All the member states of the Council of Europe (CoE) are also signatories of the European Convention on Human Rights (ECHR).

[3] Article 8 of the ECHR provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions.

In 1973, American scholar Willis Ware published Records, Computers, and the Rights of Citizens, a report that was to be influential on the directions these laws would take.

Some examples of "personal data" are: address, credit card number, bank statements, criminal record, etc.

The notion processing means "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction" (art.

Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.

When sensitive personal data (can be: religious beliefs, political opinions, health, sexual orientation, race, membership of past organisations) are being processed, extra restrictions apply.

Each member state must set up a supervisory authority, an independent body that will monitor the data protection level in that member state, give advice to the government about administrative measures and regulations, and start legal proceedings when data protection regulation has been violated.

The Working Party negotiated with United States representatives about the protection of personal data, the Safe Harbour Principles were the result.

According to critics the Safe Harbour Principles do not provide for an adequate level of protection, because they contain fewer obligations for the controller and allow the contractual waiver of certain rights.

In October 2015 the European Court of Justice ruled that the Safe Harbour regime was invalid as a result of an action brought by an Austrian privacy campaigner in relation to the export of subscribers' data by Facebook's European business to Facebook in the United States.

[12] In February 2008, Jonathan Faull, the head of the EU's Commission of Home Affairs, complained about the United States bilateral policy concerning PNR.

[13][14][not specific enough to verify] The US had signed in February 2008 a memorandum of understanding[15] (MOU) with the Czech Republic in exchange of a visa waiver scheme, without first consulting Brussels.

[11] The tensions between Washington and Brussels are mainly caused by the lower level of data protection in the US, especially since foreigners do not benefit from the US Privacy Act of 1974.

Other countries approached for bilateral Memoranda of Understanding included the United Kingdom, Estonia, (Germany) and Greece.

[16][not specific enough to verify] EU directives are addressed to the member states, and are not legally binding for individuals in principle.

"The Regulation applies to processing outside the EU that relates to the offering of goods or services to data subjects (individuals) in the EU or the monitoring of their behavior," according to W. Scott Blackmer of the InfoLawGroup, though he added "[i]t is questionable whether European supervisory authorities or consumers would actually try to sue US-based operators over violations of the Regulation.

"[2] Additional changes include stricter conditions for consent, broader definition of sensitive data, new provisions on protecting children's privacy, and the inclusion of "rights to be forgotten.

[22][23] Former US President Bill Clinton and former Vice-President Al Gore explicitly recommended in their "Framework for Global Electronic Commerce" that the private sector should lead, and companies should implement self-regulation in reaction to issues brought on by Internet technology.

[28] Europe's extensive privacy regulation is justified with reference to experiences under World War II-era fascist governments and post-War Communist regimes, where there was widespread unchecked use of personal information.