Print
See related documents

Report | Doc. 14437 | 15 November 2017

Draft Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108) and its explanatory report

Committee on Legal Affairs and Human Rights

Rapporteur : Mr Raphaël COMTE, Switzerland, ALDE

Origin - Reference to committee: Doc. 14389. Reference 4334 of 13 October 2017. 2017 - November Standing Committee

Summary

The Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) was opened for signature in 1981. Convention 108 was the first and is still today the only binding international legal instrument in the field of data protection.

In response to the challenges arising from developments in new information and communication technologies and in order to enhance the implementation in practice of Convention 108, the Committee of Ministers has prepared a draft protocol amending Convention 108 and its explanatory report.

The Committee on Legal Affairs and Human Rights welcomes the preparation of this draft amending protocol while at the same time noting that, more than six years after the start of the modernisation process, difficulties in reaching a consensus on certain provisions in the draft persist, particularly as regards the arrangements for the entry into force of the protocol.

The Committee on Legal Affairs and Human Rights recommends that the Committee of Ministers open the amending protocol for signature as quickly as possible and urges member States to ratify it as soon as possible.

A. Draft opinion 
			(1) 
			Draft
opinion adopted unanimously by the committee on 13 November 2017.

(open)
1. The Parliamentary Assembly refers to its Resolution 1732 (2010) and Recommendation 1920 (2010) on reinforcing the effectiveness of Council of Europe treaty law in which it underlined the key role of the Council of Europe in drawing up human rights standards and its major contribution to the development of international law through its treaties. The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108, hereafter “Convention 108”) is one example of a Council of Europe convention focusing on pressing issues and is undoubtedly one of the core Council of Europe treaties.
2. The Assembly emphasises that Convention 108 was the first and is still today the only binding international legal instrument in the field of data protection. There is no other equivalent instrument in the world, and one of the reasons why it is unique is that it is open to all the countries in the world.
3. In order for the body of European law developed by the Council of Europe treaties to continue to include groundbreaking provisions to supplement existing international law, and in order to address developments in information and communication technologies – a constantly evolving field – the Assembly is convinced of the urgent need to modernise Convention 108. The Assembly therefore welcomes the preparation of a draft protocol amending Convention 108 and its explanatory report, having as its main aims to provide a response to the challenges arising from developments in new information and communication technologies and to enhance the implementation in practice of Convention 108.
4. Referring to its Recommendation 2102 (2017) on technological convergence, artificial intelligence and human rights, in which it already called on the Committee of Ministers to finalise without further delay the modernisation of Convention 108, the Assembly observes that, more than six years after the beginning of the modernisation process, difficulties in reaching a consensus on certain provisions in the draft amending protocol persist. These disagreements, in particular on the arrangements for the entry into force of the amending protocol, jeopardise the whole exercise and risk causing the Council of Europe to no longer be the lead player in the field of the protection of personal data.
5. On the optimistic assumption that an agreement will be found by the end of 2017, the Assembly recommends that the Committee of Ministers open the amending protocol for signature as quickly as possible and urges member States to ratify it without delay. If the text has to include a conventional ratification clause, this should include a procedure to assess progress with the ratification process and provide for an alternative solution – namely the adoption of a new convention – if there is no immediate likelihood of the protocol’s entry into force on that date.
6. Accordingly, if there continue to be disagreements beyond the end of 2017, the Assembly believes it would be time for the Committee of Ministers to accept that it had proved impossible to amend Convention 108. In such a situation, the Assembly recommends that the Committee of Ministers initiate without delay new negotiations for the prompt adoption of a new convention based on the draft amending protocol already approved by the Ad hoc Committee on Data Protection (CAHDATA).

