Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-78c5997874-t5tsf Total loading time: 0 Render date: 2024-11-08T19:07:23.921Z Has data issue: false hasContentIssue false

Chapter 1 - Introduction

Published online by Cambridge University Press:  24 October 2024

By
Massimo Marelli
Edited by
Massimo Marelli
Massimo Marelli
Affiliation:
International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands

Summary

In recent years, the development of new technologies allowing for easier and faster Processing of ever-increasing quantities of Personal Data in an interconnected world has given rise to concerns about possible intrusion into the private sphere of individuals. Regulatory efforts around the globe are ongoing to respond to these concerns.

Type
Chapter
Information
Handbook on Data Protection in Humanitarian Action , pp. 3 - 10
Publisher: Cambridge University Press
Print publication year: 2024
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This content is Open Access and distributed under the terms of the Creative Commons Attribution licence CC-BY-NC-ND 4.0 https://creativecommons.org/cclicenses/

1.1 Background

In recent years, the development of new technologies allowing for easier and faster Processing of ever-increasing quantities of Personal Data in an interconnected world has given rise to concerns about possible intrusion into the private sphere of individuals. Regulatory efforts around the globe are ongoing to respond to these concerns.

Protecting individuals’ Personal Data is an integral part of protecting their life, integrity and dignity. This is why Personal Data protection is of fundamental importance for Humanitarian Organizations.

In suggesting how data protection principles should be applied by Humanitarian Organizations, this Handbook builds on existing guidelines, working procedures and practices that have been established in Humanitarian Action in the most volatile environments and for the benefit of the most vulnerable victims of armed conflicts, other situations of violence, natural disasters, pandemics and other Humanitarian Emergencies (together ‘Humanitarian Emergencies’). Some of these guidelines, procedures and practices predate the advent and development of data protection laws, but they all are based on the principle of human dignity and the same concept of protection which underpins data protection laws. These guidelines have been set out, notably, in the Professional Standards for Protection Work.Footnote 1

1.2 Objective

This Handbook aims to further the discussion launched by the Global Privacy Assembly (GPA) – previously known as the International Conference of Data Protection and Privacy Commissioners (ICDPPC) – with its Resolution on Privacy and International Humanitarian ActionFootnote 2 adopted in Amsterdam in 2015. This discussion was relaunched and continued through the GPA Resolution on the Role of Personal Data Protection in International Development Aid, International Humanitarian Aid and Crisis ManagementFootnote 3 adopted in 2020, which makes specific reference to the development and publication of the previous editions of this Handbook as one of the main achievements of the cooperation between humanitarian actors and the GPA.

It is not intended to replace compliance with applicable legal norms, or with data protection rules, policies and procedures that a particular organization may have adopted. Rather, the Handbook seeks to raise awareness and assist Humanitarian Organizations in ensuring that they comply with Personal Data protection standards in carrying out humanitarian activities, by providing specific guidance on the interpretation of data protection principles in the context of Humanitarian Action, particularly when new technologies are employed.

This Handbook is designed to assist in the integration of data protection principles and rights in the humanitarian environment. It does not, however, replace or provide advice in relation to the application of domestic legislation on data protection, where this is applicable to a Humanitarian Organization not benefiting from the privileges and immunities generally associated with an International Organization.

Compliance with Personal Data protection standards requires taking into account the specific scope and purpose of humanitarian activities to provide for the urgent and basic needs of vulnerable individuals. Data protection and Humanitarian Action should be seen as compatible, complementary to, and supporting each other. Thus, data protection should not be seen as hampering the work of Humanitarian Organizations; on the contrary, it should be of service to their work. Equally, data protection principles should never be interpreted in a way that hampers essential humanitarian work, and should always be interpreted in a way that furthers the ultimate objective of Humanitarian Action, namely safeguarding the life, integrity and dignity of victims of Humanitarian Emergencies.

The recommendations and guidelines contained in this Handbook are based on some of the most important international instruments dealing with data protection, in particular the following:

  • UN General Assembly Resolution 45/95 of 14 December 1990Footnote 4 adopting the Guidelines for the Regulation of Computerized Personal Data Files,Footnote 5 which includes the “humanitarian clause” calling for particular care and flexibility when applying data protection principles in the humanitarian sector;

  • the UN Principles on Personal Data Protection and Privacy, adopted by the UN High-Level Committee on Management (HLCM) at its 36th Session on 11 October 2018;Footnote 6

  • the International Standards on the Protection of Personal Data and Privacy (The Madrid Resolution) adopted by the ICDPPC in Madrid in 2009;Footnote 7

  • The OECD Privacy Guidelines (2013);Footnote 8

  • the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108),Footnote 9 including Protocol CETS No. 223 amending the Convention (known as Convention 108+).Footnote 10

Other important standards have also been taken into account, in particular:

  • recent regulatory developments, insofar as they reflect further development of data protection concepts and principles in light of their application over the years and the challenges generated by new technologies (this includes the updating of Convention 108, as well as the EU General Data Protection Regulation 2016/679 (GDPR));Footnote 11

  • the Resolution on Data Protection and Major Natural DisastersFootnote 12 adopted by the ICDPPC in Mexico City in 2011;

  • the Resolution on Privacy and International Humanitarian Action adopted by the ICDPPC in Amsterdam in 2015;Footnote 13

  • The Resolution on the Role of Personal Data Protection in International Development Aid, International Humanitarian Aid and Crisis Management;Footnote 14

  • the ICRC Rules on Personal Data Protection (2015, updated and adopted by the ICRC Assembly on 19 December 2019);Footnote 15

  • the ICRC Professional Standards for Protection Work (2013);Footnote 16

  • the UNHCR Policy on the Protection of Personal Data of Persons of Concern to UNHCR (2015);Footnote 17

  • the IOM Data Protection Manual (2010).Footnote 18

This Handbook provides recommended minimum standards for the Processing of Personal Data. Humanitarian Organizations may provide for stricter data protection requirements, should they deem it appropriate or be subject to stricter laws at the domestic or regional level.

A few important considerations should be highlighted from the outset:

  • The right to privacy has long been recognized globally as a human right,Footnote 19 while the right to Personal Data protection is a relatively recent human right that is closely connected to the right to privacy and sets forth conditions for the Processing of data of an identified or identifiable individual. Specific data protection or privacy-related laws and norms have been adopted at national and regional levels in recent years in almost 150 countries,Footnote 20 and Personal Data protection as a fundamental right is gaining wider acceptance around the world. Accordingly, implementation of Personal Data protection standards, even where not a legal obligation given the privileges and immunities enjoyed by certain Humanitarian Organizations, should be a priority for all Humanitarian Organizations, considering that the main objective of their activities is to work for the safety and dignity of individuals.

  • Some Humanitarian Organizations, having a status of International Organizations, enjoy privileges and immunities and do not follow national legislation on Personal Data protection.Footnote 21 Respect for privacy and data protection rules is nevertheless, in many cases, a prerequisite for them to receive Personal Data from other entities, and, therefore, to do their work.

  • The exceptional emergency circumstances in which Humanitarian Organizations operate create special challenges regarding data protection. Accordingly, particular care and flexibility is required when applying data protection principles in the humanitarian sector. This need is also reflected in many of the international instruments and standards mentioned above, which include stricter rules for the Processing of Sensitive Data.Footnote 22

  • The lack of a uniform approach in data protection law to the Personal Data of deceased individuals means that Humanitarian Organizations should adopt their own policies on this matter (for example, by applying the rules applicable to the Personal Data of natural persons to the deceased, insofar as this makes sense). For organizations that do not enjoy immunity from jurisdiction, this question may be regulated by the applicable law.

  • The focus of this Handbook is on Personal Data protection, and the application of this area of law to Humanitarian Action. Yet, in armed conflicts and other situations of violence, many threats are collective rather than individual – a village, a community, a specific group of men and women may share the same threats. So just focusing on the proper management of Personal Data may not be sufficient. In some cases, Processing of non-Personal Data may raise specific threats at the collective level. In this respect, a number of initiatives in the humanitarian sector have been focusing on the implications of Processing data more generally for communities and referring, for example, to ‘demographically identifiable information’,Footnote 23 or ‘Community Identifiable Information’.Footnote 24

  • Humanitarian Organizations process the Personal Data of different categories of individuals in Humanitarian Emergencies, such as data of affected people and contacts involved in their activities, as well as data of staff and goods/service providers, or even data of donors. While the focus of this Handbook is the Processing of the Personal Data of the beneficiaries of humanitarian programmes, similar considerations apply to the handling of Personal Data of other categories of individuals.

1.3 Structure and approach

Part I of this Handbook applies to all types of Personal Data Processing in Humanitarian Emergencies and provides a detailed analysis of Personal Data protection principles and requirements contextualized in Humanitarian Emergencies. Part II deals with specific types of technologies, technology areas and data Processing situations, and contains a more specific discussion of the relevant data protection issues. The specific Processing scenarios outlined in Part II should always be read with Part I in mind. Defined terms are capitalized throughout this Handbook; the definitions are contained in the at the beginning of the Handbook.

1.4 Target audience

This Handbook is aimed at legal professionals and staff of Humanitarian Organizations involved in Processing Personal Data for the humanitarian operations of their organization, particularly those in charge of advising on and applying data protection standards. It is also addressed to other parties involved in Humanitarian Action or data protection, such as data protection authorities, researchers and academics, private companies wishing to engage in partnerships with Humanitarian Organizations, and any others involved in these activities.

Footnotes

1 ICRC, Professional Standards for Protection Work, 3rd ed., ICRC, Geneva, 2018: https://shop.icrc.org/professional-standards-for-protection-work.html.

2 International Conference of Data Protection and Privacy Commissioners, Resolution on Privacy and International Humanitarian Action, 37th International Conference of Data Protection and Privacy Commissioners, Amsterdam, 27 October 2015: http://globalprivacyassembly.org/wp-content/uploads/2015/02/Resolution-on-Privacy-and-International-Humanitarian-Action.pdf.

3 Global Privacy Assembly, Resolution on the Role of Personal Data Protection in International Development Aid, International Humanitarian Aid and Crisis Management, 42nd Closed Session of the Global Privacy Assembly, October 2020: https://globalprivacyassembly.org/wp-content/uploads/2020/10/FINAL-GPA-Resolution-International-Aid-EN.pdf.

4 UN General Assembly, Resolution 45/95 of 14 December 1990, A/RES/45/95, 14 December 1990.

5 UN General Assembly, Guidelines for the Regulation of Computerized Personal Data Files, 14 December 1990: www.refworld.org/docid/3ddcafaac.html.

6 UN High-Level Committee on Management (HLCM), UN Principles on Personal Data Protection and Privacy, 11 December 2018: https://archives.un.org/sites/archives.un.org/files/_un-principles-on-personal-data-protection-privacy-hlcm-2018.pdf.

7 International Conference of Data Protection and Privacy Commissioners, International Standards on the Protection of Personal Data and Privacy, Resolution, Madrid, 5 November 2009: https://globalprivacyassembly.org/wp-content/uploads/2015/02/The-Madrid-Resolution.pdf.

8 OECD, OECD Privacy Guidelines, 2013: https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0188.

9 Council of Europe (CoE), Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Treaty, Council of Europe Treaty Series (CETS) – No. 108, Strasbourg, 28 January 1981: www.coe.int/en/web/conventions/full-list?module=treaty-detail&treatynum=223.

10 Council of Europe (CoE), Protocol Amending the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Treaty, Council of Europe Treaty Series (CETS) – No. 223, Strasbourg, 10 October 2018: https://rm.coe.int/16808ac918.

11 EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (EU General Data Protection Regulation), [2016] OJ L119/1.

12 International Conference of Data Protection and Privacy Commissioners, Resolution on Data Protection and Major Natural Disasters, Resolution, 33rd International Conference of Data Protection and Privacy Commissioners, Mexico City, 2011: http://globalprivacyassembly.org/wp-content/uploads/2015/02/Resolution-on-Data-Protection-and-Major-Natural-Disasters.pdf.

13 International Conference of Data Protection and Privacy Commissioners, International Humanitarian Action, Resolution, 37th International Conference of Data Protection and Privacy Commissioners, Amsterdam, 27 October 2015: http://globalprivacyassembly.org/wp-content/uploads/2015/02/Resolution-on-Privacy-and-International-Humanitarian-Action.pdf.

14 Global Privacy Assembly, Resolution on Personal Data Protection in International Development Aid, Resolution, 42nd Closed Session of the Global Privacy Assembly, October 2020: https://globalprivacyassembly.org/wp-content/uploads/2020/10/FINAL-GPA-Resolution-International-Aid-EN.pdf.

15 ICRC, Rules on Personal Data Protection, Publication, ICRC, Geneva, 2015: www.icrc.org/en/publication/4261-icrc-rules-on-personal-data-protection.

16 ICRC, Professional Standards for Protection Work.

17 UN High Commissioner for Refugees (UNHCR), Policy on the Protection of Personal Data of Persons of Concern to UNHCR, May 2015, www.refworld.org/docid/55643c1d4.html.

18 International Organization for Migration (IOM), IOM Data Protection Manual, Geneva, 2010: https://publications.iom.int/books/iom-data-protection-manual.

19 See Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Rights.

20 See UN Conference on Trade and Development (UNCTAD), “Data Protection and Privacy Legislation Worldwide | Register”, UNCTAD, accessed 6 January 2022: https://unctad.org/page/data-protection-and-privacy-legislation-worldwide.

21 Massimo Marelli, “The law and practice of international organizations’ interactions with personal data protection domestic regulation: At the crossroads between the international and domestic legal orders”, Computer Law and Security Review, Vol. 50, 2023, 105849: https://doi.org/10.1016/j.clsr.2023.105849.

22 See Section 2.2: Basic data protection concepts.

23 See: “The Signal Code: A Rights Based Approach to Information during Crisis”, The Signal Code, accessed 6 January 2022: https://signalcode.org.

24 See: Humanitarian Data Exchange Initiative, “Terms of Service”, HDX, accessed 6 January 2022: https://data.humdata.org/faqs/terms.

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

  • Introduction
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

  • Introduction
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

  • Introduction
  • Edited by Massimo Marelli, International Committee of the Red Cross (ICRC) and Universiteit Maastricht, Netherlands
  • Book: Handbook on Data Protection in Humanitarian Action
  • Online publication: 24 October 2024
Available formats
×