1. Introduction

At Interpol’s 92nd General Assembly in November 2024, Articles 1, 22, 24, 42, 47, 67, 70, 71, and 135 of the Rules on the Processing of Data (RPD) were amended through Resolutions GA-2024-92-RES-07 and GA-2024-92-RES-08. The amendments introduced new provisions and refined the existing articles. While these changes aim to enhance governance, accountability, and compliance with international data protection standards, they also raise concerns regarding potential operational risks, legal ambiguities, and the effectiveness of enforcement mechanisms. This analysis provides a critical evaluation of the amendments with specific references to the modified text.

2. Amendments to Key Provisions

A. Article 1 – Definitions

The modifications to Article 1 add biometric data to the category of “Particularly sensitive data” and introduce definitions of publicly available information and biometric data.

(29) “Publicly available information” means information that is not subject to any legal restriction, which is obtained without special legal status or authority, and which includes, but is not limited to, news and media sources, books and journals, online materials, academic materials, commercial databases, and subscription services that are available to any member of the public.

(30) “Biometric data” means personal data relating to physical, biological, behavioral, or physiological characteristics, such as fingerprints, facial images, or DNA profiles, that have been subject to specific technical processing to enable or confirm the identification of an individual.

Although these changes align INTERPOL’s framework with evolving international norms on data protection (including those under the EU General Data Protection Regulation (GDPR) and the UN Principles on Personal Data Protection), open-source data—particularly that from online materials and media sources—can be unverified, misleading or politically biased. The lack of explicit quality control requirements could lead to unwarranted law enforcement actions based on unreliable sources. In addition, the ability to process such information without legal restrictions increases the risk of politically motivated misuse, particularly in cases involving opposition figures and exiled dissidents.

B. Article 22 – Strengthened Administration by the General Secretariat

The amendments to Article 22 clarify and reinforce the General Secretariat’s administrative oversight of data processing. This provision is positive in terms of centralized quality control, but there is no clear sanctioning mechanism for National Central Bureaus (NCBs) or for external entities that fail to comply with these rules.

C. Article 24 – Expansion of Data Recording from External Sources

The amendment in Paragraph 1(b) of Article 24 grants INTERPOL broader authority to record data that constitutes publicly available information, as defined in Article 1. However, there is no explicit requirement for prior validation of the credibility of sources, which increases the risk of politically or commercially motivated data submissions. Governments with poor human rights records may attempt to manipulate INTERPOL’s database by submitting misleading information through this mechanism.

D. Article 42 – Processing of Particularly Sensitive Data

The headline of Article 42 has been changed to Additional conditions for processing Particularly Sensitive Data from ‘Additional Conditions for Recording Particularly Sensitive Data’. Although the amendments introduce stricter conditions for processing sensitive personal data, including biometric information, the criterion of “important criminalistic value” remains undefined, thus leaving room for subjective interpretation.

E. Article 47

Article 47 has been completely amended. Its headline is now ‘Additional Conditions for Recording Publicly Available Information and Other Information Received from Persons or Entities’, whereas it was previously ‘Recording of Data at the Onitiative of the General Secretariat’. The new version introduces additional conditions for recording data that is received from third-party sources, including private entities and individuals. Although the safeguards outlined in the article seem adequate, the pre-recording vetting of data should be conducted by an independent panel rather than by the General Secretariat.

F. Article 67 – Forwarding Data

The revision mandates stricter procedural safeguards before forwarding data to a third party. These safeguards require checking whether the data is subject to any restriction, assessing its relevance or “important criminalistic value” in achieving the aims of the Organization, and ensuring it is strictly necessary for the purposes of processing, before forwarding particularly sensitive data. However, the effectiveness of these safeguards depends on the willingness of NCBs to self-comply, and there is no formal review mechanism.

G. Articles 70–71

Article 70 ensures that publicly available information may also be used for criminal analysis purposes.

Article 71 requires that any crime analysis report specifies whether the information or conclusions drawn by the General Secretariat are based, either wholly or partially, on publicly available information, as well as the provision of the time stamp and origin of that information.

These amendments increase transparency regarding the data used in crime analysis reports and reduce the likelihood of misinformation influencing international law enforcement actions.

H. Article 135 – Settlement of Disputes

The modifications to Article 135 enhance the mechanisms for resolving disputes involving NCBs, international entities, national entities, private entities, or the General Secretariat, concerning compliance decisions that arise in connection with the application of the Rules on the Processing of Data.

3. Conclusion

Overall, the 2024 amendments to Interpol’s Rules on the Processing of Data signal a commitment to aligning with evolving international standards on data protection. By clarifying the definitions of key terms, reinforcing administrative oversight, and outlining more rigorous conditions for recording and forwarding sensitive data, these changes may strengthen governance and accountability within the Organization.

Nevertheless, the amendments also give rise to significant challenges. The broader scope for the collection and processing of data from both private and publicly available sources—coupled with the absence of robust independent oversight—amplifies the risk of politically or commercially motivated misuse. Vague criteria, such as “important criminalistic value,” further heighten the potential for subjective interpretation. Additionally, while the dispute-settlement enhancements in Article 135 are promising, there remains no clear sanctioning or review mechanism to ensure that NCBs and external entities adhere to these stricter rules.

Finally, the exclusion of human rights NGOs from discussions on the planned amendments undermines essential stakeholder engagement and may weaken trust in the reforms. As Interpol and its Member States move forward, it is crucial to reinforce these amendments with enforceable checks and balances that protect fundamental rights and maintain the integrity of international law enforcement cooperation.