• español
• · deutch
• · français

STANDARDS ON PRIVACY AND PERSONAL DATA

Resolution on the urgent need for protecting privacy in a borderless world, and for reaching a Joint Proposal for setting International Standards on Privacy and Personal Data Protection-.

Proposers:

• The Agencia Española de Protección de Datos (Spain) and
• the Préposé fédéral à la protection des données et à la transparence (Switzerland)

Co-proposers:

• La Commission Nationale de l’Informatique et des Libertés (France)
• The Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
• The Garante per la Protezione dei Dati Personali (Italy)
• The Information Comissioner’s Office (United Kingdom)
• The State Data Protection Inspectorate of the Republic of Lithuania
• The Office for Personal Data Protection (Czech Republic)
• The Hellenic Data Protection Authority
• The Dutch Data Protection Authority
• The Inspector General for Personal Data Protection (Poland)
• The Irish Data Protection Commissioner
• The National Data Protection Commission (Portugal)
• The National Directorate for Personal Data Protection of Argentina
• The Data Protection Commissioner of Guernsey
• The New Zealand Privacy Commissioner
• The Data Protection Agency of Andorra
• The European Data Protection Supervisor
• The Berliner Beauftragte für Datenschutz und Informationsfreiheit
• The Data Protection Agency of the Basque Country (Spain)
• The Data Protection Agency of Catalonia (Spain)
• The Data Protection Agency of the Region of Madrid (Spain)

The conference recalls that:

• The declaration adopted at its 22nd Conference in Venice;
• The declaration adopted at its 22nd Conference in Venice;
• The resolution adopted at its 26th Conference in Wroclaw;
• he declaration adopted at its 27th Conference in Montreux;
• he London Initiative presented at its 28th Conference in London; and
• The resolution adopted at its 29th Conference in Montreal;
• aim at strengthening the universal character of the rights to data protection and privacy and call for the development of a universal convention for the protection of individuals with regard to the processing of personal data.
• In particular in the Montreux declaration, the Conference appealed to the United Nations to prepare a legally binding instrument which clearly sets out in detail the rights to data protection and privacy as enforceable human rights. The conference also appealed to the Council of Europe to invite non-member states of this organisation which already have adequate data protection legislation to accede to the Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108) and its additional Protocol (ETS No. 181).
• In the resolution of the 29th Conference, the commissioners stressed the necessity of supporting the development of effective and universally accepted international privacy standards as a mechanism for assisting parties to establish and demonstrate compliance with legal requirements of a data protection and privacy nature.

The conference notes that promising efforts have since been undertaken to achieve these aims and in particular the following.

• The question of a universal Convention is an item in the work programme of the International Law Commission of the United Nations.
• The Council of Europe is in favour of the accession of non-member states which already have data protection legislation in accordance with the Convention ETS No. 108 and has decided to promote the instrument on a world level. The Council has restated the potentially universal value of the Convention ETS No. 108, in particular during the World Summit on the Information Society in Tunis (November 2005) and within the framework of the Internet Governance Forum in Athens (2006) and Rio (2007).
• On 12 june 2007 the OECD adopted the Recommendation on Cross-border Cooperation in the Enforcement of Laws Protecting Privacy that aims in particular at improving the domestic frameworks for privacy law enforcement to better enable the domestic authorities to co operate with foreign authorities and at developing effective international mechanisms to facilitate cross-border privacy law enforcement cooperation.
• The regional conferences of UNESCO in 2005 (Asia-Pacific) and 2007 (Europe emphasize the priority character of data protection.
• The initiatives of the Article 29 Working Party of the European Union to simplify the procedures of the approval of Binding Corporate Rules (BCR) and to develop contractual solutions regulating transborder data flows.
• In the final declaration of the 11th Summit of La Francophonie, held in Budapest in September 2006, the heads of states and governments committed themselves to intensifying at the national level legislation and regulations necessary to establish the right of individuals to data protection, and to work on the global level towards the development of an international convention guaranteeing an effective right to data protection.
• In November 2004 APEC adopted the APEC Privacy Framework to strengthen privacy protection and maintain information flows. In September 2007 APEC launched a Privacy Pathfinder to develop implementation frameworks that ensure accountable cross-border data flows that support business needs, reduce compliance costs, provide consumers with effective remedies, allow regulators to operate efficiently, and minimise regulatory burdens.
• The Francophone Association of Data Protection Authorities (AFAPDP) founded in Montreal in the margins of the 29th International conference of data protection and privacy commissioners supports in its aims the elaboration of a universal convention and efforts to achieve the accession to the Convention ETS No. 108 of non-member states of the Council of Europe.
• The Ibero-American Data Protection Network (RIPD) adopted a statement during its sixth meeting held in Columbia in May 2008 appealing to the international conferences relating to data protection and privacy, regardless of their geographical scope, to continue their efforts to adopt a common legal instrument.
• Central and Eastern European Data Protection Authorities (CEEDPA) during their last meeting held in June 2008 in Poland acknowledged the willingness to continue and enhance common activities within the framework of the CEEDPA, in particular in elaborating common solutions and in assisting new members to implement their data protection legislation.

