eCases

•                     United States Participation in
  Interpol Computerized Search File Project
  Neither state nor federal law would prohibit participation by the United States National
  Central Bureau o f Interpol (USNCB) in a proposed computerized information exchange
  system, provided the USNCB complies with all disclosure, accounting, and publication
  requirements imposed by applicable federal statutes, such as 22 U.S.C. § 263a, the
  Privacy Act, and other federal restrictions on the exchange of criminal history informa­
  tion. As a matter of comity, the USNCB may comply with relevant state laws and
  regulations that restrict the disclosure and dissemination o f personally identifiable
  information; however, under the Supremacy Clause, as a federal law enforcement
  agency it is not bound to do so.
  The requirements o f the Privacy A ct may affect the structure and functioning o f any
  computerized information exchange system in which the USNCB participates, particu­
  larly insofar as it would require the USNCB to verify the accuracy o f data in its
  records prior to disclosure.
  Applicable international guidelines and agreements relating to information exchange and
  privacy protection are broader in scope than the Privacy Act, and may restrict federal
  law enforcement agencies’ ability to participate fully in the proposed system. More­
  over, there are a number o f possible international conflicts o f law issues raised by the
  United States’ participation in Interpol generally, and in any automated information
  exchange system it may implement.
  December 9, 1981
  MEMORANDUM OPINION FOR TH E ASSISTANT ATTORNEY
  GENERAL FOR ADMINISTRATION
  This responds to your request for this Office’s advice on legal issues
  implicated by the proposed Interpol Computerized Search File Project,
  Fisher Informatise de Recherches (F.I.R.). This project, if approved by
  the Interpol General Assembly, will result in computerization of infor­
  mation now maintained by the Interpol General Secretariat and the
  exchange of information among member national central bureaus
  (NCBs) and the General Secretariat. While our discussion focuses on
  the F.I.R. project, our analysis may, as you recognize in your request,
  have implications for other recent initiatives dealing with the computer­
  ized exchange of personally identifiable information. One such initiative
  would be the recommendation of the Attorney General’s Task Force
  on Violent Crime for establishment of an Interstate Identification Index
  as an alternative to a national centralized computerized criminal history
  file. We will, as appropriate, point out that overlap and the possible
  effects of our analysis on the Interstate Identification Index proposal.
  373
  We understand that the primary purpose of the F.I.R. project is to
  facilitate more rapid exchange of information through Interpol; such
  exchanges are presently accomplished largely on a manual basis. Imple­
  mentation of the F.I.R. project would not alter the obligations and
  responsibilities of member NCBs with respect to the exchange of infor­
  mation, except insofar as will be necessary for technical operation of
  the system. Therefore, we do not believe that the computerization of
  the General Secretariat’s files and the exchange of information among
  members of Interpol raise any unique legal issues. The more difficult
  questions will undoubtedly be those of policy and technical feasibility.
  You have also asked us to address more generally, however, the legal
  issues raised with respect to the collection and exchange of information
  among the member NCBs and the General Secretariat, so that you may
  evaluate how they affect the usefulness, desirability, and design of the
  F.I.R. project. We focus in this memorandum on the following: (1)
  restrictions imposed by state or federal law on the information that the
  United States National Central Bureau (USNCB) may contribute to the
  F.I.R. system; (2) the USNCB’s responsibility to verify data it discloses
  through the system; and (3) the effect on federal law enforcement
  agencies of the voluntary privacy protection guidelines recently
  adopted by the Organization for Economic Cooperation and Develop­
  ment and of the Convention for the Protection of Individuals with
  Regard to Automatic Processing of Personal Data adopted by the
  Council of Europe. We will also discuss briefly conflict of laws prob­
  lems raised by the F.I.R. project.
  1. Background
  Currently, NCBs exchange criminal justice and certain humanitarian
  information directly with the General Secretariat, which maintains a
  centralized file in St. Cloud, France, and directly with other NCBs.
  Under the F.I.R. project, the centralized records now maintained by
  the General Secretariat in manual form, which consist primarily of
  information contributed by member NCBs, would be put in a comput­
  erized data base accessible by member NCBs through remote terminals.
  This would be similar in design to the Computerized Criminal History
  File (CCH) now maintained as part of the Federal Bureau of Investiga­
  tion’s (FBI’s) National Crime Information Center (NCIC). Channels
  would also be created between member NCBs allowing direct commu­
  nication of requests and information without intermediate processing at
  the Interpol General Secretariat. It is our understanding that the FBI’s
  NCIC system does not permit direct communication between state and
  local governments, but that such communication may be accomplished
  independently through the National Law Enforcement Telecommunica­
  tions System (NLETS).
  374
  An alternative system design would be a central index maintained by
  the General Secretariat which would include only names or other
