“Countries must agree at international level on the extent to which the surveillance performed by intelligence services can be authorised, under which conditions and according to which safeguards, including independent and effective oversight”, they stressed. The development of a new legal standard could be based on the numerous criteria already developed by the courts, including the European Court of Human Rights and the US Supreme Court.
Referring to the European Court of Justice’s judgment on “Schrems II” of 16 July 2020 concluding that the EU-USA “Privacy Shield” agreement does not provide an adequate level of protection to personal data transferred from the EU to the USA because of insufficient human rights safeguards arising in the context of the access to data by USA government’s surveillance programmes, the statement highlights that this decision has implications beyond EU-USA data transfers and provides an opportunity to strengthen the universal data protection framework.
The statement recalls the role that the Council of Europe’s modernised data protection treaty, not yet in force, can play in providing a robust legally binding agreement for the protection of privacy and personal data globally, notably concerning the flow of personal data across borders.
While the convention already provides a strong international legal framework for the protection of personal data and specifically addresses the need for an independent and effective review and supervision of restrictions to data protection justified by national security or defence, it does not fully and explicitly address some of the challenges posed at international level by the mass surveillance capacities, which requires the drafting of a new specific international legal standard.
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, also known as “Convention 108”, is the only legally binding instrument on the protection of privacy and data protection open to any country in the world. Adopted in 1981, the treaty was updated in 2018 by an amending protocol, not yet in force, ensuring that its data protection principles are still adapted to today’s tools and practices, and strengthening its follow up mechanism. So far, 55 countries have ratified “Convention 108” and many others have used it as a model for new data protection legislation throughout the world.
Council of Europe
Avenue de l’Europe
F67075 Strasbourg Cedex
Telefon: +33 (3) 88412000
http://www.coe.int
Telefon: +33 (3) 902147-04
E-Mail: jaime.rodriguez@coe.int