Strasbourg, 18 October 2013 T-PD (2014) WP
CONSULTATIVE COMMITTEE OF THE CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA
(T-PD)
WORK PROGRAMME OF THE T-PD
FOR 2014 and 2015
Directorate General Human Rights and Rule of Law
WORK PROGRAMME OF THE T-PD FOR 2014 AND 2015
1 – Modernisation of the Convention
The Consultative Committee will pursue the modernisation of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (hereafter referred to as ‘Convention 108’). This modernisation work was initiated following a decision of the Ministers’ Deputies (1079th meeting of 10 March 2010), supported by Resolution No. 3 on data protection and privacy in the third millennium which was adopted at the 30th Council of Europe Conference of Ministers of Justice (Istanbul, 24-26 November 2010) and Resolution 1843 (2011) of the Parliamentary Assembly of the Council of Europe on ‘the protection of privacy and personal data on the Internet and online media’.
Objective: the modernisation work aims on the one hand at securing that the general and key principles of the Convention fully address the challenges resulting from the technological developments and the use of new information and communication technologies, and on the other hand at strengthening Convention 108’s evaluation and follow-up mechanism.
Working methods: the T-PD will in 2014 contribute to the work of the Ad Hoc Committee on Data Protection (CAHDATA) as observer to this Committee and further develop the proposals regarding the evaluation and follow-up mechanism such as for instance the preparation of a model questionnaire which will serve as the backbone of the evaluations.
Partner (s): CRIDS, national experts and CoE experts
Rank of priorities: Top
2 – Review of existing Recommendations[1] or texts
2.1 Recommendation (87) 15 regulating the use of personal data in the police sector
Further to the finalisation of the report on the evaluation of the assessment of Recommendation (87) 15 regulating the use of personal data in the police sector, and underlining the crucial impact that this text has had on the development of corresponding legislation in the member states of the Council of Europe, the T-PD will decide on the necessary follow-up to give to the report and take the corresponding actions.
Objective: ensure that individuals continue to be protected in the highest and most appropriate way when their personal data are used in the police sector, in light of the development of new concepts and techniques for processing of personal data necessary for the purpose of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal sanctions.
Working methods: further to the finalisation of the report, the Bureau of the T-PD will make proposals to the Plenary as to what follow-up should be given to this evaluation of the implementation of the Recommendation in member states.
Partner (s): CoE experts and Data Protection Authorities
Rank of priorities: Top
2.2 Recommendation (89) 2 on the protection of personal data used for employment purposes
According the T-PD’s previous priorities and to the elements contained in the terms of reference of the Steering Committee on Media and Information Society (CDMSI), the T-PD will pursue the work of revision of this Recommendation.
Objective: to update this instrument in light of the technological developments as well as of other texts of the Council of Europe containing provisions on the processing of data in the employment field.
Working methods: the Bureau of the T-PD will finalise the draft revised Recommendation in view of its adoption at the 31st Plenary meeting of the T-PD and transmission to the CDMSI.
Partner (s): CoE experts
Rank of priorities: Top
2.3 Recommendation (97) 5 on the protection of medical data
Recommendation (97) 5 on the protection of medical data, its implementation as well as the implications of new technologies on the protection of individuals with regard to the processing of medical data will be examined by the T-PD and the necessary follow-up steps will be taken.
Objective: to assess the necessity of updating the existing Recommendation and provide, where appropriate, further normative guidance.
Working methods: Delegations will be asked to respond to a questionnaire aimed at identifying trends and concerns with the use of new technologies in the field of medical data, on the basis of which a scientific expert working in a multi-disciplinary manner and associating experts of other relevant fields will prepare a report recommending follow-up actions by the Committee.
Partner (s): CoE experts, Committee on Bioethics
Rank of priorities: Top
2.4 Progress report on the application of the principles of Convention 108 to the collection and processing of biometric data
The Consultative Committee will, in light of the scientific experts’ report on the same topic, examine the need to complement its Progress report on the application of the principles of Convention 108 to the collection and processing of biometric data (report of 2005)..
Objective: to ensure that the latest developments in the field of biometric technologies are covered by the Committee’s guidance.
Working methods: the Bureau of the T-PD will on the basis of the work submitted by the consultant propose follow-up action by the Committee.