  identifying characteristics and corresponding index entries indicating
  which NCB maintains relevant information. A requesting NCB could
  not obtain information directly from the General Secretariat under such
  a system, but would be referred to the NCB that has information
  responsive to the request. The FBI’s proposed Interstate Identification
  Index, which has been undergoing a trial in Florida, is based on the
  index concept.
  We understand that the F.I.R. project has as yet only been proposed
  in principle, and that it will be submitted to the Interpol General
  Assembly early in 1982 for approval. Assuming the project is approved,
  the details of its design and operation will be addressed by the General
  Assembly only after the project has been approved in concept.1
  II. Restrictions on Exchanges of Information
  You have asked us to address specifically whether state or federal
  laws impose binding restrictions on the types of information the
  USNCB can contribute to the F.I.R. system. The USNCB now ex­
  changes a wide variety of information with other NCBs and the
  Interpol General Secretariat, including: humanitarian records (missing
  persons, amnesia victims, victim locate requests, and identification of
  decedents); criminal subject records (stolen property, wanted persons,
  criminal history records); criminal investigative records (persons in­
  volved in or property associated with a criminal act); and criminal
  intelligence records (information indicating that a specific individual
  may commit a specific criminal act). Upon occasion, other types of
  personal assistance data may be communicated through Interpol to
  facilitate humanitarian efforts.2 As we discuss below, we do not believe
  that state or federal law would prohibit the USNCB from continuing to
  exchange those categories of information through Interpol, provided
  the USNCB complies with all disclosure, accounting, and publication
  requirements imposed by the applicable federal statutes.
  A. Restrictions Imposed by State Laws
  A significant portion of information communicated by the USNCB
  through Interpol comes from cooperating state and local law enforce­
  1Rules governing the processing o f police information within Interpol, including treatment of data
  in an automated data processing system, have recently been discussed by the General Assembly. In
  our memorandum o f October 17, 1981, we commented on the acceptability of those rules under
  United States law. W e understand that because many countries did not have an adequate opportunity
  to review those rules before the General Assembly meeting, a committee has been established to
  consider the draft further, and that the rules, as modified, will be resubmitted to the General Assembly
  next year.
  2 For example, information relating to adoptions of Peruvian babies is communicated between
  Peruvian authorities and the adopting parents only through Interpol channels.
  375
  ment agencies, either directly through the NLETS system or indirectly
  through other federal law enforcement systems such as the Treasury
  Enforcement Communications Systems (TECS).3 Most, if not all, states
  have laws restricting secondary dissemination of particular types of
  information, ranging from omnibus privacy legislation modeled on the
  federal Privacy Act, to specific limitations on disclosure of tax, welfare,
  criminal history, or other personal information.4 The first question you
  have posed is whether the USNCB must or should comply with state
  laws that restrict the disclosure of personal history information, either
  (1) on the principle that the records submitted by a state remain the
  property of the state and therefore subject to state statutory restrictions;
  or (2) on a principle of voluntary compliance based on federal/state
  comity.
  Many federal law enforcement agencies, including the FBI and the
  USNCB, recognize that the primary responsibility lies with state and
  local law enforcement agencies for determining what information can
  or should be disclosed to federal agencies. Neither the FBI nor the
  USNCB requires state and local agencies to disclose any information,
  or particular types of information. Disclosure is on a voluntary, cooper­
  ative basis. In some instances, if the state or local agency undertakes to
  exchange information, it becomes subject to federal restrictions on
  maintenance and disclosure of that information, but those restrictions
  do not affect the state’s authority to decide, in the first instance,
  whether it will transmit particular types of information to the federal
  agency and whether such transmittal would comply with state law.5
  Both the FBI and the USNCB routinely honor requests by state and
  local law enforcement agencies for return, deletion, or modification of
  *The USNCB has direct access to T E C S, which includes data bases of a number of Treasury and
  other federal agencies, including the U.S. Customs Service, the Bureau of Alcohol, Tobacco and
  Firearm s, the Internal Revenue Service, and, to a limited extent, the United States Coast Guard and
  the D epartm ent o f State Through T E C S , the USNCB also has access to the FBI's criminal record
  information files.
  4A lthough we have not undertaken an exhaustive survey of state laws that regulate the disclosure
  of persona] information, several state statutes we have reviewed apply only to disclosure of informa­
  tion by state agencies and officials, and therefore would not restrict disclosure by federal agencies or
  officials. F o r example, the Minnesota statute referred to in your request, which prohibits disclosure to
  “ the private international organization known as Interpol,” applies only to state agencies and political
  subdivisions. 

