CYIL vol. 9 (2018)

EMIL RUFFER CYIL 9 ȍ2018Ȏ It remains to be seen what the practical effects of the modernised Convention would be and whether it would have a real impact beyond Europe. This is not to say that “merely” harmonising the rules in Europe, most notably with regard to the EU legal framework, is not enough of an achievement. However, there are two issues which come to one’s mind in this context. Firstly, the recent accession of Mexico to the Convention is a very positive sign that this observer State of the Council of Europe takes the data protection seriously and could establish a leading example on the American continent. Secondly, a potential accession by the United States of America, another observer State of the Council of Europe, to the modernised Convention would surely be another great signal, although this is not very likely. But such a step might, with a considerable degree of certainty, prevent a repetition of difficulties experienced in the aftermath of the Schrems judgement by the CJEU, 53 which declared the European Commission’s decision on adequate level of protection in the United States invalid and consequently severely restricted transborder transfers of personal data to the United States, affecting some of the leading internet companies, such as Facebook. 54 So let us be hopeful that the modernised Convention could attract a well-deserved international attention and the current number of 51 Parties would soon increase. Since our personal data can move very easily and very fast (often without our knowledge) not only across Europe, but far beyond, it would be reassuring to know that they are well protected during their digital journey.

53 Case C-362/14 Schrems , ECLI:EU:C:2015:650. For a very interesting article on the impacts of the Schrems judgment, see P. Roth: ‘Adequate level of data protection’ in third countries post-Schrems and under the General Data Protection Regulation , Journal of Law, Information and Science, Vol 25(1) 2017. 54 This judgment effectively declared the US “Safe Harbour Privacy Principles” as insufficient from the EU law point of view and stated that the European Commission failed to establish that “ the third country concerned in fact ensures, by reason of its domestic law or its international commitments, a level of protection of fundamental rights essentially equivalent to that guaranteed in the EU legal order ” (paras. 96-97 of the judgment).

154