Tag Archives: resolution 428

The Parliamentary Assembly of the Council of Europe has adopted a resolution on the protection of privacy and personal data on the Internet

The Parliamentary Assembly of the Council of Europe has adopted the Resolution 1843 (2011) on The protection of privacy and personal data on the Internet and online media. In this resolution the Assembly expresses its concern about the huge amount of personal information processed by an ever growing number of private and public bodies globally, especially on-line. This situation, combined with the increased cases of data breach, has led the Assembly to be “alarmed by such developments challenging the right to privacy and data protection”.

In response to such situation the Assembly stated that “cyberspace must not be regarded as a space where law, in particular human rights, does not apply” and suggested that technological solutions as well as the voluntary self-regulation may reduce the risk of interference with privacy and the harmful processing of personal data, but only “specific legislation and effective enforcement” can adequately protect the right to privacy and personal data.

In drawing its considerations the Assembly underlines the legal basis of data protection, explicitly recalling Article 17 of the International Covenant on Civil and Political Rights and Article 8 of the European Convention on Human Rights. The resolution makes also reference to previous resolutions such as the Resolution 428 (1970) on mass communication media and human rights (which affirms that “Where regional, national or international computer-data banks are instituted the individual must not become completely exposed and transparent by the accumulation of information referring even to his private life. Data banks should be restricted to the necessary minimum of information required for the purposes of taxation, pension schemes, social security schemes and similar matters”) and the more relevant Convention No. 108.

The Resolution also defines specific guidelines concerning the consent of the data subject and the use of cookies.

With regard to the first aspect the Resolution establishes that “personal data may not be used by others, unless the person has given his or her prior consent which requires an expression of consent in full knowledge about such use, namely the manifestation of a free, specific and informed will, and excludes an automatic or tacit usage”.

On the second aspect the Assembly puts the use of cookies, or similar devices, in relation with the secrecy of correspondence and affirms that “personal ICT systems, as well as ICT-based communications, may not be accessed or manipulated if such action violates privacy or the secrecy of correspondence; access and manipulation through “cookies” or other unauthorized automated devices violate privacy, in particular where such automated access or manipulation serves other, especially commercial, interests”.