Partner (s): CoE experts
Rank of priorities: Top
3 – Implementation and promotion of Convention 108
The Consultative Committee will continue to contribute to the work of implementation and promotion of the Convention throughout the world with a view to pursuing broadening the number of Parties to the Convention, by member states as well as non-member states of the Council of Europe.
This objective fully responds to the decision of the Ministers’ Deputies (1176th meeting of 10 July 2013) whereby the Deputies “welcomed the increasing number of Parties to the Convention and the growing interest in this treaty by non-member States, while encouraging the T-PD and the Secretariat to pursue the promotion of the Convention to facilitate responses to global challenges to data protection”.
Objective: to ensure that the principles of Convention 108 are fully adhered to by the Parties to the Convention, assisting new Parties and requesting ones to adapt their national systems (legislation and the way it is implemented and enforced) to Convention 108, and to obtain further accession to the Convention by countries having an appropriate data protection system.
Working methods: Projects of technical assistance funded by external sources and enabling regional or bilateral focus, participation in various international, regional and national events enabling to raise-awareness on the Convention and its benefits.
Partner (s): CoE experts
Rank of priorities: Top
4 - Other work[2]
The Consultative Committee will continue to promote the celebration of data protection day and ensure that raising awareness and educating to data protection remains a key aspect of the work of the various stakeholders.
The Consultative Committee will continue to provide its unique expertise to other Council of Europe instances, and external fora, where their activities have a link with data protection questions.
It will notably seek to cooperate more closely with the Committee on Bioethics with a view to providing guidance on topical developments in the field of the use of data relating to health, notably in the sector of bio banks or more generally research (anonymisation of biological samples of human origin and associated data).
In light of the increasing volume of international flows of personal data for tax or financial purposes, the consultative Committee will provide guidance on the operation of automated exchanges of data occurring in that context.
The Committee will provide guidance in respect of the processing of personal data in the context of police/criminal files.
The Consultative Committee will where necessary and possible develop sectorial guidelines for states, the private sector and civil society on trends and challenges posed by the new technologies and the use of internet, in particular on the basis of the issues identified in the 2013 report on “The use of the Internet and related services, private life and data protection: trends and technologies, threats and implications”, in order to tackle a series of issues, such as profiling (in light of Recommendation (2010)13 on the protection of individuals with regard to automatic processing of personal data in the context of profiling), computerised glass, new generation of video-surveillance technologies, drones, the internet of things, etc.
Subject to adequate resources, the Consultative Committee will contribute to the implementation of other relevant parts of the Council of Europe Strategy on internet governance (2012-2015) such as the development of measures and tools for children and their families to better manage their privacy and personal data, in particular in the internet environment.
Appendix I
Terms of reference of the CAHDATA
(Note: the terms of reference 2014 will be added to the present document and posted on our website as soon as they will have been adopted by the Committee of Ministers)
Appendix II
Terms of reference of the Steering Committee on Media and Information Society (CDMSI)
(Note: the terms of reference of the CDMSI for 2014-2015 will be added to the present document and posted on our website as soon as they will have been adopted by the Committee of Ministers)
Appendix III
Action line 3 of the Council of Europe Internet governance strategy 2012-2015
III. Advancing privacy and data protection
10. People are spending an increasing amount of time exercising their rights to freedom of opinion, expression, information, assembly and association on the Internet for both professional and personal reasons which is resulting in an increasing amount of personal data being deposited and transmitted online. Efforts to protect their privacy and in particular their personal data are therefore more and more important.[3]
10.1 The freedom, dignity and privacy of Internet users must be a central concern and priority for democracies, especially governments which rely upon and encourage the use of new technologies. Action will focus on the following:
a. modernising the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 108 also known as “Convention 108”) so that it fully addresses the challenges posed by new technologies and facilitates greater consensus between governments and other stakeholders on global technology-neutral privacy standards;
b. strengthening the implementation of Convention 108 through the Council of Europe Consultative Committee (T-PD), and through the implementation of technical assistance programmes in Europe and third countries;
c promoting accession to Convention 108 by member states as well as non-member states of the Council of Europe;
d. reviewing and, where necessary, updating recommendations of the Committee of Ministers of the Council of Europe on the protection of personal data used for employment purposes,[4]the use of personal data in the police sector[5] and the protection of medical data;[6]
e. reviewing Council of Europe standards on anonymity;[7]
f. securing the right to privacy of citizens, including children and vulnerable persons, in the new media environment[8]in line with Convention 108, in particular by:
- promoting the development of measures and tools for children and their families to better manage their privacy and personal data and, in this connection, their identity, such as by using pseudonyms on the Internet;
- promoting practices that enable the deletion of content produced by children, including its traces (logs, records and processing) within a reasonably short period of time;and exploring whether this approach may be broadened;[9]
g. developing human rights-based data protection guidelines for states, the private sector and civil society in the light of trends and challenges posed by the Internet (this concerns for example health related data, in particular genetic data, biometric data, “cloud computing”, “privacy by design”, “Internet of things”, requesting the removal of personal data from the Internet, geo-location tracking, and informed “consent” to terms and conditions of service).
