Ratification of the Protocol amending Convention for the Protection of individuals

Mauritius has signed and deposited, on 4 September 2020, its instrument of ratification of the Protocol amending Convention for the Protection of individuals with regard to automatic processing of personal data (CETS 223).

Mauritius has thus become the 6th State after Bulgaria, Croatia, Lithuania, Poland and Serbia as well as the first country in Africa to ratify the modernised Convention 108 (Convention 108 +). The modernisation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the only existing legally binding international treaty with global relevance in this field, addresses the challenges to privacy resulting from the use of new information and communication technologies, and strengthens the convention’s mechanism to ensure its effective implementation.

The Protocol provides a robust and flexible multilateral legal framework to facilitate the flow of data across borders while providing effective safeguards when personal data are being used. It constitutes a bridge between different regions of the world and different normative frameworks, including the EU GDPR which refers to Convention 108 in the context of transborder data flows.

Some of the modernisations contained in the Protocol are as follows:

  • Stronger requirements regarding the proportionality and data minimisation principles, and lawfulness of the processing;
  • Extension of the types of sensitive data, which will now include genetic and biometric data, trade union membership and ethnic origin;
  • Obligation to declare data breaches;
  • Greater transparency of data processing;
  • New rights for the persons in an algorithmic decision making context, which are particularly relevant in connection with the development of artificial intelligence;
  • Stronger accountability of data controllers;
  • Requirement that the “privacy by design” principle is applied;
  • Application of the data protection principles to all processing activities, including for national security reasons, with possible exceptions and restrictions subject to the conditions set by the Convention, and in any case with independent and effective review and supervision;
  • Clear regime of transborder data flows;  and
  • Reinforced powers and independence of the data protection authorities and enhancing the legal basis for international cooperation.

Leave a Reply