Council of Europe
Human Rights and Rule of Law
Information Society – Action against Crime Directorate
Information Society Department
Data Protection Unit
The Data Protection Unit of the Council of Europe welcomes the report “The age of digital interdependence” of the High Level Panel (`Report`) and its aim to “underscore the fact that universal human rights apply equally online as offline” in the digital age. We strongly support its emphasis to build on existing human rights frameworks and conventions and on the need of reassessing their implementation in the digital environment.
In a digitally interdependent world, the right to private life as enshrined in Article 12 of UNDHR, Article 17 of the International Covenant on Civil and Political Rights and in Article 8 of the European Convention of Human Rights, is and will increasingly be “an enabling right” which would, in simple terms, enable the exercise and full enjoyment of other human rights and fundamental freedoms. It will also remain the core factor in preserving human dignity and individual’s right to informational self-determination.
In this vein we would certainly support further work to protect individuals in the digital age and explore how the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108”), which is the only global, legally binding multilateral instrument on the protection of privacy and data protection, could better contribute to the implementation of the recommendations of the Report.
Convention 108 was open for signature in 1981 and since then, it has influenced various international (OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data), regional (EU, African Union) and national privacy legislations. Convention 108 currently counts 55 parties and some 25 observers. Beside the work related to the implementation of the Convention itself, the Council of Europe has already produced reference documents in important areas such as Artificial Intelligence, Big data, health related data, media and privacy, internet governance, data processing by law enforcement, etc. It is worthwhile mentioning that Convention 108+ (as amended by the protocol CETS No. 2231) is seen to become the international standard on privacy in the digital age by the UN special Rapporteur on the right to privacy as well who has already recommended “to all UN Member States to accede to Convention 108+” in two of his reports2. By joining Convention 108+ any country would participate at the highest possible level of the common international law in shaping the future of the right to private life while contributing to maintain the free flow of data globally.
Therefore we would strongly support efforts to further promote the application of the core provisions of the modernised Convention 108 throughout the IGF and its constituencies (notably the application of high level data protection principles for online data processing, the right choice of legal basis for the processing of personal data, its requirement on transparency from the data controllers’ side, the possibility for data subjects to exercise their rights with special attention to the new generation of rights, the high level data security, a transborder data flow regime based on an appropriate level of protection of individuals, the lawful use of exceptions for instance for national security and law enforcement purposes and the establishment of independent regulatory authorities with a mandate and effective powers to oversee the application of these principles and provisions).
In the digital age our focus should remain on two objectives: free flow of data and respect for human dignity, as stated in the Preamble of the Protocol amending Convention 108: “(…) it is necessary to secure the human dignity and protection of the human rights and fundamental freedoms of every individual and, given the diversification, intensification and globalisation of data processing and personal data flows, personal autonomy based on a person’s right to control of his or her personal data and the processing of such data”. Therefore we would suggest that further considerations be given to the recommendations of the Report in the following areas:
- The right to privacy has to be guaranteed by existing open, multilateral conventions with reference to the statement in Recommendation 3a. In achieving this, further efforts are to be deployed at the IGF level to encourage UN member states to accede to Council of Europe modernised Convention 108 and to ensure the application of its principles and provisions by other stake- holders.
- With reference to peer-to-peer information sharing as described on page
14, we believe that in addition, a real mechanism for joint actions open for regulatory and law enforcement authorities is to be put in place at the IGF to effectively protect individuals in the digital space (for example by a 24/7 alert mechanism, designation of focal points in national administration and in stakeholders’ structures, etc.).
- Furthermore, we would urge as referred to on page 18 in the sub-chapter
3.1 “Human Rights and Human Agency” in title “The right to privacy” that main definitions and principles are agreed upon and applied within the IGF in connection to the right to privacy (e.g.: definition of privacy, personal data, special categories of data, the right choice of legal base for the processing, accountability of data controllers, enforcement of rights, etc.).
- We would recommend tackling the issues and considerations pertaining to the right to privacy jointly with those pertaining to cyber-security (cyber- resilience) and fight against cyber-crime.
- We support any action as described on page 19 in sub-chapter 3.2 to build “Trust and social cohesion” and would recommend further emphasis on the question “How can trust be promoted in the digital age”. We believe that specific forum have to be created within the IGF, based on multi-stakeholder participation to effectively promote the free flow of data while guaranteeing an appropriate level of protection for individuals as enshrined in modernised Convention 108 and to deliver viable solutions for users, in a timely manner and without any discrimination.
2 2018 Annual Report on the Right to Privacy (Report A/73/45712) and Annual Report of 1 March 2019 to the UN Human Rights Council (Report A/HRC/40/63)