Data privacy as a tool for international police cooperation

MODAP Conference, “Privacy: Beginning or the End” Sabanci University, Istanbul, 20-21 June 2011

INTERPOLCaroline Goemans-Dorny, CounselOffice of Legal Affairs

1. General Context

2. INTERPOL’s mission and tools

3. Challenges related to data processing

4. A global legal framework

5. Effective implementation: a multilayered controlling mechanism

Conclusion

Outline

1. General context

• Globalisation of “new” crimes• Need for multilateral police co-operation • INTERPOL as an international organization,

with a universal dimension (188 member countries)

• legal personality, distinct from its Member States

“To ensure and promote the widest possible mutual assistance between all criminal police authorities”

“To establish and develop all institutions likely to contribute effectively to the prevention and suppression of ordinary law crimes”

exchange of police information = core activity

2. INTERPOL’s mission (Article 2 Constitution)

a global secured police telecommunication network ,

2. INTERPOL’s tools

A set of GLOBAL DATABASES: stolen motor vehicles - stolen works of art - stolen passeports - fingerprints - fugitives - child abuse image database - DNA

2. INTERPOL’s tools

INTERPOL NOTICES: requests for police cooperation for specific purposes

arrest identification

locate threat warn dangerous persons missing

17,518 published Notices and diffusions in 2010 80,257 valid Notices et diffusions in 2010

2. INTERPOL’s tools

Operational support: logistical and technical support to member countries with complex ongoing investigations.

Comprehensive training programs: on the field and at the General Secretariat

2. INTERPOL’s tools

• 188 member countries with differences in legal culture, technology experience and requirements for data protection (technical and policital challenges)

• New crimes, more complex criminality

• four categories of actors relating to processing: General Secretariat, National Central Bureaus, Authorized National Institutions , International Organizations

3. Challenges relating to data processing

• global exchange of police information presupposes a TRUST environment to encourage the largest international police cooperation

need for guarantees, a comprehensive legal framework, implementing measures and controlling mechanisms

3. Challenges relating to data processing

4. A global legal framework

• A global legal framework:

general rules relating to the observance of fundamental human rights (INTERPOL’s Constitution)

specific rules on data processing reflecting the international protection standards (1984)

creation of an independent supervisory board – Commission for the control of INTERPOL’s files (1982)

• pioneer role of INTERPOL

4. A global legal framework

• Specific INTERPOL principles of data processing :

a. Principle of NATIONAL SOVEREIGNITY: “ the limits of the laws existing in the different countries - Art.2(2) Constitution “

b. Principle of NEUTRALITY: strictly forbidden to undertake any intervention or activities of a political, military, religious or racial character - Art. 3 Constitution - mulitlayered legal review

4. A global legal framework

• 4.2. Specific INTERPOL principles of data processing :

a. ..

b. ..

c. Principle of TRANSPARENCY: right of the source of information to control the further processing of its information

d. COORDINATING ROLE of the INTERPOL National Central Bureaus in each member country

• Ongoing continuous review (change in circumstances, new information)

• Multi-perspective in nature (police operational needs, legal examination)

• Review is subject to various checks and balances (Appeal and supervision by Interpol’s different institutional bodies)

5. A Multilayered controlling mechanism

5. A multilayered controlling mechanism

At internal level: by the General Secretariat

At national level: by INTERPOL Members

At external level, by and independent body : the Commission for the Control of Interpol’s files (CCF)

At any stage of the processing of information:

5. Controlling mechanisms at internal level

Controls organised by INTERPOL General Secretariat:

a) Automatic/technical:

through security measureson determined procedures through an alert system (generated by a thesaurus)

b) Manual controls on:

specific issues of concernspecific categories of files (potential identified risks)

5. Controlling mechanism at internal level

Discretionary power of INTERPOL General Secretariat:

a) In case of doubts:

Precautionary measures (blocking access, withdrawal from INTERPOL’s website, etc.)Consultation of sources of informationConsultation of the CCF for advice

b) In case of non compliance:

