Selected Legal Instruments of the Council of Europe in the Field of Personal Data Protection PETRA MELOTÍKOVÁ Právnická fakulta, Univerzita Palackého v Olomouci PAVEL MATES Key words Council of Europe, Convention CETS No. 108, personal data, automated data banks, automated data file, data security, transborder data flows, basic principles, entry into force, Additional Protocol, Amendment to Convention, European Communities Resumé The Council of Europe is the international organization, which deals with the protection of individuals and human rights. In 1960’s the Parliamentery Assembly of the Council of Europe asked the Committee of Ministers of the Council of Europe to examine, whether the protection of personal data is adequate. Special Committee of Experts studied legal situation in member states and realized, that the granted protection is unsufficient. Most of the member states have no special legislation for personal data protection (beyond Sweden, Belgium, Federal Republic of Germany) and also protection from the Convention for the Protection of Human Rights and Fundamental Freedoms (ETS No. 005) in Article 8 is not very effective for new age („Everyone has the right to respect for his private and family life, his home and his correspondence“). The Committee of Ministers was alarmed, because of increasing number of new technologies and new systems of collecting and providing personal data. It means that there existed more dangerous situations in data collecting and storing – using computers and other new technologies made easier some operations – collecting, sending information, sharing information, speed of these operations etc. The Committee of Ministers decided to use resolutions as the first step to improve personal data protection. The first one was Resolution (73) 22 on the protection of the privacy of individuals vis-á-vis electronic data banks in the private sector and the second one was Resolution (74) 29 on the protection of the privacy of individuals vis-á-vis electronic data banks in the public sector. Both resolutions were concerned with individuals. The resolutions contained basic principles in personal data protection, especially the method of collecting, storing, correcting information. Member states had to decide which means they could use to fulfill these resolutions. Some of the states created new acts, and some of them improved their legislation. The Committee of Ministers knew, that protection personal data needs more attention. There existed more questions: what about data, that must be transferred to another countries and what legislation will apply? The committee of experts was instructed to preper convention for personal data protection. The committee cooperated with Organisation for Economic Co-operation and Development, with some other states and also with European Communitties. The Committee of Ministers decided to open the Convention for signature on the 28th of January 1981. The Convention entered into force on the 1st of October 1985. The Convention entered into force in the Czech republic after the signature and the ratification process on the 1st of November 2001. And what are the most important points of this Convention? We can find basic terms, which are used in the Convention and in other legislation and these definitions help member states to define their own terms in their legislation. It is „personal data, automated data bank, automated processing and controller of the file.“ Another part of the Convention deals with basic principles, which have to be fulfilled in data processing. The Convention is also focused on transborder data flows. It is much more easier to send data to another country because of new technologies. The principle is, that states are not able to control transborder data flow, except some special situations. The Convention is also focused on cooperation between member states. The member parties must designate special authority and the authorities have to cooperate, help each other, help to data subjects resident abroad. Maybe the most important part of the Convention is focused on data security and rules for data processing. The indivduals must be informed about automated data file, to obtain information, whether data are still stored and some other. Data relating to data subject must be obtained fairly, be stored for specified purpose, be accurate and some other qualities are required. Special protection is provided to data related to rase, political opinions, religious, health, sexual life of the data subject. Some states created nec legislation, some of them only changed their legisaltion, another states have the principle ob personal data protection in their constitutions and there exists states. Some of the member states of the Council of Europe still didn´t signed the Convention (Russia, Turkey, Ukraine etc.) . During the years, the Council of Europe and the Committee of Ministers realized, that the Convention is a good legal instrument, but needs some improvement. The two substantive provisions were added. Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of personal Data regarding supervisory authorities and transborder data flows was opened for signature on the 8th of November 2001 and entered into force on the 1st of July 2004. The Czech republic was the fourth state, which signed this Additional protocol. Moreover the Czech republic decided to apply this Convention also to personal data which are not processed automatically (this is not basic principle, but states can choose this application as well as the states can decide to apply the Convention to another groups of persons or associations – legal or not legal personalities). The first part of the Additional protocol deals with supervisory authorities deals with establishing authorities in each state. These authorities must have power of investigation, intervation and they are established to help individuals to protect their rights with regard to the processing of personal data. The second part of the Additional protocol deals with transborder data flows to recepients which are not under jurisdiction of the party to the Convention. The new provisions set that the recepient state must guarantee adequate legal security. The European Communities tries to cooperate with the Council of Europe. They want to become one of the Parties to the Convention. That is why the Council of Ministers on the 15th of July 1999 approved Amendments to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. It contains formal changes and more important changes in voting. Member states of the European communitees who are also parties to the Convention and transferred their competencies to the European communities are not able to vote – the European Communities have right to vote. There is no doubt that the Council of Europe has helped to protect personal data in past years and has been one of the first organizations on this field. The Convention is still the key legal instrument in the personal data protection. Contact – email: petra.melotikova@upol.cz