[1] Activities mentioned under this section are reflected, for some recommendations, in the terms of reference of the Steering Committee on Media and Information Society (CDMSI).
[2] Activities mentioned under this section are notably reflected in the terms of reference of the Steering Committee on Media and Information Society (CDMSI) and the Internet governance Strategy of the Council of Europe for 2012-2015.
[3] See Resolution 1843 and Recommendation 1984 (2011) of the Council of Europe Parliamentary Assembly: http://assembly.coe.int/Mainf.asp?link=/Documents/AdoptedText/ta11/ERES1843.html and http://assembly.coe.int/Mainf.asp?link=/Documents/AdoptedText/ta11/EREC1984.html.
[4] See Recommendation of the Committee of Ministers of the Council of Europe No. R (89) 2 on the protection of personal data used for employment purposes:
[5] See Recommendation of the Committee of Ministers of the Council of Europe No. R (87) 15 regulating the use of personal data in the police sector: https://wcd.coe.int/ViewDoc.jsp?id=704881&Site=CM&BackColorInternet=C3C3C3&BackColorIntranet=EDB021&BackColorLogged=F5D383.
[6] See Recommendation of the Committee of Ministers of the Council of Europe No. R (97) 5 on the protection of medical data: https://wcd.coe.int/ViewDoc.jsp?id=571075&Site=CM&BackColorInternet=C3C3C3&BackColorIntranet=EDB021&BackColorLogged=F5D383 .
[7] See principle 7 on anonymity of the 2003 Declaration of the Committee of Ministers on freedom of communication on the Internet:
[8] See Recommendation CM/Rec(2009)5 of the Committee of Ministers to member states on measures to protect children against harmful content and behaviour and to promote their active participation in the new information and communications environment, adopted on 8 July 2009: https://wcd.coe.int/ViewDoc.jsp?Ref=CM/Rec(2009)5&Language=lanEnglish&Ver=original&Site=CM&BackColorInternet=9999CC&BackColorIntranet=FFBB55&BackColorLogged=FFAC75.
See Declaration of the Committee of Ministers of the Council of Europe on protecting the dignity, security and privacy of children on the Internet, adopted on 20 February 2008: https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(20.02.2008)&Language=lanEnglish&Ver=0001&Site=COE&BackColorInternet=9999CC&BackColorIntranet=FFBB55&BackColorLogged=FFAC75.
See Recommendation Rec(2006)12 of the Committee of Ministers to member states on empowering children in the new information and communications environment, adopted by the Committee of Ministers on 27 September 2006: https://wcd.coe.int/ViewDoc.jsp?Ref=Rec(2006)12&Sector=secCM&Language=lanEnglish&Ver=original&BackColorInternet=9999CC&BackColorIntranet=FFBB55&BackColorLogged=FFAC75.
See Recommendation No. R (99) 5 of the Committee of Ministers to member states for the protection of privacy on the Internet: https://wcd.coe.int/ViewDoc.jsp?id=407311&Site=CM&BackColorInternet=C3C3C3&BackColorIntranet=EDB021&BackColorLogged=F5D383.
[9] See Declaration of the Committee of Ministers of the Council of Europe on protecting the dignity, security and privacy of children on the Internet, adopted on 20 February 2008: