Verdrag

Verdrag tot bescherming van personen met betrekking tot de geautomatiseerde verwerking van persoonsgegevens

Partijen met voorbehouden, verklaringen en bezwaren

Partij Voorbehoud / verklaring Bezwaren
Albanië Ja Nee
Andorra Ja Nee
Argentinië Ja Nee
Azerbeidzjan Ja Ja
België Ja Nee
Bosnië en Herzegovina Ja Nee
Cyprus Ja Nee
Denemarken Ja Nee
Duitsland Ja Nee
Estland Ja Nee
Finland Ja Nee
Frankrijk Ja Nee
Hongarije Ja Nee
Ierland Ja Nee
IJsland Ja Nee
Italië Ja Nee
Kaapverdië Ja Nee
Kroatië Ja Nee
Letland Ja Nee
Liechtenstein Ja Nee
Litouwen Ja Nee
Luxemburg Ja Nee
Malta Ja Nee
Mauritius Ja Nee
Mexico Ja Nee
Moldavië Ja Nee
Monaco Ja Nee
Montenegro Ja Nee
Nederlanden, het Koninkrijk der Ja Nee
Noord-Macedonië Ja Nee
Noorwegen Ja Nee
Oekraïne Ja Nee
Oostenrijk Ja Nee
Portugal Ja Nee
Roemenië Ja Nee
Russische Federatie Ja Nee
San Marino Ja Nee
Senegal Ja Nee
Servië Ja Nee
Slovenië Ja Nee
Slowakije Ja Nee
Spanje Ja Nee
Tsjechië Ja Nee
Tunesië Ja Nee
Turkije Ja Ja
Verenigd Koninkrijk Ja Ja
Zweden Ja Nee
Zwitserland Ja Nee

Albanië

14-02-2005

In accordance with Article 3, paragraph 2, sub-paragraph a, of the Convention, the Republic of Albania declares that it will not apply the Convention to the following categories of personal data:
a) Processing of personal data carried out by individuals exclusively for personal purposes provided (on the condition) that these data are not intended for distribution (broadcast) through different means of communication;
b) To personal data which, by virtue of a law, are accessible to the public and to the personal data which are published in accordance with the law.
In accordance with Article 3, paragraph 2, sub-paragraph b, of the Convention, the Republic of Albania declares that it will apply the Convention to the data (information) relating to groups of persons, associations, foundations, companies, institutions or any other bodies, consisting directly or indirectly of individuals whether or not such bodies possess legal personality.
In accordance with Article 13, paragraph 2, of the Convention, the Republic of Albania declares that the designated authorities for cooperation among the parties are:
Updating of information (12-04-2017):
Office of the Information and Data Protection Commissioner

Andorra

06-05-2008

In accordance with Article 3, paragraph 2, subparagraph a, of the Convention, Andorra declares that it does not apply the Convention to the following personal data:
a. Personal data relating to State security and to the investigation and prevention of criminal offences.
b. Datas concerning individuals and related to their entrepreneurial, professional and commercial activity.
c. Public registers specifically regulated by Law in Andorra, the regulation applicable to bank confidentiality as well as regulatory rules on professional confidentiality.
In accordance with Article 3, paragraph 2, subparagraph c, of the Convention, Andorra declares that it will apply the Convention to personal data files which are not processed automatically and which are subjected to provisions under Andorra's domestic law.
In accordance with Article 13, paragraph 2, of the Convention, Andorra designates as competent authority to render mutual assistance between the Parties:
Agència Andorrana de Protecció de Dades
(Agence andorrane pour la protection des données)

Argentinië

13-09-2019

The Republic of Argentina designates the Public Information Access Agency […] as the authority in order to implement the Convention, in conformity with its Article 13, paragraph 2.

Azerbeidzjan

03-05-2010

In accordance with Article 3, paragraph 2, sub-paragraph a, of the Convention, the Republic of Azerbaijan declares that the provisions of the Convention will not be applied to the categories of personal data files, which are subject to State secret and processed by natural persons exclusively for personal and family needs in compliance with the rules defined by the legislation.
In accordance with Article 3, paragraph 2, sub-paragraph c, of the Convention, the Republic of Azerbaijan declares that the provisions of the Convention will be applied to personal data files which are not processed automatically.
In accordance with Article 13, paragraph 2, sub-paragraph a, of the Convention, the Ministry of Justice of the Republic of Azerbaijan is designated as a competent authority for furnishing information on the law and administrative practice in the field of data protection and for furnishing factual information.
The contact information are the following:
Ministry of Justice of the Republic of Azerbaijan
The Republic of Azerbaijan declares that it is unable to guarantee the implementation of the provisions of the Convention in its territories occupied by the Republic of Armenia until the liberation of those territories from the occupation and complete elimination of the consequences of that occupation.
The Republic of Azerbaijan declares that the rights and obligations set out in the provisions of the Convention shall not be applied by the Republic of Azerbaijan in respect of the Republic of Armenia.

