Respect for private life has been ensured at European level since the adoption of the Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) in 1950. During the 1960's and 1970's, the potential impact of information and communication technologies developments on the life of citizens became visible, for instance because of the increase of surveillance possibilities, both in the public and in the private sector.
The then existing legislation designed to secure the privacy of personal data was no longer felt adequate: the term "private life" in the ECHR had a number of limitations: the scope of it was uncertain and the emphasis was on the protection against interference by public authorities and not by private organisations.
The protection of personal data was - as a separate right granted to an individual - for the first time guaranteed in the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data ( Convention 108 ). It was adopted by the Council of Europe in 1981.
At the same time, the Organization for Economic Co-operation and Development (OECD) issued guidelines to its members, which urged them to introduce measures to protect personal information.
Respect for private life and protection of personal data have been recognised as closely related, but separate fundamental rights in Articles 7 and 8 of the EU Charter of Fundamental Rights adopted in 2000 and reaffirmed in 2007.
Convention 108 refers to the Convention for the Protection of Individuals with regard to automatic processing of personal data which was adopted by the Council of Europe in 1981.
This Convention is the first legally binding international instrument adopted in the field of data protection. Its purpose is:
It sets out minimum standards aimed at protecting the individuals against abuses which may accompany the collection and processing of personal data. It also seeks to regulate the transborder flow of personal data.
The right to protection of personal data encompasses the protection of privacy, but extends beyond it. Data protection is about securing respect for rights and fundamental freedoms, and in particular (i.e. not only) the right of the data subject to privacy. This is further explained in the Convention's explanatory statement. Paragraph 25 states:
A total of 40 European states have ratified the Convention so far.
As a result of the work in the Council of Europe and in the OECD, many European countries had enacted legislation designed to balance the individual's right to data protection with the need of public authorities, employers and others to process data. This was undertaken at national level long before the initiative was taken at EU level in early 1990's to ensure more harmonisation on the basis of Convention 108.
► Data protection is highly developed in the EU. The central piece of legislation is Directive 95/46/EC ("Data Protection Directive"), which regulates the protection of individuals with regard to the processing of personal data and the free movement of such data. As a framework law, the Directive had to be implemented in EU Member States through national laws.
► Regulation (EC) No 45/2001 lays down the same rights and obligations at the level of the EC institutions and bodies. It also establishes the EDPS as independent supervisory authority with the task of ensuring that the Regulation is complied with.
► Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector is usually referred to as the "ePrivacy Directive". It covers processing of personal data and the protection of privacy in the electronic communications sectors, and regulates areas such as confidentiality, billing and traffic data, rules on spam, etc.
► Framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters. This is the first general legal framework for data protection in the “third pillar” of the EU. Its content is also based on Convention 108, but differs from Directive 95/46/EC in many ways that are related to the specific nature of the subject.
Is your toaster watching you?, Lunchtime conference on the Internet of Things, Speeches by Giovanni Buttarelli and Wojciech Wiewiórowski, Brussels, Belgium
6th Data Protection Forum with Mr Viljar PEEP, Director General, Estonian Data Protection Inspectorate, Participation of Giovanni Buttarelli and Wojciech Wiewiórowski, Brussels, Belgium
e-Privacy Breakfast Debate organised by EIF, Speech by Wojciech Wiewiórowski, European Parliament, Brussels, Belgium
e-Privacy Directive: Combining Modern Marketing & Privacy, Event organised by FEDMA, Speech by Wojciech Wiewiórowski, Brussels, Belgium
109th Plenary meeting of the Article 29 Working Party, Participation of Giovanni Buttarelli, Brussels, Belgium
Workshop on the current trends and practices in biobanking in the light of European and national data protection requirements? Participation of Wojciech Wiewiórowski, Brussels, Belgium
Giovanni Buttarelli speaking on GDPR in panel New rules and what to do next in the conference organised by Confindustria Il nuovo Regolamento europeo sulla protezione dei dati personali, Rome, Italy
Giovanni Buttarelli meeting with Bob Quinn, Senior Executive Vice President, AT&T, Brussels, Belgium