Information Commissioner's Office
ICO's blog on its international work
Blog posted by: Christine Ferguson, 10 October 2018.
ICO welcomes Government’s early signing of the modernised Convention 108
Today, a modernised version of the Council of Europe’s Convention 108 opens for signature in Strasbourg and the ICO is delighted that the UK Government is among the very first signatories.
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, to give it its full title, is the only legally binding international agreement on data protection and its modernisation is a key milestone for global data privacy regulation.
While Convention 108 was originally adopted in 1981 by the members of the Council of Europe, it is open to all countries which meet the required standards and want to demonstrate their commitment to strong data protection rules.
In addition to almost 50 Council member states, Mexico, Uruguay, Mauritius, Senegal, Tunisia and Capo Verde have all already joined Convention 108 and others have expressed interest in doing so. This is a very positive trend, which the ICO is keen to see continue.
One of the main motivations for modernising the Convention was to address better the privacy challenges arising from increasing use of information and communication technologies, the globalisation of processing operations and ever greater cross-border flows of personal data.
When it enters into force (after ratification by at least 5 member states), the modernised Convention will enhance protections for individuals’ personal data - including genetic and biometric data - strengthen transparency and accountability and add a requirement for notification of security breaches. It will also strengthen evaluation of law and practice in individual member states to ensure that its provisions are being implemented effectively.
For supervisory authorities such as the ICO, the modernised Convention will reinforce their role and the importance of having robust powers. In addition to their powers to intervene, investigate, engage in legal proceedings or raise violations of data protection provisions with judicial authorities, supervisory authorities will also have a clear duty to raise awareness, provide information and educate all involved in processing personal data as well as the ability to take decisions and impose sanctions.
The modernised Convention will also strengthen international co-operation and mutual assistance between supervisory authorities, with a requirement to co-ordinate investigations, conduct joint actions and to share information. This will be facilitated by a new network of supervisory authorities from Convention member states.
These are positive and exciting developments. The ICO looks forward to playing its part in making a success of the modernised Convention and to encouraging additional countries to join so that more people around the world can benefit from these high standards of data protection.
Council of Europe membership is significantly wider than that of the European Union and the EEA states that are subject to the GDPR. Modernised Convention 108 and GDPR were developed in parallel and are both consistent and complementary.
Latest News from
Information Commissioner's Office
Six month prison sentence for motor industry employee in first ICO Computer Misuse Act prosecution13/11/2018 12:20:00
A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.
Information Commissioner’s report brings the ICO’s investigation into the use of data analytics in political campaigns up to date06/11/2018 13:25:00
When we launched our investigation into the use of data analytics for political purposes in May 2017, we had little idea of what was to come.
Beesley Lecture - ‘Regulating the tech giants in the digital age’02/11/2018 12:46:00
ICO Deputy Commissioner (Operations) James Dipple-Johnstone’s speech at the Institute of Directors in London, 31 October 2018.
ICO sets alarm bells ringing for ‘cold callers’ as it fines home security firms01/11/2018 12:20:00
Two firms that were behind nearly 600,000 nuisance calls attempting to sell home security systems to people registered with the Telephone Preference Service (TPS), have been fined a total of £220,000 by the Information Commissioner’s Office.
ICO issues maximum £500,000 fine to Facebook for failing to protect users’ personal information26/10/2018 09:10:00
The Information Commissioner’s Office (ICO) has fined Facebook £500,000 for serious breaches of data protection law.
UK Information Commissioner elected chair of the International Conference of Data Protection and Privacy Commissioners24/10/2018 14:20:00
Elizabeth Denham, the UK’s Information Commissioner, was yesterday elected Chair of the International Conference of Data Protection and Privacy Commissioners (ICDPPC).
ICO's blog on its international work23/10/2018 15:20:00
Colleagues from across the organisation share their experiences and involvement in the ICO's ongoing contributions to the upholding of information rights across the globe.
New data protection self-assessment checklist for sole traders11/10/2018 11:25:00
The ICO yesteray launched a self-assessment checklist that will help sole traders and self-employed individuals to assess their compliance with new data protection laws.