B. Explanatory memorandum by Mr Raphaël Comte, rapporteur

(open)

1. Introduction

1. At its 1291st meeting on 5 July 2017, the Committee of Ministers invited the Parliamentary Assembly to submit as soon as possible an opinion on the draft Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108, hereafter “Convention 108”) and its explanatory report. 
			(2) 
			See <a href='http://assembly.coe.int/nw/xml/XRef/Xref-DocDetails-EN.asp?FileID=24003&lang=EN'>Doc
14389</a> and <a href='https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680078b37'>ETS
No. 108</a> (1981); <a href='https://search.coe.int/cm/Pages/result_details.aspx?ObjectId=090000168072f84c'>CM(2016)123-prov4;
CM(2016)123-addrev7; and GR-J(2016)14-rev4. </a> On 5 September 2017, the Committee on Legal Affairs and Human Rights appointed me as rapporteur. The committee invited the Vice-Chair of the Consultative Committee of Convention 108, Mr Jean-Philippe Walter, to an exchange of views at the committee’s meeting on 9 October 2017. I wish to thank Mr Walter, who outlined for the committee the challenges inherent in the revision of Convention 108 and the points on which, after years of negotiation at all stages of the modernisation exercise (work within the Consultative Committee of the Convention, then in the Ad hoc Committee on Data Protection, and then in the Committee of Ministers’ Rapporteur Group on Legal Co-operation) there was still no unanimity in the Committee of Ministers (while at the same time highlighting the progress made on a number of these points).

2. Convention 108 – a key Council of Europe convention

2. Convention 108, opened for signature in Strasbourg on 28 January 1981, was the first and is still today the only binding international legal instrument in the field of data protection.
3. Convention 108 is open to all countries in the world and currently has 51 States Parties, namely the 47 Council of Europe member States plus Uruguay, Mauritius, Senegal and Tunisia (by order of accession, Tunisia becoming a Party on 1 November 2017). Argentina, Burkina Faso, Cape Verde and Morocco have also been invited to accede and Mexico has recently submitted an accession request.
4. At his exchange of views with our committee, Mr Walter pointed out that Convention 108 and its additional protocol were the only “legally binding instruments in the world in the field of the protection of personal data and because of their open nature had a universal scope.” He emphasised the need for the revision process in order to respond to developments in information and communication technologies and strengthen the right to data protection.
5. In its Resolution 1732 (2010) on reinforcing the effectiveness of Council of Europe treaty law, the Assembly laid broad emphasis on the fact that “if Council of Europe treaty law is to retain its relevance and value, its conventions must reflect the realities of present-day society”. 
			(3) 
			See also the report
on “Reinforcing the effectiveness of Council of Europe treaty law”
(rapporteur: Mr John Prescott, United Kingdom, SOC), <a href='http://assembly.coe.int/nw/xml/XRef/Xref-DocDetails-EN.asp?FileID=12385&lang=EN'>Doc. 12175</a>, et <a href='http://assembly.coe.int/nw/xml/XRef/Xref-DocDetails-EN.asp?FileID=17861&lang=EN'>Recommendation
1920 (2010)</a>.
6. In its Recommendation 2102 (2017) on technological convergence, artificial intelligence and human rights, the Assembly more specifically called on the Committee of Ministers to finalise without further delay the modernisation of Convention 108 “in order to have new provisions making it possible to put rapidly in place more appropriate protection”. As pointed out by our committee’s rapporteur, Boriss Cilevičs, in his opinion on the report on this subject drafted by the Committee on Culture, Science, Education and Media: “Obviously there have been tremendous evolutions since 1981 in the field of new information and communication technologies, especially when it comes to the automatic processing of data. These evolutions bring new challenges for privacy. … Modernisation has therefore become necessary in order for Convention No. 108 to reflect new realities and to continue to provide adequate protection in the light of evolving and emerging technologies.” 
			(4) 
			<a href='http://assembly.coe.int/nw/xml/XRef/Xref-XML2HTML-en.asp?fileid=23668&lang=en'>Doc. 14303</a>. In its reply to Recommendation 2102 (2017), 
			(5) 
			<a href='http://assembly.coe.int/nw/xml/XRef/Xref-DocDetails-EN.asp?FileID=24236&lang=EN'>Doc. 14432</a>. the Committee of Ministers “took note of the Assembly’s invitation” asking it to finalise the modernisation of Convention 108, specifying that it was “well aware of the urgency”.

3. Purpose of the revision and the main areas of modernisation

7. The modernisation process was launched in September 2009 by the Consultative Committee of Convention 108. The work on revising Convention 108 subsequently formally began with the opening of a public consultation in 2011, coinciding with the 30th anniversary of its opening for signature. On 30 November 2012, the Consultative Committee of Convention 108 unanimously adopted a draft modernisation text. The Committee of Ministers then instructed the competent intergovernmental committee (the Ad hoc Committee on Data Protection – CAHDATA) to finalise the draft. In June 2016, the CAHDATA approved a draft amending protocol (differing very little from the draft drawn up by the Consultative Committee in 2012). Although it would have been desirable for the Committee of Ministers to complete its revision work at the end of 2016, which ideally would have made possible the entry into force of the modernised convention in 2018, the discussions are still ongoing to this day.
8. Modernisation of Convention 108 pursues two main goals: to provide a response to the challenges associated with the development of the new information and communication technologies and to enhance the implementation in practice of the Convention.
9. The draft protocol amending Convention 108 seeks primarily to introduce a number of changes to the Convention in order to: 1) address the challenges to privacy resulting from the use of information and telecommunication technologies; 2) strengthen the right to data protection as a fundamental right that is essential for the exercise of other rights and fundamental freedoms when processing personal data; 3) reconcile the right to the protection of personal data with the exercise of other rights and fundamental freedoms (especially freedom of expression); 4) enhance the Convention’s monitoring mechanisms; 5) maintain the general and technologically neutral nature of the Convention’s provisions; 6) preserve the Convention’s consistency and compatibility with other applicable legal frameworks, particularly that of the European Union; and 7) preserve, reassert, strengthen and promote the universal scope and open character of Convention 108.
10. The aims of the revision include ensuring the consistency of the Convention with European Union law. In point of fact, while Convention 108 is the reference text for many national and international texts, beginning with Directive 95/46/EC 
			(6) 
			<a href='http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A31995L0046'>Directive
95/46/EC</a> of the European Parliament
and of the Council of 24 October 1995 on the protection of individuals
with regard to the processing of personal data and on the free movement
of such data. and the General Data Protection Regulation 
			(7) 
			Regulation
(EU) 2016/679 of the European Parliament and of the Council of 27
April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data,
and repealing Directive 95/46/EC (General Data Protection Regulation). (GDPR) due to replace it with effect from 25 May 2018, it is necessary to update Convention 108 to ensure that it is consistent and compatible with the European Union legal framework. By its very nature, the revised Convention 108 will remain “relatively general and abstract” and will not achieve the level of detail of the European regulation. But, as Mr Walter explained to us, together with its explanatory memorandum, it will cover “explicitly and implicitly all the principles and rules set out in European Union law, while at the same time allowing Parties some margin for manoeuvre”. Mr Walter describes it as a “link between the legal framework of the European Union and other existing legal frameworks”.
11. The effect of the main innovations introduced into Convention 108 by the amending protocol would be to:
  • focus more effectively on the objective of the Convention, namely to protect all natural persons, whatever their nationality or wherever they live, with regard to the processing of their data in order to ensure respect for their other rights and fundamental freedoms, in particular their right to privacy (Article 1 Convention 108 revised);
  • extend the scope to all automated and non-automated processing of personal data which are subject to the jurisdiction of a Party. The scope continues to cover the processing of personal data in both the private and public sector, and this is one of the strengths of Convention 108 (Articles 2 and 3 Convention 108 revised);
  • ensure that Convention 108 no longer applies to the processing of personal data by a natural person for purely personal or household activities (to avoid the imposition of unreasonable obligations in the private sphere having no commercial or professional purpose) (Article 3 Convention 108 revised);
  • eliminate the possibility for States Parties to make declarations that they will not apply the Convention to certain categories of personal data processing (Article 3 Convention 108);