Bezwaar Armenië, 09-05-2012

With regard to the Declaration submitted by the Republic of Azerbaijan on 3 May 2010 upon depositing the instrument of ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the Republic of Armenia hereby declares:
The Republic of Azerbaijan deliberately misrepresents the essence of the Nagorno-Karabakh issue, with respect to causes and effects of the conflict. The conflict arose due to the policy of ethnic cleansing of the Republic of Azerbaijan aimed at suppressing the free will of the Nagorno-Karabakh population, which has been followed by the massive military aggression against the self-determined Nagorno-Karabakh Republic. As a result, the Republic of Azerbaijan has occupied several territories of the Nagorno-Karabakh Republic.

België

28-05-1993

In accordance with Article 3, paragraph 2 a of the Convention, Belgium will not apply the Convention to the processing of personal data managed by individuals which by its nature is intended for private, family or household use and retains this purpose.
In accordance with Article 3, paragraph 2 a of the Convention, Belgium will not apply the Convention to processing that applies exclusively to personal data made public by virtue of a statute or regulation.
In accordance with Article 3, paragraph 2 a of the Convention, Belgium will not apply the Convention to processing that applies exclusively to personal data, which the person to whom it relates makes public or has made public, provided the processing is in keeping with the purpose thereof.
In accordance with Article 3, paragraph 2 c of the Convention, Belgium will also apply this Convention to personal data files that are not processed automatically.
The designated authority for furnishing the information covered by Article 13, paragraph 3 a, is the
Ministry of Justice
Department of Civil and Criminal Affairs
The competent authority for furnishing the information contained in Article 13, paragraph 3 b is the
Commission for the Protection of Privacy
The designated authority for the purposes of Article 14 is the
Commission for the Protection of Privacy

Bosnië en Herzegovina

24-09-2012

In accordance with Article 13, paragraph 2, sub-paragraph a, of the Convention, Bosnia and Herzegovina declares that the Personal Data Protection Agency has been established by law in June 2006 as an independent administrative authority in Bosnia and Herzegovina and as a supervisory body for the protection of personal data in accordance with the Convention. The Agency is in charge of the application of the Convention in the whole territory of Bosnia and Herzegovina. The Director of the Agency is Mr Petar Kovacevic.

Cyprus

25-02-2002

In accordance with Article 13, paragraph 2, of the Convention, the Republic of Cyprus declares that the designated authority is the Commissioner for Personal Data Protection whose address (provisional) is:
Law Office of the Republic of Cyprus

Denemarken

23-10-1989

The Convention shall not apply to the Faroe Islands and Greenland.
The Danish authority designated shall be:
Data Surveillance Authority (D.S.A.)
(Registertilsynet)

Duitsland

19-06-1985

The Federal Republic of Germany starts from the assumption that a request for information pursuant to Article 8, paragraph b, cannot be complied with if the data subject is unable adequately to specify his request.
The Federal Republic of Germany, with reference to paragraph 67, sub-paragraph 5, of the Explanatory Report to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, starts from the assumption that Article 12, paragraph 2, leaves a Party at liberty to lay down, in its domestic data protection law, provisions which do not permit, in particular cases, the transfer of personal data, in consideration of the interests of the data subject that warrant protection.


25-10-1994

The competent authority, for the sphere of competence of the Federal Government, is:
Bundesministerium des Innern
The competent authorities, for the spheres of competence of the Länder, are:
Baden-Württemberg
Innenministerium Baden-Württemberg
Freistaat Bayern
Bayerisches Staatsministerium des Innern
Berlin
Senatsverwaltung für Inneres von Berlin
Brandenburg
Ministerium des Innern des Landes Brandenburg
Freie Hansestadt Bremen
Senator für Inneres und Sport der Freien Hansestadt Bremen
Freie und Hansestadt
Hamburg
Finanzbhörde
- Amt für Informations - und Kommunikationstechnik -
Hessen
Hessisches Ministerium des Innern und für Europaangelegenheiten
Mecklenburg-Vorpommern
Innenminister des Landes Mecklenburg-Vorpommern
Niedersachsen
Niedersächsisches Innenministerium
Nordrhein-Westfalen
Innenministerium des Landes Nordrhein-Westfalen
Rheinland-Pfalz
Ministerium des Innern und für Sport
Saarland
Ministerium des Innern des Saarlandes
Freistaat Sachsen
Sächsisches Staatsministerium des Innern
Sachsen-Anhalt
Ministerium des Innern des Landes Sachsen-Anhalt
Schleswig-Holstein
Innenminister des Landes
Freistaat Thüringen
Innenministerium Thüringen

Estland

14-11-2001

In accordance with Article 3, paragraph 2, subparagraph a, of the Convention, the Republic of Estonia declares that it will not apply this Convention to the processing of personal data collected by natural persons for private purposes.
In accordance with Article 13, paragraph 2, subparagraph a of the Convention, the Republic of Estonia designates the Data Protection Inspectorate as the accredited authority.

Finland

19-03-1992

Competent Authority:
Data Protection Ombudsman


11-07-2012

In accordance with Article 3, paragraph 2.a, of the Convention, Finland declares that it will not apply the Convention to the processing of personnal data by a private individual for purely personal purposes or for comparable ordinary and private purposes.
In accordance with Article 3, paragraph 2.c, of the Convention, Finland declares that, in addition to automatic processing of personal data, it will apply the Convention also to other processing of personal data where the data constitute or are intended to constitute a personal data file or part thereof.

Frankrijk

28-01-1981

The Government of the French Republic declares that in Article 9, paragraph 2(a) it interprets the phrase "Sécurité d'Etat" as meaning "Sûreté de l'Etat" and the phrase "Sûreté publique" as meaning "Sécurité publique".


16-05-1983

The Government of the French Republic wishes to make the following complementary declaration:
In accordance with the provisions of Article 3, paragraph 2, sub-paragraph c, it will also apply the present Convention to personal data files which are not processed automatically.


13-03-1992

Competent Authority:
National Commission for Computerization and Freedom

Hongarije

08-10-1997

The Government of the Republic of Hungary hereby declares that in accordance with Article 3, paragraph 2, subparagrah c, of the Convention, it will also apply the Convention to data classified without the aid of electronic or automatic processing.
In conformity with Article 13, paragraph 2, subparagraph a, of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, done at Strasbourg, on 28 January 1981, the Ministry of Justice of the Republic of Hungary has been designated by the Government of the Republic of Hungary as the competent authority to render assistance to the Parties, in order to implement the convention.
The address of the Ministry of Justice of the Republic of Hungary is as follows:
Igazságügyi Minisztérium

Ierland

25-04-1990

The Government of Ireland wish to make a declaration in accordance with Article 3(2)(a) of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data to the effect that the Convention will not apply to the following categories of automated personal data files, which are set out at Section 1(4) of the Data Protection Act 1988, to wit:
a. personal data that in the opinion of the Minister for Justice or the Minister for Defence are, or at any time, were, kept for the purpose of safeguarding the security of the State;
b. personal data consisting of information that the person keeping the data is required by law to make available to the public;
c. personal data kept by an individual and concerned only with the management of his personal, family or household affairs or kept by an individual only for recreational purposes.


05-05-2009

Declaration regarding application of the Convention to personal data files which are not processed automatically (Article 3.2 (c)):
Ireland will apply the Convention to personal data which are not processed automatically but which are held in a relevant filing system. "Relevant filing system" means any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible.
In accordance with Article 13(2)(a) of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, (...) the designated authority, in respect of Ireland, is:
Data Protection Commissioner

IJsland

18-04-2002

Persónuvernd (The Data Processing Authority)

Italië

29-03-1997

Italy declares, with regard to Article 3, paragraph 2, sub-paragraph a, of the Convention, that it will not apply the Convention to the processing of personal data from individuals, provided that these datas are not intended for systematic communication or for broadcast.
-List provided for by Article 3, paragraph 2, sub-paragraph a:
Processing of personal data carried out by individuals exclusively for personal purposes, provided that these data are not intended for systematic communication of for broadcast.
Italy declares, with regard to Article 3, paragraph 2, sub-paragraph b, of the Convention, that it will also apply the Convention to the processing of personal data concerning legal person, groups, foundations, associations.
Italy declares, with regard to Article 3, paragraph 2, sub-paragraph c, of the Convention, that it will also apply the Convention to data classified without the aid of electronic or automatic processing.
Italy declares that the authority designated for the purposes of co-operation and mutual assistance between Parties provided for by Chapter IV of the Convention is the "Garante per la tutela delle persone e di altri soggetti rispetto al trattamento dei dati personali", whose provisional seat is at the Chamber of Deputies.

Kaapverdië

19-06-2018

In accordance with Article 13 of the Convention, the Republic of Cabo Verde designates the following competent authority for co-operation among the Parties:
National Commission of Data Protection (CNDP)

Kroatië

21-06-2005

In accordance with Article 3, paragraph 2, sub-paragraph a, of the Convention, the Republic of Croatia declares that the Convention will not apply to the automated personal data files kept by individuals exclusively for personal use or for household purposes.
In accordance with Article 3, paragraph 2, sub-paragraph c, of the Convention, the Republic of Croatia declares that the Convention will also apply to personal data files which are not processed automatically.
In accordance with Article 13, paragraph 2, sub-paragraph a, of the Convention, the Republic of Croatia declares that the competent authority is the Personal Data Protection Agency.

Letland

19-05-2006

In accordance with Article 3, paragraph 2.a, of the Convention, the Republic of Latvia declares that:
- it will apply the Convention to those personal data files which are subject to the law "On Official Secrets" considering the exceptions listed in this law, i.e. , information which may not be an Official Secret. According to Article 5 of the Law on Official Secrets, it is prohibited to grant the status of an official secret and to restrict access to the following information:
1. information regarding natural disasters, natural or other calamities and the consequenses thereof;
2. information regarding the environmental, health protection, educational and cultural state, as wel ass the demographic situation;
3. information regarding violations of human rights;
4. information regarding the crime rate and the statistics thereof, corruption cases, irregular conduct of officials;
5. information regarding the economic situation in the State, implementation of the budget, living standards of the population, as well as the salary scales, privileges, advantages and guarantees specified for officials and employees of State and local government institutions, and
6. information regarding the state of health of the heads of State.
- it will not apply the Convention to the personaldata files which are processed by public institutions for the purposes of national security and criminal law.


30-05-2008

In accordance with Article 13, paragraph 2, sub-paragraph a, of the Convention, the Republic of Latvia declares that the designated authority of the Republic of Latvia is:
Data State Inspectorate

Liechtenstein

11-05-2004

In accordance with Article 3, paragraph 2, of the Convention, the Principality of Liechtenstein declares that:
1. The Convention will also apply to personal data concerning legal persons and partnerships with legal capacity as well as to personal data files which are not processed automatically.
2. The Convention will not apply to:
a. personal data files processed by an individual for his or her personal use exclusively and that will not be communicated to third persons;
b. deliberations of Parliament (Landtag) and of parliamentary commissions;
c. the activities of the Finance Administration.
In accordance with Article 13, paragraph 2, of the Convention, the Principality of Liechtenstein declares that the Data Protection Unit is the competent authority to render assistance in the implementation of the Convention.

Litouwen

15-02-2002

The authority designated by the Republic of Lithuania in pursuance of Article 13, paragraph 2a of the Convention is:
State Data Protection Inspectorate

Luxemburg

10-02-1988

The Grand Duchy of Luxembourg declares that it avails itself of the right, within the limits of Article 3(2)a) of the Convention, not to apply the Convention:
a. to data banks which, by virtue of a law or regulation are accessible to the public;
b. to data banks which exclusively contain data relating to the owner of the data bank;
c. to data banks which have been set up for public international law institutions.


21-04-2010

The Grand Duchy of Luxembourg designates as the competent authority for the granting of assistance for the implementation of the Convention : the Consultative Committee established by the law of 31 March 1979 regulating the use of personal data in automated processing:
c/o Ministry of Justice

Malta

28-02-2003

Malta declares that, in accordance with Article 3 (2) (a) of the Convention, the said Convention will not apply to the following categories of automated personal data files, which are included in Article 5 of Malta's Data Protection Act No XXVI of 2001:
a. personal data files processed by a natural person in the course of a purely personal activity;
b. personal data files processed for purposes of public security, defence or State security (including the economic well being of the State when the processing operation relates to security matters).
Malta understands that a request for information pursuant to paragraph (b) of Article 8 of the Convention cannot be complied with if the data subject is unable to adequately specify his or her request.
Malta declares that the authority designated for the purposes of co-operation and mutual assistance between Parties in terms of Article 13 (2) (a) of the Convention is the:
Office for the Commissioner for Data Protection

Mauritius

17-06-2016

As per Article 13.2, of the Convention, the authority designated for the purpose to render on behalf of the Republic of Mauritius, mutual assistance with another Party inter alia as per Article 13.3 to furnish information on its law and administrative practice in the field of data protection and to take, in conformity with its domestic law and for the sole purpose of protection of privacy, all appropriate measures for furnishing factual information relating to specific automatic processing carried out in its territory, with the exception however of the personal data being processed, is the:
Data Protection Office.
As per Article 14.2, of the Convention, the authority designated as the intermediary to address the request for assistance submitted by any person resident in the territory of another Party and to exercise the right conferred by the Mauritian domestic law, giving effect to the principles set out in Article 8 of the said Convention, is also the "Data Protection Office”.
As per Article 18 of the Convention, the Data Protection Commissioner from the "Data Protection Office” will be the representative to the Consultative Committee. A high-ranking officer from the Ministry of Technology Communication and Innovation will act as the deputy Representative to the Committee. Both of them will participate to the functions mentioned under the Article 19.

Mexico

18-10-2018

The Mexican public authority responsible for the compliance with the right of access to public information, as well as the right to protection of personal data is:
Authority: National Institute for Transparency, Access to Information and Personal Data Protection INAI - Mexico (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales)

Moldavië

28-02-2008

In accordance with Article 3, paragraph 2.a, of the Convention, the Republic of Moldova will not apply the provisions of the Convention to:
a. the data processing which is carried out by individuals exclusively for their personal and family use provided that the rights of the personal data subjects are not violated;
b. the personal data processing subject to the legal regime on information which constitutes a State' s secret.
In accordance with Article 3, paragraph 2.c, of the Convention, the Republic of Moldova will also apply the Convention to personal data files which are not processed automatically.


11-03-2010

In accordance with Article 13, paragraph 1.a, of the Convention, the Republic of Moldova designates the National Center for the protection of personal data, created pursuant to Article 11 of the Law of the Republic of Moldova on the protection of personal data, as the competent authority for the implementation of the provisions of the Convention, and for the reports on co-operation with other Parties. The contact information are:
National Center for Personal Data Protection


02-01-2014

In accordance with the Law of the Parliament of the Republic of Moldova No. 271 of 7 November 2013, and in accordance with Article 3, paragraph 2.a, of the Convention, the Republic of Moldova will not apply the provisions of the Convention to:
a. the data processing which is carried out by individuals exclusively for their personal and family use provided that the rights of the personal data subjects are not violated;
b. the personal data processing subject to the legal regime on information which constitutes a State' s secret, with the exception of processing made in the context of an action of prevention and investigation of an offence, of the execution of a criminal conviction, of the prosecution related to criminal proceedings, including in cases if minor offences, in accordance with the law;
c. processing operations and cross-border transfer of personal data concerning the author or the victims of genocide, war crimes or crimes against humanity.
Date of effect of the declaration: 3 April 2014

Monaco

24-12-2008

In accordance with Article 13 of the Convention, Monaco designates as the authority responsible for providing, within the scope and limitations of the said Article, all information on Monaco's law and administrative practice regarding data protection:
Commission de Controle des Informations Nominatives - C. C.I.N.

Montenegro

19-10-2006

In accordance with Article 3, paragraph 2, sub-paragraph a, of the Convention, the Republic of Montenegro shall not apply the Convention to automated databases containing personal data being kept in accordance with criminal records and State security regulations.
In accordance with Article 13 of the Convention, Montenegro designates the following responsible authority:
Secretariat for development of the Republic of Montenegro


29-04-2011

In relation to the Article 3, paragraph 2, of the Convention, Montenegro, after considering the declaration contained in the instrument of ratification, withdraws the same and declares :
In accordance with Article 3, paragraph 2, of the Convention, Montenegro will apply the Convention to automated databases containing personal data being kept in accordance with criminal records and State security regulations.

Nederlanden, het Koninkrijk der

24-08-1993

Pursuant to Article 3, second paragraph, under a. of the Convention, the Kingdom of the Netherlands (for the Kingdom in Europe) declares that:
I. The Convention shall not apply to the following personal data files:
- personal data files which are by their nature intended for personal or domestic use;
- personal data files kept exclusively for public information purposes by the press, radio or television;
- books and other written publications, or index systems pertaining to them;
- personal data files kept in archive repositories designated for that purpose by law;
- personal data files which are established and to which public access is required by law;
- personal data files kept for the purpose of implementing the Elections Act; ("Kieswet");
II. The Convention shall as yet not apply to the following personal data files:
- personal data files established under or pursuant to the Criminal Records and Certificates of Good Behaviour Act ("Wet op de justitiële documentatie en op de verklaringen omtrent het gedrag");
- personal data files established pursuant to the Population and Residence Registers Act ("Wet bevolkings - en verblijfsregisters");
- the central register of students in higher education, established under the University Education Act, the Higher Vocational Education Act and the Open University Act ("Wet op het wetenschappelijk onderwijs, Wet op het hoger beroepsonderwijs, Wet op de open universiteit"); and
- files of registered vehicle registration marks and of issued driving licences, established pursuant to the Road Traffic Act ("Wegenverkeerswet").
In accordance with Article 13, second paragraph, under a. of the Convention, the authority designated by the Kingdom of the Netherlands (for the Kingdom in Europe) is:
Registratiekamer

Noord-Macedonië

24-03-2006

In accordance with Article 3, paragraph 2.a, of the Convention, the Republic of Macedonia declares that it will not apply the Convention to the following categories of personal data:
- Processing of personal data carried out by individuals exclusively for personal use or household purposes;
- Processing of personal data for the purpose of sagefuarding national security and national defence of the Republic of Macedonia.


16-05-2006

In accordance with Article 13, paragraph 2.a, of the Convention, the function of the Macedonian information center is fulfilled by the:
Directorate for Personal Data Protection

Noorwegen

20-02-1984

The Convention shall not apply to private personal registers which are not utilised in the private sector or by societies or foundations.
The rules of the Convention shall also be applied to information on associations or foundations.
The Convention will not be made applicable to Svalbard.
The institution in Norway designated in pursuance of Article 13, paragraph 2a of the Convention shall be:
Datatilsynet (The Data Inspectorate)

Oekraïne

30-09-2010

In accordance with Article 3, paragraph 2, sub-paragraph a, of the Convention, Ukraine declares that it will not apply the Convention to the personal data which are processed by natural persons exclusively for personal or everyday needs.
In accordance with Article 3, paragraph 2, sub-paragraph b, of the Convention, Ukraine declares that it will apply the Convention to the information pertaining to groups of persons, associations, funds, companies, corporations and any other organisations, which directly or indirectly consist of individuals irrespective of the fact, whether such offices have, or do not have, the status of legal entity.
In accordance with Article 3, paragraph 2, sub-paragraph c, of the Convention, Ukraine declares that it will apply the Convention to files of personal data, which are not processed automatically.
In accordance with Article 13, paragraph 2, of the Convention, Ukraine declares that the designated authority is the Ministry of Justice of Ukraine.

Oostenrijk

30-03-1988

The Republic of Austria takes the assumption that the term "dissemination" covers the terms "communication" and "making available" used in section 3 paragraphs 9 and 10 of the amendment to the Austrian Data Protection Act, Federal Law Gazette No. 370/1986.
The Republic of Austria takes the assumption that this requirement [Article 5.e] is fully met by the stipulation of the Austrian Data Protection Act concerning the deletion of data upon application by the data subject.
The Republic of Austria takes the assumption that the contents of the phrase "provided for by the law of the Party" contained in the introductory sentence of Article 9(2) of the Convention conforms to the contents of the phrase "in accordance with the law" contained in Article 8(2) of the European Convention on Human Rights, and that it is therefore in agreement with the Convention if under the Austrian basic right to data protection it is admissible to restrict such basic right only if provided for by the law.
The Republic of Austria takes the assumption that, in its scope, the restriction in the interest of the "monetary interests of the State" as provided for in Article 9(2)a of the Convention in conjunction with the restriction under paragraph 2(b) corresponds to the restriction in the interest of the "economic well-being of the country" contained in Article 8(2) of the European Convention on Human Rights.
In compliance with Article 13(2) it is hereby notified that the authority responsible for rendering assistance in the implementation of this Convention shall be:
Bundeskanzleramt
In accordance with Article 3(2)b it is hereby notified that Austria will also apply this Convention to information relating to groups of persons, associations, foundations, companies, corporations or any other bodies consisting directly or indirectly of individuals whether or not such bodies possess legal personality (legal persons or associations of persons within the meaning of section 3(2), Data Protection Act).

Portugal

31-05-2002

Competent Authority:
Comissão Nacional de Protecção de Dados (CNPD)

Roemenië

09-07-2004

The Republic of Romania makes the following declarations:
In accordance with Article 3, sub-paragraph 2.a, this Convention shall not apply to the processing of personal data which are included in a data base when:
a) the automatic processing is realized in the framework of activities in the field of national defence and national security, which are performed within the limits and with the restrictions established by the law;
b) the automatic processing of personal data concerns data obtained from documents accessible to the public, in accordance with the law;
c) the automatic processing of personal data are realized by natural persons exclusively for their personal use, if those data are not to be disclosed.
In accordance with Article 3, sub-paragraph 2.c, the Convention shall also apply to the non-automatic processing of personal data which are part of a data base or which are to be included in such a data base.
In accordance with Article 13 of the Convention, the national competent authority is:
the Ombudsperson
This Convention shall also apply to the automatic processing of personal data realized within the framework of the legitimate activities of any foundation, association or any other non-profit organization having political, philosophical, religious or trade-union character, under condition that the concerned person be a member of this organization or has constant relations with it regarding the specific activity of the organization and that the data shall not be disclosed to a third party without prior consent of the concerned person.

Russische Federatie

15-05-2013

The Russian Federation ratifies the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data with the amendments approved by the Committee of Ministers of the Council of Europe on 15 June 1999, with the following declarations:
The Russian Federation declares that in accordance with subparagraph "a" of paragraph 2 of Article 3 of the Convention, it will not apply the Convention to personal data:
a) processed by individuals exclusively for personal and family purposes;
b) falling under State secrecy in accordance with the legislation of the Russian Federation on State secrecy.
The Russian Federation declares that in accordance with subparagraph "c" of paragraph 2 of Article 3 of the Convention, it will apply the Convention to personal data which is not processed automatically, if the application of the Convention corresponds to the nature of the actions performed with the personal data without using automatic means.
The Russian Federation declares that in accordance with subparagraph "a" of paragraph 2 of Article 9 of the Convention, it retains the right to limit the right of the data subject to access personal data on himself for the purposes of protecting State security and public order.

San Marino

28-05-2015

With regards to Article 13, paragraph 2, of the Convention, the Government of the Republic of San Marino declares that the designated authority for co-operation among Parties is:
Professor Guido GUIDI, Administrative Appeal Judge of the Court of the Republic of San Marino.

Senegal

14-10-2016

In accordance with Article 13 of the Convention, Senegal designates as the competent authority:
La Commission de protection de données personnelles (CDP) of Senegal.
(Date of effect of the declaration: 01-12-2016)

Servië

20-07-2006

In accordance with Article 13 of the Convention, Serbia designates the following responsible authority:
Commissioner for Access to Information of Public Importance and Protection of Personal Data


04-02-2011

Pursuant to Article 3, paragraph 2, sub-paragraph a, of the Convention, the Republic of Serbia shall not apply the Convention with regard to the automatic processing of:
1. data that are available to the general public and printed in public newspapers and publications or that are accessible in the archives, museums and other related organisations;
2. data that are being processed for family and other personal purposes and that are not accessible to a third party;
3. data relating to members of political parties, associations, trade unions and other associations, that are being processed by these organisations provided that the relevant member states in writing that certain provisions of the law shall not apply to the processing of his personal data for a certain period of time which does not last longer than the duration of his/her membership; and
4. personal data published by a person capable of looking after his/her own interests.
Pursuant to Article 3, paragraph 2, sub-paragraph c, of the Convention, the Republic of Serbia declares that the Convention applies to the processing of personal data contained in the database that is not automated.

Slovenië

19-01-1995

In accordance with Article 13. 2. a., the designated authority is:
Ministry of Justice of the Republic of Slovenia

Slowakije

13-11-2000

In accordance with Article 13, paragraph 2, of the Convention, the State body providing State Supervision over the protection of personal data in the Slovak Republic is:
the Government Commissioner for the Protection of Personal Data in Information Systems and Inspection Unit for the Protection of Personal Data

Spanje

26-01-1999

Central Authority:
Ministerio de Justicia, Secretaría General Técnica.


