Library catalogue, both in print and electronic format. Handbooks, leading articles, bibliographies, periodicals, serial publications and documents of interest are presented.
[number of readers: 716]