  • clarify or update certain definitions (such as the concept of “processor”) (Article 2 Convention 108 revised);
  • strengthen the effectiveness of data protection by providing that the Convention Committee can assess the efficacy of the measures taken in national legislation to give effect to the provisions of the Convention (which is not of direct application) (Article 4 Convention 108 revised);
  • clarify the application of the principle of proportionality (Article 5 Convention 108 revised);
  • stipulate that data may not be processed unless the data subject has given his or her free, specific, informed and unambiguous consent, or on some other legitimate basis laid down by law (Article 5 Convention 108 revised);
  • supplement the list of sensitive data by adding genetic data, biometric data uniquely identifying a person, and data relating to trade union membership (Article 6 Convention 108 revised);
  • introduce the obligation to report (at least to the data protection supervisory authorities) serious data breaches, i.e. breaches which may seriously interfere with the rights and fundamental freedoms of data subjects (Article 7 Convention 108 revised);
  • introduce the obligation to ensure the transparency of data processing (identity, residence or place of establishment of the data controller, the purposes of the processing, the recipients of the data, the period for which the data will be stored, and the means of exercising the rights of data subjects (Article 7 bis Convention 108 revised);
  • strengthen the rights of data subjects to enable them to have greater control over their data and guarantee respect for the right to human dignity and non-discrimination (by means of right of access to more extensive information and a right to know the reasons underlying the processing of data where the results thereof are applied to them) (Article 8 Convention 108 revised);
  • place additional obligations on those who process data or order data to be processed, in particular by requiring them to be able to demonstrate that their activities comply with the provisions in force and to incorporate data protection considerations from the design stage and by default, and by carrying out impact studies (Article 8 bis Convention 108 revised);
  • enable transborder flows of data between Parties to the Convention and tighten the regulations governing data transfer to non-Parties to the Convention in order to ensure the appropriate protection of individuals with regard to the processing of personal data (Article 12 Convention 108 revised);
  • supplement the list of the powers of the authorities (powers of intervention, investigation, initiation of legal proceedings or to bring to the attention of the competent judicial authorities violations of the applicable provisions, together with a duty of awareness-raising, information and education vis-à-vis the relevant players) (Article 12 bis Convention 108 revised);
  • strengthen the role and powers of the Consultative Committee of the Convention which, above and beyond its hitherto merely consultative role, will assume an evaluation and follow-up role. In addition, it will be renamed the “Convention Committee” (Articles 18 to 20 Convention 108 revised).
12. With regard to the right to be forgotten in the online environment, it was felt that the existing guarantees (period of data storage, the right of rectification and erasure of data) as well as the right to object and the right to an effective remedy offered enough protection and were sufficient even online to guarantee the right to be forgotten and therefore it was not necessary to introduce such a right into the Convention.
13. In contrast, as the rights of data subjects are not absolute, Article 9 of the draft Protocol provides, in the same way as the current Convention 108, for the possibility of restrictions where such is provided for in law and constitutes a necessary measure in a democratic society to safeguard legitimate interests.
14. As stated above, the Consultative Committee of the Convention shall become the Convention Committee. As such, it will be able to:
  • formulate opinions prior to the accession of a Party to the Convention, on the level of data protection of the candidate for accession;
  • carry out an evaluation of the conformity with the Convention of the internal legislation of a Party;
  • verify the effectiveness of the measures taken to implement the provisions of the Convention;
  • assess whether the legal rules governing data transfer offer sufficient guarantees for the appropriate protection of data;
  • draw up models of standardised legal measures;
  • facilitate the friendly settlement of difficulties arising in the application of the Convention.
15. The mechanism to verify the conformity of the Parties’ internal legislation with the provisions of the Charter, provided for in the amending protocol, will therefore enhance the effectiveness of data protection.

4. Points on which there is no unanimous agreement

16. Unusually, the draft amending protocol provided to us by the Committee of Ministers is incomplete. The Committee of Ministers has not finalised its work and a number of points remain outstanding. There is still no consensus within the Committee of Ministers on these issues after more than a year of negotiations in the Rapporteur Group on Legal Co-operation.
17. Four points are still under negotiation. These points were mentioned by Mr Walter. They are questions relating to the system of exceptions (Article 9.3 of the revised Convention), transborder flows (Article 12.1), voting rights within the Convention Committee – in particular the voting rights of the European Union (Article 20) and the arrangements for the entry into force of the protocol.
18. With regard to Article 9.3 relating to derogations from certain provisions of the Convention, it should be noted that the draft submitted by the CAHDATA to the Committee of Ministers extends significantly, compared with the current text of the Convention, the possibilities for resorting to such derogations. Extending still further the number of exceptions would weaken data protection. The Committee of Ministers should therefore agree not to extend the range of exceptions beyond what has been proposed by the CAHDATA.
19. Article 12.1, which relates to the principle of the free movement of data between Parties assuming an equivalent level of data protection, provides for an exception to this principle where a Party to the Convention is governed by harmonised, binding rules of protection which are common to States belonging to an international regional organisation; this refers to the system of the European Union. In compliance with the adequacy mechanism provided for in EU law, the Parties to the Convention which are EU member States cannot freely exchange data with other Parties which are not EU members. This provision, which had no equivalent in Convention 108 previously, has been criticised, with certain States taking the view that this obstacle to the free movement of data between Parties to the Convention would make the revised Convention less attractive to States which were not members of the European Union. Nonetheless, this provision reflects the situation since the entry into force of Directive 95/46/EC (which already provided for the possibility of transfers of personal data to third countries offering a level of protection in compliance with the adequacy mechanism). 
			(8) 
			“(56)
Whereas cross-border flows of personal data are necessary to the
expansion of international trade; whereas the protection of individuals
guaranteed in the Community by this Directive does not stand in
the way of transfers of personal data to third countries which ensure
an adequate level of protection; whereas the adequacy of the level
of protection afforded by a third country must be assessed in the
light of all the circumstances surrounding the transfer operation
or set of transfer operations.” It is therefore crucial for the attractiveness of the Convention that the European Union place the Convention at the forefront of its relationships and negotiations with third countries, especially as the Convention applies to both the private and the public sector. Ideally, the European Union should undertake, by means of a declaration of intent, to make accession to Convention 108 (and even more so to the revised Convention) a key factor in recognition of adequacy. 
			(9) 
			See, in this regard <a href='http://www.europarl.europa.eu/meetdocs/2014_2019/documents/libe/dv/auditionlibe_/auditionlibe_en.pdf'>www.europarl.europa.eu/meetdocs/2014_2019/documents/libe/dv/auditionlibe_/auditionlibe_en.pdf (French
only).</a> 
			(9) 
			“A first step was taken with a communication
from the Commission of 29 November 2013 to the European Parliament and
to the Council regarding data flows between the European Union and
the United States, in which the Commission stated that accession
by a non-EU member State to the Convention should be promoted.”
Recital 105 of the GDPR also stipulates that in assessing the level
of adequacy, account should be taken of the third country’s accession
to Convention 108. Consideration by the European Union, as a favourable factor, of accession to the Convention by a State applying for an adequacy decision provided for by the GDPR (General Data Protection Regulation) is a step in this direction which should be welcomed and which should be accompanied by efforts to promote the Convention.
