Council of Europe Prepares to Review Convention 108
Time 2 Minute Read
Categories: European Union, International

The Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (generally referred to as “Convention 108”), enacted in 1981, is the only legally-binding international treaty dealing with privacy and data protection.  The Convention is also of fundamental importance in providing the underlying legal framework for instruments such as the EU Data Protection Directive 95/46.  So far, 42 countries have become parties to Convention 108.

As the European Commission reviews the EU Directive, the Council of Europe also is preparing to review Convention 108.  The review will be conducted by the Council of Europe’s Consultative Committee on data protection (referred to as T-PD) in a process that will likely take several years.  The T-PD, which meets at the Council of Europe’s headquarters in Strasbourg, is primarily composed of representatives of national governments and data protection authorities, with the International Chamber of Commerce being the only private-sector entity with formal observer status.  The group has commissioned a legal study from an outside consultant to analyze Convention 108 and provide any recommended revisions by the end of 2010, and the T-PD will begin discussions at its upcoming meeting in November.

While it is far too early to speculate on what, if any, changes may be made to Convention 108, it seems safe to say the following:

  • Any changes to the fundamental data protection principles of Convention 108 are highly unlikely. 
  • If changes are made, they would likely be in the form of an additional protocol to the Convention, similar to the Council of Europe’s adopted protocol dealing with data protection supervisory authorities and transborder data flows in 2001. 
  • Review is likely to focus on the challenges to data protection caused by data processing on the Internet, and in particular, on whether there is a need for the recognition of new data protection rights.

We will provide updates on the review process as they emerge.

Tags: Council of Europe, EU Data Protection Directive, European Commission
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 4 Minute Read
European Commission Announces New Cybersecurity Package

On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU’s cybersecurity resilience and enhancing its capacity to manage evolving threats.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
European Commission Renews UK Data Adequacy Decisions

On December 19, 2025, the European Commission announced the renewal of the two UK adequacy decisions originally adopted in 2021, reaffirming that personal data may continue to move freely between the European Economic Area and the UK.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 5 Minute Read
EU Digital Omnibus Introduces a Single Reporting Point for Cybersecurity Incidents

On November 19, 2025, the European Commission unveiled the much-anticipated digital omnibus legislative package (the “Digital Omnibus”), setting the stage for a new era of digital governance and regulatory simplification across the European Union. According to the Commission, this initiative is designed to enable European businesses to devote more energy to innovation and growth, rather than navigating complex compliance landscapes.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page