The chair of the Council of Europe’s data protection ‘Convention 108’ committee, Alessandra Pierucci, and the Council of Europe Data Protection Commissioner, Jean-Philippe Walter, have recently released a joint statement on digital contact tracing in the fight against coronavirus.

Digital contact tracing is being used in many countries to help control the spread of coronavirus by alerting individuals that may have come into contact with an infected person.  The UK government is gearing up to deploy its contact tracing app within the next few weeks (it is currently being tested on the Isle of Wight), which could help lift the lockdown measures further. However, as highlighted by the joint statement, it is crucial to ensure that the necessary data protection safeguards are implemented when adopting extraordinary measures to protect public health.
Continue Reading Digital contact tracing and coronavirus: The Council of Europe’s take

The Council of Europe Commissioner for Human Rights has recently published recommendations for improving compliance with human rights regulations by parties developing, deploying or implementing artificial intelligence (AI).

The recommendations are addressed to Member States. The principles concern stakeholders who significantly influence the development and implementation of an AI system.

The Commissioner has focussed on 10 key areas of action:

    1. Human rights impact assessment (HRIA) – Member States should establish a legal framework for carrying out HRIAs. HRIAs should be implemented in a similar way to other impact assessments, such as data protection impact assessments under GDPR. HRIAs should review AI systems in order to discover, measure and/or map human rights impacts and risks. Public bodies should not procure AI systems from providers that do not facilitate the carrying out of or publication of HRIAs.
    2. Member States public consultations – Member States should allow for public consultations at various stages of engaging with an AI system, and at a minimum at the procurement and HRIA stages. Such consultations would require the publication of key details of AI systems, including details of the operation, function and potential or measured impacts of the AI system.
    3. Human rights standards in the private sector – Member States should clearly set out the expectation that all AI actors should “know and show” their compliance with human rights principles. This includes participating in transparent human rights due diligence processes that may identify the human rights risks of their AI systems.
    4. Information and transparency – Individuals subject to decision making by AI systems should be notified of this and have the option of recourse to a professional without delay. No AI system should be so complex that it does not allow for human review and scrutiny.
    5. Independent oversight – Member States should establish a legislative framework for independent and effective oversight over the human rights compliance of AI systems. Independent bodies should investigate compliance, handle complaints from affected individuals and carry out periodic reviews of the development of AI system capabilities.
      Continue Reading Council of Europe publish recommendations for the regulation of AI to protect human rights

The Council of Europe (CoE) recently issued its recommendation to member states on the protection of health-related data (Recommendation). The Recommendation guides member states to ensure that their law and practice reflect the principles of processing health-related data.

The recommendations stem from Convention 108 which was the first international treaty in the field of data protection. Like the General Data Protection Regulation 2016/679 (GDPR), Convention 108 sets out principles for processing health data, but contains fewer options than GDPR. The Recommendation’s principles related to health data align with GDPR, but in some cases provide more guidance about processing health-related data.

Some of the key recommendations on processing certain health-related data are below.Continue Reading Council of Europe issues recommendation on processing health-related data

The Council of Europe released a Declaration encouraging the Internet Corporation for Assigned Names and Numbers (‘ICANN’), when developing policies for the Internet’s domain name system, to consider international privacy, security and human rights laws and policies. The Council has no legal power to force any changes on ICANN, but, having official observer status within ICANN’s Governmental Advisory Committee, can offer detailed advice.

In its Declaration, the Council were keen to emphasise the important role that ICANN holds with regard to the control, security and supervision of the Internet, but also talked about its own responsibility to protect human rights; namely, the right to freedom of expression and access to information, the freedom of assembly and association, and the right to private and family life, including the protection of personal data.Continue Reading ICANN urged to take international and security rules seriously by Council of Europe