We use cookies to enable the full features of this site. By continuing to browse this site you agree to the use of cookies. Find out more by reading our data privacy statement

The Pan-European General Principles on Data Protection

  • CoE Conventions
  1. Council of Europe Convention for the protection of individuals with regard to the processing of personal data
  • The purpose of this Convention is to protect every individual, whatever his or her nationality or residence, with regard to the processing of their personal data, thereby contributing to respect for his or her human rights and fundamental freedoms, and in particular the right to privacy.
  • ‘While security measures are aimed at preventing a number of risks, paragraph 2 contains a specific obligation in cases where a data breach has nevertheless occurred that may seriously interfere with the fundamental rights and freedoms of the individual. For instance, the disclosure of data covered by professional confidentiality, or which may result in financial, reputational, or physical harm or humiliation, could be deemed to constitute a “serious” interference.’ (Article 7 Data security, para 64)


  • Recommendations
  1. Recommendation No. R (91) 10 of the Committee of Ministers to Member States on the Communication to Third Parties of Personal Data Held by Public Bodies
  2. ECtHR judgment Bernh Larsen Holding AS and Others v. Norway (24117/08), March 14, 2013
  • The case concerned the complaint by three Norwegian companies about a decision of the tax authorities ordering tax auditors to be provided with a copy of all data on a computer server used jointly by the three companies.
  • The ECtHR agreed with the Norwegian courts’ argument that, for efficiency reasons, tax authorities’ possibilities to act should not be limited by the fact that a tax payer was using a “mixed archive”, even if that archive contained data belonging to other tax payers. Moreover, there were adequate safeguards against abuse.
  • No violation of Article 8 (right to respect for private and family life, home and correspondence) of the European Convention on Human Rights.
  1. ECtHR judgment Pruteanu v. Romania (30181/05), February 3, 2015
  • The applicant was a lawyer. The case concerned the interception of his telephone conversations and his inability to challenge the lawfulness of the measure and to request that the recordings be destroyed.
  • On 1 September 2004 the commercial company M. was barred from carrying out bank transactions. The police received several criminal complaints against the company for deceit. One of the company’s partners, C.I., instructed the applicant as his defence lawyer. The District Court authorised the prosecuting authorities to intercept and record the partners’ telephone conversations for a period of thirty days. From 27 September to27 October 2004 the fraud investigation unit intercepted and recorded C.I.’s conversations, including twelve conversations with the applicant. On 21 March 2005 the District Court held that the recordings were relevant to the criminal case against C.I.’s fellow partners in company M., and ordered that the transcripts and the tapes be placed under seal. Mr Pruteanu and C.I. both lodged appeals, which were declared inadmissible.
  • Relying in particular on Article 8, Mr Pruteanu complained of interference with his right to respect for his private life and correspondence on account of the recording of his telephone conversations with his client C.I.
  • Violation of Article 8
  1. European Union Agency of Fundamental Rights/Council of Europe Handbook on European data protection law