05-03-2008

If the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data were to be extended by the United Kingdom to Gibraltar, the Kingdom of Spain would like to make the following declaration:
1. Gibraltar is a non-autonomous territory for the international relations of which the United Kingdom is responsible and which is subject to a decolonisation process in accordance with the relevant decisions and resolutions of the General Assembly of the United Nations.
2. The authorities of Gibraltar have a local character and exercise exclusively internal competences which have their origin and their foundation in the distribution and attribution of competences performed by the United Kingdom, in compliance with its internal legislation, in its capacity as sovereign State on which the mentioned non-autonomous territory depends.
3. As a result, the eventual participation of the Gibraltarian authorities in the application of this Convention will be understood as carried out exclusively as part of the internal competences of Gibraltar, and it cannot be considered to produce a change in relation with what was established in the two previous paragraphs.

Tsjechië

09-07-2001

In accordance with Article 13 of the Convention, the Czech Republic declares that the designated authority is:
Office for Personal Data Protection


24-09-2003

The Czech Republic declares that, according to Article 3, sub-paragraph 2.c, of the Convention, it will also apply this Convention to personal data files which are not processed automatically.
[Date of entry into force of the declaration: 25/12/2003]

Tunesië

24-10-2017

In accordance with Article 13 of the Convention, Tunisia designates as the competent authority:
L’Instance Nationale de Protection des Données à caractère personnel (INPDP)

Turkije

02-05-2016

Turkey declares that its ratification of the Convention For The Protection of Individuals With Regard to Automatic Processing Of Personal Data neither amounts to any form of recognition of the Greek Cypriot Administration's pretention to represent the defunct “Republic of Cyprus” as party to that Convention, nor should it imply any obligation on the part of Turkey to enter into any dealing with the so-called Republic of Cyprus within the framework of the said Convention.
In accordance with Article 3, paragraph 2.a, of the Convention, the Republic of Turkey declares that it does not apply the Convention to the following personal data:
a) The automatic processing of personal data realised by natural persons exclusively for their personal use or household purposes,
b) Public registers specifically regulated by Law in Turkey,
c) Data which are available to the general public information in accordance with Law,
d) Personal data which are processed by public institutions for the purposes of national security, defence and to the investigation and prevention of criminal offences.
In accordance with Article 3, paragraph 2, sub-paragraph c, of the Convention, the Republic of Turkey declares that the Convention will also apply to personal data files which are not processed automatically.
In accordance with Article 13, paragraph 2, sub-paragraph a, of the Convention, the Republic of Turkey declares that the competent authority is the Personal Data Protection Council.

Bezwaar Cyprus, 29-07-2016

The Republic of Cyprus has examined the declaration deposited by the Republic of Turkey upon ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108), registered at the Secretariat General of the Council of Europe on 2 May 2016.
The Republic of Turkey declares that its ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data neither amounts to any form of recognition of the Republic of Cyprus, as party to that Convention, nor should it imply any obligation on the part of the Republic of Turkey to enter into any dealing with the Republic of Cyprus within the framework of the said Convention.
In the view of the Republic of Cyprus, the content and purported effect of this declaration makes it tantamount in its essence to a reservation contrary to the object and purpose of the Convention, which, it is to be noted, expressly provides that no reservations may be made in respect to its provisions. By such declaration, the Republic of Turkey purports to evade its obligations under the Convention vis-à-vis another equal and sovereign State Party, namely the Republic of Cyprus. Such declaration is incompatible with the principle that inter-State reciprocity has no place in the context of human rights treaties. Furthermore, it prevents the realization of cooperation between State Parties foreseen by the Convention.
The Republic of Cyprus therefore strongly rejects the aforesaid declaration made by the Republic of Turkey and considers such declaration to be null and void. The aforementioned objections by the Republic of Cyprus shall not preclude the entry into force of the Convention, in its entirety, between the Republic of Cyprus and the Republic of Turkey.

Bezwaar Griekenland, 31-01-2017

The Government of the Hellenic Republic has examined the declaration made by the Republic of Turkey upon ratification, on May 2nd 2016, of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.
The Republic of Turkey inter alia declares that its ratification of the Convention should not imply any obligation on the part of Turkey to enter into any dealing with the Republic of Cyprus within the framework of the said Convention.
The Government of the Hellenic Republic is of the view that the above declaration in fact amounts to a reservation, as it purports to exclude the application of the Convention in its entirety between Turkey and the Republic of Cyprus, and would like to recall that according to Article 25 of the Convention, no reservation may be made in respect of the provisions of this Convention.
Furthermore, the Government of the Hellenic Republic notes that the above reservation made by the Republic of Turkey to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, which concerns the endowment of individuals with rights, is incompatible with the principle that inter-State reciprocity has no place in the context of human rights treaties. Such a reservation also prevents the realisation of inter-State cooperation under the Convention.
The Government of the Hellenic Republic, therefore, considers that the aforesaid reservation of Turkey is impermissible as prohibited by Article 25 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and as contrary to the object and purpose of this Convention.
For the above reasons, the Government of the Hellenic Republic objects to the declaration made by the Republic of Turkey upon ratification of the said Convention.
This objection shall not preclude the entry into force of the Convention between the Hellenic Republic and the Republic of Turkey.

