Respect for private life has been ensured at European level since the adoption of the Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) in 1950. During the 1960's and 1970's, the potential impact of information and communication technologies developments on the life of citizens became visible, for instance because of the increase of surveillance possibilities, both in the public and in the private sector.
The then existing legislation designed to secure the privacy of personal data was no longer felt adequate: the term "private life" in the ECHR had a number of limitations: the scope of it was uncertain and the emphasis was on the protection against interference by public authorities and not by private organisations.
The protection of personal data was - as a separate right granted to an individual - for the first time guaranteed in the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data ( Convention 108 ). It was adopted by the Council of Europe in 1981.
At the same time, the Organization for Economic Co-operation and Development (OECD) issued guidelines to its members, which urged them to introduce measures to protect personal information.
Respect for private life and protection of personal data have been recognised as closely related, but separate fundamental rights in Articles 7 and 8 of the EU Charter of Fundamental Rights adopted in 2000 and reaffirmed in 2007.
Convention 108 refers to the Convention for the Protection of Individuals with regard to automatic processing of personal data which was adopted by the Council of Europe in 1981.
This Convention is the first legally binding international instrument adopted in the field of data protection. Its purpose is:
It sets out minimum standards aimed at protecting the individuals against abuses which may accompany the collection and processing of personal data. It also seeks to regulate the transborder flow of personal data.
The right to protection of personal data encompasses the protection of privacy, but extends beyond it. Data protection is about securing respect for rights and fundamental freedoms, and in particular (i.e. not only) the right of the data subject to privacy. This is further explained in the Convention's explanatory statement. Paragraph 25 states:
A total of 40 European states have ratified the Convention so far.
As a result of the work in the Council of Europe and in the OECD, many European countries had enacted legislation designed to balance the individual's right to data protection with the need of public authorities, employers and others to process data. This was undertaken at national level long before the initiative was taken at EU level in early 1990's to ensure more harmonisation on the basis of Convention 108.
► Data protection is highly developed in the EU. The central piece of legislation is Directive 95/46/EC ("Data Protection Directive"), which regulates the protection of individuals with regard to the processing of personal data and the free movement of such data. As a framework law, the Directive had to be implemented in EU Member States through national laws.
► Regulation (EC) No 45/2001 lays down the same rights and obligations at the level of the EC institutions and bodies. It also establishes the EDPS as independent supervisory authority with the task of ensuring that the Regulation is complied with.
► Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector is usually referred to as the "ePrivacy Directive". It covers processing of personal data and the protection of privacy in the electronic communications sectors, and regulates areas such as confidentiality, billing and traffic data, rules on spam, etc.
► Framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters. This is the first general legal framework for data protection in the “third pillar” of the EU. Its content is also based on Convention 108, but differs from Directive 95/46/EC in many ways that are related to the specific nature of the subject.
60th anniversary of the Rome Treaties. Giovanni Buttarelli to participate in the meeting of the 27 EU heads of state and heads of European Union institutions in Rome, Italy.
2018 International Conference of Data Protection and Privacy Commissioners to be hosted in Brussels. Read the press statement.
Giovanni Buttarelli meeting with Greg Nojeim, Senior Counsel and Director, Freedom, Security and Technology Project, Center for Democracy & Technology (CDT), Brussels, Belgium
Giovanni Buttarelli meeting with Cornelia Ernst, MEP, Brussels, Belgium
Processing of personal data by the Union institutions, bodies, offices and agencies, Study group meeting, EESC, Participation of Giovanni Buttarelli, Brussels Belgium
60th anniversary of the Rome Treaties, Participation of Giovanni Buttarelli in the meeting of the 27 EU heads of state and heads of European Union institutions, Rome, Italy
Forum on International Privacy Law, Participation of Wojciech Wiewiórowski, Königstein, Germany
Participation of Giovanni Buttarelli in DAPIX, Brussels, Belgium
Concurrences Review, Law & Economics Workshop: Big Data, Speech by Giovanni Buttarelli, Brussels, Belgium
Regulating Privacy through Ethical Standards and Accountability Principles in the era of Big Data, Keynote speech of Wojciech Wiewiórowski: Towards a new digital ethics – data, dignity and technology: How to ensure accountability in personal data management?, Brussels, Belgium