The Council of Europe has proposed a revised convention on data protection, which the majority of European countries will be obliged to follow. We interviewed Sophie Kwasny, secretary to the Consultative Committee of the Council of Europe data protection convention, about the proposals, the difficulties faced, and the potential impact on national sovereignty.
The Council of Europe has proposed a revised convention on data protection, which the majority of European countries will be obliged to follow.
We interviewed Sophie Kwasny, secretary to the Consultative Committee of the Council of Europe data protection convention, about the proposals, the obstacles Europe faces to data protection, and the potential impact of pan-European laws on national sovereignty.
Bringing things up to date
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data is a somewhat dated international treaty aimed at addressing the right of individuals to the protection of their personal data. It was originally drafted in 1981, making this year the thirtieth anniversary, and Kwasny said that the Council decided that it would be appropriate to check if the principles of the convention are still fully in line with the modern use of data.
When the original convention was written the internet did not really exist, nor did the majority of the problems people face in terms of the proper use of their data. For example, there was no Facebook to house personal information, no Google to store user search data, and no Sony Computer Entertainment to hack.
Kwasny was quite clear that Europe has a good data protection reputation and that the proposals are not designed to replace the existing convention, but rather to keep the current framework and update it for the modern world.
She said that the old Convention was “not fully relevant” anymore, but qualified this by saying that “it's still up to date in the sense that the formulations and the principles are not out of date, so it's still matching the reality, but nevertheless … we can strengthen the individual rights, … we can increase the pro-active actions of the private sector on this, so let's do it. This will increase the protection in a way it wasn't foreseen 30 years ago, but now that we're tackling this we definitely think it's necessary to complement the current text with those points.”
So far 43 countries employ the existing convention, including all 27 European Union Member States. A number of other countries have also expressed interest, such as Uruguay, which would be the first non-European country to accede to the convention.
The United States, Japan, Canada, and Mexico were also present for talks. However, Kwasny told us that the United States made it clear that it would be an observer to the committee, but would not be party to the convention itself, due to major differences in the way it approaches data protection.
We asked if part of the reason why the Council of Europe is proposing an update to its convention on data protection is the fact that there have been so many incidents of privacy abuse by companies with access to people's information, not to mention the numerous data breaches of companies throughout the world by groups like Anonymous.
“I think that certainly the fact that you have more and more privacy issues on the news, it's raised first general public opinion on those issues, but indeed also the fact that we know that we have a protective framework which is there, but maybe we need to make sure that those cases are not repeated,” Kwasny said. “All those cases have definitely raised awareness … of the fact that some of the legislations in place did not sufficiently cover some of the new threats to privacy.”