Privacy and data protection in Europe: Council of Europe’s Convention 108+ and the European Union’s GDPR

Abstract

This chapter presents the two European texts governing the protection of personal data: the European Union's General Data Protection Regulation (GDPR) and Council of Europe's Convention 108+, which is the modernised version of Convention 108 for the protection of individuals with regard to automatic processing of personal data. Both texts have an impact far beyond European borders. This chapter presents the fundamental right dimension of data protection, characterising the European approach in this area. It details the principles aiming at achieving protection, the remarkable list of rights granted to data subjects as well as the obligations imposed on controllers and processors, and the specific issue of transborder data flows. It concludes by mentioning the specialised supervisory authorities put in place to monitor the respect of the whole protection regime and to give advice on the data subject.