As an International Police Organisation, INTERPOL processes vast amounts of highly sensitive data on a daily basis. It is important for INTERPOL’s 195 member countries to have confidence and trust in exchanging data through INTERPOL’s systems, and therefore data protection principles such as transparency, accountability and data quality are of primary importance.
Notable reforms to INTERPOL’s data processing rules were introduced in 2016.
What were the changes?
Definition of responsibility
The amendments more clearly defined the allocation of responsibilities at the various levels of involvement in information handling, including responsibilities of the:
- National Central Bureaus (NCBs) – for the data they send.
- General Secretariat – for the use and storage of this information.
- Member countries – for data received and for keeping their national databases up to date.
INTERPOL data protection officer
The creation of an INTERPOL data protection officer position allowed for enhanced internal oversight, with the responsibilities of this position including:
- Compliance monitoring.
- Liaising with other INTERPOL departments and the CCF.
- Coordinating the work of national data protection officers at NCBs.
- Providing advice and sharing expertise with data protection offices at other international organisations.
Commission for the Control of INTERPOL’s files (CCF)
The Commission for the Control of INTERPOL’s Files (CCF) is an independent, impartial body, officially responsible for ensuring that the processing of data (such as names, fingerprints and DNA profiles) complies with the applicable INTERPOL rules.
The 2016 reforms also impacted the structure and procedures of the CCF, which was restructured into two departments to more effectively carry out its main functions:
- A Supervisory and Advisory department – to ensure processing of personal data is in compliance with INTERPOL’s rules, and to provide advice on activities involving the processing of personal data.
- A Requests department – to examine and decide on requests for access to data, and/or for the correction or deletion of data.
Red Notices and wanted persons diffusions
INTERPOL has come under scrutiny in the past regarding instances in which Red Notices have been misused. This issue was addressed in Fair Trials International’s 2013 report Strengthening Respect for Human Rights, Strengthening INTERPOL.
In 2016, INTERPOL established a dedicated task force to review all data processing concerns, particularly in relation to Red Notices and wanted persons diffusions, to ensure compliance with the INTERPOL constitution and rules.
In 2019, INTERPOL reviewed its Rules on the Processing of data (RPD) to ensure that international police cooperation continues to be effective in an increasingly digital world, marked by innovations such as big data and the increasing connectivity of systems.
The INTERPOL Working Group on the Processing of Information met in March 2019 to begin the review of the RPD, and a progress report was delivered at INTERPOL’s 88th General Assembly held in Santiago, Chile in October, 2019. The General Assembly approved INTERPOL’s amended Rules on the Processing of Data and decided that the amendments shall enter into force immediately.
The General Assembly requested that the Working Group continue its general review of INTERPOL’s RPD and report on its progress to the General Assembly at its coming sessions.
Significant reforms to the ways in which INTERPOL processes and manages data have been introduced to allow for a clearer definition of responsibility and continued effectiveness in response to technological advancements, whilst ensuring that human rights are upheld. The reforms however will need to be carefully monitored.