Council of Europe: Guidelines for the Protection of Privacy on the Internet

IRIS 1999-5:1/2

Spyros Tsovilis

Council of Europe, Legal Affairs Directorate, Data Protection Unit

The Committee of Ministers of the Council of Europe adopted on 23 February 1999 a recommendation which aims essentially at raising public awareness of what is at stake on the Internet and of the risks which abuse of the information highways may cause for privacy.

The recommendation contains Guidelines which recall the rights and obligations of Internet users and service providers and gives practical advice on the implementation of data protection standards.

The text is addressed to governments, with a view to wide distribution to Internet users and service providers, in particular through national data protection authorities, setting out the principles of good conduct advocated by the Council of Europe.

The Guidelines advise users of the precautions they should take and the means of protecting themselves, such as the use of lawful use of anonymity (by using public Internet kiosks or prepaid access cards) or encryption. They also reiterate that users may ask what personal information about them is collected, processed and stored, and for what purposes, and may ask for this to be altered or deleted, where necessary. Finally, the Guidelines emphasize users' responsibilities when they process or transfer information about other people.

The Guidelines remind service providers of their responsibility for using information lawfully and fairly and in particular their duty to inform users of the risks of infringement of privacy and of the lawful protection methods, their duty to use discretion, not to interfere with the content of communications and not to communicate data to third parties or to transfer data across frontiers.

The Guidelines were drawn up in close co-operation with the European Union in the wake of the Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data (ETS 108). They constitute a joint European approach to the question of the protection of privacy on the Internet, as well as a first step towards the preparation of an international agreement.

The Guidelines were published in May 1998, so as to make possible wide public consultation in Member States. The text adopted takes account of the many comments made by supervisory authorities, service providers, other members of the business community and those who simply use the services.