Deletion of the informationRefusal to accept a specific processing of the informationInformation of the source concerned

5. Controlling mechanism at internal level

Developed structured training program:

Establishment of common professional standards with strategic objectives:

To share common understanding of DP value Education To avoid any abusive use of information and of INTERPOL’s facilities:

Key role of training in INTERPOL’s mission: “police training and development” is 1 of the 4 core functions of INTERPOL

5. Controlling mechanism at internal level

Organisation of regional conferences and working groups:

a) To identify and share difficulties met by users (users advisory groups)

b) To adopt common solutions (resolutions of the General Secretariat)

Continuous assistance to NCBs to ensure that DP principles are known, understood and respected.

- Helpdesk (operational and legal) at the disposal of users (24h/24)

5. Controlling mechanisms at internal level

Benefits expected:

a) decrease in the risk of infringement of fundamental human rights.

b) More confidence in the way the information is handled

c) Increased flow of data sharing

5. Controlling mechanisms at national level

NCBs service standards:

a) Appointment of a National Security Officer

Application of INTERPOL’s standards at national levelRights of access to INTERPOL’s databasesOrganisation of national controls

b) Regular Cross controls/peer evaluations between countries (including reports to INTERPOL’s General Secretariat)

c) Identification of “good practices” to be shared

5. External controlling mechanism

By the Commission for the Control of Interpol’s Files “CCF” (1/8)

3 roles: a) Supervision b) Advice c) Processing of individual requests

5 members: a) appointed for 3 years

b) Ideally from different regions and holding different nationalities

5. External controlling mechanism

Independent and impartial body (CCF)

Guaranteed by applicable texts :

Independence of members (bound by professional secrecy, prohibition to accept or solicit instructions) Extended powers of investigation:

. free and unlimited access to INTERPOL’s files

. right to initiate spot checks

. right to consult the GS, the NCBs

5. External controlling mechanism

Independent and impartial body (CCF)

Guaranteed by applicable texts :

Confidentiality of the CCF files Sessions held in camera Possibility of the CCF to issue its own rules of procedure…Specific budget for the activity of the CCFPermanent Secretariat

5. External controlling mechanism

Content of control

WHAT?. compliance of information processed through INTERPOL’s channels with INTERPOL’s rules (finality, accuracy, non discrimination, proportionality, retention period, concrete interest for the police at international level). respect of procedures applicable. functioning of the databases

WHEN?. at the request of the General Secretariat. at its own initiative (right to initiate spot checks). In the context of an individual request

5. External controlling mechanism: requests from individuals

Who are the requesting parties ? the subject of the request his/her duly mandated representative

What are the purposes of the requests ? requests for simple access to INTERPOL’s files requests challenging INTERPOL’s files

In this context, the CCF ensures that affected individuals have an effective and adequate remedy (control, update or deletion of information) = preservation of INTERPOL’s judicial immunity

5. External controlling mechanism: requests from individuals - procedure

Control of the information processed by INTERPOL

= independent study by the CCF

Consultation of the General Secretariat or of the sources of the information controlled in case of questions or doubts

= request for further information, documents, comments on challenges, etc.

5. External review: advice role of CCF

Communication of the CCF findings to INTERPOL General Secretariat (conclusions on compliance, recommendations on necessary actions to be taken)

Controls over the follow-up of the CCF recommendations

Answers to the requesting parties (in case of requests for access and of complaints)

Controls are aimed at protecting fundamental human rights and advising INTERPOL whenever necessary

Conclusion

The adoption of a comprehensive set of rules and development of mechanisms to monitor their implementation create a climat of TRUST and CONFIDENCE that:

-minimize the risk of abusive use in relation to the processing of information; -strenghten confidence between member countries when they cooperate via INTERPOL channels. -INTERPOL data processing rules include a redress mechanism for individuals.

observance of data privacy is a tool for effective international police co-operation

Thank you

cgoemans@interpol.int

Interpol : http://interpol.intCCF : http://interpol.int/Public/ccf/default.asp