Data protection and privacy
The protection of personal data has become increasingly crucial for intergovernmental organizations in general, the organizations of the United Nations system, and ITU in particular. As the world becomes more interconnected through advancements in technology and telecommunications, the exchange of information between ITU, its constituents, its partners and other third parties, has become commonplace. This exchange of information often includes personal data which, if misused or compromised, may have material adverse impact on the individuals concerned. The need for a robust data protection framework is essential for maintaining trust, ensuring privacy, and fostering a secure environment for international cooperation.
Recognizing this need, the UN High-Level Committee on Management (HLCM) adopted the
Personal Data Protection and Privacy Principles at its 36th Meeting on 11 October 2018, to which ITU has also adhered.
The adoption of the Personal Data Protection and Privacy Principles by the HLCM demonstrated the commitment of the United Nations system to uphold the highest standards of data protection. These principles provide a comprehensive framework for the responsible handling of personal data, including collection, processing, storage, and sharing.
ITU transposed the aforementioned Principles into its own regulatory framework in 2023. This integration demonstrates the organization's commitment to ensuring the privacy and security of personal data within its operations and activities.
ITU processes the personal data of a range of individuals, including staff, consultants, retirees, and vendors, and is dedicated to transparency and the safeguarding of this data. Personal data includes identifiable information such as names, email addresses, and IP addresses, and the policy applies to living individuals' data.
The policy outlines several principles: fair and legitimate processing, purpose specification, proportionality and necessity, retention, accuracy, confidentiality, security, transparency, regulated transfers, and accountability. Individuals (Data Subjects), whose data is processed by ITU have specific rights, including access, rectification, information, deletion, and objection. The policy also mandates proactive data protection and privacy considerations in ITU's system design and default settings, Personal Data Mappings, and Data Protection and Privacy Assessments. Additionally, the policy includes provisions for managing Personal Data Breaches, requiring coordination with ITU's ICT Security Division and proper record-keeping of such breaches.
The full text of ITU's Data Protection and Privacy Policy can be found
here.
ITU as a member of the UN Privacy Policy Group (UN PPG)
The UN PPG, an inter-agency group established in September 2016, aims to advance dialogue and information sharing on key issues related to data privacy and protection within the UN system; unite existing efforts on data privacy and protection, and develop a practical UN System-wide framework on data privacy and data protection. It drafted the UN Principles on Personal Data Protection and Privacy, a high-level framework for the processing of personal data by, or on behalf of, the United Nations System Organizations in carrying out their mandated activities, which was later adopted by HLCM, including by ITU.
In November 2020, the UN PPG released a Joint Statement on Data Protection and Privacy in the COVID-19 response focusing on the privacy-protective use of data and technology in tackling the pandemic. Read the full statement
here.