You are currently browsing EDRi's old website. Our new website is available at https://edri.org

EDRI-gram

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

Modernisation of CoE Convention 108: EDRi's comments

6 June, 2012
» 

This article is also available in:
Deutsch: Europarat: EDRi-Stellungnahme zur Modernisierung der Konvention 108

EDRi submitted last week its comments on the proposal for the Modernisation of Council of Europe (CoE) Convention 108 for the Protection of Individuals with Regard to Automatic Processing of Personal Data.

EDRi reiterated its support to the overall objectives of the Modernisation process, and expressed its satisfaction that most of its earlier comments have been taken into account in subsequent versions of the proposal. While EDRi generally welcomed this latest draft, some provisions still need some revision.

For example, EDRi considers that the paragraph which allows any Party to the Convention to apply it to legal persons, should be deleted. The reasoning is first, that this is beyond the scope of the Convention, which deals with the protection of “individuals”. Secondly, this provision contradicts the very notion of “personal” data protection. Furthermore, the paragraph raises major concern with respect to freedom of information and the right to access to documents (where the concerned legal person is a public entity) and with respect to the principles of transparency and accountability that are necessary in a democratic society (where the concerned legal person is a private entity).

Also, EDRi welcomes the inclusion of data breach notifications provisions, but sees it as currently too weak to actually avoid possible breaches of the fundamental rights and freedoms of the data subject or his interests. In order to overcome this problem without imposing too cumbersome and unnecessary obligations on the controller (especially when the controller is an SME), EDRi suggests to consider a two-level system of data breach notification obligation, so that (i) the Supervisory Authority is notified in any case of data breach and (ii) the data subject is also notified when the data breach presents serious risks for him/her or when the Supervisory Authority decides so.

EDRi Comments on Modernisation of Convention 108
http://edri.org/files/EDRI-CommentsOnConvention108-30052012.pdf

Council of Europe - Modernisation of Convention No. 108
http://www.coe.int/t/dghl/standardsetting/dataprotection/modernisation...

(Thanks to Meryem Marzouki - EDRi-member IRIS, France)

‹ BEREC’s findings on net neutralityupCzech Republic: Attempts to reintroduce data retention ›
Printer-friendly version
 
Site by Floatleft.

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo