Convention 108 (1981) required signatory Council of Europe states to enact data protection provisions in domestic law. It was updated in 2018 as Convention 108+ to align with the GDPR. The U.S. is not expected to ratify either.
Convention 108 (1981) required signatory Council of Europe member states to incorporate data protection provisions into domestic law. It addressed quality of data, special categories of data, data security, and transborder data flows, and was broadly similar to the OECD Guidelines.
In 2018, the Council of Europe adopted Convention 108+, aligning it with the GDPR (necessary/proportionate processing, breach notice, transborder requirements).
⚠️ U.S. status
As of the book's writing, the United States is not expected to ratify Convention 108 or Convention 108+ - the U.S. is only an observer.
Key terms - quick answers
What is “Convention 108”?
The 1981 Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, requiring signatory states to adopt data protection provisions in domestic law.
What is “Convention 108+”?
The 2018 update to Convention 108, bringing it in line with the EU's GDPR on proportionality, breach notice, and transborder flows.
What is “Special categories of data”?
Under Convention 108, sensitive data such as racial origin, political opinions, religious beliefs, health, sex life, or criminal convictions that cannot be automatically processed absent appropriate safeguards.