Convention 108: the international standard for data protection to come?

Amsterdam, The Netherlands
G. Verhenneman, F. Coudert (KU Leuven)

This article was accepted by and presented at the Amsterdam Privacy Conference 2015 APC15. October 23-25th 2015. Amsterdam, The Netherlands.

Abstract:[...]"The first challenge will be to define how the regime set up by Convention 108 will articulate with regional initiatives, most particularly with the European Union but one could also think of the APEC framework. Which added value could the Convention bring to its Parties inside and outside of the European Union? What is the driver for EU Member States beyond the mere fact of belonging to the Council of Europe and the long tradition that unite the Council of Europe and Member States of the European Union? How will the Convention add up to the Data Protection Package, i.e. the General Data Protection Regulation and the Law Enforcement Directive? Does the added value lie with setting a framework for the exchange of personal data by law enforcement authorities with third countries?

The second challenge is to define what it means for Convention 108 to become an international standard and whether this is a desirable outcome for EU Member States. By inviting third Parties to the Convention, the interpretation of the text will unavoidably put the Convention on a different path than the EU data protection framework. Does the Convention risk to become a light version of the EU data protection standard for international cooperation? And if so, is this an acceptable outcome for the EU? But also, does that make any sense in the light of the adequacy regime that have been installed by the EU data protection framework?

This paper will seek to provide elements of answer to these questions. We will look at the amended text of Convention 108 as approved in December 2014 from the lens of its ambition to become the international standard in the field of privacy. And we will compare it with suggested alternatives to ensure the interoperability of regional data protection frameworks, such as the suggestion of the Obama administration for interoperability and mutual recognition."