Data protection 10, 2018

Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data

European Union


Council of Europe


The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data is a Council of Europe treaty that was originally signed in 1981. Its aim was to strengthen data protection with respect to the automatic processing of personal data. It was prompted by the growing use of computers for administrative purposes and the move away from manual files. It was the first legally binding international instrument on data protection. It outlawed the collection of "sensitive" data on a person's race, politics, health, religion, sexual life, criminal record, etc., in the absence of proper legal safeguards. It also guaranteed individuals the right to know what information is stored about them and to have that information corrected. In October 2018 a Protocol amending the Convention was opened for signature.

The protocol aims to modernise the Convention and ensure consistency with other EU data protection activities, such as the GDPR and the Police Directive. The Convention is also an instrument of spreading the EU approach to data protection because it serves as the basis of privacy legislation in several countries outside the EU, providing a flexible multilateral framework. The Protocol contains several updates, such as 1) Stronger requirements regarding the proportionality and data minimisation principles; 2) Extension of the types of sensitive data, which will now include genetic and biometric data, trade union membership and ethnic origin; 3) the obligation to declare data breaches; 4) increased transparency of data processing; 5) new rights for the persons in an algorithmic decision making context; 6) stronger accountability of data controllers; 7) the requirement that the “privacy by design” principle is applied; 8) requiring the application of the data protection principles to all processing activities, including for national security reasons; 9) clear regime of transborder data flows; 10) reinforced powers and independence of the data protection authorities and enhancing legal basis for international cooperation.

AI Governance

This database is an information resource about global governance activities related to artificial intelligence. It is designed as a tool to help researchers, innovators, and policymakers better understand how AI governance is developing around the world.

We're collecting more examples as we find them. If you'd like to add yours to this map, please suggest an entry.

Suggest an entry
  • Filter by:
  • Current filters:
256 entries are listed below
  • Sort by: