Update 12. Okto­ber 2016:

Das Ad hoc Com­mit­tee on Data Pro­tec­tion (CAHDATA) hat am 40. Mee­ting vom 30. Novem­ber 2016 zum 2. Dezem­ber 2016 die Revi­si­on der Kon­ven­ti­on wei­ter bera­ten. Im Vor­feld wur­de der aktu­el­le Stand des Ent­wurfs vom 12. Sep­tem­ber 2016 ver­öf­fent­licht (PDF).


Update 17. Mai 2016:

Das Ad hoc Com­mit­tee on Data Pro­tec­tion (CAHDATA) hat mit Datum vom 3. Mai 2016 einen kon­so­li­dier­ten Ent­wurf der Kon­ven­ti­on 108 vor­ge­legt.


Nicht nur das EU-Daten­schutz­recht, son­dern auch die Euro­pa­rats-Kon­ven­ti­on 108 zum Schutz des Men­schen bei der auto­ma­ti­schen Ver­ar­bei­tung per­so­nen­be­zo­ge­ner Daten befin­det sich in Revi­si­on. In der Schweiz ist die­se Kon­ven­ti­on seit 1998 in Kraft (umge­setzt durch die dama­li­ge Teil­re­vi­si­on des DSG; in Kraft seit 1. Janu­ar 2008; Bot­schaft BBl 2003 2101). Sie defi­niert unter ande­rem, was die Schweiz unter ange­mes­se­nem Daten­schutz i.S.v. Art. 6 Abs. 1 DSG (dazu → Aus­lands­be­kannt­ga­be) ver­steht. Die Kon­ven­ti­on wur­de bis heu­te von rund 50 Staa­ten rati­fi­ziert.

Eine Über­sicht zum Revi­si­ons­pro­zess fin­det sich auf der Web­site des Euro­pa­rats. Am 1. April 2015 das Ad hoc Com­mit­tee on Data Pro­tec­tion (CAHDATA) den heu­ti­gen Stand des Ent­wurfs gut­ge­hei­ssen (Text s. unten). Der Ent­wurf wird vor­aus­sicht­lich im Lau­fe von 2016 ver­ab­schie­det. Die Schweiz wird die Revi­si­on mit aller­gröss­ter Wahr­schein­lich­keit rati­fi­zie­ren. Grö­sse­re Ände­run­gen des schwei­ze­ri­schen Daten­schutz­rechts wer­den sich dabei aber vor­aus­sicht­lich nicht erge­ben. Die wich­tig­sten Neue­run­gen betref­fen fol­gen­de Punk­te (vgl. dazu David Rosen­thal auf deutsch und auf eng­lisch und die Her­vor­he­bun­gen im fol­gen­den Text der Kon­ven­ti­on):

  • Der Begriff der beson­ders schüt­zens­wer­ten Per­so­nen­da­ten wird etwas brei­ter (z.B. betr. gene­ti­sche und bio­me­tri­sche Daten)
  • die Trans­pa­renz­an­for­de­run­gen wer­den stren­ger;
  • der Gegen­stand des Aus­kunfts­rechts wird erwei­tert;
  • Anhö­rungs­recht bei auto­ma­ti­sier­ten Ent­schei­dun­gen
  • Mel­de­pflicht bei Ver­stö­ssen (bre­ach noti­fi­ca­ti­on).

Nach heu­ti­gem Stand hat der revi­dier­te Text der Kon­ven­ti­on fol­gen­den Wort­laut:

Chapter I General provisions

Article 1 – Object and purpose

The pur­po­se of this Con­ven­ti­on is to pro­tect every indi­vi­du­al, wha­te­ver his or her natio­na­li­ty or resi­dence, with regard to the pro­ces­sing of the per­so­nal data, ther­e­by con­tri­bu­ting to respect for his or her human rights and fun­da­men­tal free­doms, and in par­ti­cu­lar their right to pri­va­cy.

Article 2 – Definitions

For the pur­po­ses of this Con­ven­ti­on:
a.“personal data” means any infor­ma­ti­on rela­ting to an iden­ti­fied or iden­ti­fia­ble indi­vi­du­al (“data sub­ject”);
b.“data pro­ces­sing” means any ope­ra­ti­on or set of ope­ra­ti­ons which is per­for­med on per­so­nal data, such as the collec­tion, sto­ra­ge, pre­ser­va­ti­on, alte­ra­ti­on, retrie­val, dis­clo­sure, making avail­able, era­su­re, or dest­ruc­tion of, or the car­ry­ing out of logi­cal and/or arith­me­ti­cal ope­ra­ti­ons on such data; Whe­re auto­ma­ted pro­ces­sing is not used, data pro­ces­sing means an ope­ra­ti­on or set of ope­ra­ti­ons per­for­med upon per­so­nal data wit­hin a struc­tu­red set of such data which are acces­si­ble or retriev­a­ble accord­ing to spe­ci­fic cri­te­ria;
c.“controller” means the natu­ral or legal per­son, public aut­ho­ri­ty, ser­vice, agen­cy or any other body which, alo­ne or joint­ly with others, has the deci­si­on­ma­king power with respect to data pro­ces­sing;
d. “reci­pi­ent” means a natu­ral or legal per­son, public aut­ho­ri­ty, ser­vice, agen­cy or any other body to whom data are dis­c­lo­sed or made avail­able;
e. “pro­ces­sor” means a natu­ral or legal per­son, public aut­ho­ri­ty, ser­vice, agen­cy or any other body which pro­ces­ses per­so­nal data on behalf of the con­trol­ler.

Article 3 – Scope

1. Each Par­ty under­ta­kes to apply this Con­ven­ti­on to data pro­ces­sing sub­ject to its juris­dic­tion in the public and pri­va­te sec­tors, ther­e­by secu­ring every individual’s right to pro­tec­tion of his or her per­so­nal data.
1bis. This Con­ven­ti­on shall not apply to data pro­ces­sing car­ri­ed out by an indi­vi­du­al in the cour­se of [pure­ly] per­so­nal or hou­se­hold activi­ties.

Chapter II – Basic principles for the protection of personal data

Article 4 – Duties of the Parties

1.Each Par­ty shall take the necessa­ry mea­su­res in its law to give effect to the pro­vi­si­ons of this Con­ven­ti­on and secu­re their effec­tive app­li­ca­ti­on.
2.These mea­su­res shall be taken by each Par­ty and shall have come into force by the time of rati­fi­ca­ti­on or acces­si­on to this Con­ven­ti­on.
3. Each Par­ty under­ta­kes:
a. to allow the Con­ven­ti­on Com­mit­tee pro­vi­ded for in Chap­ter V to eva­lua­te the effec­tiveness of the mea­su­res it has taken in its law to give effect to the pro­vi­si­ons of this Con­ven­ti­on; and
b. to con­tri­bu­te actively to this eva­lua­ti­on pro­cess.

Article 5 – Legitimacy of data processing and quality of data

1. Data pro­ces­sing shall be pro­por­tio­na­te in rela­ti­on to the legi­ti­ma­te pur­po­se pur­sued and reflect at all sta­ges of the pro­ces­sing a fair balan­ce bet­ween all inte­rests con­cer­ned, whe­ther public or pri­va­te, and the rights and free­doms at sta­ke.
2. Each Par­ty shall pro­vi­de that data pro­ces­sing can be car­ri­ed out on the basis of the free, spe­ci­fic, infor­med and unam­bi­guous con­sent of the data sub­ject or of some other legi­ti­ma­te basis laid down by law.
3. Per­so­nal data under­go­ing pro­ces­sing shall be pro­ces­sed law­ful­ly.
4. Per­so­nal data under­go­ing pro­ces­sing shall be:
a. pro­ces­sed fair­ly and in a trans­pa­rent man­ner;
b. collec­ted for exp­li­cit, spe­ci­fied and legi­ti­ma­te pur­po­ses and not pro­ces­sed in a way incom­pa­ti­ble with tho­se pur­po­ses; fur­t­her pro­ces­sing for histo­ri­cal, sta­tis­ti­cal and sci­en­ti­fic pur­po­ses is, sub­ject to appro­pria­te safe­guards, com­pa­ti­ble with tho­se pur­po­ses;
c. ade­qua­te, rele­vant and not exces­si­ve in rela­ti­on to the pur­po­ses for which they are pro­ces­sed;
d. accu­ra­te and, whe­re necessa­ry, kept up to date;
e. pre­ser­ved in a form which per­mits iden­ti­fi­ca­ti­on of data sub­jects for no lon­ger than is necessa­ry for the pur­po­ses for which tho­se data are pro­ces­sed.

Article 6 – Special categories of data

1. The pro­ces­sing of:
gene­tic data;
per­so­nal data rela­ting to offen­ces, cri­mi­nal pro­cee­dings and con­vic­tions, and rela­ted secu­ri­ty mea­su­res;
bio­me­tric data uni­que­ly iden­ti­fy­ing a per­son;
per­so­nal data for the infor­ma­ti­on they reveal rela­ting to raci­al ori­gin, poli­ti­cal opi­ni­ons, tra­de
uni­on mem­bership, reli­gious or other beliefs, health or sexu­al life;
shall only be allo­wed whe­re spe­ci­fic and addi­tio­nal appro­pria­te safe­guards are enshri­ned in law, com­ple­men­ting tho­se of this Con­ven­ti­on.
2. Such safe­guards shall guard against the risks that the pro­ces­sing of such sen­si­ti­ve data may pre­sent to the inte­rests, rights and fun­da­men­tal free­doms of the data sub­ject, nota­b­ly a risk of discri­mi­na­ti­on.

Article 7 – Data security

1. Each Par­ty shall pro­vi­de that the con­trol­ler, and, whe­re app­li­ca­ble the pro­ces­sor, takes appro­pria­te secu­ri­ty mea­su­res against risks such as acci­den­tal or unaut­ho­ri­sed access to, dest­ruc­tion, loss, use, modi­fi­ca­ti­on or dis­clo­sure of per­so­nal data.
2. Each Par­ty shall pro­vi­de that the con­trol­ler shall noti­fy, without delay, at least the com­pe­tent super­vi­so­ry aut­ho­ri­ty wit­hin the mea­ning of Arti­cle 12bis of this Con­ven­ti­on, of tho­se data bre­a­ches which may serious­ly inter­fe­re with the rights and fun­da­men­tal free­doms of data sub­jects.

Article 7bis – Transparency of processing

1. Each Par­ty shall pro­vi­de that the con­trol­ler informs the data sub­jects of:
a. the controller’s iden­ti­ty and habi­tu­al resi­dence or esta­blish­ment;
b. the legal basis and the pur­po­ses of the inten­ded pro­ces­sing;
c. the cate­go­ries of per­so­nal data pro­ces­sed;
d. the reci­pi­ents or cate­go­ries of reci­pi­ents of the per­so­nal data, if any; and
e. the means of exer­ci­sing the rights set out in Arti­cle 8; as well as any necessa­ry addi­tio­nal infor­ma­ti­on in order to ensu­re fair and trans­pa­rent pro­ces­sing of the per­so­nal data.
1bis.Paragraph 1 shall not apply whe­re the data sub­ject alre­ady has the rele­vant infor­ma­ti­on.
2. Whe­re the per­so­nal data are not collec­ted from the data sub­jects, the con­trol­ler shall none­theless not be requi­red to pro­vi­de such infor­ma­ti­on whe­re the pro­ces­sing is express­ly pre­scri­bed by law or this pro­ves to be impos­si­ble or invol­ves dis­pro­por­tio­na­te efforts.

Article 8 – Rights of the data subject

Every indi­vi­du­al shall have a right:
a. not to be sub­ject to a deci­si­on signi­fi­cant­ly affec­ting him or her based sole­ly on an auto­ma­ted pro­ces­sing of data without having his or her views taken into con­s­i­de­ra­ti­on;
b. to obtain, on request, at rea­son­able inter­vals and without exces­si­ve delay or expen­se, con­fir­ma­ti­on of the pro­ces­sing of per­so­nal data rela­ting to him or her; the com­mu­ni­ca­ti­on in an intel­li­gi­b­le form of the data pro­ces­sed; all avail­able infor­ma­ti­on on their ori­gin, on the pre­ser­va­ti­on peri­od as well as any other infor­ma­ti­on that the con­trol­ler is requi­red to pro­vi­de in order to ensu­re the trans­pa­r­en­cy of pro­ces­sing in accord­ance with Arti­cle 7bis, para­graph 1;
c. to obtain, on request, know­ledge of the rea­so­n­ing under­ly­ing data pro­ces­sing whe­re the results of such pro­ces­sing are applied to him or her;
d. to object at any time to the pro­ces­sing of per­so­nal data con­cer­ning him or her unless the con­trol­ler demon­stra­tes legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de his or her inte­rests or rights and fun­da­men­tal free­doms;
e. to obtain, on request, free of char­ge and without exces­si­ve delay, rec­tifi­ca­ti­on or era­su­re, as the case may be, of such data if the­se are being or have been pro­ces­sed con­tra­ry to the pro­vi­si­ons of this Con­ven­ti­on;
f. to have a reme­dy under Arti­cle 10 whe­re his or her rights under this Con­ven­ti­on have been vio­la­ted;
g. to bene­fit, wha­te­ver his or her natio­na­li­ty or resi­dence, from the assi­stan­ce of a super­vi­so­ry aut­ho­ri­ty wit­hin the mea­ning of Arti­cle 12bis, in exer­ci­sing his or her rights under this Con­ven­ti­on.

Article 8bis – Additional obligations

1. Each Par­ty shall pro­vi­de that con­trol­lers and, whe­re app­li­ca­ble, pro­ces­sors take all appro­pria­te mea­su­res to com­ply with the obli­ga­ti­ons of this Con­ven­ti­on and be able to demon­stra­te, in par­ti­cu­lar to the com­pe­tent super­vi­so­ry aut­ho­ri­ty pro­vi­ded for in Arti­cle 12bis, that the data pro­ces­sing under their con­trol is in com­pli­an­ce with the pro­vi­si­ons of this Con­ven­ti­on.
2. Each Par­ty shall pro­vi­de that con­trol­lers and, whe­re app­li­ca­ble, pro­ces­sors, exami­ne the likely impact of inten­ded data pro­ces­sing on the rights and fun­da­men­tal free­doms of data sub­jects pri­or to the com­men­ce­ment of such pro­ces­sing, and shall design the data pro­ces­sing in such a man­ner as to pre­vent or mini­mi­se the risk of inter­fe­rence with tho­se rights and fun­da­men­tal free­doms.
3. Each Par­ty shall pro­vi­de that con­trol­lers, and, whe­re app­li­ca­ble, pro­ces­sors, imple­ment tech­ni­cal and orga­ni­sa­tio­nal mea­su­res which take into account the imp­li­ca­ti­ons of the right to the pro­tec­tion of per­so­nal data at all sta­ges of the data pro­ces­sing.
4. Each Par­ty may, having regard to the risks ari­sing for the inte­rests, rights and fun­da­men­tal free­doms of the data sub­jects, adapt the app­li­ca­ti­on of the pro­vi­si­ons of para­graphs 1, 2 and 3 in the law giving effect to the pro­vi­si­ons of this Con­ven­ti­on, accord­ing to the natu­re and volu­me of the data, the natu­re, scope and pur­po­se of the pro­ces­sing and, whe­re appro­pria­te, the size of the con­trol­ler or pro­ces­sor.

Article 9 Exceptions and restrictions

1. No excep­ti­on to the pro­vi­si­ons set out in this Chap­ter shall be allo­wed, except to the pro­vi­si­ons of Arti­cles 5.4, 7.2, 7bis, para­graph 1 and Arti­cle 8 when such an excep­ti­on is pro­vi­ded for by law and con­sti­tu­tes a necessa­ry and pro­por­tio­na­te mea­su­re in a demo­cra­tic socie­ty for:
a. the pro­tec­tion of natio­nal secu­ri­ty, public safe­ty, important eco­no­mic and finan­ci­al inte­rests of the Sta­te, the impar­tia­li­ty and inde­pen­dence of the judi­cia­ry or the pre­ven­ti­on, inve­sti­ga­ti­on and pro­se­cu­ti­on of cri­mi­nal offen­ces;
b. the pro­tec­tion of the data sub­ject or the rights and fun­da­men­tal free­doms of others, nota­b­ly free­dom of expres­si­on.
2. Restric­tions on the exer­cise of the pro­vi­si­ons spe­ci­fied in Arti­cles 7bis and 8 may be pro­vi­ded for by law with respect to data pro­ces­sing for histo­ri­cal, sta­tis­ti­cal and sci­en­ti­fic pur­po­ses when the­re is no reco­gnis­able risk of infrin­ge­ment of the rights and fun­da­men­tal free­doms of data sub­jects.

