Brussels, 28 January 2011
Data Protection Day: guaranteeing individuals' privacy rights
Nowadays the exchange of information across the globe has become easier and faster. An individual’s personal data – email, photos and electronic agendas – may be created in the UK using software hosted in Germany; processed in India; stored in Poland and accessed in Spain by an Italian citizen. This rapid increase in information flows around the world presents a big challenge for individuals' rights to personal data privacy. Data protection issues, including their cross-border dimension, affect people every day – at work, in dealing with public authorities, when buying goods or services, or when travelling or surfing the internet. Today – on Data Protection Day – the Council of Europe and the European Commission are joining forces to promote the fundamental right to data protection.
The annual Data Protection Day aims to give people the chance to understand what personal data is collected and processed about them and why, and what their rights are with respect to this processing.
The EU’s data protection rules are more than 15 years old. They have stood the test of time, but now they need to be modernised to reflect the new technological landscape. The European Commission will propose changes to the 1995 Data Protection Directive later this year.
"Effective data protection is vital for our democracies and underpins other fundamental rights and freedoms," said European Commission Vice-President Viviane Reding, responsible for Justice, Fundamental Rights and Citizenship. "We need to balance privacy concerns with the free flow of information, which helps create economic opportunities. These are the questions I want to address with our proposals to modernise the EU's data protection rules during 2011."
Today we mark the 30th anniversary of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108”).
“Confronted with the challenges raised by the rapid development of information technology, privacy rights matter more than ever. The Data Protection Convention has been a key tool for ensuring this right for 30 years and must be adapted to ensure this for the next 30 years as well,” Secretary General Thorbjørn Jagland said, emphasising “the need for a truly international framework that is human rights based, flexible, transparent and inclusive.”
Issues of privacy and data protection have not been far from the headlines in recent years. Technology has been advancing at an exponential rate, bringing dramatic changes in the way that personal data are used to provide goods and services. This applies especially to the online environment – from banking and travel to social networking. The sharing of personal data is also part of ensuring a secure and safe society.
The EU’s 1995 Data Protection Directive
On 4 November 2010, the Commission set out a strategy to strengthen EU data protection rules (IP/10/1462 and MEMO/10/542). It aims to protect individuals' data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU. This policy review will be used by the Commission with the results of a public consultation to revise the EU’s 1995 Data Protection Directive.
EU data protection rules (the 1995 Data Protection Directive 95/46/EC) aim to protect the fundamental rights and freedoms of natural persons, and in particular the right to data protection, as well as the free flow of data. This general Data Protection Directive has been complemented by other legal instruments, such as the e-Privacy Directive for the communications sector. There are also specific rules for the protection of personal data in police and judicial cooperation in criminal matters (Framework Decision 2008/977/JHA).
The right to the protection of personal data is explicitly recognised in Article 8 of the EU's Charter of Fundamental Rights and in the Lisbon Treaty. The Treaty provides a legal basis for rules on data protection for all activities within the scope of EU law under Article 16 (Treaty on the Functioning of the European Union).
Council of Europe action on data protection
Already a benchmark for 43 states in Europe, and the only international legally binding instrument with the potential to be applied worldwide, Convention 108 of the Council of Europe was opened for signature in 1981. Any country in the world with the required data protection legislation can become a party.
The Convention defines a series of universally recognised core principles and legally binding standards. Its technologically-neutral provisions protect against privacy intrusions by public and private authorities. It providesa legal framework for the transfer of personal data between countries that have ratified it and a platform for multilateral co-operation of states parties on an equal footing.
Countries can exchange ideas and best practices, and together develop new standards. In 2001, Convention 108 was supplemented by an additional Protocol regarding supervisory authorities and trans-border data flow.
28 January was chosen to mark Data Protection Day because it celebrates the anniversary of Convention 108. This year, the Council of Europe is using the occasion of Data Protection Day to launch a consultation on how to modernise Convention 108 and continue to raise data protection standards not only in Europe, but around the world.
Watch or download the Commission's clip on data privacy and social networks – available in all official EU languages:
Data Protection Day 2011
Council of Europe: Data Protection
European Commission: Data Protection
Homepage of Vice-President Viviane Reding, EU Commissioner for Justice, Fundamental Rights and Citizenship: