Update 12. Okto­ber 2016:

Das Ad hoc Com­mit­tee on Data Pro­tec­tion (CAHDATA) hat am 40. Mee­ting vom 30. Novem­ber 2016 zum 2. Dezem­ber 2016 die Revi­si­on der Kon­ven­ti­on wei­ter bera­ten. Im Vor­feld wur­de der aktu­el­le Stand des Ent­wurfs vom 12. Sep­tem­ber 2016 ver­öf­fent­licht (PDF).


Update 17. Mai 2016:

Das Ad hoc Com­mit­tee on Data Pro­tec­tion (CAHDATA) hat mit Datum vom 3. Mai 2016 einen kon­so­li­dier­ten Ent­wurf der Kon­ven­ti­on 108 vor­ge­legt.


Nicht nur das EU-Daten­schutz­recht, son­dern auch die Euro­pa­rats-Kon­ven­ti­on 108 zum Schutz des Men­schen bei der auto­ma­ti­schen Ver­ar­bei­tung per­so­nen­be­zo­ge­ner Daten befin­det sich in Revi­si­on. In der Schweiz ist die­se Kon­ven­ti­on seit 1998 in Kraft (umge­setzt durch die dama­li­ge Teil­re­vi­si­on des DSG; in Kraft seit 1. Janu­ar 2008; Bot­schaft BBl 2003 2101). Sie defi­niert unter ande­rem, was die Schweiz unter ange­mes­se­nem Daten­schutz i.S.v. Art. 6 Abs. 1 DSG (dazu → Aus­lands­be­kannt­ga­be) ver­steht. Die Kon­ven­ti­on wur­de bis heu­te von rund 50 Staa­ten ratifiziert.

Eine Über­sicht zum Revi­si­ons­pro­zess fin­det sich auf der Web­site des Euro­pa­rats. Am 1. April 2015 das Ad hoc Com­mit­tee on Data Pro­tec­tion (CAHDATA) den heu­ti­gen Stand des Ent­wurfs gut­ge­hei­ssen (Text s. unten). Der Ent­wurf wird vor­aus­sicht­lich im Lau­fe von 2016 ver­ab­schie­det. Die Schweiz wird die Revi­si­on mit aller­gröss­ter Wahr­schein­lich­keit rati­fi­zie­ren. Grö­sse­re Ände­run­gen des schwei­ze­ri­schen Daten­schutz­rechts wer­den sich dabei aber vor­aus­sicht­lich nicht erge­ben. Die wich­tig­sten Neue­run­gen betref­fen fol­gen­de Punk­te (vgl. dazu David Rosen­thal auf deutsch und auf eng­lisch und die Her­vor­he­bun­gen im fol­gen­den Text der Konvention):

  • Der Begriff der beson­ders schüt­zens­wer­ten Per­so­nen­da­ten wird etwas brei­ter (z.B. betr. gene­ti­sche und bio­me­tri­sche Daten)
  • die Trans­pa­renz­an­for­de­run­gen wer­den strenger;
  • der Gegen­stand des Aus­kunfts­rechts wird erweitert;
  • Anhö­rungs­recht bei auto­ma­ti­sier­ten Entscheidungen
  • Mel­de­pflicht bei Ver­stö­ssen (breach notification).

Nach heu­ti­gem Stand hat der revi­dier­te Text der Kon­ven­ti­on fol­gen­den Wortlaut:

Chap­ter I Gene­ral provisions

Artic­le 1 – Object and purpose

The pur­po­se of this Con­ven­ti­on is to pro­tect every indi­vi­du­al, wha­te­ver his or her natio­na­li­ty or resi­dence, with regard to the pro­ce­s­sing of the per­so­nal data, ther­eby con­tri­bu­ting to respect for his or her human rights and fun­da­men­tal free­doms, and in par­ti­cu­lar their right to privacy.

Artic­le 2 – Definitions

For the pur­po­ses of this Convention:
a.“personal data” means any infor­ma­ti­on rela­ting to an iden­ti­fi­ed or iden­ti­fia­ble indi­vi­du­al (“data subject”);
b.“data pro­ce­s­sing” means any ope­ra­ti­on or set of ope­ra­ti­ons which is per­for­med on per­so­nal data, such as the coll­ec­tion, sto­rage, pre­ser­va­ti­on, altera­ti­on, retrie­val, dis­clo­sure, making available, era­su­re, or des­truc­tion of, or the car­ry­ing out of logi­cal and/or arith­me­ti­cal ope­ra­ti­ons on such data; Whe­re auto­ma­ted pro­ce­s­sing is not used, data pro­ce­s­sing means an ope­ra­ti­on or set of ope­ra­ti­ons per­for­med upon per­so­nal data within a struc­tu­red set of such data which are acce­s­si­ble or retrie­va­ble accor­ding to spe­ci­fic criteria;
c.“controller” means the natu­ral or legal per­son, public aut­ho­ri­ty, ser­vice, agen­cy or any other body which, alo­ne or joint­ly with others, has the decis­ion­ma­king power with respect to data processing;
d. “reci­pi­ent” means a natu­ral or legal per­son, public aut­ho­ri­ty, ser­vice, agen­cy or any other body to whom data are dis­c­lo­sed or made available;
e. “pro­ces­sor” means a natu­ral or legal per­son, public aut­ho­ri­ty, ser­vice, agen­cy or any other body which pro­ce­s­ses per­so­nal data on behalf of the controller.

Artic­le 3 – Scope

1. Each Par­ty under­ta­kes to app­ly this Con­ven­ti­on to data pro­ce­s­sing sub­ject to its juris­dic­tion in the public and pri­va­te sec­tors, ther­eby secu­ring every individual’s right to pro­tec­tion of his or her per­so­nal data.
1bis. This Con­ven­ti­on shall not app­ly to data pro­ce­s­sing car­ri­ed out by an indi­vi­du­al in the cour­se of [purely] per­so­nal or hou­se­hold activities.

Chap­ter II – Basic prin­ci­ples for the pro­tec­tion of per­so­nal data

Artic­le 4 – Duties of the Parties

1.Each Par­ty shall take the neces­sa­ry mea­su­res in its law to give effect to the pro­vi­si­ons of this Con­ven­ti­on and secu­re their effec­ti­ve application.
2.These mea­su­res shall be taken by each Par­ty and shall have come into force by the time of rati­fi­ca­ti­on or acce­s­si­on to this Convention.
3. Each Par­ty undertakes:
a. to allow the Con­ven­ti­on Com­mit­tee pro­vi­ded for in Chap­ter V to eva­lua­te the effec­ti­ve­ness of the mea­su­res it has taken in its law to give effect to the pro­vi­si­ons of this Con­ven­ti­on; and
b. to con­tri­bu­te actively to this eva­lua­ti­on process.

Artic­le 5 – Legi­ti­ma­cy of data pro­ce­s­sing and qua­li­ty of data

1. Data pro­ce­s­sing shall be pro­por­tio­na­te in rela­ti­on to the legi­ti­ma­te pur­po­se pur­sued and reflect at all stages of the pro­ce­s­sing a fair balan­ce bet­ween all inte­rests con­cer­ned, whe­ther public or pri­va­te, and the rights and free­doms at stake.
2. Each Par­ty shall pro­vi­de that data pro­ce­s­sing can be car­ri­ed out on the basis of the free, spe­ci­fic, infor­med and unam­bi­guous con­sent of the data sub­ject or of some other legi­ti­ma­te basis laid down by law.
3. Per­so­nal data under­go­ing pro­ce­s­sing shall be pro­ce­s­sed lawfully.
4. Per­so­nal data under­go­ing pro­ce­s­sing shall be:
a. pro­ce­s­sed fair­ly and in a trans­pa­rent manner;
b. coll­ec­ted for expli­cit, spe­ci­fi­ed and legi­ti­ma­te pur­po­ses and not pro­ce­s­sed in a way incom­pa­ti­ble with tho­se pur­po­ses; fur­ther pro­ce­s­sing for histo­ri­cal, sta­tis­ti­cal and sci­en­ti­fic pur­po­ses is, sub­ject to appro­pria­te safe­guards, com­pa­ti­ble with tho­se purposes;
c. ade­qua­te, rele­vant and not exce­s­si­ve in rela­ti­on to the pur­po­ses for which they are processed;
d. accu­ra­te and, whe­re neces­sa­ry, kept up to date;
e. pre­ser­ved in a form which per­mits iden­ti­fi­ca­ti­on of data sub­jects for no lon­ger than is neces­sa­ry for the pur­po­ses for which tho­se data are processed.

Artic­le 6 – Spe­cial cate­go­ries of data

1. The pro­ce­s­sing of:
gene­tic data;
per­so­nal data rela­ting to offen­ces, cri­mi­nal pro­ce­e­dings and con­vic­tions, and rela­ted secu­ri­ty measures;
bio­me­tric data uni­que­ly iden­ti­fy­ing a person;
per­so­nal data for the infor­ma­ti­on they reve­al rela­ting to racial ori­gin, poli­ti­cal opi­ni­ons, trade
uni­on mem­ber­ship, reli­gious or other beliefs, health or sexu­al life;
shall only be allo­wed whe­re spe­ci­fic and addi­tio­nal appro­pria­te safe­guards are enshri­ned in law, com­ple­men­ting tho­se of this Convention.
2. Such safe­guards shall guard against the risks that the pro­ce­s­sing of such sen­si­ti­ve data may pre­sent to the inte­rests, rights and fun­da­men­tal free­doms of the data sub­ject, nota­b­ly a risk of discrimination.

Artic­le 7 – Data security

1. Each Par­ty shall pro­vi­de that the con­trol­ler, and, whe­re appli­ca­ble the pro­ces­sor, takes appro­pria­te secu­ri­ty mea­su­res against risks such as acci­den­tal or unaut­ho­ri­sed access to, des­truc­tion, loss, use, modi­fi­ca­ti­on or dis­clo­sure of per­so­nal data.
2. Each Par­ty shall pro­vi­de that the con­trol­ler shall noti­fy, wit­hout delay, at least the com­pe­tent super­vi­so­ry aut­ho­ri­ty within the mea­ning of Artic­le 12bis of this Con­ven­ti­on, of tho­se data brea­ches which may serious­ly inter­fe­re with the rights and fun­da­men­tal free­doms of data subjects.

Artic­le 7bis – Trans­pa­ren­cy of processing

1. Each Par­ty shall pro­vi­de that the con­trol­ler informs the data sub­jects of:
a. the controller’s iden­ti­ty and habi­tu­al resi­dence or establishment;
b. the legal basis and the pur­po­ses of the inten­ded processing;
c. the cate­go­ries of per­so­nal data processed;
d. the reci­pi­en­ts or cate­go­ries of reci­pi­en­ts of the per­so­nal data, if any; and
e. the means of exer­cis­ing the rights set out in Artic­le 8; as well as any neces­sa­ry addi­tio­nal infor­ma­ti­on in order to ensu­re fair and trans­pa­rent pro­ce­s­sing of the per­so­nal data.
1bis.Paragraph 1 shall not app­ly whe­re the data sub­ject alre­a­dy has the rele­vant information.
2. Whe­re the per­so­nal data are not coll­ec­ted from the data sub­jects, the con­trol­ler shall none­thel­ess not be requi­red to pro­vi­de such infor­ma­ti­on whe­re the pro­ce­s­sing is express­ly pre­scri­bed by law or this pro­ves to be impos­si­ble or invol­ves dis­pro­por­tio­na­te efforts.

Artic­le 8 – Rights of the data subject

Every indi­vi­du­al shall have a right:
a. not to be sub­ject to a decis­i­on signi­fi­cant­ly affec­ting him or her based sole­ly on an auto­ma­ted pro­ce­s­sing of data wit­hout having his or her views taken into consideration;
b. to obtain, on request, at rea­sonable inter­vals and wit­hout exce­s­si­ve delay or expen­se, con­fir­ma­ti­on of the pro­ce­s­sing of per­so­nal data rela­ting to him or her; the com­mu­ni­ca­ti­on in an intel­li­gi­ble form of the data pro­ce­s­sed; all available infor­ma­ti­on on their ori­gin, on the pre­ser­va­ti­on peri­od as well as any other infor­ma­ti­on that the con­trol­ler is requi­red to pro­vi­de in order to ensu­re the trans­pa­ren­cy of pro­ce­s­sing in accordance with Artic­le 7bis, para­graph 1;
c. to obtain, on request, know­ledge of the rea­so­ning under­ly­ing data pro­ce­s­sing whe­re the results of such pro­ce­s­sing are applied to him or her;
d. to object at any time to the pro­ce­s­sing of per­so­nal data con­cer­ning him or her unless the con­trol­ler demon­stra­tes legi­ti­ma­te grounds for the pro­ce­s­sing which over­ri­de his or her inte­rests or rights and fun­da­men­tal freedoms;
e. to obtain, on request, free of char­ge and wit­hout exce­s­si­ve delay, rec­ti­fi­ca­ti­on or era­su­re, as the case may be, of such data if the­se are being or have been pro­ce­s­sed con­tra­ry to the pro­vi­si­ons of this Convention;
f. to have a reme­dy under Artic­le 10 whe­re his or her rights under this Con­ven­ti­on have been violated;
g. to bene­fit, wha­te­ver his or her natio­na­li­ty or resi­dence, from the assi­stance of a super­vi­so­ry aut­ho­ri­ty within the mea­ning of Artic­le 12bis, in exer­cis­ing his or her rights under this Convention.

Artic­le 8bis – Addi­tio­nal obligations

1. Each Par­ty shall pro­vi­de that con­trol­lers and, whe­re appli­ca­ble, pro­ces­sors take all appro­pria­te mea­su­res to com­ply with the obli­ga­ti­ons of this Con­ven­ti­on and be able to demon­stra­te, in par­ti­cu­lar to the com­pe­tent super­vi­so­ry aut­ho­ri­ty pro­vi­ded for in Artic­le 12bis, that the data pro­ce­s­sing under their con­trol is in com­pli­ance with the pro­vi­si­ons of this Convention.
2. Each Par­ty shall pro­vi­de that con­trol­lers and, whe­re appli­ca­ble, pro­ces­sors, exami­ne the likely impact of inten­ded data pro­ce­s­sing on the rights and fun­da­men­tal free­doms of data sub­jects pri­or to the com­mence­ment of such pro­ce­s­sing, and shall design the data pro­ce­s­sing in such a man­ner as to pre­vent or mini­mi­se the risk of inter­fe­rence with tho­se rights and fun­da­men­tal freedoms.
3. Each Par­ty shall pro­vi­de that con­trol­lers, and, whe­re appli­ca­ble, pro­ces­sors, imple­ment tech­ni­cal and orga­ni­sa­tio­nal mea­su­res which take into account the impli­ca­ti­ons of the right to the pro­tec­tion of per­so­nal data at all stages of the data processing.
4. Each Par­ty may, having regard to the risks ari­sing for the inte­rests, rights and fun­da­men­tal free­doms of the data sub­jects, adapt the appli­ca­ti­on of the pro­vi­si­ons of para­graphs 1, 2 and 3 in the law giving effect to the pro­vi­si­ons of this Con­ven­ti­on, accor­ding to the natu­re and volu­me of the data, the natu­re, scope and pur­po­se of the pro­ce­s­sing and, whe­re appro­pria­te, the size of the con­trol­ler or processor.

Artic­le 9 Excep­ti­ons and restrictions

1. No excep­ti­on to the pro­vi­si­ons set out in this Chap­ter shall be allo­wed, except to the pro­vi­si­ons of Artic­les 5.4, 7.2, 7bis, para­graph 1 and Artic­le 8 when such an excep­ti­on is pro­vi­ded for by law and con­sti­tu­tes a neces­sa­ry and pro­por­tio­na­te mea­su­re in a demo­cra­tic socie­ty for:
a. the pro­tec­tion of natio­nal secu­ri­ty, public safe­ty, important eco­no­mic and finan­cial inte­rests of the Sta­te, the impar­tia­li­ty and inde­pen­dence of the judi­cia­ry or the pre­ven­ti­on, inve­sti­ga­ti­on and pro­se­cu­ti­on of cri­mi­nal offences;
b. the pro­tec­tion of the data sub­ject or the rights and fun­da­men­tal free­doms of others, nota­b­ly free­dom of expression.
2. Rest­ric­tions on the exer­cise of the pro­vi­si­ons spe­ci­fi­ed in Artic­les 7bis and 8 may be pro­vi­ded for by law with respect to data pro­ce­s­sing for histo­ri­cal, sta­tis­ti­cal and sci­en­ti­fic pur­po­ses when the­re is no reco­g­nisable risk of inf­rin­ge­ment of the rights and fun­da­men­tal free­doms of data subjects.

Artic­le 10 Sanc­tions and remedies

Each Par­ty under­ta­kes to estab­lish appro­pria­te judi­cial and non­ju­di­cial sanc­tions and reme­dies for vio­la­ti­ons of the pro­vi­si­ons of this Convention.

Artic­le 11 Exten­ded protection

None of the pro­vi­si­ons of this chap­ter shall be inter­pre­ted as limi­ting or other­wi­se affec­ting the pos­si­bi­li­ty for a Par­ty to grant data sub­jects a wider mea­su­re of pro­tec­tion than that sti­pu­la­ted in this Convention.

Chap­ter III Trans­bor­der flows of per­so­nal data

Artic­le 12 Trans­bor­der flows of per­so­nal data

1. A Par­ty shall not, for the sole pur­po­se of the pro­tec­tion of per­so­nal data, pro­hi­bit or sub­ject to spe­cial aut­ho­ri­sa­ti­on the trans­fer of such data to a reci­pi­ent who is sub­ject to the juris­dic­tion of ano­ther Par­ty to the Con­ven­ti­on. Such a Par­ty may howe­ver do so if bound by har­mo­ni­s­ed rules of pro­tec­tion shared by Sta­tes belon­ging to a regio­nal inter­na­tio­nal organisation9.
2. When the reci­pi­ent is sub­ject to the juris­dic­tion of a Sta­te or inter­na­tio­nal orga­ni­sa­ti­on which is not par­ty to this Con­ven­ti­on, the trans­fer of per­so­nal data may only take place whe­re an appro­pria­te level of pro­tec­tion based on the pro­vi­si­ons of this Con­ven­ti­on is secured.
3. An appro­pria­te level of pro­tec­tion can be secu­red by:
a. the law of that Sta­te or inter­na­tio­nal orga­ni­sa­ti­on, inclu­ding the appli­ca­ble inter­na­tio­nal trea­ties or agree­ments; or
b. ad hoc or appro­ved stan­dar­di­sed safe­guards pro­vi­ded by legal­ly bin­ding and enforceable instru­ments adopted and imple­men­ted by the per­sons invol­ved in the trans­fer and fur­ther processing.
4. Not­wi­th­stan­ding the pro­vi­si­ons of the pre­vious para­graphs, each Par­ty may pro­vi­de that the trans­fer of per­so­nal data may take place if:
a. the data sub­ject has given expli­cit, spe­ci­fic and free con­sent, after being infor­med of risks ari­sing in the absence of appro­pria­te safe­guards; or
b. the spe­ci­fic inte­rests of the data sub­ject requi­re it in the par­ti­cu­lar case; or
c. pre­vai­ling legi­ti­ma­te inte­rests, in par­ti­cu­lar important public inte­rests, are pro­vi­ded for by law and such trans­fer con­sti­tu­tes a neces­sa­ry and pro­por­tio­na­te mea­su­re in a demo­cra­tic society.
5. Each Par­ty shall pro­vi­de that the com­pe­tent super­vi­so­ry aut­ho­ri­ty within the mea­ning of Artic­le 12bis of this Con­ven­ti­on is pro­vi­ded with all rele­vant infor­ma­ti­on con­cer­ning the trans­fers of data refer­red to in para­graph 3.b and, upon request, para­graphs 4.b and 4.c.
6. Each Par­ty shall also pro­vi­de that the super­vi­so­ry aut­ho­ri­ty is entit­led to request that the per­son who trans­fers data demon­stra­tes the effec­ti­ve­ness of the safe­guards or the exi­stence of pre­vai­ling legi­ti­ma­te inte­rests and that the super­vi­so­ry aut­ho­ri­ty may, in order to pro­tect the rights and fun­da­men­tal free­doms of data sub­jects, pro­hi­bit, sus­pend or sub­ject to con­di­ti­on such transfers.
7. Excep­ti­ons to the pro­vi­si­ons of this Artic­le are allo­wed inso­far as they con­sti­tu­te a neces­sa­ry and pro­por­tio­na­te mea­su­re in a demo­cra­tic socie­ty for the free­dom of expression.

Chap­ter III bis Super­vi­so­ry authorities

Artic­le 12bis Super­vi­so­ry authorities

1 Each Par­ty shall pro­vi­de for one or more aut­ho­ri­ties to be respon­si­ble for ensu­ring com­pli­ance with the pro­vi­si­ons of this Convention.
2 To this end, such authorities:
a. shall have powers of inve­sti­ga­ti­on and intervention;
b. shall per­form the func­tions rela­ting to trans­fers of data pro­vi­ded for under Artic­le 12, nota­b­ly the appr­oval of stan­dar­di­sed safeguards:
c. shall have powers to issue decis­i­ons with respect to vio­la­ti­ons of the pro­vi­si­ons of this Con­ven­ti­on and may, in par­ti­cu­lar, impo­se admi­ni­stra­ti­ve sanctions;
d. shall have the power to enga­ge in legal pro­ce­e­dings or to bring to the atten­ti­on of the com­pe­tent judi­cial aut­ho­ri­ties vio­la­ti­ons of the pro­vi­si­ons of this Convention;
e. shall promote:
i. public awa­re­ness of their func­tions and powers as well as their activities;
ii. public awa­re­ness of the rights of data sub­jects and the exer­cise of such rights;
iii. awa­re­ness of con­trol­lers and pro­ces­sors of their respon­si­bi­li­ties under this Con­ven­ti­on; spe­ci­fic atten­ti­on shall be given to the data pro­tec­tion rights of child­ren and other vul­nerable individuals.
2bis. The com­pe­tent super­vi­so­ry aut­ho­ri­ties shall be con­sul­ted on pro­po­sals for any legis­la­ti­ve or admi­ni­stra­ti­ve mea­su­res which pro­vi­de for the pro­ce­s­sing of per­so­nal data.
3. Each com­pe­tent super­vi­so­ry aut­ho­ri­ty shall deal with requests and com­plaints lodged by data sub­jects con­cer­ning their data pro­tec­tion rights and shall keep data sub­jects infor­med of progress.
4. The super­vi­so­ry aut­ho­ri­ties shall act with com­ple­te inde­pen­dence and impar­tia­li­ty in per­forming their duties and exer­cis­ing their powers and in doing so shall neither seek nor accept
instructions.
5. Each Par­ty shall ensu­re that the super­vi­so­ry aut­ho­ri­ties are pro­vi­ded with the resour­ces neces­sa­ry for the effec­ti­ve per­for­mance of their func­tions and exer­cise of their powers.
5bis. Each super­vi­so­ry aut­ho­ri­ty shall prepa­re and publish a peri­odi­cal report out­lining its activities.
5ter. Mem­bers and staff of the super­vi­so­ry aut­ho­ri­ties shall be bound by obli­ga­ti­ons of con­fi­den­tia­li­ty with regard to con­fi­den­ti­al infor­ma­ti­on they have access to or have had access to in the per­for­mance of their duties and exer­cise of their powers.
6. Decis­i­ons of the super­vi­so­ry aut­ho­ri­ties may be appea­led against through the courts.
7. In accordance with the pro­vi­si­ons of Chap­ter IV, the super­vi­so­ry aut­ho­ri­ties shall coope­ra­te with one ano­ther to the ext­ent neces­sa­ry for the per­for­mance of their duties and exer­cise of their powers, in particular
by:
a. pro­vi­ding mutu­al assi­stance by exchan­ging rele­vant and useful infor­ma­ti­on and coope­ra­ting with each other under the con­di­ti­on that, as regards the pro­tec­tion of per­so­nal data, all the rules and safe­guards of this Con­ven­ti­on are com­plied with;
b. coor­di­na­ting their inve­sti­ga­ti­ons or inter­ven­ti­ons, or con­duc­ting joint actions;
c. pro­vi­ding infor­ma­ti­on and docu­men­ta­ti­on on their law and admi­ni­stra­ti­ve prac­ti­ce rela­ting to data protection.
7bis. The infor­ma­ti­on refer­red to in para­graph 7 lit­te­ra a shall not include per­so­nal data under­go­ing pro­ce­s­sing unless such data are essen­ti­al for coope­ra­ti­on, or whe­re the data sub­ject con­cer­ned has given expli­cit, spe­ci­fic, free and infor­med con­sent to its provision.
8. In order to orga­ni­se their coope­ra­ti­on and to per­form the duties set out in the pre­ce­ding para­graphs, the super­vi­so­ry aut­ho­ri­ties of the Par­ties shall form a network.
9. The super­vi­so­ry aut­ho­ri­ties shall not be com­pe­tent with respect to pro­ce­s­sing car­ri­ed out by bodies when acting in their judi­cial capacity.

Chap­ter IV Mutu­al assistance

Artic­le 13 Coope­ra­ti­on bet­ween Parties

1. The Par­ties agree to ren­der each other mutu­al assi­stance in order to imple­ment this Convention.
2. For that purpose:
a. each Par­ty shall desi­gna­te one or more super­vi­so­ry aut­ho­ri­ties within the mea­ning of Artic­le 12bis of this Con­ven­ti­on, the name and address of each of which it shall com­mu­ni­ca­te to the Secre­ta­ry Gene­ral of the Coun­cil of Europe;
b. each Par­ty which has desi­gna­ted more than one super­vi­so­ry aut­ho­ri­ty shall spe­ci­fy the com­pe­tence of each aut­ho­ri­ty in its com­mu­ni­ca­ti­on refer­red to in the pre­vious subparagraph.

Artic­le 14 Assi­stance to data subjects

1. Each Par­ty shall assist any data sub­ject, wha­te­ver his or her natio­na­li­ty or resi­dence, to exer­cise his or her rights under Artic­le 8 of this Convention.
2. Whe­re a data sub­ject resi­des in the ter­ri­to­ry of ano­ther Par­ty, he or she shall be given the opti­on of sub­mit­ting the request through the inter­me­dia­ry of the super­vi­so­ry aut­ho­ri­ty desi­gna­ted by that Party.
3. The request for assi­stance shall con­tain all the neces­sa­ry par­ti­cu­lars, rela­ting inter alia to:
a. the name, address and any other rele­vant par­ti­cu­lars iden­ti­fy­ing the data sub­ject making the request;
b. the pro­ce­s­sing to which the request per­ta­ins, or its controller;
c. the pur­po­se of the request.

Artic­le 15Safeguards con­cer­ning assi­stance ren­de­red by desi­gna­ted super­vi­so­ry authorities

1. A super­vi­so­ry aut­ho­ri­ty desi­gna­ted by a Par­ty which has recei­ved infor­ma­ti­on from a super­vi­so­ry aut­ho­ri­ty desi­gna­ted by ano­ther Par­ty eit­her accom­pany­ing a request for assi­stance or in rep­ly to its own request for assi­stance shall not use that infor­ma­ti­on for pur­po­ses other than tho­se spe­ci­fi­ed in the request for assistance.
2. In no case may a desi­gna­ted super­vi­so­ry aut­ho­ri­ty be allo­wed to make a request for assi­stance on behalf of a data sub­ject of its own accord and wit­hout the expli­cit con­sent of the data sub­ject concerned.

Artic­le 16 Refu­sal of requests for assistance

A desi­gna­ted super­vi­so­ry aut­ho­ri­ty to which a request for assi­stance is addres­sed under Artic­le 13 of this Con­ven­ti­on may not refu­se to com­ply with it unless:
a. the request is not com­pa­ti­ble with the powers in the field of data pro­tec­tion of the aut­ho­ri­ties respon­si­ble for replying;
b. the request does not com­ply with the pro­vi­si­ons of this Convention;
c. com­pli­ance with the request would be incom­pa­ti­ble with the sove­reig­n­ty, natio­nal secu­ri­ty or public order of the Par­ty by which it was desi­gna­ted, or with the rights and fun­da­men­tal free­doms of indi­vi­du­als under the juris­dic­tion of that Party.

Artic­le 17 Costs and pro­ce­du­res of assistance

1. Mutu­al assi­stance which the Par­ties ren­der each other under Artic­le 13 and assi­stance they ren­der to data sub­jects under Artic­les 8 and 14 shall not give rise to the payment of any costs or fees other than tho­se incur­red for experts and inter­pre­ters. The lat­ter costs or fees shall be bor­ne by the Par­ty which has desi­gna­ted the super­vi­so­ry aut­ho­ri­ty making the request for assistance.
2. The data sub­ject may not be char­ged costs or fees in con­nec­tion with the steps taken on his or her behalf in the ter­ri­to­ry of ano­ther Par­ty other than tho­se lawful­ly paya­ble by resi­dents of that Party.
3. Other details con­cer­ning the assi­stance, rela­ting in par­ti­cu­lar to the forms and pro­ce­du­res and the lan­guages to be used, shall be estab­lished direct­ly bet­ween the Par­ties concerned.

Chap­ter V Con­ven­ti­on Committee

Artic­le 18 Com­po­si­ti­on of the committee

1. A Con­ven­ti­on Com­mit­tee shall be set up after the ent­ry into force of this Convention.
2. Each Par­ty shall appoint a repre­sen­ta­ti­ve to the com­mit­tee and a depu­ty repre­sen­ta­ti­ve. Any mem­ber Sta­te of the Coun­cil of Euro­pe which is not a Par­ty to the Con­ven­ti­on shall have the right to be repre­sen­ted on the com­mit­tee by an observer.
3. The Con­ven­ti­on Com­mit­tee may, by a decis­i­on taken by a majo­ri­ty of twot­hirds of the repre­sen­ta­ti­ves of the Par­ties, invi­te an obser­ver to be repre­sen­ted at its meetings.
4. Any Par­ty which is not a mem­ber of the Coun­cil of Euro­pe shall con­tri­bu­te to the fun­ding of the acti­vi­ties of the Con­ven­ti­on Com­mit­tee accor­ding to the moda­li­ties estab­lished by the Com­mit­tee of Mini­sters in agree­ment with that Party.

Artic­le 19 Func­tions of the committee

The Con­ven­ti­on Committee:
a. may make recom­men­da­ti­ons with a view to faci­li­ta­ting or impro­ving the appli­ca­ti­on of the Convention;
b. may make pro­po­sals for amend­ment of this Con­ven­ti­on in accordance with Artic­le 21;
c. shall for­mu­la­te its opi­ni­on on any pro­po­sal for amend­ment of this Con­ven­ti­on which is refer­red to it in accordance with Artic­le 21, para­graph 3;
d. may express an opi­ni­on on any que­sti­on con­cer­ning the inter­pre­ta­ti­on or appli­ca­ti­on of this Convention;
e. shall prepa­re, befo­re any new acce­s­si­on to the Con­ven­ti­on, an opi­ni­on for the Com­mit­tee of Mini­sters rela­ting to the level of per­so­nal data pro­tec­tion of the can­di­da­te for acce­s­si­on and whe­re neces­sa­ry recom­mend mea­su­res to take to reach com­pli­ance with the pro­vi­si­ons of this Convention;
f. may, at the request of a Sta­te or an inter­na­tio­nal orga­ni­sa­ti­on, eva­lua­te whe­ther the level of per­so­nal data pro­tec­tion the for­mer pro­vi­des is in com­pli­ance with the pro­vi­si­ons of this Con­ven­ti­on and whe­re neces­sa­ry recom­mend mea­su­res to take to reach such compliance;
g. may deve­lop or appro­ve models of stan­dar­di­sed safe­guards refer­red to in Artic­le 12;
h. shall review the imple­men­ta­ti­on of this Con­ven­ti­on by the Par­ties and recom­mend mea­su­res to take whe­re a Par­ty is not in com­pli­ance with this Convention;
i. shall faci­li­ta­te, whe­re neces­sa­ry, the fri­end­ly sett­le­ment of all dif­fi­cul­ties rela­ted to the appli­ca­ti­on of this Convention.

Artic­le 20 Procedure

1. The Con­ven­ti­on Com­mit­tee shall be con­ve­ned by the Secre­ta­ry Gene­ral of the Coun­cil of Euro­pe. Its first mee­ting shall be held within twel­ve months of the ent­ry into force of this Con­ven­ti­on. It shall sub­se­quent­ly meet at least once a year and in any case when onethird of the repre­sen­ta­ti­ves of the Par­ties request its convocation.
2. A majo­ri­ty of repre­sen­ta­ti­ves of the Par­ties shall con­sti­tu­te a quo­rum for a mee­ting of the Con­ven­ti­on Committee.
3. Each Par­ty has a right to vote and shall have one vote. On que­sti­ons within its com­pe­tence, the Euro­pean Uni­on exer­cis­es its right to vote and casts a num­ber of votes equal to the num­ber of its mem­ber Sta­tes that are Par­ties to the Con­ven­ti­on and have trans­fer­red com­pe­ten­ci­es to the Euro­pean Uni­on in the field con­cer­ned. In this case, tho­se mem­ber Sta­tes of the Euro­pean Uni­on do not vote.
4. After each of its mee­tings, the Con­ven­ti­on Com­mit­tee shall sub­mit to the Com­mit­tee of Mini­sters of the Coun­cil of Euro­pe a report on its work and on the func­tio­ning of this Convention.
5. The Con­ven­ti­on Com­mit­tee shall draw up its own Rules of Pro­ce­du­re and estab­lish, in par­ti­cu­lar, the pro­ce­du­res for eva­lua­ti­on refer­red to in Artic­le 4.3 and for exami­na­ti­on of the level of pro­tec­tion refer­red to in Artic­le 19, on the basis of objec­ti­ve criteria.

Chap­ter VI Amendments

Artic­le 21 Amendments

1. Amend­ments to this Con­ven­ti­on may be pro­po­sed by a Par­ty, the Com­mit­tee of Mini­sters of the Coun­cil of Euro­pe or the Con­ven­ti­on Committee.
2. Any pro­po­sal for amend­ment shall be com­mu­ni­ca­ted by the Secre­ta­ry Gene­ral of the Coun­cil of Euro­pe to the Par­ties to this Con­ven­ti­on, to the other mem­ber Sta­tes of the Coun­cil of Euro­pe, to the
Euro­pean Uni­on and to every non­mem­ber Sta­te or inter­na­tio­nal orga­ni­sa­ti­on which has been invi­ted to acce­de to this Con­ven­ti­on in accordance with the pro­vi­si­ons of Artic­le 23.
3. Moreo­ver, any amend­ment pro­po­sed by a Par­ty or the Com­mit­tee of Mini­sters shall be com­mu­ni­ca­ted to the Con­ven­ti­on Com­mit­tee, which shall sub­mit to the Com­mit­tee of Mini­sters its opi­ni­on on that pro­po­sed amendment.
4. The Com­mit­tee of Mini­sters shall con­sider the pro­po­sed amend­ment and any opi­ni­on sub­mit­ted by the Con­ven­ti­on Com­mit­tee and may appro­ve the amendment.
5. The text of any amend­ment appro­ved by the Com­mit­tee of Mini­sters in accordance with para­graph 4 of this artic­le shall be for­ward­ed to the Par­ties for acceptance.
6. Any amend­ment appro­ved in accordance with para­graph 4 of this artic­le shall come into force on the thir­tieth day after all Par­ties have infor­med the Secre­ta­ry Gene­ral of their accep­tance thereof.
7. Moreo­ver, the Com­mit­tee of Mini­sters may, after con­sul­ting the Con­ven­ti­on Com­mit­tee, deci­de that a par­ti­cu­lar amend­ment shall enter into force at the expi­ra­ti­on of a peri­od of two years from the date on which it has been ope­ned to accep­tance, unless a Par­ty noti­fi­es the Secre­ta­ry Gene­ral of the Coun­cil of Euro­pe of an objec­tion to its ent­ry into force. If such an objec­tion is noti­fi­ed, the amend­ment shall enter into force on the first day of the month fol­lo­wing the date on which the Par­ty to this Con­ven­ti­on which has noti­fi­ed the objec­tion has depo­si­ted its instru­ment of accep­tance with the Secre­ta­ry Gene­ral of the Coun­cil of Europe.
8. If an amend­ment has been appro­ved by the Com­mit­tee of Mini­sters but has not yet ente­red into force in accordance with the pro­vi­si­ons set out in para­graphs 6 or 7, a Sta­te, the Euro­pean Uni­on, or an inter­na­tio­nal orga­ni­sa­ti­on may not express its con­sent to be bound by this Con­ven­ti­on wit­hout at the same time accep­ting the amendment.

Chap­ter VII Final clauses

Artic­le 22 Ent­ry into force

1. This Con­ven­ti­on shall be open for signa­tu­re by the mem­ber Sta­tes of the Coun­cil of Euro­pe and by the Euro­pean Uni­on. It is sub­ject to rati­fi­ca­ti­on, accep­tance or appr­oval. Instru­ments of rati­fi­ca­ti­on, accep­tance or appr­oval shall be depo­si­ted with the Secre­ta­ry Gene­ral of the Coun­cil of Europe.
2. This Con­ven­ti­on shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of three months after the date on which five mem­ber Sta­tes of the Coun­cil of Euro­pe have expres­sed their con­sent to be bound by the Con­ven­ti­on in accordance with the pro­vi­si­ons of the pre­ce­ding paragraph.
3. In respect of any Par­ty which sub­se­quent­ly expres­ses its con­sent to be bound by it, the Con­ven­ti­on shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of three months after the date of depo­sit of the instru­ment of rati­fi­ca­ti­on, accep­tance or approval.

Artic­le 23 Acce­s­si­on by non­mem­ber Sta­tes and inter­na­tio­nal organisations

1. After the ent­ry into force of this Con­ven­ti­on, the Com­mit­tee of Mini­sters of the Coun­cil of Euro­pe may, after con­sul­ting the Par­ties to this Con­ven­ti­on and obtai­ning their unani­mous agree­ment and in light of the opi­ni­on pre­pared by the Con­ven­ti­on Com­mit­tee in accordance with Artic­le 19.e, invi­te any Sta­te not a mem­ber of the Coun­cil of Euro­pe or an inter­na­tio­nal orga­ni­sa­ti­on to acce­de to this Con­ven­ti­on by a decis­i­on taken by the majo­ri­ty pro­vi­ded for in Artic­le 20.d of the Sta­tu­te of the Coun­cil of Euro­pe and by the unani­mous vote of the repre­sen­ta­ti­ves of the Con­trac­ting Sta­tes entit­led to sit on the Com­mit­tee of Ministers.
2. In respect of any Sta­te or inter­na­tio­nal orga­ni­sa­ti­on acce­ding to this Con­ven­ti­on accor­ding to para­graph 1 abo­ve, the Con­ven­ti­on shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of three months after the date of depo­sit of the instru­ment of acce­s­si­on with the Secre­ta­ry Gene­ral of the Coun­cil of Europe.

Artic­le 24 Ter­ri­to­ri­al clause

1. Any Sta­te, the Euro­pean Uni­on or other inter­na­tio­nal orga­ni­sa­ti­on may at the time of signa­tu­re or when depo­si­ting its instru­ment of rati­fi­ca­ti­on, accep­tance, appr­oval or acce­s­si­on, spe­ci­fy the ter­ri­to­ry or ter­ri­to­ries to which this Con­ven­ti­on shall apply.
2. Any Sta­te, the Euro­pean Uni­on or other inter­na­tio­nal orga­ni­sa­ti­on may at any later date, by a decla­ra­ti­on addres­sed to the Secre­ta­ry Gene­ral of the Coun­cil of Euro­pe, extend the appli­ca­ti­on of this Con­ven­ti­on to any other ter­ri­to­ry spe­ci­fi­ed in the decla­ra­ti­on. In respect of such ter­ri­to­ry the Con­ven­ti­on shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of three months after the date of rece­ipt of such decla­ra­ti­on by the Secre­ta­ry General.
3. Any decla­ra­ti­on made under the two pre­ce­ding para­graphs may, in respect of any ter­ri­to­ry spe­ci­fi­ed in such decla­ra­ti­on, be with­drawn by a noti­fi­ca­ti­on addres­sed to the Secre­ta­ry Gene­ral. The with­dra­wal shall beco­me effec­ti­ve on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of six months after the date of rece­ipt of such noti­fi­ca­ti­on by the Secre­ta­ry General.

Artic­le 25 Reservations

No reser­va­ti­on may be made in respect of the pro­vi­si­ons of this Convention.

Artic­le 26 Denunciation

1. Any Par­ty may at any time denoun­ce this Con­ven­ti­on by means of a noti­fi­ca­ti­on addres­sed to the Secre­ta­ry Gene­ral of the Coun­cil of Europe.
2. Such den­un­cia­ti­on shall beco­me effec­ti­ve on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of six months after the date of rece­ipt of the noti­fi­ca­ti­on by the Secre­ta­ry General.

Artic­le 27 Notifications

The Secre­ta­ry Gene­ral of the Coun­cil of Euro­pe shall noti­fy the mem­ber Sta­tes of the Coun­cil and any Par­ty to this Con­ven­ti­on of:
a. any signature;
b. the depo­sit of any instru­ment of rati­fi­ca­ti­on, accep­tance, appr­oval or accession;
c. any date of ent­ry into force of this Con­ven­ti­on in accordance with Artic­les 22, 23 and 24;
d. any other act, noti­fi­ca­ti­on or com­mu­ni­ca­ti­on rela­ting to this Convention.

Artic­le … of the Pro­to­col: signa­tu­re and ent­ry into force

1. This Pro­to­col shall be open for signa­tu­re by the Par­ties to the Con­ven­ti­on. It shall be sub­ject to rati­fi­ca­ti­on, accep­tance or appr­oval. Instru­ments of rati­fi­ca­ti­on, accep­tance or appr­oval shall be depo­si­ted with the Secre­ta­ry Gene­ral of the Coun­cil of Europe.
2. This Pro­to­col shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of [three] months after the date on which all Par­ties to the Con­ven­ti­on have expres­sed their con­sent to be bound by the Pro­to­col in accordance with the pro­vi­si­ons of para­graph 1 of this Article.
3. Howe­ver, this Pro­to­col shall enter into force fol­lo­wing the expiry of a peri­od of [two] years after the date on which it has been ope­ned for signa­tu­re, unless a Par­ty to the Con­ven­ti­on has noti­fi­ed the Secre­ta­ry Gene­ral of the Coun­cil of Euro­pe of an objec­tion to its ent­ry into force. The right to make an objec­tion shall be reser­ved for tho­se Sta­tes which were Par­ties to the Con­ven­ti­on at the date of ope­ning for signa­tu­re of this protocol.
4. Should such an objec­tion be noti­fi­ed, the Pro­to­col shall enter into force on the first day of the month fol­lo­wing the expi­ra­ti­on of a peri­od of [three] months after the date on which the Par­ty to the Con­ven­ti­on which has noti­fi­ed the objec­tion has depo­si­ted its instru­ment of rati­fi­ca­ti­on, accep­tance or appr­oval with the Secre­ta­ry Gene­ral of the Coun­cil of Europe.
5. From the ent­ry into force of this Pro­to­col, with respect to a Par­ty having ente­red one or more decla­ra­ti­ons in pur­su­an­ce of Artic­le 2 of the ori­gi­nal Con­ven­ti­on, such declaration(s) will lapse.

AI-generierte Takeaways können falsch sein.