Data Protection

IOM operations require the processing of the personal data of millions of beneficiaries worldwide. IOM holds data protection central to supporting our operations as it is paramount to the respect for human dignity and the right to privacy of individuals.

Data protection derives from the right to privacy, which has been globally recognised as a fundamental human right enshrined in international conventions, most notably Article 12 of the Universal Declaration of Human Rights and Article 17 of the Convenant on Civil and Political Rights.

Data protection is about the protection of personal data of individuals. Protecting data means protecting people. This is often overlooked and does not apply solely to particularly vulnerable groups IOM works with, such as victims of trafficking, but all IOM beneficiaries. 

IOM’s Institutional Law and Programme Support Division (LEGPS) of the Office of Legal Affairs is the focal point of the organization for data protection issues and provides advice to ensure that personal data are processed in accordance with the IOM Data Protection Principles and Manual.

IOM and Data Protection

IOM was one of the first international organization to develop its own internal guidance concerning data protection, the IOM Data Protection Principles in 2009. These principles prevent unnecessary and disproportionate interference into privacy. IOM’s Data Protection Principles are available in all three official languages of the Organization.

IOM published its Data Protection Manual, in 2010. The IOM Data Protection Manual provides guidelines for how to govern the implementation of the IOM Data Protection Principles in a manner that recognizes both the right of individuals to protect their personal data and the need of IOM to process personal data in the course of fulfilling the Organization’s migration mandate. 

IOM is a member of the UN Privacy Policy Group (UN PPG)

The UN PPG is an inter-agency group convened in September 2016 that is co-chaired by UN Global Pulse and the UN Office of Information and Communications Technology (OICT), with the primary objectives are to advance dialogue and information sharing on key issues related to data privacy and protection within the UN system; unite existing efforts on data privacy and protection; and develop a practical UN System-wide framework on data privacy and data protection. The UN PPG developed the UN Principles on Personal Data Protection and Privacy, a high-level framework for the processing of personal data by, or on behalf of, the United Nations System Organizations in carrying out their mandated activities.

In November 2020, a Joint Statement on Data Protection and Privacy in the COVID-19 response was issued by UN system organizations under the UNPPG. The statement supports the privacy protective use of data and technology by the UN in fighting the current pandemic and it is based on the UN Personal Data Protection and Privacy Principles. More information here.

ICRC Handbook on Data Protection in Humanitarian Action

IOM has been part of the Advisory Group and has assisted in the drafting of the ICRC Handbook on Data Protection in Humanitarian Action, jointly edited by the Brussels Privacy Hub of the Vrije Universiteit Brussel and the Data Protection Office of the International Committee of the Red Cross (ICRC) in Geneva, Switzerland. The Handbook provides guidance on the application of data protection principles to the very unique specificities of Humanitarian Action, and then describes this guidance according to the specific features of new technologies that are of particular relevance for humanitarian action. The Handbook on Data Protection in Humanitarian Action can be found here.

The second edition of the Handbook was digitally launched on 1 September 2020 during a day-long follow-the-sun digital event during which various chapters of the Handbook were discussed as well as current issues linked to the implementation of data protection principles in the humanitarian sector. Recordings of the panel discussions which took place can be found here.

The IOM Community Response App

IOM’s Community Response App was designed by and for IOM field staff to help demonstrate the impact of projects by capturing feedback and testimonials of migrants, including their personal journeys, achievements, and challenges. The design of the Community Response App requires informed consent to be obtained whenever IOM collects data, photos or videos, in a user-friendly way.

Workshops co-organized by the European Data Protection Supervisor (EPDS) and international organizations
  • International organizations meet to discuss data protection in the framework of these workshops on data protection that have been taking place since 2006.
  • IOM co-hosted the 6th data protection workshop with the European Data Protection Supervisor (EDPS) at the IOM Headquarters in Geneva in May 2017.  Thirty-five entities, most most of them international organizations, were represented at the event and 77 individual participants.