LLMpediaThe first transparent, open encyclopedia generated by LLMs

Convention 108

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: CNIL Hop 4
Expansion Funnel Raw 66 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted66
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Convention 108
NameConvention 108
Long nameConvention for the Protection of Individuals with regard to Automatic Processing of Personal Data
Date signed28 January 1981
Location signedStrasbourg
PartiesCouncil of Europe member States and other States
Condition effectiveRatification by five States
Date effective1 October 1985
DepositorSecretary General of the Council of Europe

Convention 108

Convention 108 is a treaty adopted under the auspices of the Council of Europe to regulate the automated processing of personal data and to set standards for privacy protection across national borders. It was negotiated by representatives from France, United Kingdom, Germany, Italy, Spain, Netherlands, Greece, Belgium, Sweden, Norway and other member States based on emerging concerns from the European Commission on data flows, technological change, and human rights. The instrument sought to reconcile national practices exemplified by laws in Sweden, Germany, and France with regional instruments such as the European Convention on Human Rights and international initiatives like the United Nations deliberations on privacy.

Background and Purpose

The negotiation of Convention 108 took place amid debates triggered by advances in computing technology at institutions like IBM and Siemens, policy fora including the OECD and the UNESCO, and landmark legal developments in jurisdictions such as Sweden (early privacy statutes) and West Germany (constitutional jurisprudence). Delegates referenced jurisprudence from the European Court of Human Rights, public law theory from scholars associated with Oxford University and Sorbonne University, and policy reports from agencies like the Venice Commission. The purpose was to establish binding obligations to protect individuals against abuses stemming from databases used by corporations like AT&T and by public bodies such as tax administrations in France and social security agencies in Italy.

Main Provisions

The treaty sets out substantive rules on collection, storage, and communication of personal data, including principles of legality, purpose limitation, quality of data, and security measures. It mandates safeguards for sensitive categories influenced by precedents in the Geneva Convention discussions and medical confidentiality norms in World Health Organization standards. Mechanisms for data subject rights—access, rectification, and challenge to automated decisions—reflect reforms seen in the statutes of Belgium and the case law of the European Court of Justice. The Convention establishes supervisory authorities akin to regulators in Netherlands and Denmark and contemplates cross-border cooperation with entities like the Interpol and the OECD.

Parties and Ratification

Initial signatories included many Council of Europe member States; ratifications followed in phases by countries such as France, Sweden, Norway, Ireland, Luxembourg, and Portugal. Over time accession widened to non-member States, with ratification instruments filed by States outside Europe inspired by bilateral relations with United States counterparts and regional agreements like the European Union directives on data protection. Ratification practice engaged national legislatures including the French National Assembly, the German Bundestag, and the Italian Parliament, while notification and accession procedures were administered by the Secretary General of the Council of Europe.

Implementation and Enforcement

Implementation relied on domestic statutes modeled on examples from Sweden and Germany and on supervisory authorities mirroring structures in France’s national commission and United Kingdom oversight bodies. Enforcement mechanisms included investigative powers, sanctions, and remedies before national courts such as the French Conseil d'État, the Bundesverfassungsgericht, and the European Court of Human Rights when issues implicated Convention rights. Cross-border cooperation used mutual assistance frameworks akin to those in the Schengen Agreement and relied on professional networks involving regulators from Spain, Portugal, Belgium, and Netherlands.

Amendments and Modernisation (Convention 108+)

Growing digitalisation, cloud computing services from firms like Amazon and Microsoft and transnational data flows prompted a modernisation process leading to an updated instrument commonly referred to as "Convention 108+". Negotiations involved actors from the European Union, the Council of Europe, data protection authorities from Austria, Finland, Switzerland, and outside States including Canada and Tunisia. The modernised text expanded provisions on international transfers, strengthened individual rights, and introduced principles addressing big data, profiling, and security obligations reminiscent of the General Data Protection Regulation debated in the European Parliament.

Impact and Criticism

Convention 108 influenced national laws such as statutes in Greece, Hungary, Poland, and reforms in Romania, and it informed regional instruments including EU directives and international policy dialogues with United Nations bodies. Advocates cite its role in harmonising standards across diverse legal systems, supporting judicial decisions in the European Court of Human Rights and shaping supervisory practice in agencies like the Information Commissioner's Office in United Kingdom. Critics, including scholars from Harvard University and policy groups affiliated with Electronic Frontier Foundation and Access Now, argue the original text lacked sufficient enforcement teeth against multinational corporations like Google and inadequate coverage of emerging technologies promoted by Apple Inc. and Facebook. Debates continue in forums such as the Council of Europe Parliamentary Assembly and academic centres at Cambridge University and Sciences Po about adequacy, universality, and interaction with instruments like the General Data Protection Regulation and bilateral agreements between United States and European partners.

Category:Treaties