ICC Helps with UN Principles on Personal Data Protection and Privacy

Photo details: contributors in the UN Data Privacy Policy Group, including ICC’s Milena Grecuccio, Shashank Rai and Fabio Maggiore (not pictured here)

In the context of risks and challenges around data privacy and information protection, UN Global Pulse and the UN Office of Information Communication Technology (OICT) have worked with many UN funds, programmes and other entities, including ICC, to facilitate adoption of a common set of principles for data protection and privacy. Milena Greccucio, Shashank Rai and Fabio Maggiore all took part in this important milestone deliverable as contributors in the UN Data Privacy Policy Group (UN PPG),

ICC participated in this initiative along with with IAEA, IOM, IFAD, ILO, ITU, UNAIDS, UN-OCHA, OHCHR, UN-DM, UN-DPKO, UN-Global Pulse, UN-DGC, UN-OICT, UN-OLA, UNDP, UNESCO, UNFPA, UNHCR, UNICEF, UNIDO, UNOPS, UNV, UN Women, UNWTO, UPU, WFP, WHO, WIPO and World Bank with observer organizations CEB, ICT Network, UN DOCO and IFC.

The High Level Committee on Management (HLCM) officially adopted the Principles on Personal Data Protection and Privacy at its 36th Meeting on 11 October 2018.

It’s an important step in the direction of creating a UN data protection legal framework.

Milena Grecuccio

In a message of thanks to ICC and others, Mila Romanoff, Legal and Privacy Specialist, UN Global Pulse said that this was a wonderful gift going into 2019 and that she looked forward to continue working with everyone on enhancing data privacy and data protection practices as one UN. Mila joined us in October for an ICC- UNICEF-UN Women workshop on information protection and data privacy – see Mission-driven Cyber Security – A UNICEF, UN Women and ICC Event.

The Principles

The Principles on Personal Data Protection and Privacy set out a basic framework for the processing of personal data by, or on behalf of, the United Nations System Organizations in carrying out their mandated activities.

The Principles aim to: (i) harmonize standards for the protection of personal data across the UN System; (ii) facilitate the accountable processing of personal data; and (iii) ensure respect for the human rights and fundamental freedoms of individuals, in particular the right to privacy. These Principles apply to personal data, contained in any form, and processed in any manner. Where appropriate, they may also be used as a benchmark for the processing of non-personal data, in a sensitive context that may put certain individuals or groups of individuals at risk of harms.

The High Level Committee on Management (HLCM) formally adopted the Principles at its 36th Meeting on 11 October 2018. The adoption followed the HLCM’s decision at its 35th Meeting in April 2018 to engage with the UN Data Privacy Policy Group (UN PPG) in developing a set of high-level principles on the cross-cutting issue of data privacy. Preceding the 36th HLCM meeting in October, the Principles were developed and unanimously endorsed by the organizations represented on the UN PPG.

The UN PPG is an inter-agency group convened in September 2016 that is co-chaired by UN Global Pulse and the UN Office of Information and Communications Technology (OICT). The UN PPG’s primary objectives are to (i) advance dialogue and information sharing on key issues related to data privacy and protection within the UN system; (ii) unite existing efforts on data privacy and protection; and (iii) develop a practical UN System-wide framework on data privacy and data protection.

Purpose: These principles (the “Principles”) set out a basic framework for the processing of “personal data”, which is defined as information relating to an identified or identifiable natural person (“data subject”), by, or on behalf of, the United Nations System Organizations in carrying out their mandated activities. These Principles aim to:

  1. Harmonize standards for the protection of personal data across the United Nations System Organizations
  2. Facilitate the accountable processing of personal data for the purposes of implementing the mandates of the United Nations System Organizations
  3. Ensure respect for the human rights and fundamental freedoms of individuals, in particular the right to privacy.

These Principles apply to personal data, contained in any form, and processed in any manner.

The United Nations System Organizations are encouraged to adhere to these Principles and may issue detailed operational policies and guidelines on the processing of personal data in line with these Principles and each Organization’s mandate. Personal data should be processed in a non-discriminatory, gender sensitive manner. Where appropriate, these Principles may also be used as a benchmark for the processing of non-personal data, in a sensitive context that may put certain individuals or groups of individuals at risk of harms.