The Conference considers the following:

• The rights to data protection and privacy are fundamental rights of every individual irrespective of his nationality or residence.
• With the expansion of the information society, the rights to data protection and privacy are essential conditions in a democratic society to safeguard the respect for the rights of individuals, a free flow of information and an open market economy
• The globalisation of information exchange and personal data processing, the complexity of systems, the potential harms derived from the misuse of more and more powerful technologies and the increase of security measures require a quick and adequate answer to guarantee the respect for rights and fundamental freedoms, and in particular the right to privacy.
• The persisting data protection and privacy disparities in the world, in particular due to the fact that many states have not yet passed adequate laws, harm the exchange of personal information and the implementation of effective global data protection.
• The development of cross-border rules that guarantee in a uniform way the respect for data protection and privacy has priority.
• The recognition of these rights requires the adoption of a universal legally binding instrument establishing, drawing on and complementing the common data protection and privacy principles laid down in several existing instruments and strengthening the international cooperation between data protection authorities.
• The implementation of the guidelines developed by organisations such as APEC or the OECD, especially regarding the adoption of international frameworks with the aim of improving the respect of the rights for data protection and privacy on the crossborder data flows, is a positive step for reaching this objective.
• The accession to binding instruments of universal value, such as the Convention of the Council of Europe for the protection of individuals with regard to automatic processing of personal data (ETS No 108) and its additional Protocol regarding supervisory authorities and transborder data flows (ETS N° 181), which contain basic principles of data protection, are likely to facilitate the exchange of data between parties as they provide mechanisms and a platform for co-operation between data protection authorities, envisage their establishment exercising their functions in complete independence and promote the implementation of an adequate level of data protection;.
• The 30th International Conference of Data Protection and Privacy Commissioners is an appropriate forum to adopt a strategy specifically aimed at reaching these objectives.

Consequently, the Conference repeats its appeal to elaborate a universal legally binding instrument on data protection and privacy, by adopting the following resolutions: .

• The Conference supports the efforts that the Council of Europe is making to improve the fundamental rights to data protection and privacy. Therefore the Conference invites the member-states of this organisation which have not yet ratified the Convention for the protection of individuals with regard to automatic processing of personal data and to its additional protocol to do so. The Conference invites nonmember states in a position to do so to consider responding to the Council of Europe’s invitation to accede to Convention STE N° 108 and its additional protocol. Taking into account its resolution concerning the Establishment of a Steering Group on Representation at Meetings of International Organisation, the Conference is also willing to contribute to the work of the consultative committee of the Convention ETS N° 108.4
• The Conference supports action taken within APEC, OECD and other regional and international fora to develop effective means to promote better international standards of privacy and data protection.
• The Conference mandates the establishment of a working group, co-ordinated by the organising authority of the 31st international conference and composed of the interested data protection authorities, to draft and submit to its closed session a Joint proposal for setting international standards on privacy and personal data protection , according to the following criteria.
• To draw on the principles and rights related to the protection of personal data in the different geographic environments of the world, with particular reference to legal and other texts that have attracted a wide degree of consensus in regional and international forums
• To elaborate a set of principles and rights which, while reflecting and complementing existing texts, aim to achieve the maximum degree of international acceptance ensuring a high level of protection..
• To assess the sectors in which these principles and rights are applicable, including alternatives focused on harmonizing their scopes of application.
• To define, taking into account the diverse legal systems, the basic criteria that guarantee their effective application..
• To examine the role to be played by self-regulation.
• To formulate the essential guarantees for better and flexible international transfers of data.

The process of drafting this joint proposal should be carried out by encouraging extensive participation in the working groups, fora or hearings, of public and private organisations and entities, with the purpose of obtaining the broadest institutional and social consensus. Particular attention should be paid to the ongoing work of the International Organization for Standardization (ISO) and of the International Law Commission.

• Resolución en formato PDF - versión DE -
• Resolución en formato PDF - versión EN -
• Resolución en formato PDF - versión ES -
• Resolución en formato PDF - versión FR -

Co-financed by:

• Contact US
• Privacy Policy
• Legal notices