Article 10 Sanctions and remedies

Each Par­ty under­ta­kes to esta­blish appro­pria­te judi­ci­al and non­ju­di­ci­al sanc­tions and reme­di­es for vio­la­ti­ons of the pro­vi­si­ons of this Con­ven­ti­on.

Article 11 Extended protection

None of the pro­vi­si­ons of this chap­ter shall be inter­pre­ted as limi­ting or other­wi­se affec­ting the pos­si­bi­li­ty for a Par­ty to grant data sub­jects a wider mea­su­re of pro­tec­tion than that sti­pu­la­ted in this Con­ven­ti­on.

Chapter III Transborder flows of personal data

Article 12 Transborder flows of personal data

1. A Par­ty shall not, for the sole pur­po­se of the pro­tec­tion of per­so­nal data, pro­hi­bit or sub­ject to spe­cial aut­ho­ri­sa­ti­on the trans­fer of such data to a reci­pi­ent who is sub­ject to the juris­dic­tion of ano­t­her Par­ty to the Con­ven­ti­on. Such a Par­ty may howe­ver do so if bound by har­mo­nis­ed rules of pro­tec­tion sha­red by Sta­tes belon­ging to a regio­nal inter­na­tio­nal orga­ni­sa­ti­on9.
2. When the reci­pi­ent is sub­ject to the juris­dic­tion of a Sta­te or inter­na­tio­nal orga­ni­sa­ti­on which is not par­ty to this Con­ven­ti­on, the trans­fer of per­so­nal data may only take place whe­re an appro­pria­te level of pro­tec­tion based on the pro­vi­si­ons of this Con­ven­ti­on is secu­red.
3. An appro­pria­te level of pro­tec­tion can be secu­red by:
a. the law of that Sta­te or inter­na­tio­nal orga­ni­sa­ti­on, inclu­ding the app­li­ca­ble inter­na­tio­nal trea­ties or agree­ments; or
b. ad hoc or appro­ved stan­dar­di­sed safe­guards pro­vi­ded by legal­ly bin­ding and enforce­able instru­ments adop­ted and imple­men­ted by the per­sons invol­ved in the trans­fer and fur­t­her pro­ces­sing.
4. Not­wi­th­stan­ding the pro­vi­si­ons of the pre­vious para­graphs, each Par­ty may pro­vi­de that the trans­fer of per­so­nal data may take place if:
a. the data sub­ject has given exp­li­cit, spe­ci­fic and free con­sent, after being infor­med of risks ari­sing in the absence of appro­pria­te safe­guards; or
b. the spe­ci­fic inte­rests of the data sub­ject requi­re it in the par­ti­cu­lar case; or
c. pre­vai­ling legi­ti­ma­te inte­rests, in par­ti­cu­lar important public inte­rests, are pro­vi­ded for by law and such trans­fer con­sti­tu­tes a necessa­ry and pro­por­tio­na­te mea­su­re in a demo­cra­tic socie­ty.
5. Each Par­ty shall pro­vi­de that the com­pe­tent super­vi­so­ry aut­ho­ri­ty wit­hin the mea­ning of Arti­cle 12bis of this Con­ven­ti­on is pro­vi­ded with all rele­vant infor­ma­ti­on con­cer­ning the trans­fers of data refer­red to in para­graph 3.b and, upon request, para­graphs 4.b and 4.c.
6. Each Par­ty shall also pro­vi­de that the super­vi­so­ry aut­ho­ri­ty is ent­it­led to request that the per­son who trans­fers data demon­stra­tes the effec­tiveness of the safe­guards or the exi­stence of pre­vai­ling legi­ti­ma­te inte­rests and that the super­vi­so­ry aut­ho­ri­ty may, in order to pro­tect the rights and fun­da­men­tal free­doms of data sub­jects, pro­hi­bit, sus­pend or sub­ject to con­di­ti­on such trans­fers.
7. Excep­ti­ons to the pro­vi­si­ons of this Arti­cle are allo­wed inso­far as they con­sti­tu­te a necessa­ry and pro­por­tio­na­te mea­su­re in a demo­cra­tic socie­ty for the free­dom of expres­si­on.

Chapter III bis Supervisory authorities

Article 12bis Supervisory authorities

1 Each Par­ty shall pro­vi­de for one or more aut­ho­ri­ties to be respon­si­ble for ensu­ring com­pli­an­ce with the pro­vi­si­ons of this Con­ven­ti­on.
2 To this end, such aut­ho­ri­ties:
a. shall have powers of inve­sti­ga­ti­on and inter­ven­ti­on;
b. shall per­form the func­tions rela­ting to trans­fers of data pro­vi­ded for under Arti­cle 12, nota­b­ly the appro­val of stan­dar­di­sed safe­guards:
c. shall have powers to issue deci­si­ons with respect to vio­la­ti­ons of the pro­vi­si­ons of this Con­ven­ti­on and may, in par­ti­cu­lar, impo­se admi­ni­stra­ti­ve sanc­tions;
d. shall have the power to enga­ge in legal pro­cee­dings or to bring to the atten­ti­on of the com­pe­tent judi­ci­al aut­ho­ri­ties vio­la­ti­ons of the pro­vi­si­ons of this Con­ven­ti­on;
e. shall pro­mo­te:
i. public awa­reness of their func­tions and powers as well as their activi­ties;
ii. public awa­reness of the rights of data sub­jects and the exer­cise of such rights;
iii. awa­reness of con­trol­lers and pro­ces­sors of their respon­si­bi­li­ties under this Con­ven­ti­on; spe­ci­fic atten­ti­on shall be given to the data pro­tec­tion rights of child­ren and other vul­nerable indi­vi­du­als.
2bis. The com­pe­tent super­vi­so­ry aut­ho­ri­ties shall be con­sul­ted on pro­po­sals for any legis­la­ti­ve or admi­ni­stra­ti­ve mea­su­res which pro­vi­de for the pro­ces­sing of per­so­nal data.
3. Each com­pe­tent super­vi­so­ry aut­ho­ri­ty shall deal with requests and com­plaints lod­ged by data sub­jects con­cer­ning their data pro­tec­tion rights and shall keep data sub­jects infor­med of pro­gress.
4. The super­vi­so­ry aut­ho­ri­ties shall act with com­ple­te inde­pen­dence and impar­tia­li­ty in per­for­ming their duties and exer­ci­sing their powers and in doing so shall neit­her seek nor accept
inst­ruc­tions.
5. Each Par­ty shall ensu­re that the super­vi­so­ry aut­ho­ri­ties are pro­vi­ded with the resour­ces necessa­ry for the effec­tive per­for­mance of their func­tions and exer­cise of their powers.
5bis. Each super­vi­so­ry aut­ho­ri­ty shall pre­pa­re and publish a peri­o­di­cal report out­li­ning its activi­ties.
5ter. Mem­bers and staff of the super­vi­so­ry aut­ho­ri­ties shall be bound by obli­ga­ti­ons of con­fi­dentia­li­ty with regard to con­fi­denti­al infor­ma­ti­on they have access to or have had access to in the per­for­mance of their duties and exer­cise of their powers.
6. Deci­si­ons of the super­vi­so­ry aut­ho­ri­ties may be appealed against through the courts.
7. In accord­ance with the pro­vi­si­ons of Chap­ter IV, the super­vi­so­ry aut­ho­ri­ties shall coope­ra­te with one ano­t­her to the extent necessa­ry for the per­for­mance of their duties and exer­cise of their powers, in par­ti­cu­lar
by:
a. pro­vi­ding mutu­al assi­stan­ce by exch­an­ging rele­vant and use­ful infor­ma­ti­on and coope­ra­ting with each other under the con­di­ti­on that, as regards the pro­tec­tion of per­so­nal data, all the rules and safe­guards of this Con­ven­ti­on are com­plied with;
b. coor­di­na­ting their inve­sti­ga­ti­ons or inter­ven­ti­ons, or con­duc­ting joint actions;
c. pro­vi­ding infor­ma­ti­on and docu­men­ta­ti­on on their law and admi­ni­stra­ti­ve prac­tice rela­ting to data pro­tec­tion.
7bis. The infor­ma­ti­on refer­red to in para­graph 7 lit­te­ra a shall not inclu­de per­so­nal data under­go­ing pro­ces­sing unless such data are essen­ti­al for coope­ra­ti­on, or whe­re the data sub­ject con­cer­ned has given exp­li­cit, spe­ci­fic, free and infor­med con­sent to its pro­vi­si­on.
8. In order to orga­ni­se their coope­ra­ti­on and to per­form the duties set out in the pre­ce­ding para­graphs, the super­vi­so­ry aut­ho­ri­ties of the Par­ties shall form a net­work.
9. The super­vi­so­ry aut­ho­ri­ties shall not be com­pe­tent with respect to pro­ces­sing car­ri­ed out by bodies when acting in their judi­ci­al capa­ci­ty.

Chapter IV Mutual assistance

Article 13 Cooperation between Parties

1. The Par­ties agree to ren­der each other mutu­al assi­stan­ce in order to imple­ment this Con­ven­ti­on.
2. For that pur­po­se:
a. each Par­ty shall desi­gna­te one or more super­vi­so­ry aut­ho­ri­ties wit­hin the mea­ning of Arti­cle 12bis of this Con­ven­ti­on, the name and address of each of which it shall com­mu­ni­ca­te to the Secreta­ry Gene­ral of the Coun­cil of Euro­pe;
b. each Par­ty which has desi­gna­ted more than one super­vi­so­ry aut­ho­ri­ty shall spe­ci­fy the com­pe­tence of each aut­ho­ri­ty in its com­mu­ni­ca­ti­on refer­red to in the pre­vious sub­pa­ra­graph.

Article 14 Assistance to data subjects

1. Each Par­ty shall assist any data sub­ject, wha­te­ver his or her natio­na­li­ty or resi­dence, to exer­cise his or her rights under Arti­cle 8 of this Con­ven­ti­on.
2. Whe­re a data sub­ject resi­des in the ter­ri­to­ry of ano­t­her Par­ty, he or she shall be given the opti­on of sub­mit­ting the request through the inter­me­di­a­ry of the super­vi­so­ry aut­ho­ri­ty desi­gna­ted by that Par­ty.
3. The request for assi­stan­ce shall con­tain all the necessa­ry par­ti­cu­lars, rela­ting inter alia to:
a. the name, address and any other rele­vant par­ti­cu­lars iden­ti­fy­ing the data sub­ject making the request;
b. the pro­ces­sing to which the request per­ta­ins, or its con­trol­ler;
c. the pur­po­se of the request.

Article 15Safeguards concerning assistance rendered by designated supervisory authorities

1. A super­vi­so­ry aut­ho­ri­ty desi­gna­ted by a Par­ty which has recei­ved infor­ma­ti­on from a super­vi­so­ry aut­ho­ri­ty desi­gna­ted by ano­t­her Par­ty eit­her accom­pany­ing a request for assi­stan­ce or in reply to its own request for assi­stan­ce shall not use that infor­ma­ti­on for pur­po­ses other than tho­se spe­ci­fied in the request for assi­stan­ce.
2. In no case may a desi­gna­ted super­vi­so­ry aut­ho­ri­ty be allo­wed to make a request for assi­stan­ce on behalf of a data sub­ject of its own accord and without the exp­li­cit con­sent of the data sub­ject con­cer­ned.

Article 16 Refusal of requests for assistance

A desi­gna­ted super­vi­so­ry aut­ho­ri­ty to which a request for assi­stan­ce is addres­sed under Arti­cle 13 of this Con­ven­ti­on may not refu­se to com­ply with it unless:
a. the request is not com­pa­ti­ble with the powers in the field of data pro­tec­tion of the aut­ho­ri­ties respon­si­ble for reply­ing;
b. the request does not com­ply with the pro­vi­si­ons of this Con­ven­ti­on;
c. com­pli­an­ce with the request would be incom­pa­ti­ble with the sover­eign­ty, natio­nal secu­ri­ty or public order of the Par­ty by which it was desi­gna­ted, or with the rights and fun­da­men­tal free­doms of indi­vi­du­als under the juris­dic­tion of that Par­ty.

Article 17 Costs and procedures of assistance

1. Mutu­al assi­stan­ce which the Par­ties ren­der each other under Arti­cle 13 and assi­stan­ce they ren­der to data sub­jects under Arti­cles 8 and 14 shall not give rise to the payment of any costs or fees other than tho­se incur­red for experts and inter­pre­ters. The lat­ter costs or fees shall be bor­ne by the Par­ty which has desi­gna­ted the super­vi­so­ry aut­ho­ri­ty making the request for assi­stan­ce.
2. The data sub­ject may not be char­ged costs or fees in con­nec­tion with the steps taken on his or her behalf in the ter­ri­to­ry of ano­t­her Par­ty other than tho­se law­ful­ly paya­ble by resi­dents of that Par­ty.
3. Other details con­cer­ning the assi­stan­ce, rela­ting in par­ti­cu­lar to the forms and pro­ce­du­res and the lan­guages to be used, shall be esta­blished direct­ly bet­ween the Par­ties con­cer­ned.

Chapter V Convention Committee

Article 18 Composition of the committee

1. A Con­ven­ti­on Com­mit­tee shall be set up after the ent­ry into force of this Con­ven­ti­on.
2. Each Par­ty shall appoint a rep­re­sen­ta­ti­ve to the com­mit­tee and a depu­ty rep­re­sen­ta­ti­ve. Any mem­ber Sta­te of the Coun­cil of Euro­pe which is not a Par­ty to the Con­ven­ti­on shall have the right to be rep­re­sen­ted on the com­mit­tee by an obser­ver.
3. The Con­ven­ti­on Com­mit­tee may, by a deci­si­on taken by a majo­ri­ty of twot­hirds of the rep­re­sen­ta­ti­ves of the Par­ties, invi­te an obser­ver to be rep­re­sen­ted at its mee­tings.
4. Any Par­ty which is not a mem­ber of the Coun­cil of Euro­pe shall con­tri­bu­te to the fun­ding of the activi­ties of the Con­ven­ti­on Com­mit­tee accord­ing to the moda­li­ties esta­blished by the Com­mit­tee of Mini­sters in agree­ment with that Par­ty.

Article 19 Functions of the committee

The Con­ven­ti­on Com­mit­tee:
a. may make recom­men­da­ti­ons with a view to faci­li­ta­ting or impro­ving the app­li­ca­ti­on of the Con­ven­ti­on;
b. may make pro­po­sals for amend­ment of this Con­ven­ti­on in accord­ance with Arti­cle 21;
c. shall for­mu­la­te its opi­ni­on on any pro­po­sal for amend­ment of this Con­ven­ti­on which is refer­red to it in accord­ance with Arti­cle 21, para­graph 3;
d. may express an opi­ni­on on any questi­on con­cer­ning the inter­pre­ta­ti­on or app­li­ca­ti­on of this Con­ven­ti­on;
e. shall pre­pa­re, befo­re any new acces­si­on to the Con­ven­ti­on, an opi­ni­on for the Com­mit­tee of Mini­sters rela­ting to the level of per­so­nal data pro­tec­tion of the can­di­da­te for acces­si­on and whe­re necessa­ry recom­mend mea­su­res to take to reach com­pli­an­ce with the pro­vi­si­ons of this Con­ven­ti­on;
f. may, at the request of a Sta­te or an inter­na­tio­nal orga­ni­sa­ti­on, eva­lua­te whe­ther the level of per­so­nal data pro­tec­tion the for­mer pro­vi­des is in com­pli­an­ce with the pro­vi­si­ons of this Con­ven­ti­on and whe­re necessa­ry recom­mend mea­su­res to take to reach such com­pli­an­ce;
g. may deve­lop or appro­ve models of stan­dar­di­sed safe­guards refer­red to in Arti­cle 12;
h. shall review the imple­men­ta­ti­on of this Con­ven­ti­on by the Par­ties and recom­mend mea­su­res to take whe­re a Par­ty is not in com­pli­an­ce with this Con­ven­ti­on;
i. shall faci­li­ta­te, whe­re necessa­ry, the friend­ly sett­le­ment of all dif­fi­cul­ties rela­ted to the app­li­ca­ti­on of this Con­ven­ti­on.

Article 20 Procedure

1. The Con­ven­ti­on Com­mit­tee shall be con­ve­ned by the Secreta­ry Gene­ral of the Coun­cil of Euro­pe. Its first mee­ting shall be held wit­hin twel­ve mon­ths of the ent­ry into force of this Con­ven­ti­on. It shall sub­se­quent­ly meet at least once a year and in any case when onethird of the rep­re­sen­ta­ti­ves of the Par­ties request its con­vo­ca­ti­on.
2. A majo­ri­ty of rep­re­sen­ta­ti­ves of the Par­ties shall con­sti­tu­te a quo­rum for a mee­ting of the Con­ven­ti­on Com­mit­tee.
3. Each Par­ty has a right to vote and shall have one vote. On questi­ons wit­hin its com­pe­tence, the European Uni­on exer­cises its right to vote and casts a num­ber of votes equal to the num­ber of its mem­ber Sta­tes that are Par­ties to the Con­ven­ti­on and have trans­fer­red com­pe­ten­ci­es to the European Uni­on in the field con­cer­ned. In this case, tho­se mem­ber Sta­tes of the European Uni­on do not vote.
4. After each of its mee­tings, the Con­ven­ti­on Com­mit­tee shall sub­mit to the Com­mit­tee of Mini­sters of the Coun­cil of Euro­pe a report on its work and on the func­tio­n­ing of this Con­ven­ti­on.
5. The Con­ven­ti­on Com­mit­tee shall draw up its own Rules of Pro­ce­du­re and esta­blish, in par­ti­cu­lar, the pro­ce­du­res for eva­lua­ti­on refer­red to in Arti­cle 4.3 and for exami­na­ti­on of the level of pro­tec­tion refer­red to in Arti­cle 19, on the basis of objec­tive cri­te­ria.

Chapter VI Amendments

Article 21 Amendments

1. Amend­ments to this Con­ven­ti­on may be pro­po­sed by a Par­ty, the Com­mit­tee of Mini­sters of the Coun­cil of Euro­pe or the Con­ven­ti­on Com­mit­tee.
2. Any pro­po­sal for amend­ment shall be com­mu­ni­ca­ted by the Secreta­ry Gene­ral of the Coun­cil of Euro­pe to the Par­ties to this Con­ven­ti­on, to the other mem­ber Sta­tes of the Coun­cil of Euro­pe, to the
European Uni­on and to every non­mem­ber Sta­te or inter­na­tio­nal orga­ni­sa­ti­on which has been invi­ted to acce­de to this Con­ven­ti­on in accord­ance with the pro­vi­si­ons of Arti­cle 23.
3. Moreo­ver, any amend­ment pro­po­sed by a Par­ty or the Com­mit­tee of Mini­sters shall be com­mu­ni­ca­ted to the Con­ven­ti­on Com­mit­tee, which shall sub­mit to the Com­mit­tee of Mini­sters its opi­ni­on on that pro­po­sed amend­ment.
4. The Com­mit­tee of Mini­sters shall con­si­der the pro­po­sed amend­ment and any opi­ni­on sub­mit­ted by the Con­ven­ti­on Com­mit­tee and may appro­ve the amend­ment.
5. The text of any amend­ment appro­ved by the Com­mit­tee of Mini­sters in accord­ance with para­graph 4 of this arti­cle shall be for­war­ded to the Par­ties for accep­tan­ce.
6. Any amend­ment appro­ved in accord­ance with para­graph 4 of this arti­cle shall come into force on the thir­tieth day after all Par­ties have infor­med the Secreta­ry Gene­ral of their accep­tan­ce the­re­of.
7. Moreo­ver, the Com­mit­tee of Mini­sters may, after con­sul­ting the Con­ven­ti­on Com­mit­tee, deci­de that a par­ti­cu­lar amend­ment shall enter into force at the expi­ra­ti­on of a peri­od of two years from the date on which it has been ope­ned to accep­tan­ce, unless a Par­ty noti­fies the Secreta­ry Gene­ral of the Coun­cil of Euro­pe of an objec­tion to its ent­ry into force. If such an objec­tion is noti­fied, the amend­ment shall enter into force on the first day of the month fol­lo­wing the date on which the Par­ty to this Con­ven­ti­on which has noti­fied the objec­tion has depo­si­ted its instru­ment of accep­tan­ce with the Secreta­ry Gene­ral of the Coun­cil of Euro­pe.
8. If an amend­ment has been appro­ved by the Com­mit­tee of Mini­sters but has not yet ent­e­red into force in accord­ance with the pro­vi­si­ons set out in para­graphs 6 or 7, a Sta­te, the European Uni­on, or an inter­na­tio­nal orga­ni­sa­ti­on may not express its con­sent to be bound by this Con­ven­ti­on without at the same time accept­ing the amend­ment.

Chapter VII Final clauses

Article 22 Entry into force

1. This Con­ven­ti­on shall be open for signa­tu­re by the mem­ber Sta­tes of the Coun­cil of Euro­pe and by the European Uni­on. It is sub­ject to rati­fi­ca­ti­on, accep­tan­ce or appro­val. Instru­ments of rati­fi­ca­ti­on, accep­tan­ce or appro­val shall be depo­si­ted with the Secreta­ry Gene­ral of the Coun­cil of Euro­pe.
2. This Con­ven­ti­on shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of three mon­ths after the date on which five mem­ber Sta­tes of the Coun­cil of Euro­pe have expres­sed their con­sent to be bound by the Con­ven­ti­on in accord­ance with the pro­vi­si­ons of the pre­ce­ding para­graph.
3. In respect of any Par­ty which sub­se­quent­ly expres­ses its con­sent to be bound by it, the Con­ven­ti­on shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of three mon­ths after the date of depo­sit of the instru­ment of rati­fi­ca­ti­on, accep­tan­ce or appro­val.

