ROMAN ZAKHAROV v. RUSSIA JUDGMENT
29
The Russian Federation declares that in accordance with subparagraph ‘c’ of
paragraph 2 of Article 3 of the Convention, it will apply the Convention to personal
data which is not processed automatically, if the application of the Convention
corresponds to the nature of the actions performed with the personal data without
using automatic means.
The Russian Federation declares that in accordance with subparagraph ‘a’ of
paragraph 2 of Article 9 of the Convention, it retains the right to limit the right of the
data subject to access personal data on himself for the purposes of protecting State
security and public order.”
142. The Additional Protocol to the Convention for the Protection of
Individuals with regard to Automatic Processing of Personal Data,
regarding supervisory authorities and transborder data flows of 8 November
2001 (ETS 181), signed but not ratified by Russia, provides as follows:
“Article 1 – Supervisory authorities
“1. Each Party shall provide for one or more authorities to be responsible for
ensuring compliance with the measures in its domestic law giving effect to the
principles stated in Chapters II and III of the Convention and in this Protocol.
2. a. To this end, the said authorities shall have, in particular, powers
investigation and intervention, as well as the power to engage in legal proceedings
bring to the attention of the competent judicial authorities violations of provisions
domestic law giving effect to the principles mentioned in paragraph 1 of Article 1
this Protocol.
of
or
of
of
b. Each supervisory authority shall hear claims lodged by any person concerning
the protection of his/her rights and fundamental freedoms with regard to the
processing of personal data within its competence.
3. The supervisory authorities shall exercise their functions in complete
independence.
4. Decisions of the supervisory authorities, which give rise to complaints, may be
appealed against through the courts.
...”
143. Recommendation No. R (87) 15 of the Council of Europe’s
Committee of Ministers to member States regulating the use of personal
data in the police sector, adopted on 17 September 1987, reads as follows.
“1.1. Each member state should have an independent supervisory authority outside
the police sector which should be responsible for ensuring respect for the principles
contained in this recommendation.
...
2.1. The collection of personal data for police purposes should be limited to such as
is necessary for the prevention of a real danger or the suppression of a specific
criminal offence. Any exception to this provision should be the subject of specific
national legislation.
2.2. Where data concerning an individual have been collected and stored without
his knowledge, and unless the data are deleted, he should be informed, where