Address: 19 Avenue de la paix, 1202 Geneva, Switzerland
Stakeholder group: International and regional organisations
Established in 1863, the ICRC is an independent international humanitarian organisation headquartered in Geneva. It defends and promotes the respect of international humanitarian law (IHL) and is dedicated to protecting the lives and dignity of victims of war and to providing assistance. Along these lines, it cooperates with governments, the private sector, and other entities affected by international and internal armed conflict and violence.
Together with the International Federation of Red Cross and Red Crescent Societies and 192 individual national societies, the ICRC makes up the so-called International Red Cross and Red Crescent Movement.
Digitalisation is increasingly present in the context of armed conflict and violence. On one hand, affected populations are in demand for digital tools, which humanitarian organisations need to provide in a responsible manner.
On the other hand, states use cyber operations as part of warfare with humans affected by the consequences of such operations and other digital risks.
To this end, humanitarian organisations also use digital tools to improve their operations. The ICRC addresses the implications of technology, which are multifold and range from data protection for humanitarian actions to the application of IHL to cyber operations in armed conflict.
It hosts expert and intergovernmental discussions and has developed a number of (digital) tools to help improve awareness and understanding of IHL and relevant standards.
The ICRC co-operates with other organisations on digital policy issues.
Digital policy issues
The ICRC has explored the role of artificial intelligence (AI) tools in armed conflict. In a document titled Artificial Intelligence and Machine Learning in Armed Conflict: A Human-Centred Approach published in 2019, it argues that ‘any new technology of warfare must be used, and must be capable of being used, in compliance with existing rules of international humanitarian law.’ It also touches on the use of AI and machine learning (ML) technologies capable of controlling physical military hardware. It argues that from a humanitarian perspective, autonomous weapon systems (AWS) are of particular concern given that humans may not be able to exert control over such weapons or the resulting use of force. While the ICRC recognises that not all weapon systems incorporate AI or ML, it emphasises that such software components could eventually give way to future AWS. It also emphasises the potential misuse of AI and ML in the development of cyber weapons and capabilities. The ICRC calls for a human control-based approach to the application of AI and ML in AWS.
Cyber operations during armed conflict
The use of cyber operations during armed conflicts is a reality today and their use is likely to increase in future. Through bilateral confidential dialogue, expert discussions, participation in intergovernmental processes, and constant monitoring and analysis, the ICRC is raising awareness of the potential human cost of cyber operations and the application of IHL to cyber operations during armed conflict. Its efforts on this matter date back over two decades. Ever since, the ICRC has held the view that IHL limits cyber operations during armed conflict just as it limits the use of any other weapon, means and methods of warfare in an armed conflict, whether new or old.
Over the years, the ICRC has been actively involved in global policy discussions on cyber-related issues, including those held within the UN (various Groups of Governmental Experts (GGEs) and the Open-Ended Working Groups (OEWGs)). In addition, it convenes regional consultations among government experts on how IHL applies to cyber operations, and global expert meetings, such as the potential human cost of cyber operations and on avoiding civilian harm from military cyber operations during armed conflicts. Its legal views on how IHL applies to cyber operations during armed conflict are found in a 2019 position paper that was sent to all UN member states in the context of the different UN- mandated processes on information and communications technology (ICT) security. Finally, the ICRC explores innovative solutions, such as a digital emblem, to protect medical and humanitarian missions in cyberspace. The ICRC’s Law and Policy blog provides a large number of short pieces on cyber operations, featuring tech expert, legal, and policy perspectives.
Privacy and data protection (1)
The ICRC plays an active role in regard to privacy and data protection in the context of humanitarian action. It has a data protection framework compliant with international data protection standards that aims to protect individuals from a humanitarian standpoint. The framework consists of ICRC rules on personal data protection, which were revised in 2020 in response to the rapid development of digital technologies, while supervisory and control mechanisms are overseen by an independent data protection commission and a data protection officer. In 2019, the ICRC spearheaded the adoption of a resolution on Restoring Family Links While Respecting Privacy, Including as it Relates to Personal Data Protection at the International Conference of the Red Cross and Red Crescent. In 2022, it pushed for the adoption of a resolution on Safeguarding Humanitarian Data at the Council of Delegates of the Red Cross and Red Crescent Movement.
Despite the wide range of data sources employed and dealt with by the ICRC, specific attention is dedicated to biometric data, which is often used in forensics and the restoration of family links. To manage this highly sensitive
information and to ensure the responsible deployment of new technologies (including new biometric identification techniques), the ICRC has adopted a Biometrics Policy, which sets out the roles and responsibilities of the ICRC and defines the legitimate bases and specified purposes for the processing of biometric data.
Data protection is also addressed by the ICRC Handbook on Data Protection in Humanitarian Action. The Handbook provides suggestions as to how existing data protection principles apply to humanitarian organisations and builds on existing regulations, working procedures, and practices. The second edition of the document specifically provides guidance on the technical aspects of data protection by design and by default and covers technological security measures. In addition, through dedicated chapters, it addresses the potential and risks of digital technology such as blockchain, AI, digital identity, and connectivity for data protection in humanitarian action. The ICRC hosted a digital launch event for the second edition of the handbook as well as one event focusing on data protection and COVID-19. It then followed up with the DigitHarium, a one-year outreach initiative to socialise some of the themes linked to data protection in the humanitarian sector as well as to provide a space where humanitarian, diplomatic, academic, and technology practitioners can meet to collaborate to find local and global solutions to today’s digital dilemmas.
The ICRC further explored the issue of data and privacy in a joint report that it published with Privacy International titled The Humanitarian Metadata Problem: Doing no Harm in the Digital Era. The report looks into how different types of metadata are derived from internal and external humanitarian exchanges (i.e. exchanges between humanitarian organisations and individuals affected by armed conflict and violence or communication within humanitarian organisations) through telecommunications and messaging; cash transfer programmes; and how social media can be accessed and misused for profiling of individuals, surveillance, repression, or commercial exploitation. In line with the humanitarian ‘do no harm’ principle, the report underscores that the humanitarian community has to consider that there is a risk that it can hinder the safety and the rights of those needing protection when using digital technologies. The ICRC also hosted an event on this topic in London in December 2018, the Digital Risk Symposium. The event explored what organisations can do to ensure they do not create additional vulnerabilities for people already at risk, as well as the potential for collaboration in the sector.
More recently, the ICRC has been involved in the Road to Bern via Geneva dialogues. As part of its contribution, the ICRC collaborated with the World Intellectual Property Organization in the second dialogue dedicated to data collection entitled Protecting Data Against Vulnerabilities: Questions of Trust Security and Privacy of Data. Specific attention was paid to three challenges: data anonymisation, loss of data through cloud processing, and limited use of biometric data.
The ICRC has argued in favour of the digitalisation of the Geneva Conventions and on the occasion of the 70th anniversary of these very treaties and additional protocols, released an IHL digital app. The app provides access to over 75 treaties including the Geneva Conventions and allows users to read through the content and therefore familiarise themselves with the text. The ICRC has a number of databases on IHL including its customary IHL database and the ICRC national implementation database.
Online learning is also used by the ICRC to promote the implementation of IHL. In 2019, it launched an e-learning course entitled Introduction to International Humanitarian Law aimed at non-legal practitioners, policymakers, and other professionals who are interested in the basics of IHL. Other online courses are available through the ICRC training centre as well as e-briefings which are available in its e-briefing library.
The ICRC maintains a digital library and an app with all ICRC publications in English and French.
Research and development
In 2022, the ICRC opened a Delegation for Cyberspace in Luxembourg, which serves as a safe and secure space to do due diligence research and develop and test solutions and ideas to prepare the ground for the support, protection, and deployment of digital services to affected people on a global scale. It will also further explore what it means to be a digital stakeholder in a manner compatible with its mandate; operational modalities; and principles of neutrality, independence, and impartiality.
Social media channels
1- The ICRC deals with privacy and data protection within its mandate and context of IHL. In this Atlas, following the Digital Watch Observatory taxonomy, privacy and data protection are part of the human rights basket.