ICO's blog on its international work
30 Nov 2018 04:48 PM
Colleagues from across the organisation share their experiences and involvement in the ICO's ongoing contributions to the upholding of information rights across the globe.
30 November 2018
“Convention 108 is going global”
This is how the Commissioner-President of the Mexican Data Protection authority, INAI, summed up a recent 2 day Forum in Mexico City focussed on the Council of Europe’s Data Protection Convention (the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, to give it its full title). This Forum brought together data protection authorities and experts from the region and further afield. It was aimed both at a national audience, including provincial authorities, and at a wider regional and global audience with speakers from Ghana and Australia as well as Europe (UK and Spain) and Latin America (Uruguay, Chile and Peru).
Deputy Commissioner Steve Wood took the opportunity to stress the UK’s ongoing commitment to high data protection standards and to being a strong international partner. He also highlighted the potential for Convention 108 to provide a strong bridge between many Data Protection systems around the world. Full text of his speech is here.
Following the opening for signature last month of a Protocol to modernise Convention 108, there are encouraging signs of increased interest from countries outside the Council of Europe. The Convention is open to any country that meets the required data protection standards and therefore has the potential to become a truly global instrument. The UN Special Rapporteur on Privacy, Mr Joseph Canatacci, has recently called on all UN member states to accede to the Convention, where they can.
Currently, there are 6 non-Council of Europe states parties, with Mexico last month joining Uruguay, Mauritius, Senegal, Tunisia and Capo Verde. In addition, Argentina, Burkina Faso and Morocco have been formally invited to accede. At the Forum in Mexico City, both Chile and Peru expressed interest in joining the Convention to demonstrate their commitment to high data protection standards and to facilitate data flows in support of their growing digital economies. Brazil has become the newest observer to the Convention Committee, along with Gabon. They join Australia, New Zealand, Japan, South Korea, Philippines, Indonesia and others who join the Committee meetings to work on Guidelines and Recommendations to assist states parties in implementing the Convention’s provisions.
At last week’s Convention 108 Plenary meeting in Strasbourg, the Committee discussed in detail draft Guidelines on Artificial Intelligence (AI) and a draft Recommendation on the protection of health-related data. These reflect some of the key new elements of the modernised Convention, which aims to address technological advances since the original Convention opened for signature in 1981 and to enhance protection for personal data, including genetic and biometric data.
One of the other new aspects of the modernised Convention 108 is that, as well as having to meet required standards of data protection before joining, all states parties commit to periodic reviews by the Convention Committee of how individual parties are implementing and enforcing the Convention provisions. Looking ahead to entry into force of the modernising Protocol, the Committee also looked last week at the kind of information they would need to be requesting from states parties in order to make these assessments.
To date, 22 countries have signed the modernising Protocol, with UK among the first wave of signatories and Iceland signing last week. Ratification by at least 5 member states is required to bring the modernised Convention into force.