|Title:||Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28.I.1981|
|Topic:||Automated data processing activities, including the export of personal data|
|Direct / indirect relevance||Direct. The text directly prescribes an obligation to assess security measures with regard to data processing and to take the required security precautions.|
|Scope:||Convention which is binding to the signatory states (which includes all E.U. Member States) after the entry into force of the convention, which occurred on 1 October 1985.|
|Legal force:||Requires signatory states to provide the necessary privacy protection provisions in their national regulatory frameworks.|
|Affected sectors:||Automated data processing activities|
|Relevant provision(s):||Article 7 – Data security
Appropriate security measures shall be taken for the protection of personal data stored in automated data files against accidental or unauthorised destruction or accidental loss as well as against unauthorised access, alteration or dissemination.
|Relevance to RM/RA:||Similar to the UN Guidelines above, the COE Convention is mostly of historical importance, as a background to more recent regulation, including (if not particularly) the aforementioned Privacy Directive.
None the less, the COE Convention is a summary statement of basic principles with regard to automated data processing.