INTERPOL has the power and obligation to prevent all abusive government requests from entering its channels, no exceptions
This post is based on the article authored by Yuriy Nemets INTERPOL’s Power to Act Preemptively in Fighting Government Abuse, International Enforcement Law Reporter Vol. 35, Issue 5 (May 2019). See also Yuriy Nemets, INTERPOL’s Power to Prevent Diffusion Abuse: Legal, Political and Technological Considerations, International Enforcement Law Reporter Vol. 35, Issue 7 (July 2019)
In its 2017 annual report, the Commission for the Control of INTERPOL’s Files (CCF) confirmed that INTERPOL did not have a comprehensive mechanism that would allow it to monitor incoming diffusions and other government requests, and that indeed some governments had succeeded in disseminating diffusions against the same individuals whom CCF had already found to be victims of their Red Notice abuse. At the time, I called upon INTERPOL to implement such mechanism to ensure that no government request enters its channels if it concerns an individual whom INTERPOL had already found to be the victim of government abuse of its resources.
Under INTERPOL’s rules, the General Secretariat must act preemptively, not just deal with abusive government requests after they are already disseminated through its channels. In this regard, it is important to remember that not only do INTERPOL’s rules give the Organization the power to screen all incoming diffusions, notices and other government requests and block them before they enter its channels, the rules actually require INTERPOL to do so to prevent abuse. The right of governments to send diffusions to each other directly, bypassing the General Secretariat, does not trump the latter’s power and obligation to monitor and block all incoming requests, including diffusions, to prevent governments from violating the Organization’s rules.
The General Assembly, the body of supreme authority at INTERPOL, instructs that the Rules on the Processing of Data (RPD) “must be effectively implemented” (art. 17(1) of the RPD). RPD, which the General Assembly adopted, give the General Secretariat broad powers to ensure their effective implementation: “If a doubt arises regarding compliance with the conditions for data processing, the General Secretariat shall take all appropriate steps to prevent any direct or indirect prejudice the data may cause to the Organization, its staff, its Members, the National Central bureaus, the national entities, the international entities or the individuals that the data concern” (emphasis added) (art. 129(1) of the RPD). Therefore, to perform its obligation to ensure that governments and other users comply with the Organization’s rules, the General Secretariat (1) does not have to possess strong evidence that a request for police cooperation is not compliant, since mere doubt suffices; (2) must use any means not contrary to INTERPOL’s rules to block a request from being communicated; and (3) must act preventively, that is, block a request before it is disseminated and before INTERPOL member countries learn about its existence.
No matter which instrument a government uses to transmit its request, a diffusion, notice or message, it utilizes INTERPOL’s resources, and, therefore, any such request must comply with the Organization’s regulations and is subject to the above-mentioned broad powers of the General Secretariat (art. 8(1) of the RPD). In this regard, RPD stress: “The processing of data through INTERPOL’s channels shall be done exclusively in the INTERPOL Information System” (art. 4(1) of the RPD). RPD define the “INTERPOL Information System” as “all structured material resources and software used by the Organization — databases, communications infrastructure, advanced sensor technology and other services — to process data through its channels in the context of international police cooperation” (emphasis added) (art. 1(4) of the RPD). “Processing” includes “collection, recording, consultation, transmission, use, disclosure and deletion” of data (emphasis added) (art. 1(5) of the RPD). Under RPD, diffusions are “sent directly to one or several [NCBs] or to one or several international entities, and simultaneously recorded in a police database of the Organization” (art. 1(14) of the RPD), notices are “published by the Organization at the request of a National Central Bureau or an international entity, or at the initiative of the General Secretariat, and sent to all the Organization’s Members” (art. 1(13) of the RPD), and messages are “sen[t] directly to one or several [NCBs] or to one or several international entities through the INTERPOL Information System” (emphasis added) (art. 1(15) of the RPD). Therefore, whether a government uses a diffusion, notice or message, it always processes information through INTERPOL’s channels, and RPD apply to any such use.
The General Secretariat has broad discretion over mechanisms and tools it needs to perform its obligation to ensure continuous compliance with INTERPOL’s rules. Moreover, RPD require the General Secretariat to find and put such mechanisms and tools in place to prevent any unlawful data processing. Under RPD, the General Secretariat must “organize and administer the INTERPOL Information System and decide upon which technologies it should be based” (art. 22(2) of the RPD), “set up any databases to ensure that data recorded in the Organization’s police databases comply with the present Rules and to avoid unauthorized or erroneous processing of data in the databases” (art. 125(1) of the RPD), and “put in place the mechanisms and tools to guarantee [the quality of data recorded and transmitted in the INTERPOL Information System] at all times” (emphasis added) (art. 12(3) of the RPD). Therefore, the General Secretariat can choose any mechanism that would guarantee that it meets its obligations, including continuous monitoring of all incoming diffusions, notices and other requests to ensure that no such request is communicated via INTERPOL’s channels if it concerns an individual already declared the victim of INTERPOL abuse.
It is important to remember that the General Secretariat’s obligation to monitor and block non-compliant diffusions, notices and other requests before they are processed via INTERPOL’s channels also derives from its duty to unconditionally enforce CCF’s decisions. No government has the right to use INTERPOL’s resources in violation of CCF’s decisions, and INTERPOL and its General Secretariat have no choice but to follow CCF’s conclusions. After CCF rules that data about an individual must be deleted, any speculation that the same government has the right to continue to process any information about the individual through INTERPOL without undergoing comprehensive screening is a contradiction of INTERPOL’s rules which unequivocally give the General Secretariat the power to conduct such screening and consider CCF’s decisions final and binding. Any such speculation also makes the mechanism, which CCF and the General Secretariat represent and whose goal is to protect individuals from persecution and maintain INTERPOL’s neutrality, look useless.
Finally, if INTERPOL were denied the power to prevent non-compliant diffusions and other requests from being processed, it would also expose member countries-recipients of these requests to accusations of aiding and abetting governments-abusers. RPD hold responsible not only countries from which such requests originate but recipients of that data as well for any violations of the Organization’s rules. The General Assembly has repeatedly stressed that recipients are responsible for any consequences arising out of them acting on the information they receive. In this regard, RPD repeatedly remind all recipients of data that before acting on it they must check its quality to make sure it is accurate, relevant, not excessive and up to date, require that they take “appropriate measures so that data received are immediately updated at the national level once they have been informed of any modification or deletion,” and hold them “fully responsible for … any action taken at the national level based on data they have received.”