  Minn. Stat. Ann. § 15.1643

   (West Supp. 1980) See also Ark. Stat. Ann. §§ 16-801 to 810
  (1979) (omnibus privacy act applicable to “an agency o f the State Government or any local govern­
  ment or other political subdivision o f the State”); Conn. Gen Stat Ann §§4-190 to 197 (West Supp.
  1980) (restrictions on transfer of “personal data” by any “state board, commission, department, o r
  officer” ); but see 

  Me. Rev. Stat. Ann. tit. 16, §§611-22

   (West Supp. 1979-80) (limiting use of criminal
  justice information by “criminal justice agencies,” including “federal, state . . or local government
  agenc[ies]”).
  5 F o r example, the regulations governing disclosure o f criminal justice information by state agencies
  that receive Law Enforcement Assistance Administration funding under the Omnibus Crime Control
  and Safe Streets A ct of 1968, as amended, 

  42 U.S.C. §§ 3701-3797

   (Supp. IV 1980), provide that,
  “ Subsection (b) [limiting dissemination of criminal justice information by states] does not mandate
  dissemination o f criminal history record information to any agency or individual. States and local
  governm ents will determine the purposes for which dissemination o f criminal history record informa­
  tion is authorized by state law, executive order, local ordinance, court rule, decision or order.” 

  28 C.F.R. § 20.21

  (c)(3), interpreting 42 U.S.C. § 3789g(b).
  376
  records previously forwarded to the federal agency. Thus, the FBI and
  USNCB recognize that states have a legitimate interest in and consider­
  able control over what criminal justice information will be exchanged.
  We believe that this recognition of the states’ interest in criminal
  justice information communicated to federal agencies is only a matter
  of comity between state and federal law enforcement agencies. While
  federal agencies may choose to honor states’ requests or statutory
  restrictions in the exchange of information, they are not bound by state
  laws that restrict secondary dissemination of criminal justice informa­
  tion. Under the Supremacy Clause of the Constitution, Art. VI, cl. 2, it
  is settled that the states cannot subject instrumentalities of the federal
  government to state regulation or control, in the absence of a clear
  congressional mandate to make federal authority subject to state regula­
  tion.6 In particular, courts have held that state statutes restricting dis­
  closure of certain types of information must give way where they are
  inconsistent with an Act of Congress or the Constitution, as, for exam­
  ple, where a federal grand jury subpoenas records otherwise protected
  by state statute.7 Where the agency is not subject to state statutes or
  regulations restricting the disclosure of information, a fortiori its officers
  and employees are not subject to prosecution for violation of those
  regulations, if they are acting in furtherance of their responsibilities
  under federal law.8
  Here, the relevant statutes that affect the ability of federal agencies to
  collect and disseminate data contain no “clear congressional mandate”
  that the federal agencies and their employees are subject to the restric­
  tions contained in the various state statutes on use of criminal justice
  information except as a matter of comity. See, e.g., 

  28 U.S.C. § 534

  (authorizing the Attorney General to “acquire, collect, classify and
  preserve identification, criminal identification, crime and other records”
  and to “exchange these records with and for the official use of author­
  ized officials of the Federal Government, the States, cities and penal
  and other institutions”); Omnibus Crime Control and Safe Streets Act
  of 1968, supra ; 22 U.S.C. § 263a (authorizing the Attorney General to
  “accept and maintain membership . . . in Interpol”).
  You suggest in your request that language in Tarlton v. Saxbe, 

  507 F.2d 1116

   (D.C. Cir. 1974) and Department of Justice regulations
  6See Mayo v. United Stares, 

  319 U.S. 441

  , 447-48 (1943); Kern-Limenck, Inc. v. Scurlock, 

  347 U.S. 110

  , 122 (1954).
  1 In re Grand Jury Subpoena, May 1978, at Baltimore. 

  596 F.2d 630

  , 632 (4th Cir. 1979); In re Special
  April 1977 Grand Jury, 

  581 F.2d 589

  , 592 (7th Cir.) cert, denied sub. nom. Scott v. United States 439,
  U.S. 1046 (1978); see In re Grand Jury Subpoena fo r N. Y. State Income Tax Records, 

  468 F. Supp. 575

  ,
  577 (N .D N Y 1979); see also United States v. Thorne, 

  467 F. Supp. 938

  , 940 (D. Conn. 1979).
  sSee In re Neagle, 

  135 U.S. 1

  , 62 (1890); Ohio v. Thomas. 

