Modernised Convention for
the Protection of Individuals
with Regard to the Processing
of Personal Data*
Preamble
Chapter I – General provisions
The member States of the Council of Europe, and the
other signatories hereto,
Article 1 – Object and purpose
Considering that the aim of the Council of Europe is
to achieve greater unity between its members, based
in particular on respect for the rule of law, as well as
human rights and fundamental freedoms;
Considering that it is necessary to secure the human
dignity and protection of the human rights and fundamental freedoms of every individual and, given
the diversification, intensification and globalisation
of data processing and personal data flows, personal
autonomy based on a person’s right to control of his
or her personal data and the processing of such data;
Recalling that the right to protection of personal data
is to be considered in respect of its role in society and
that it has to be reconciled with other human rights
and fundamental freedoms, including freedom of
expression;
Considering that this Convention permits account
to be taken, in the implementation of the rules laid
down therein, of the principle of the right of access
to official documents;
Recognising that it is necessary to promote at the
global level the fundamental values of respect for privacy and protection of personal data, thereby contributing to the free flow of information between people;
Recognising the interest of a reinforcement of international co-operation between the Parties to the
Convention,
Have agreed as follows:
*
Amending protocol to the Convention for the Protection of
Individuals with Regard to the Processing of Personal Data,
adopted by the Committee of Ministers at its 128th Session
in Elsinore on 18 May 2018.
The purpose of this Convention is to protect every
individual, whatever his or her nationality or residence,
with regard to the processing of their personal data,
thereby contributing to respect for his or her human
rights and fundamental freedoms, and in particular
the right to privacy.
Article 2 – Definitions
For the purposes of this Convention:
a.
“personal data” means any information relating to
an identified or identifiable individual (“data subject”);
b.
“data processing” means any operation or set of
operations performed on personal data, such as the
collection, storage, preservation, alteration, retrieval,
disclosure, making available, erasure, or destruction
of, or the carrying out of logical and/or arithmetical
operations on such data;
c.
Where automated processing is not used, “data
processing” means an operation or set of operations
performed upon personal data within a structured
set of such data which are accessible or retrievable
according to specific criteria;
d.
“controller” means the natural or legal person,
public authority, service, agency or any other body
which, alone or jointly with others, has decision-making power with respect to data processing;
e.
“recipient” means a natural or legal person, public
authority, service, agency or any other body to whom
data are disclosed or made available;
f.
“processor” means a natural or legal person, public authority, service, agency or any other body which
processes personal data on behalf of the controller.
Convention 108+ ► Page 7