Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

IGOs help share best privacy practice Blair Stewart
15 October 2015

unflag edit

It’s not just privacy regulators and businesses that play an important role in privacy and data protection. Intergovernmental organisations (IGOs) also make an important contribution through their information handling rules, policies or practices.

IGOs have influence because their data handling standards are usually expected to be implemented at a domestic level by the sovereign states that are members of these organisations, or that work with them. In addition, IGOs often handle some personal information themselves. Two examples of IGOs with far reaching influence are Interpol and the United Nations.

While many specialist privacy committees within IGOs are leaders in developing sets of best practice privacy principles and frameworks, their parent organisations have a rather mixed record of carrying those principles forward into their general policy or administrative work.

As a result, privacy commissioners working collectively at global level called upon IGOs to formally commit to abide by principles that are compatible with principal international instruments dealing with privacy. More particularly, privacy commissioners are seeking the following undertakings:

  • IGOs that hold or process personal information should establish appropriate mechanisms to ensure compliance with applicable data protection principles, such as the establishment of internal but operationally independent supervisory authorities with control powers; and
  • IGOs with a role in promulgating standards or rules that affect personal data handling at domestic level to develop should adopt suitable mechanisms to ensure that data protection considerations are effectively taken into account, such as the use of privacy impact assessments and consultation with recognised data protection authorities.

A number of IGOs have taken privacy seriously for many years and established organisational privacy rules and internal oversight and control measures. A long-standing example is Interpol’s independent monitoring body, the Commission for the Control of Interpol's Files, which was set up in 1982. A more recent example, which built on many years of privacy work, was the creation in 2015 of the Data Protection Office within the international humanitarian organisation, the International Committee of the Red Cross.

It is also pleasing to be able briefly to report upon two significant recent efforts within United Nations institutions.

UN developments

The first is within the UN’s Global Pulse. This is the UN’s programme that seeks to harness big data for development and humanitarian action. Global Pulse is an initiative that explores how new, digital data sources and real-time analytics technologies can provide a better understanding of changes in human well-being and emerging vulnerabilities.

There are legitimate concerns about privacy that present challenges to harnessing big data sets for public benefit. Accordingly, the programme has adopted a set of 10 privacy principles and integrates these into the programme by use of privacy impact assessment.

The second example involves the UN High Commissioner for Refugees (UNHCR). In May 2015, the UNHCR published its policy on the protection of personal data of persons of concern to UNHCR. The position of a data protection officer at UNHCR headquarters was also established to monitor compliance with the policy, provide advice and annually report to the assistant high commissioner for protection.

The UNHCR’s important mission in working for millions of refugees and with thousands of other organisations active in the field means that UNHCR internal standards will inevitably also have an external impact. More information about this development is available in a blog post by Alexander Beck and Christopher Kuner entitled Data Protection in International Organisations and the New UNHCR Data Protection Policy: Light at the End of the Tunnel? 




No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.