  173 U.S. 276

  , 282 (1899), Massachusetts v.
  Hills. 437 F. Supp 351, 353 (D. Mass. 1977) (Secretary of HUD not subject to criminal prosecution
  for alleged violations o f Massachusetts Sanitary Code in buildings owned by department); Memoran­
  dum for the Attorney General from Mary C. Lawton, Deputy Assistant Attorney General, Office o f
  Legal Counsel (Nov. 30, 1976); see generally United States v. Georgia Public Service Comm'n, 

  371 U.S. 285

  , 292-93 (1963).
  377
  governing the disclosure of criminal history information under the
  Omnibus Crime Control and Safe Streets Act, supra, might embody a
  concept of “data ownership” whereby information contributed by a
  state to a federal agency would remain the property of, and therefore
  under the control of, the contributing state. We do not believe that
  such a concept is inherent in either the Tarlton decision or the pertinent
  regulations. In Tarlton, an action for expungement of FBI arrest
  records, the Court of Appeals for the District of Columbia Circuit
  suggested that 

  28 U.S.C. § 534

  , supra, may require the FBI to make
  “reasonable efforts” to maintain “constitutionally accurate criminal
  files.” It bolstered that suggestion by reference to § 524(b) of the Omni­
  bus Crime Control and Safe Streets Act, which requires state officials
  subject to the Act to make efforts to assure the accuracy and complete­
  ness of criminal history record information submitted to the FBI. The
  court noted in a footnote that:
  Congress surely cannot be presumed to undercut its
  action in [28 U.S.C.] § 534 by intending that the FBI be
  authorized to receive and disseminate without reasonable
  precautions the sort of incomplete, unchallengable infor­
  mation from state or local officials which those officials
  themselves are forbidden to disseminate.
  

  507 F.2d at

  1125 n.28. The court’s reference to “the sort of . . .
  information from state or local officials which the officials themselves
  are forbidden to disseminate,” involves only the obligations imposed on
  state officials under the Omnibus Act, and not those obligations im­
  posed under state laws. This language therefore does not suggest that
  the FBI (or any other federal agency) is bound by state laws restricting
  the disclosure of criminal history information. Likewise, 

  28 C.F.R. § 20.21

  (c), quoted at n.5 supra, recognizes only that a state is not
  required to disclose information if disclosure would contravene its own
  law, regulations, or orders. That subsection does not suggest that the
  FBI is bound by such state laws.
  Moreover, the concept of “data ownership” would imply that the
  receiving agency does not have control over data that it did not
  develop itself, and therefore that the receiving agency is not bound by
  federal laws or regulations governing use and disclosure of that infor­
  mation, such as the Privacy Act or the Freedom of Information Act
  (FOIA). There is no suggestion, however, in either the Privacy Act or
  FOIA that records collected by a federal agency are exempt from the
  requirements of those statutes if they are contributed by a state agency.9
  9 T he Privacy A ct applies broadly to any “system o f records” maintained, collected, used, or
  disseminated by a federal agency. “R ecord" is defined in terms o f the nature o f the information (Le.,
  information about an individual) and not the source o f the information. 5 U.S.C. § 552a(aX4). The
  definition of “system o f records'* is intended to exclude only groupings of records over which the
  Continued
  378
  Finally, because federal agencies collect information from thousands of
  sources, including an estimated 20,000 state and local law enforcement
  agencies, it would clearly be impracticable to require the federal agen­
  cies to abide by the varying and inconsistent restrictions imposed by
  individual state laws. Where state regulation will frustrate the purpose
  and operation of a duly authorized federal program, the state statute
  must give way. See Public Utilities Commission o f California v. United
  States, 

  355 U.S. 534

  , 540-44 (1958); Mayo v. United States, 

  319 U.S. at 445

  ; C ity o f Los Angeles v. United States, 

  355 F. Supp. 461

  , 465 (C.D.
  Calif. 1972).
  Thus, we conclude that federal agencies such as the USNCB or the
  FBI may, as a matter of comity, comply with state restrictions on the
  use of data or state requests with respect to disclosure of data, at least
  so long as those restrictions are not themselves inconsistent with federal
  law, but are not obligated to abide by the laws of the various states in
  the handling of data submitted by the states. In addition, federal agen­
  cies are not required to comply with restrictions on disclosure of data
  imposed by the domestic laws of foreign countries, but may choose to
  honor those restrictions as a matter of international comity.10
  B. Restrictions Imposed by Federal Law
  While the USNCB need not comply with limitations imposed by
  state law except as a matter of comity, there are federal statutes and
  agency has no “control” —i.e., if it does not have access to the records; the ability to include, exclude,
  or modify information included in the grouping; or the responsibility to ensure the physical safety and
  integrity o f the records—and records which, although in the physical possession of agency employees
  and used by them in performing official functions, are not “agency" records, such as uncirculated
  personal notes, papers, and records retained or discarded at the author's discretion and over which the
  agency exercises no control or dominion. See Office of Management and Budget Privacy Act
  Guidelines. 

  40 Fed. Reg. 28,949

  , 28,952, (July 9, 1975) (OMB Guidelines). The FOIA applies generally
  to “records” o f an agency, except as specifically exempted by the statute. 5 U S.C. § 552(a)(3)(b). With
  the exception of the exemption in FO IA for “trade secrets and commercial or financial information
  obtained from a person and privileged or confidential,” we are unaware of any statutory or regulatory
  provision or administrative or judicial interpretations suggesting that the Privacy Act and FO IA do
  not apply to records maintained by agencies on the sole ground that the records were obtained from a
  source outside the agency.
  10 For example, the federal agency could agree, by contract or otherwise, to restrict dissemination
  of state-supplied data and to honor states* requests for modification or return of information, so long as
  that agreement is not inconsistent with the agency's obligations under federal statutes As we discuss
  infra, however, such agreement would not in any sense exempt information contributed by the states
  from the Privacy Act, FO IA, or other federal disclosure statutes, once that information has been
  incorporated in the records of the federal agency. An index system, either at the federal or interna­
  tional level, would clearly have advantages in enabling the responsible central authority to honor
  restrictions requested by the states or foreign governments, because the central authority would not
  retain or disclose the information itself, but would only refer the requesting entity to the state or
  country that has relevant information. It would be the responsibility of that state or government to
  determine if disclosure is consisent with its laws, regulations, and policies. Even with a centralized
  data base, however, it may be possible to accommodate differing state or national disclosure require­
  ments by allowing the source of the information unilaterally to restrict or qualify subsequent uses of
  information disclosed to the authority. The Interpol draft rules, for example (see n. 1 supra), contemplate
  that an NCB may classify information as intended only for the use o f the General Secretariat (Art. 6, %
  3) o r only for the use o f the country to which the information is communicated (Art. 12, 3). As a
  technical matter, codes or safeguards would have to be built into the F.I.R. project to accommodate
  such limitations.
  379
  regulations that restrict the types of data that can be collected and
  disseminated by the USNCB and the circumstances under which infor­
  mation can be disclosed outside the agency. In particular, we consider
  here: (1) 22 U.S.C. §263a (Supp. IV 1980), the legislation authorizing
  United States participation in Interpol; (2) the Privacy Act; and (3)
  other federal restrictions on the exchange of criminal history informa­
  tion.
  1. 22 U.S.C. § 263a
  The statutory authority for participation by the United States in
  Interpol is 22 U.S.C. § 263a, which authorizes the Attorney General “to
  accept and maintain, on behalf of the United States, membership in the
  International Criminal Police Organization, and to designate any de­
  partments and agencies which may participate in the United States
  representation with that organization.” Participation by the United
  States in Interpol is accomplished through the USNCB, which is part
  of the Department of Justice.11 No statutory or regulatory authority
  expressly authorizes the USNCB to exchange criminal justice or hu­
  manitarian information through Interpol.12 Such authority can be in­
  ferred, however, from the broad mandate in § 263a authorizing partici­
  pation in the organization, and congressional approval of payment of
  dues to Interpol. See, e.g., Fleming v. Mohawk Co., 331 U.S. Ill, 116
  (1947).13
  We believe that the USNCB has broad authority to coordinate and
  communicate criminal investigative requests and humanitarian requests
  with the United States law enforcement agencies, the Interpol Secretar­
  iat, and other NCBs, consistent with the purposes of Interpol. The
  Interpol constitution describes the purposes of Interpol as follows:
  11T he A ttorney G eneral has approved a departmental reorganization that will make the USNCB a
  separate office within the Department o f Justice. See memorandum from William French Smith,
  A ttorney G eneral, to Rudolph W. Giuliani, Associate Attorney General (Oct. 14, 1981).
  12As part o f the departmental reorganization (see n.10 supra), the Attorney General has also
  proposed an amendment to the D epartm ent o f Justice’s organizational regulations, which will specify
  the functions to be handled by th e USNCB. Those functions include the authonty to “transmit
  information o f a criminal justice, humanitarian, or other law enforcement related nature between
  N ational Central Bureaus of IN TER PO L member countries, and law enforcement agencies within the
  United States and abroad; and respond to requests by law enforcement agencies and other legitimate
  requests by appropriate organizations, institutions and individuals, when in agreement with the
  IN T E R P O L Constitution."
  13 Prior to 1978, § 263a included a ceiling on the amount o f dues the United States could contribute
  to Interpol. Between 1957 and 1978, Congress raised that ceiling several times. See, e.g., Pub. L. No.
  85-768, 

  72 Stat. 921

  ; Pub. L. No. 90-159, 81 S ta t 517; Pub. L. No. 92-380, § 1, 

  86 Stat. 531

  ; Pub. L.
  No. 93—468, § 1, 

  88 Stat. 1422

  . In reports accompanying bills to increase the dues ceiling, Congress
  described in some detail the information-gathering functions o f Interpol, and acknowledged that the
  United States* participation in Interpol is of substantial value for efforts to combat crime on an
  international scale. See, e.g., S. Rep. N o. 2403, 85th Cong., 2d Sess., reprinted in 1958 U.S. Code Cong.
  & A d. N ew s 3957; S. Rep. No. 1199, 93rd Cong., 2d Sess., reprinted in 1974 U.S. Code Cong. & Ad.
  N ew s 5906. In 1978, Congress amended § 263a to provide that dues and expenses for the membership
  o f th e U nited States in Interpol “shall be paid out o f sums authorized and appropriated for the
  D epartm ent o f Justice.” Pub. L No. 95-624, § 21(a), 

  92 Stat. 3466

  .
  380
  a) To ensure and promote the widest possible
  mutual assistance between all criminal police au­
  thorities within the limits of the laws existing in
  the different countries and in the spirit of the
  “Universal Declaration of Human Rights.”
  b) To establish and develop all institutions likely to
  contribute effectively to the prevention and sup­
  pression of ordinary law crimes.
  Art. I. This specification of purpose is quite broad, and can be read to
  encompass the types of criminal justice and humanitarian information
  now collected and exchanged by the USNCB.14
  2. Privacy Act, 5 U.S.C. § 552a
  The USNCB must comply with the requirements of the Privacy Act
  with respect to any personal information maintained on United States
  citizens or permanent residents.15 The Privacy Act limits the collection
  and dissemination of “personally identifiable” information by federal
  agencies generally to “such information . . . as is relevant and neces­
  sary to accomplish a purpose of the agency required to be accom­
  plished by statute or by executive order of the President.” 5 U.S.C.
  § 552a(e)(l). The Act specifically prohibits the maintenance of any
  records “describing how any individual exercises rights guaranteed by
  the First Amendment.” 

  5 U.S.C. § 552

  (e)(7). Criminal history informa­
  tion and certain law enforcement records, however, may be exempted
  from the requirements of subsections (e)(1) and (e)(7). 5 U.S.C.
  § 552a(j)(2). Pursuant to that authority, law enforcement records main­
  tained by the USNCB in its Criminal Investigative Records System
  have been exempted from those requirements. The exemption from
  subsection (e)(1) means only, however, that the USNCB need not
  14 The authonty of Interpol to investigate crimes is generally limited to “ ordinary law crimes.'*
  Article III of the Interpol constitution expressly forbids the organization “to undertake any interven­
  tion or activities of a political, military, religious or racial character.’’ We understand that because of
  this express limitation in the Interpol constitution, the USNCB will not provide through Interpol
  information related to incidents o f a “ political, military, religious or racial” character In addition, the
  draft rules on processing of police information recently considered by the Interpol General Assembly
  (see n.l supra) would restrict the disclosure of information by the General Secretariat and the NCBs,
  although the rules do not restrict the prerogative of individual NCBs to determine w hat types of
  information can or should be disclosed under their own laws and policies. Under those rules, “police
  information’’ may be disclosed only for the following purposes*
  . . . to prevent ordinary law crimes, to bring the persons responsible to justice, to find
  the victims of such crimes, to find missing persons and to identify dead bodies . . .
  Items of police information other than names of persons may be processed for research
  and publication purposes. Any police information that has been published may also be
  processed for general reference purposes.
  Art. 3, HH 3, 4. Items o f police information may be further disseminated by the receiving N CB only to
  “official institutions concerned with the enforcement of the criminal law in its country.” A rt. 12, fl(4)-
  19 T he Privacy A ct does not apply to information maintained on foreign nationals unless they have
  permanent resident status in the United States Thus, information that the USNCB maintains on
  foreign nationals and nonresident aliens is not subject to the disclosure, accounting, and access
  requirements of the Act.
  381
  screen all information received from state, local, or foreign sources to
  determine if the information is relevant and necessary to the USNCB’s
  statutory purpose. As we discuss below, the USNCB is required to
  make reasonable efforts prior to dissemination of any information sub­
  ject to the Privacy Act to assure that the records disseminated are
  “relevant” to the USNCB’s purposes. See 5 U.S.C. § 552a(e)(6). More­
  over, independent of the requirements of the Privacy Act, the USNCB
  is without statutory authority to collect or disseminate information that
  is unrelated to the purposes of Interpol. See discussion in previous
  section.
  Other than the limitations imposed by subsections (e)(1) and (e)(7),
  which may be of limited practical significance because of the exemption
  of law enforcement records, the Privacy Act does not limit the types of
  personal information that may be maintained and disseminated by a
  federal agency. The Privacy Act does, however, limit the circumstances
  under which such information may be disclosed. No personal informa­
  tion subject to the Act may be disclosed without the consent of the
  individual concerned unless one of eleven statutory exceptions is met. 5
  U.S.C. § 552a(b). For law enforcement purposes, the most significant
  exception allowed is for a “routine use” of the agency, i.e., a use which
  is “compatible with the purpose for which [the record] is collected.” 5
  U.S.C. § 552a(a)(5), (b)(3).
  The legislative history of the Privacy Act does not provide much
  guidance as to the outer limits of the “routine use” exception. Congress
  chose not to define or prescribe a list of permissible “routine uses.”
  Instead it provided a check on the scope of the exception by requiring
  publication of the nature of all “routine uses” in the Federal Register.
  Rep. Moorhead noted in House debate on the bill that:
  It would be an impossible legislative task to attempt to
  set forth all of the appropriate uses of Federal records
  about an identifiable individual. It is not the purpose of
  the bill to restrict such ordinary uses of the information.
  Rather than attempting to specify each proper use of such
  records, the bill gives each Federal agency the authority
  to set forth the “routine” purposes for which the records
  are to be used under the guidance contained in the com­
  mittee’s reports.
  In this sense “routine use” does not encompass merely
  the common and ordinary uses to which records are put,
  but also includes all of the proper and necessary uses even
  if any such use occurs infrequently . . . .
  Mr. Chairman, the bill obviously is not intended to
  prohibit . . . necessary exchanges of information, pro­
  vided its rulemaking procedures are followed. It is in­
  382
  tended to prohibit gratuitous, ad hoc, disseminations for
  private or otherwise irregular purposes. . . .
  See 120 Cong. Rec. 36,967 (1974) (remarks of Rep. Moorhead); see also
  OMB Guidelines, 40 Fed. Reg. at 28,952. We are unaware of any
  judicial decisions that define the outer limits of the “routine use”
  exception. In the absence of definitive legislative history or court rul­
  ings to the contrary, we believe that the “routine use” exception affords
  considerable latitude to a federal agency to disclose information in
  furtherance of the purposes of that agency.
  The USNCB, as well as other federal law enforcement agencies, have
  interpreted the “routine use” exception to authorize disclosure of crimi­
  nal history, investigative, and intelligence records for a wide variety of
  law enforcement and humanitarian purposes. See 

  45 Fed. Reg. 75,902

  -
  03 (Nov. 17, 1980) (disclosure of routine uses of Interpol Criminal
  Investigative Records System). The USNCB has made the disclosures
  required by the Privacy Act. See 

  45 Fed. Reg. 16,473

   (March 12, 1981);
  

