top of page

Protecting personal data world wide: Convention 108+

Almost one year after the General Data Protection Regulation (GDPR) entered into force in the European Union (EU), the question often arises about what could other countries around the world do to protect their citizens' personal data. Although there are countries that have data protection laws in place, many still do not, or have laws that are only partially adequate.

The need for a global data protection

Given the existing (and increasing) data flows, having different degrees of data protection in different regions is a threat to those countries and regions that are advanced in their legislations (such as EU, Uruguay, Argentina, and Japan). Harmonisation is also key to ensuring that enforcement is equally strong everywhere, and companies have no possibility to engage in “forum shopping”.

Currently, the global standard for data protection could be the updated Convention 108 (“Convention 108+”). This Convention, even though it was developed by the Council of Europe, can be signed and ratified by any country around the world. The modernised Convention 108 brings a number of improvements to the previous text: - Any individual is covered by its protection, independently of their nationality, as long as they are within the jurisdiction of one of the parties who have ratified the Convention. - Definitions are updated, and the scope of application includes both automated and non-automated processin