Cross-border data exchange
Council of Europe The Council of Europe has launched Convention 108 for the protection of individuals with regard to the automatic processing of personal data. This Convention dates from 1981 and protects the right to privacy with respect to the automatic processing of personal data. So far, 53 States have undertaken to impose sanctions and remedies under their own domestic law, for violations of the provisions of the Convention. Some basic principles of the Convention are 1. the prohibition of unlawful processing of data (Art. 5 lit. a); 2. the processing of data must be purpose-related and proportionate (Art. 5 lit. b and c); 3. personal data must be made anonymous as soon as possible (Art. 5 lit. e); 4. Article 10 provides for sanction mechanisms in the event of violation of the provisions of the Convention. Accordingly, the ratifying state regulates corresponding sanction mechanisms itself. One of the interesting features of the Convention is Article 23, which allows countries which are not members of the Council of Europe to accede to the Convention. BDI’s position This set of rules was originally the first binding intergovernmental agreement to deal with data protection. It was reformed in 2018. The Protocol of Amendment is fully consistent with EU data protection law. This is an important development, as it represents another example of the successful export of binding EU data protection legislation. This is positive for business, as it also creates legal certainty.
OECD - The organisation for economic cooperation and development The OECD data protection guidelines date from 1980 and are non-binding and technologically neutral. They were drafted by a commission of experts and are intended to inspire government representatives to ensure comprehensive data protection in their respective jurisdictions. The guidelines also aim to encourage states to cooperate on data protection issues and to support the development of international agreements. This should also promote interoperability between data protection frameworks. The OECD Privacy Guidelines are particularly interesting because they provide a definition of personal data. They define personal data as "information relating to an identified or identifiable individual". In addition, the Guidelines contain provisions on the purposes for which data may be used (Part 2, point 9) and the corresponding safeguards (Part 2, point 11).
11