20. With regard to Article 20, which lays down the voting arrangements in the Convention Committee, the CAHDATA had not been tasked with addressing this issue and the draft amending protocol submitted to the Committee of Ministers in June 2016 therefore contained no proposal in this respect. It had been considered that the voting issue went beyond the specific framework of data protection and that it was a political and strategic matter for the Organisation as a whole and for the European Union’s participation in the work of the Council of Europe. As Mr Walter explained to the committee, there were two views: some would like the principle of “one Party, one vote” to be maintained, while others wanted the European Union to vote on behalf of its member States, if necessary with a mechanism preserving decision-making balance, essentially using “super majorities” (i.e. qualified majorities with a high threshold) and a rule that if a Party is in the process of being evaluated, it should abstain.
21. Last but not least of the issues on which no consensus has been reached, are the provisions governing the entry into force of the amending protocol. The draft prepared by the CAHDATA provides for a “tacit” entry into force two years following the opening for signature of the amending protocol, unless a Party gives notice of an objection to its entry into force. Although such a clause has already been used for other Council of Europe conventions – admittedly those of a more technical nature (for example, very recently for the Protocol amending the European Landscape Convention, CETS No. 219, 2016), 
			(10) 
			See
also the Additional Protocol to the European Agreement on the Exchange
of Therapeutic Substances of Human Origin (<a href='https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/109'>ETS
No. 109</a>), the Additional Protocol to the Agreement on the Temporary
Importation, free of duty, of Medical, Surgical and Laboratory Equipment
for Use on free loan in Hospitals and other Medical Institutions
for Purposes of Diagnosis or Treatment (<a href='https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/110'>ETS
No. 110</a>), the Additional Protocol to the European Agreement
on the Exchanges of Blood-Grouping Reagents (<a href='https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/111'>ETS
No. 111</a>) and the Protocol amending the European Convention on
Transfrontier Television (<a href='https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/171'>ETS No.
171</a>). some governments were not in favour as this failed to comply with the sovereign power of parliaments regarding the ratification of international treaties. As a member of parliament, I tend to agree with this point of view. However, we must bear in mind the extremely cumbersome nature of the conventional adoption procedure to have, in the case of an amending protocol, it ratified by all States Parties to Convention 108, a total of 51 countries. Ten years could pass by without the amending protocol entering into force. We all remember the almost four-year delay involved in the entry into force of Protocol No. 14 to the European Convention on Human Rights because a single State Party had not ratified it. Stipulating ratification by all States Parties to the European Convention on Human Rights (CETS No. 194) proved to be such a major obstacle that the Committee of Ministers then decided to draft Protocol No. 14 bis, designed as an additional protocol, the ratification of which by all States Parties was not indispensable. 
			(11) 
			See the report on “Draft
Protocol No. 14 bis to the Convention for the Protection of Human
Rights and Fundamental Freedoms” (rapporteur: Mr Klaas de Vries,
Netherlands, SOC), <a href='http://assembly.coe.int/nw/xml/XRef/Xref-DocDetails-EN.asp?FileID=12164&lang=EN'>Doc. 11879</a>, and <a href='http://assembly.coe.int/nw/xml/XRef/Xref-DocDetails-EN.asp?FileID=17738&lang=EN'>Opinion
271 (2009)</a> (adopted on 30 April 2009). If, despite everything, the Committee of Ministers managed to reach an agreement on the text of the amending protocol with a conventional ratification clause, it should at least include a procedure providing for an assessment of the ratification process after a given period, for example 15 months. If by that time there was no immediate likelihood of ratification by all Parties, the Committee of Ministers should go down another route.

