There is often confusion surrounding the safeguards INTERPOL has in place for the processing of personal data. This article explores some frequently asked questions.
Frequently Asked Questions
What rules or laws govern INTERPOL’s processing of personal data for international police cooperation?
INTERPOL operates under its Constitution, which forms the basis of its legal structure. This Constitution, along with the Rules on the Processing of Data (RPD) and resolutions from the INTERPOL General Assembly, outlines the organisation’s operational rules, including those for handling personal data. Key provisions related to data processing are found in Articles 2, 3, and 5 of the Constitution and Title 1, Chapter II of the RPD. All these governing documents are publicly accessible.
On what bases can INTERPOL process personal data?
INTERPOL’s Constitution and Rules for the Processing of Data define the terms and conditions for accessing and handling information within its network, including the Notices system. The Constitution emphasises voluntary cooperation, neutrality, independence, and adherence to members’ laws and the Universal Declaration of Human Rights. The Rules on the Processing of Data ensure the protection of personal data, facilitating members’ access to reliable information. This legal framework supports the various services provided by INTERPOL.
How long is INTERPOL allowed to retain my personal data?
Data in INTERPOL’s police databases are retained only as long as necessary to fulfill their intended purpose, with initial retention periods typically not exceeding five years. This period can be shorter if required by the national law of the country that entered the data or if the purpose has been achieved.
Under what circumstances can I find out what personal data of mine, if any, INTERPOL maintains?
When someone requests access to information in INTERPOL’s system, the Commission for the Control of INTERPOL’s Files (CCF) Secretariat first verifies if any data about the applicant exists. According to the CCF Statute, before sharing this information, the Commission consults the data source. The Commission usually decides on the request within four months of its admissibility and provides the applicant with a written decision.
Can I request that INTERPOL delete or correct personal data of mine that it maintains?
Yes, requests for access, correction, or deletion of personal data can be submitted for free to the CCF, an independent body. The CCF’s Requests Chamber reviews and decides on these requests, and its decisions are final and binding on INTERPOL.
How can I challenge actions that INTERPOL takes with respect to my personal data?
As noted above, the Requests Chamber of the Commission receives, examines, and decides on requests for access to data as well as requests for correction and/or deletion of data processed in the INTERPOL Information System.
Where can I get more information about INTERPOL systems and activities with regard to the processing of personal data?
INTERPOL’s website contains extensive information on the Organisation’s structure, membership, authorities, activities, and operations. More specifically, information on the rules governing the Organisation, including its Constitution, Rules on the Processing of Data, and other rules and regulations, are publicly available and can be found online: www.interpol.int/who-we-are/legal-framework/legal-documents.
Does INTERPOL have a data protection officer?
Yes, the INTERPOL Data Protection Office (IDPO) ensures compliance with INTERPOL’s data processing rules through various legal, technical, operational, and organisational channels. Headed by the Data Protection Officer, who reports directly to the Secretary General, the IDPO conducts impact assessments, advises on new technologies, provides training, and promotes a strong data protection culture. Key functions include auditing data processing rules, advising on operations affecting individual rights, coordinating with data protection officers at National Central Bureaus, liaising with the Commission for the Control of INTERPOL’s Files, and collaborating with international partners to exchange best practices.
How does INTERPOL review and update its rules regarding the protection of personal data?
To keep up with evolving international data protection standards, INTERPOL regularly updates its data protection rules approximately every three years. The Standing Committee on Data Processing, established in 2019, is responsible for continuously assessing and proposing updates to these rules. This committee replaced the Working Group on the Processing of Information (GTI), active since 2002. Any proposed changes are presented to the INTERPOL General Assembly for adoption by its members.
Is there any independent oversight of INTERPOL actions with respect to its handling of personal data?
Yes, the independent Commission for the Control of INTERPOL’s Files (CCF) supervises the organisation’s compliance with its data processing rules. Additionally, the CCF advises INTERPOL on projects, operations, and rules, either proactively or upon request from the General Secretariat.
What are INTERPOL Notices?
INTERPOL Notices are international alerts or requests for cooperation that enable police in member countries to share critical crime-related information. These notices are published by the General Secretariat at the request of a National Central Bureau (NCB), which serves as the liaison between INTERPOL and other NCBs. All member countries have access to these notices. Additionally, international criminal tribunals and the International Criminal Court can request notices for individuals wanted for serious crimes like genocide, war crimes, and crimes against humanity.
What is an INTERPOL Red Notice?
A Red Notice, issued by the General Secretariat at the request of an NCB based on a valid national arrest warrant or international tribunal request, seeks the location and apprehension of a wanted individual for extradition or similar lawful action. Although not an international arrest warrant, it’s a request for cooperation. Each member country decides whether to act on a Red Notice; INTERPOL cannot mandate action, leaving the decision entirely to the discretion of each country. Despite this, the Red Notice system is instrumental in facilitating the arrest of numerous fugitives and terrorists annually.
What is an INTERPOL Diffusion?
Member countries can request cooperation from each other through Notices and Diffusions. Diffusions are sent directly by an NCB to other NCBs and are recorded in INTERPOL’s databases. Both Notices and Diffusions must adhere to INTERPOL’s Constitution and the Rules on the Processing of Data (RPD). Wanted Persons Diffusions are reviewed by a specialised task force, similar to Red Notices.
Does INTERPOL have the power to arrest people?
INTERPOL cannot issue arrest warrants or Red Notices on its own initiative; it can only do so at the request of a member country or international tribunal. INTERPOL cannot compel any member country to arrest an individual subject to a Red Notice or take any action in response to such a notice. Each member country independently determines the legal significance of a Red Notice within its jurisdiction and assumes full responsibility for any actions taken based on such notices.
What are some of the key rules that govern the use and publication of INTERPOL Red Notices?
INTERPOL’s Constitution and Rules on the Processing of Data (RPD) are crucial to the Red Notice system. Article 2 of the Constitution promotes broad mutual police assistance while respecting national laws and the Universal Declaration of Human Rights. Article 3 forbids any political, military, religious, or racial interventions by the organization. The RPD specify that Red Notice requests must include a clear summary of the case, sufficient identifiers, and facts linking the wanted person to the charges. Requests must detail each individual’s role in the crime, include relevant judicial data such as charges, applicable laws, penalties, and references to arrest warrants or equivalent judicial decisions, with copies provided whenever possible.
Does INTERPOL review requests for the issuance of Red Notices prior to their publication?
Yes, INTERPOL has established a dedicated multidisciplinary task force to conduct thorough quality and legal compliance reviews for all incoming Red Notices and wanted-persons diffusions before their publication by the General Secretariat. The task force also revisits Notice decisions when new information arises. Compliance reviews are based on information available at the time of publication, and the task force re-examines cases with new relevant information to ensure ongoing compliance. New Red Notices and wanted-persons diffusions are not visible to other member countries in INTERPOL’s databases until they are confirmed as compliant.
Who can see Red Notices once they have been published?
All Notices, including Red Notices, are shared with all 194 member countries. However, a member country can decide to send its request for cooperation to a limited number of countries of its choice in the form of a Diffusion.
Are any Red Notices made publicly available?
Most Notices are for police use only and are not made available to the public. However, in some cases, for example to alert the public, or to request help from the public, an extract of the Notice can be published on the INTERPOL website.
Does the INTERPOL president play any role in the organisation’s publication of individual Red Notices?
Neither the President nor Executive Committee members are involved in reviewing and issuing notices and diffusions. There has been confusion regarding the President’s role. The President, elected by delegates of INTERPOL Member countries at the General Assembly, holds an unpaid and part-time position while remaining a full-time official in their own country. The President’s role is to chair the General Assembly and Executive Committee sessions each year. Any member country can propose candidates for the Executive Committee, including the honorary role of President.
Can the CCF review INTERPOL decisions regarding the publication of Red Notices?
Yes, the Commission for the Control of INTERPOL’s Files (CCF), independent from INTERPOL’s General Secretariat, is mandated to review all personal data processed through INTERPOL’s Information System, including Notices and Diffusions. The CCF can receive requests for access, correction, or deletion of data from individuals concerned by a Notice or Diffusion and review these for compliance with INTERPOL’s Constitution and rules. Its decisions are binding; if the CCF finds non-compliance, the General Secretariat must delete the Notice.
Does INTERPOL issue any types of Notices other than Red Notices?
Yes. INTERPOL’s colour-coded Notices enable countries to share alerts and requests for information worldwide.
- Blue Notice – used to locate, identify or obtain information on a person of interest in a criminal investigation.
- Green Notice – used to warn about a person’s criminal activities if that person is considered to be a possible threat to public safety.
- Yellow Notice – used to locate a missing person or to identify a person unable to identify himself/herself.
- Black Notice – used to seek information on unidentified bodies.
- Orange Notice – used to warn of an event, a person, an object or a process representing an imminent threat and danger to persons or property.
- Purple Notice – used to provide information on modi operandi, procedures, objects, devices or hiding places used by criminals.
- United Nations Security Council Special Notice – used to inform INTERPOL’s members that an individual or an entity is subject to UN sanctions.
Do notices need to meet legal criteria before being published?
Yes, a Notice is published only if it complies with INTERPOL’s Constitution and the conditions defined by the Rules on the Processing of Data (RPD), ensuring legal and quality information and personal data protection. For instance, a Notice will not be published if it violates Article 3 of INTERPOL’s Constitution, which prohibits political, military, religious, or racial interventions.