Historic context of data protection and privacy
Updated: Aug 12
Hello fellow privacy enthusiasts, welcome to the third GDPR post. In this post we will discuss key European data protection laws and the evolution towards a harmonised legislative framework for data protection in the European Union.
Universal Declaration of Human Rights
Universal Declaration of Human rights was adopted by the United Nations in 1948 General Assembly. Although a non-binding instrument, the Declaration set forth milestone standards. Declaration has specific articles for the right to a private life and freedom of expression but also a balance between these 2.
•Article 12: Right to privacy
•Article 19: Freedom of expression
•Article 29: Balance of these 2
European Convention on Human Rights
Adopted by the Council of Europe and based on the HUman Rights Declaration, The European Convention on Human Rights was entered into force in 1953. It is an international treaty which can be enforced by the European Court of Human Rights in Strasbourg. It is not legally binding because it needs Council of Europe member states to ratify the Convention. However, all members have done so already. European Convention on Human Rights has articles very similar to the Declaration we just learned about.
•Article 8: Right to privacy
•Article 10: Freedom of expression
•Article 10(2): Balance of these 2
In 1980 OECD developed guidelines on the protection of privacy and transborder flows of personal data laying out basic rules that govern trans-border data flows and the protection of personal information and privacy. The aim of these guidelines was to facilitate the harmonisation of data protection law between countries. However, it is not a legally binding instrument and it could not achieve its objective because of this. The guidelines do not have a distinction between the public and private sectors. They are also neutral with regard to the particular technology used which means it is applicable to information gathered electronically or manually.
1981 Council of Europe Convention - Convention 108
The convention for the protection of individuals with regard to automatic processing of personal data, which is known as Convention 108, was adopted by the Council of Europe. Convention 108 is the first binding international instrument to set standards for the protection of individuals’ personal data and also seeking to balance those safeguards against free flow of data. Convention 108 comprises 27 articles and has three main parts;
Basic principles of data protection (Chapter 2)
Transborder data flows (Chapter 3)
Mutual Assistance provisions (Chapter 4)
Even if Convention 108 was binding, it was binding for the governments. Member states of Council of Europe were expected to adopt the Convention which failed to reach the objective of having a harmonised approach to privacy laws.
Please do not hesitate to get in touch for any queries you have about GDPR.
Also, you can claim %90 discount to our GDPR Certification training using this link below; https://www.udemy.com/course/gdpr-compliance-preparation-to-cipp-e-certification-test/?referralCode=222D984161CD11E7C5F4