5. The possible need to move towards a new convention

22. Although, in order to ensure that Convention 108 did not become obsolete, work on the amending protocol began more than seven years ago, the negotiations have lasted so long that the rapid entry into force of the revised Convention has now become a necessity. If the entry into force of the revised version of Convention 108 were to take several years, the Council of Europe would lose its recognised role as lead player and point of reference in the data protection field.
23. Consequently, and given the nature and duration of the disagreement within the Committee of Ministers, it would perhaps be more judicious at this stage to take note of the disagreement and therefore consider another path.
24. If it proves impossible to agree on a clause for the entry into force of the amending protocol enabling this to take place as soon as possible, then revision of the Convention would become meaningless. The “tacit entry into force” clause is somewhat problematic – and justifiably so – bearing in mind parliaments’ powers regarding the ratification of international treaties.
25. In these circumstances, the drafting of a new convention, the text of which would simply be that of the revised Convention as drawn up by the CAHDATA, to which I believe would have to be added the proposals relating to voting rights put forward in the meantime (the other outstanding issues – the system of exceptions and transborder flows are close to being resolved), could be an alternative solution.
26. Admittedly, the drafting of a new convention would result in a two-speed system, with States Parties to Convention 108 and others Parties to the revised Convention. For a number of years at least, or perhaps a number of decades, if a particular State remained unresponsive to the updated provisions, two Council of Europe conventions on the same subject would be in force in parallel. Certain structural complications would be inevitable (such as the fact that there would be two convention committees dealing with the same issues). But it would avoid a situation in which an amending protocol requiring the ratification of 51 States Parties did not enter into force for a period which could last for decades.
27. Faced with the choice between a single system comprising an obsolete Convention 108, and an amending protocol which was admittedly up-to-date but which was inoperative (as it was unlikely to enter into force in the near future) and a two-speed system with the old Convention 108 in force and a new, updated, convention which could rapidly enter into force following a limited number of ratifications, it seems to me that the adoption of a new convention is the most reasonable solution. This would enable the Council of Europe to maintain its position as lead player and reference point in the field of the protection of personal data.

6. Conclusions

28. In conclusion, the Committee of Ministers has submitted to us a quasi-complete and balanced draft amending protocol which needs to be finalised as a matter of urgency. The draft text has been carefully drawn up by the Consultative Committee of Convention 108 and then by the CAHDATA, under the supervision of the Committee of Ministers, and full explanations have been given for the additions. The protocol should doubtless help modernise Convention 108 in order to provide a lasting response to emerging challenges in the field of data protection. I am therefore not proposing any amendment to the text and believe that all the provisions submitted to us for opinion should be welcomed.
29. Clearly, the real difficulty resides in the points for which a consensus has not yet been reached and above all in the arrangements for the entry into force of the amending protocol.
30. Given the urgency of reaching agreement, it would appear sensible to consider transforming the draft protocol amending Convention 108 into a new convention. In this way, the major obstacles linked to the arrangements for implementing the amending protocol would be avoided. A conventional entry into force clause providing for the entry into force of the new convention after, for example, five ratifications, including at least three Council of Europe member States, 
			(12) 
			As was
recently the case for the Council of Europe Convention against Trafficking
In Human Organs <a href='https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/216'>(CETS No. 216)</a>, Article 28.3: “This Convention shall enter into force
on the first day of the month following the expiration of a period
of three months after the date on which five signatories, including
at least three member states of the Council of Europe, have expressed
their consent to be bound by the Convention in accordance with the
provisions of the preceding paragraph.” or six and four 
			(13) 
			As was
the case for the Additional Protocol to the Council of Europe Convention
on the Prevention of Terrorism <a href='https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/217'>(CETS
No. 217)</a>, Article 10.2: “This Protocol shall enter into force
on the first day of the month following the expiration of a period
of three months after the deposit of the sixth instrument of ratification,
acceptance or approval, including at least four member states of
the Council of Europe.” respectively would no doubt make it possible for the new treaty to enter into force rapidly, particularly as there is every chance that the European Union would be keen to see this new instrument enter into force promptly. The text is already there and the modernisation proposals which have been “carefully drafted”, in the words of the Committee of Ministers in its reply to Assembly Recommendation 2102 (2017), could be taken as they stand in the form of a new convention. This, in all probability, would be the most rational and the most effective solution at this stage of the discussions.