International Police Abuse: The Need for Stricter Data Guidelines at Interpol

Gabrielle Harwell
Vol. 41 Associate Editor

Background Transnational crime poses a significant and growing threat to national and international security. As criminal networks expand and diversify, Interpol provides an invaluable tool to combat crime: law enforcement collaboration and data sharing.[1] National Central Bureaus (NCBs) act as the main source of data collection and international collaboration among Interpol member states. Unlike national law enforcement organizations, NCBs are governed by international agreements such as Interpol’s Rules on the Processing of Data (RPD), which establishes standards on the processing and use of data in international criminal investigations.[2] However, the authority national governments have over the NCBs, combined with the lack of uniform data processing standards, allows governments to abuse Interpol’s network to violate individuals’ human rights. While Interpol sought to update the RPD through a review in October of 2019, that review has focused mainly on abusive issuances of international extradition and arrest requests.[3] Further review should establish uniform standards on data processing that limits the broad authority of national governments to protect human rights. Differing Standards Provide the Opportunity for Governmental Abuse of NCBs The current RPD allows national governments to abuse the process. These rules merely state that data collection and processing must comply with Interpol’s Constitution and the Universal Declaration of Human Rights.[4] Beyond providing that particularly sensitive data may not be used or processed for discriminatory purposes, the RPD offers little guidance on what constitutes lawful data collection and processing.[5] While NCBs must meet international standards on individual rights, national and other international entities lack that responsibility when contributing data for Interpol’s criminal databases.[6] The broad standard established for lawful collection and processing of data creates room for national governments to abusively collect data on subjects. While Interpol’s constitution and the Universal Declaration of Human Rights expressly prohibit persecution for political, military, racial, or religious differences, they are hollow promises without more protective RPD standards. Further, NCBs lack strict guidelines on processing data for uses other than the purpose it was collected for. NCBs have control over sensitive personal information like the subject’s name, identifying documents, date, and place of birth, fingerprints and DNA profile.[7] Regardless of the sensitive nature of the data, the NCBs merely have to provide evidence that the data’s new purpose complies with the Constitution, is lawful “under applicable law,” and that the new purpose is incompatible with the initial purpose the data was collected for.[8] Once the initial purpose for the data has been met, the personal data on international criminals may be retained and used as long as the NCB authorizes new uses of the data.[9] These vague standards governing the use of personal data on potential criminals at the national and international level provides further opportunity for governments to abuse NCBs’ discretion and authority. Perhaps the most notorious example of governmental abuse of Interpol’s data sharing is the Kremlin’s repeated issuing of extradition requests against Bill Browder. Browder, an outspoken critic of the Kremlin’s corruption, has been added to Interpol’s arrest list seven times since the 2009 death of his lawyer Sergei Magnitsky in a Russian prison.[10] Russia’s latest Interpol abuse came in 2018 when Russian prosecutors brought fresh charges accusing Browder of ordering the murder of his lawyer while laundering millions of dollars.[11] The Kremlin continually exploits its authority over the Russian NCB to issue extradition notices for Browder, even though other governments condemn the extradition requests as unlawful.[12] Russia’s abusive use of extradition notices against Browder highlights how governments can abuse NCB’s broad discretion to violate fundamental human rights. While Interpol’s Constitution states that its data-sharing service should not be used for political, military, racial, or religious persecution, the lack of uniform standards on the treatment of data within NCBs in each country creates a powerful tool for governments abuse the data for those purposes.[13] The RPD authorizes NCBs to follow local government practices on the collection and processing of data on criminals, creating an incentive for governments to abuse the international network to wrongly punish those abroad. Establish Uniform Standards to Better Protect Human Rights Rather than trusting governments to comply with international agreements on human rights, Interpol is the best-situated entity to police against governmental abuse of the data-sharing cooperative. Interpol should, therefore, implement uniform guidelines on data collection, processing, and use that unify the processes among all member states’ police agencies. NCBs should be forced to comply with uniform standards established by the RPD instead of local standards. The broad standards that currently exist all but guarantee that any data collected by a local government and used by NCBs falls within the standards of the RPD, particularly because of the lack of standards on the lawful collection and processing of data. Further, Interpol should establish an internal body to review the legitimacy of the purpose of collecting sensitive data and the issuances of extradition requests to further combat abuse by the governments of the member states. Though these solutions establish further bureaucratic requirements that hinder the speedy processing of data, such changes in the RPD would provide innocent people with greater protection than the current standards lack. Interpol’s Constitution mandates that the organization act in compliance with the Universal Declaration of Human Rights. Creating weak rules easily abused by local governments falls short of the protections that the Declaration sought to create. As the Bill Browder example shows, weak rules allow governments to discriminate against alleged “criminals” on the basis of political opinion—undermining the goals of the Declaration.[14] Conclusion While establishing new guidelines will create further bureaucratic barriers against coordinated efforts to combat crime, uniform standards on data processing will provide stronger protections and respect for the human rights that individuals are entitled to. Though member governments would likely oppose changes to the authority they exert over NCBs, small changes in the standards that govern the lawfulness of the collection and processing of data may be enough to provide the protection that all individuals should be entitled to.


[1] What is INTERPOL?, Interpol, https://www.interpol.int/Who-we-are/What-is-INTERPOL; Member countries, Interpol, https://www.interpol.int/en/Who-we-are/Member-countries. [2] See Interpol, Interpol Doc. III/IRPD/GA/2011, INTERPOL’s Rules on the Processing of Data (2016). [3]Interpol, Interpol Doc. III/IRPD/GA/2011, INTERPOL’s Rules on the Processing of Data (2016), art. 82. [4] Id. art. 2. [5] Id. art. 42; see also id. art. 1 (defining “particularly sensitive data” as personal data revealing race, ethnicity, sexual orientation, religion, and other sensitive information). [6] Id. art. 11. [7] Id. art. 53. [8] Id. art. 64. [9] Id. art. 46. [10] Guy Faulconbridge, Russia asks Interpol to arrest Kremlin critic Bill Browder again: letter, Reuters (April 9, 2019). [11] Tom Balmforth, Russia accuses Kremlin critic Browder of ordering lawyer’s murder, Reuters (Nov. 19, 2018). [12] Daniel Sternberg, Mythbusting the Browder arrest: How an Interpol Red Notice works, Politics UK (May 31, 2018). [13]   Constitution of the ICPO-Interpol, art. 3. [14] Universal Declaration of Human Rights, G.A. Res. 217A, U.N. GAOR, 3d Sess., 1st plen. mtg. at 2, U.N. Doc A/810 (Dec. 12, 1948). The views expressed in this post represent the views of the post’s author only.