Bezwaar Portugal, 06-03-2017

The Government of the Portuguese Republic has examined the declaration made by the Republic of Turkey upon ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.
The Portuguese Republic, as a European Union Member State, opposes the declaration made by the Republic of Turkey since it describes another Member State, the Republic of Cyprus, as a defunct entity.

Bezwaar Oostenrijk, 11-04-2017

The Government of Austria has examined the declaration made by the Republic of Turkey upon ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, adopted on 28 January 1981. It welcomes the ratification of the Convention by Turkey as a significant step for the promotion of data protection. However, as a member State of the European Union, Austria opposes the declaration made by the Republic of Turkey which describes another member State, the Republic of Cyprus, as a defunct entity.

Verenigd Koninkrijk

21-01-1993

[...] the following declaration [...] applies only to the Isle of Man, and not to the United Kingdom or other Islands:
In accordance with Article 3, paragraph 2, sub-paragraph (a) of the Convention, I declare that the Convention will not be applied to personal data files held only for distributing or supplying or recording the distribution or supply of articles, information or services to the data subjects.


26-01-2001

The United Kingdom withdraws the following declaration, made on 26 august 1987 in respect of the United Kingdom, but maintains it in respect of Jersey, Gueunsey and the Isle of Man:
The Convention will not be applied to the following categories of automated personal data files:
a. payroll and pensions : personal data held only for calculating employment remuneration or pensions, or paying deductions from same;
b. accounts and transaction records : personal data held only for keeping accounts or records of transactions;
c. information publicly available by law : personal data which must be publicly available under an enactment.
The United Kingdom makes the following declaration in respect of the United Kingdom only:
"The United Kingdom will apply the Convention to personal data which are not processed automatically but which are held in a relevant filing system. "Relevant filing system" means any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible".
[Date of entry into force of the declaration: 27/4/2001]
The designated authority for the United Kingdom with effect from 20 January 2001 will be:
The information Commissioner
The designated authority for the Bailiwick of Guernsey is now:
The Data Protection Commissioner
The address of the designated authority for the Bailiwick of Jersey is now:
The Data Protection Registrar
The address of the designated authority for the Isle of Man is now:
The Data Protection Registrar


08-07-2019

In accordance with Article 24, paragraph 2, of the Convention, the Government of the United Kingdom of Great Britain and Northern Ireland declares that the United Kingdom's ratification to the Convention shall be extended to the territory of Gibraltar, for whose international relations the United Kingdom is responsible.
For the purposes of Article 13, paragraph 2a, of the Convention, the Government of the United Kingdom of Great Britain and Northern Ireland declares that the competent authority for the Government of Gibraltar shall be:
The Gibraltar Regulatory Authority

Bezwaar Spanje, 28-04-2022

With regard to the communication that the United Kingdom addressed to the Secretariat General of the Council of Europe on 29 July 2019, concerning the intention of the United Kingdom to extend to Gibraltar the application of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108), and notification of which was received by letter from the Secretary General dated 12 July 2019, Spain, recalling that it is a Party to the said Convention, as well as to the Additional Protocol (ETS No. 181) and to Protocol of amendment (CETS No. 223) thereof, wishes to recall the content of its Declaration of 5 March 2008 and to make the following statement:
- Gibraltar is a non-autonomous territory whose international relations come under the responsibility of the United Kingdom and which is subject to a decolonisation process in accordance with the relevant decisions and resolutions of the General Assembly of the United Nations.
- The authorities of Gibraltar have a local character and exercise exclusively internal competences which have their origin and their foundation in a distribution and attribution of competences performed by the United Kingdom in compliance with its internal legislation, in its capacity as sovereign State of which the mentioned non-autonomous territory is dependent.
- As a result, any participation of the Gibraltarian authorities in the application of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data will be understood as carried out exclusively as part of the internal competences of Gibraltar and cannot be considered to modify in any way what was established in the two previous paragraphs.
- The procedure foreseen in the Arrangements relating to Gibraltar authorities in the context of certain international treaties which were adopted by Spain and the United Kingdom on 19 December 2007 (as well as the Agreed Arrangements relating to Gibraltar authorities in the context of EU and EC instruments and related treaties, dated 19 April 2000), apply to this Convention and to the Protocols thereof.
- The application to Gibraltar of this Convention and of the Protocols thereof should not be interpreted as an acknowledgment of any right or any situation regarding areas not covered by Article X of the Treaty of Utrecht of 13 July 1713, concluded between the Crowns of Spain and of the United Kingdom.

Zweden

03-10-1985

The Data Inspection Board has been declared the competent authority in accordance with Article 13, paragraph 2, subparagraph a. of the Convention.

Zwitserland

02-10-1997

In accordance with Article 3, paragraph 2, of the Convention:
The Convention will also apply to personal data concerning legal persons and to personal data files which are not processed automatically.
The Convention will not apply:
a. to files set up and used by Federal and cantonal parliaments during their deliberations,
b. to files of the International Committee of the Red Cross,
c. to personal data files processed by an individual for his or her personal use exclusively and that will not be communicated to third persons.
The Federal Data Protection Commissioner is the competent authority to render assistance in the implementation of the Convention.

Naar boven