english francais deutsch

IRIS 2012-2:1/6

Parliamentary Assembly

Texts on Personal Data on the Internet and Online Media

print add to caddie Word File PDF File

Frederik Zuiderveen Borgesius

Institute for Information Law (IViR), University of Amsterdam

The Parliamentary Assembly of the Council of Europe (“Assembly”) adopted a Resolution and a Recommendation on 7 October 2011, both entitled “The protection of privacy and personal data on the Internet and online media”. Since the late 1960s, the Council of Europe has been influential in the context of data protection regulation. In 1981 the Council of Europe drafted the first legally binding international instrument on data protection, the Data Protection Convention (Convention No. 108).

Some main points of the new Recommendation and the Resolution are listed below. In the Resolution the Assembly discusses recent developments in technology and society. The Assembly welcomes the “progress in information and communication technologies (‘ICTs’) and the resulting positive effects on individuals, societies and human civilisation as a whole”. But the Assembly also “notes with concern that the digitalisation of information has caused unprecedented possibilities for the identification of individuals through their data. Personal data are processed by an ever-growing number of private bodies and public authorities throughout the world. Personal information is put into cyberspace by users themselves as well as by third parties. Individuals leave identity traces through their use of ICTs. Profiling of Internet users has become a widespread phenomenon. Companies sometimes monitor employees and business contacts by means of ICTs.”

About the use of personal data on the Internet, the Assembly says: “personal ICT systems as well as ICT-based communications may not be accessed or manipulated if such action violates privacy or the secrecy of correspondence; access or manipulation through ‘cookies’ or other unauthorised automated devices violate privacy, in particular where such automated access or manipulation serves other interests, especially of a commercial nature.” Furthermore, data processing systems are often compromised by hackers.

The Assembly is “alarmed by these developments”. It adds: “In a democratic state governed by the rule of law, cyberspace must not be regarded as a space where the law, in particular that concerning human rights, does not apply.” The Assembly emphasises that consent of the data subject “requires an expression of consent in full knowledge”, and that consent has to be a “the manifestation of a free, specific and informed will, and excludes any automatic or tacit usage”.

In the Recommendation the Assembly calls for the Committee of Ministers (“Committee“) to seek the ratification of the Data Protection Convention by the European Union and of Council of Europe member states that have not yet done so, namely Armenia, the Russian Federation, San Marino and Turkey. The Assembly further recommends that the Committee encourage the signature of the Data Protection Convention by non-member states. The Assembly underlines the need “to reinforce the protection of all people regarding the use and storage of personal data, to ensure identical protection for everyone, regardless of the place of storage or where those responsible for the storage are located, and to avoid the risk of dumping in terms of protection.”

In the Resolution the Assembly confirms that personal data may only be transferred “to another State or organisation where such State or organisation (…) ensures an equally adequate level of protection for the intended data transfer”. The Assembly adds that “[t]ransfers of personal data that violate the right to protection of private life under Article 8 of the European Convention on Human Rights may be the subject of proceedings before the national courts and, as a last resort, before the European Court of Human Rights.”

Recommendation 1984 (2011) on the protection of privacy and personal data on the Internet and online media, 7 October 2011 EN
Resolution 1843 (2011) on the protection of privacy and personal data on the Internet and online media, 7 October 2011 EN