Information Commissioner's Office
ICO's blog on its international work
Blog posted by: Christine Ferguson, 10 October 2018.
ICO welcomes Government’s early signing of the modernised Convention 108
Today, a modernised version of the Council of Europe’s Convention 108 opens for signature in Strasbourg and the ICO is delighted that the UK Government is among the very first signatories.
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, to give it its full title, is the only legally binding international agreement on data protection and its modernisation is a key milestone for global data privacy regulation.
While Convention 108 was originally adopted in 1981 by the members of the Council of Europe, it is open to all countries which meet the required standards and want to demonstrate their commitment to strong data protection rules.
In addition to almost 50 Council member states, Mexico, Uruguay, Mauritius, Senegal, Tunisia and Capo Verde have all already joined Convention 108 and others have expressed interest in doing so. This is a very positive trend, which the ICO is keen to see continue.
One of the main motivations for modernising the Convention was to address better the privacy challenges arising from increasing use of information and communication technologies, the globalisation of processing operations and ever greater cross-border flows of personal data.
When it enters into force (after ratification by at least 5 member states), the modernised Convention will enhance protections for individuals’ personal data - including genetic and biometric data - strengthen transparency and accountability and add a requirement for notification of security breaches. It will also strengthen evaluation of law and practice in individual member states to ensure that its provisions are being implemented effectively.
For supervisory authorities such as the ICO, the modernised Convention will reinforce their role and the importance of having robust powers. In addition to their powers to intervene, investigate, engage in legal proceedings or raise violations of data protection provisions with judicial authorities, supervisory authorities will also have a clear duty to raise awareness, provide information and educate all involved in processing personal data as well as the ability to take decisions and impose sanctions.
The modernised Convention will also strengthen international co-operation and mutual assistance between supervisory authorities, with a requirement to co-ordinate investigations, conduct joint actions and to share information. This will be facilitated by a new network of supervisory authorities from Convention member states.
These are positive and exciting developments. The ICO looks forward to playing its part in making a success of the modernised Convention and to encouraging additional countries to join so that more people around the world can benefit from these high standards of data protection.
Council of Europe membership is significantly wider than that of the European Union and the EEA states that are subject to the GDPR. Modernised Convention 108 and GDPR were developed in parallel and are both consistent and complementary.
Latest News from
Information Commissioner's Office
Blog: Data protection doesn’t take a day off13/05/2019 15:20:00
Last year we began taking action against organisations for non-payment of the data protection fee, sending out a clear message that those who didn’t pay risked a fine.
Blog: Using biometric data in a fair, transparent and accountable manner13/05/2019 12:25:00
As technology takes ever greater strides, so organisations and businesses are harnessing its capabilities to help manage their contact with customers, including using it for means of identification and authentication.
Helping people be data aware09/05/2019 16:28:00
In our data-driven world, it’s more important than ever to know who is using people’s personal data, and why.
Blog: ICO regulatory sandbox09/05/2019 09:10:00
Please get in touch with any Sandbox queries as deadline for applications approaches.
ICO fines PPI claims company £120,000 for millions of nuisance texts08/05/2019 12:25:00
The ICO has fined a PPI claims management company £120,000 for sending unlawful spam texts about its services.
ICO says that voice data collected unlawfully by HMRC should be deleted07/05/2019 15:25:00
An ICO investigation into HMRC’s Voice ID service was prompted by a complaint from Big Brother Watch about the department’s conduct. The investigation focused on the use of voice authentication for customer verification on some of HMRC’s helplines since January 2017.
Blog: Helping us strike the right balance between journalism and data protection29/04/2019 15:20:00
Privacy and freedom of expression are both fundamental rights that are equally vital to our society, democracy and way of life.
ICO fines funeral plan firm and asks public to help elderly relatives to report nuisance calls17/04/2019 09:10:00
The Information Commissioner’s Office (ICO) wants people to support their elderly relatives or neighbours if they are receiving nuisance marketing calls.