Article 23 Accession by nonmember States and international organisations

1. After the ent­ry into force of this Con­ven­ti­on, the Com­mit­tee of Mini­sters of the Coun­cil of Euro­pe may, after con­sul­ting the Par­ties to this Con­ven­ti­on and obtai­ning their unani­mous agree­ment and in light of the opi­ni­on pre­pa­red by the Con­ven­ti­on Com­mit­tee in accord­ance with Arti­cle 19.e, invi­te any Sta­te not a mem­ber of the Coun­cil of Euro­pe or an inter­na­tio­nal orga­ni­sa­ti­on to acce­de to this Con­ven­ti­on by a deci­si­on taken by the majo­ri­ty pro­vi­ded for in Arti­cle 20.d of the Sta­tu­te of the Coun­cil of Euro­pe and by the unani­mous vote of the rep­re­sen­ta­ti­ves of the Con­trac­ting Sta­tes ent­it­led to sit on the Com­mit­tee of Mini­sters.
2. In respect of any Sta­te or inter­na­tio­nal orga­ni­sa­ti­on acce­ding to this Con­ven­ti­on accord­ing to para­graph 1 above, the Con­ven­ti­on shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of three mon­ths after the date of depo­sit of the instru­ment of acces­si­on with the Secreta­ry Gene­ral of the Coun­cil of Euro­pe.

Article 24 Territorial clause

1. Any Sta­te, the European Uni­on or other inter­na­tio­nal orga­ni­sa­ti­on may at the time of signa­tu­re or when depo­si­ting its instru­ment of rati­fi­ca­ti­on, accep­tan­ce, appro­val or acces­si­on, spe­ci­fy the ter­ri­to­ry or ter­ri­to­ries to which this Con­ven­ti­on shall apply.
2. Any Sta­te, the European Uni­on or other inter­na­tio­nal orga­ni­sa­ti­on may at any later date, by a decla­ra­ti­on addres­sed to the Secreta­ry Gene­ral of the Coun­cil of Euro­pe, extend the app­li­ca­ti­on of this Con­ven­ti­on to any other ter­ri­to­ry spe­ci­fied in the decla­ra­ti­on. In respect of such ter­ri­to­ry the Con­ven­ti­on shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of three mon­ths after the date of rece­ipt of such decla­ra­ti­on by the Secreta­ry Gene­ral.
3. Any decla­ra­ti­on made under the two pre­ce­ding para­graphs may, in respect of any ter­ri­to­ry spe­ci­fied in such decla­ra­ti­on, be with­drawn by a noti­fi­ca­ti­on addres­sed to the Secreta­ry Gene­ral. The with­dra­wal shall beco­me effec­tive on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of six mon­ths after the date of rece­ipt of such noti­fi­ca­ti­on by the Secreta­ry Gene­ral.

Article 25 Reservations

No reser­va­ti­on may be made in respect of the pro­vi­si­ons of this Con­ven­ti­on.

Article 26 Denunciation

1. Any Par­ty may at any time denoun­ce this Con­ven­ti­on by means of a noti­fi­ca­ti­on addres­sed to the Secreta­ry Gene­ral of the Coun­cil of Euro­pe.
2. Such den­un­cia­ti­on shall beco­me effec­tive on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of six mon­ths after the date of rece­ipt of the noti­fi­ca­ti­on by the Secreta­ry Gene­ral.

Article 27 Notifications

The Secreta­ry Gene­ral of the Coun­cil of Euro­pe shall noti­fy the mem­ber Sta­tes of the Coun­cil and any Par­ty to this Con­ven­ti­on of:
a. any signa­tu­re;
b. the depo­sit of any instru­ment of rati­fi­ca­ti­on, accep­tan­ce, appro­val or acces­si­on;
c. any date of ent­ry into force of this Con­ven­ti­on in accord­ance with Arti­cles 22, 23 and 24;
d. any other act, noti­fi­ca­ti­on or com­mu­ni­ca­ti­on rela­ting to this Con­ven­ti­on.

Article … of the Protocol: signature and entry into force

1. This Pro­to­col shall be open for signa­tu­re by the Par­ties to the Con­ven­ti­on. It shall be sub­ject to rati­fi­ca­ti­on, accep­tan­ce or appro­val. Instru­ments of rati­fi­ca­ti­on, accep­tan­ce or appro­val shall be depo­si­ted with the Secreta­ry Gene­ral of the Coun­cil of Euro­pe.
2. This Pro­to­col shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of [three] mon­ths after the date on which all Par­ties to the Con­ven­ti­on have expres­sed their con­sent to be bound by the Pro­to­col in accord­ance with the pro­vi­si­ons of para­graph 1 of this Arti­cle.
3. Howe­ver, this Pro­to­col shall enter into force fol­lo­wing the expi­ry of a peri­od of [two] years after the date on which it has been ope­ned for signa­tu­re, unless a Par­ty to the Con­ven­ti­on has noti­fied the Secreta­ry Gene­ral of the Coun­cil of Euro­pe of an objec­tion to its ent­ry into force. The right to make an objec­tion shall be reser­ved for tho­se Sta­tes which were Par­ties to the Con­ven­ti­on at the date of ope­ning for signa­tu­re of this pro­to­col.
4. Should such an objec­tion be noti­fied, the Pro­to­col shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of [three] mon­ths after the date on which the Par­ty to the Con­ven­ti­on which has noti­fied the objec­tion has depo­si­ted its instru­ment of rati­fi­ca­ti­on, accep­tan­ce or appro­val with the Secreta­ry Gene­ral of the Coun­cil of Euro­pe.
5. From the ent­ry into force of this Pro­to­col, with respect to a Par­ty having ent­e­red one or more decla­ra­ti­ons in pur­su­an­ce of Arti­cle 2 of the ori­gi­nal Con­ven­ti­on, such declaration(s) will lap­se.

Posted by David Vasella

RA Dr. David Vasella ist Rechtsanwalt bei FRORIEP. Er ist auf IT-, Datenschutz- und Immaterialgüterrecht spezialisiert und ist Lehrbeauftragter der Universität Zürich. Er ist Gründer von swissblawg.