  45 Fed. Reg. 75,903

   (Nov. 17, 1980). We have reviewed the routine
  uses listed by the USNCB, and believe they are consistent with the
  scope of the Privacy Act “routine use” exemption. If the F.I.R. project
  is implemented, however, the USNCB should consider at that point
  whether additional disclosures are necessary to describe the relationship
  between the F.I.R. system and the USNCB’s system of records, and the
  exchange of information that will be made through the F.I.R. system.
  The requirements of the Privacy Act may also affect how the F.I.R.
  system should be structured. For example, under subsections (c)(1) and
  (2), 5 U.S.C. § 552a(c)(l) and (2), the USNCB is required to keep an
  accurate accounting of the date, nature, and purpose of each disclosure
  of information subject to the Act, and the name and address of the
  person or agency to whom the disclosure is made. If disclosures are
  made directly through the F.I.R. system, the system must provide a
  mechanism for the USNCB to keep the required accounting. In addi­
  tion, the USNCB must be able to ensure the “security and confidential­
  ity” of records in its system by “appropriate administrative, technical
  and physical safeguards.” 5 U.S.C. 552a § (e)(10). The system should
  allow the USNCB to screen incoming requests from other NCBs or
  from the General Secretariat and to verify that the disclosure of re­
  quested information would be consistent with the “routine uses” author­
  ized for that information and with the Interpol constitution.16 As we
  discuss below, the USNCB must also be able to screen outgoing infor­
  mation.
  l6The USNCB currently screens all requests from other NCBs for criminal history information to
  determine that: (1) a crime has been committed in the country requesting the information, and the
  crime would be considered a violation of U.S. law; (2) there is a link between the crime and the
  individual about whom the information is requested; and (3) the type o f crime is not one encompassed
  by Article III of the Interpol constitution.
  383
  C. Crim inal History Record Exchange Restrictions
  When the USNCB obtains information from the FBI’s Computerized
  Criminal History File or Identification Division systems, it is restricted
  in the use of that information by regulations promulgated under the
  Omnibus Crime Control and Safe Streets Act of 1968, supra. See 28
  C.F.R. Part 20, Subpart C .17 Subsection 20.33 provides that data from
  those systems will be made available by the FBI to, inter alia, “criminal
  justice agencies for criminal justice purposes” and to “federal agencies
  authorized to receive it pursuant to Federal statute or Executive
  Order.” 

  28 C.F.R. § 20.33

  (a)(1) and (2). That exchange, however, is
  “subject to cancellation if dissemination [of the information] is made
  outside the receiving departments or related agencies.” 

  Id.

   § 20.33(b).
  We believe that disclosure of information from the FBI’s NCIC or
  Identification Division files to Interpol and other NCBs is authorized
  by this provision, on the ground that the disclosure is to a “related
  agency.” We note in that regard that the purpose of the FBI’s exchange
  of information with the USNCB is to facilitate similar exchanges with
  constituents of Interpol, and that the FBI would be authorized under
  these regulations to disclose such information directly to “criminal
  justice agencies” in foreign countries, such as NCBs or the Interpol
  General Secretariat. Under § 20.33(b), however, if the USNCB discloses
  information obtained from the FBI’s CCH or Identification Division
  files to foreign agencies not affiliated with Interpol or to private busi­
  nesses, financial organizations, or individuals, its privilege of access to
  those files would be subject to cancellation.
  III. The USNCB’s Obligation to Verify Records
  A separate question arising under the Privacy Act is the extent to
  which the USNCB must verify data disclosed to other NCBs, the
  Interpol General Secretariat, and state and local law enforcement agen­
  cies in the United States. Under the Privacy Act, prior to dissemination
  of any record about a United States citizen or permanent resident alien
  to anyone other than another federal agency, the USNCB is required to
  make “reasonable efforts to assure that such records are accurate,
  complete, timely, and relevant for agency purposes.” 5 U.S.C.
  § 552a(e)(6).18
  17 This subpart applies to “federal, state and local criminal justice agencies to the extent that they
  utilize the services o f Department o f Justice criminal history record information systems.” 

  28 C.F.R. § 20.30

  . “D epartm ent o f Justice criminal history record information system*1 is defined to include only
  the Identification Division and Com puterized Criminal History File Systems operated by the FBI. 28
  C .F.R . § 20.3(j).
  ,8T he Privacy A ct authorizes exemption of law enforcement files such as the USNCB’s Criminal
  Investigative System from most o f the requirements o f §552a(e) relating to the quality of records
  collected and maintained by the agency. See 5 U.S.C. § 552a(j)(2) No exemption is authorized,
  how ever, from the requirements imposed by § 552a(e)(6). Id.
  384
  This provision does not require the USNCB to guarantee the accu­
  racy, completeness, timeliness, and relevance of records disclosed, but
  only to make efforts that are reasonable given the administrative re­
  sources of the agency, the risk that erroneous information will be
  disseminated, and the possible consequences to an individual if errone­
  ous information is disclosed. See OMB. Guidelines, 40 Fed. Reg. at
  28,953; Smiertka v. United States Dep't o f Treasury, 

  447 F. Supp. 221

  ,
  225-26 & n.35 (D.D.C. 1978). Courts have noted in varying contexts
  that reasonable efforts may include, at a minimum, modification or
  deletion of information if the source of that information informs the
  agency that the information is incorrect or incomplete;19 a request for
  additional factual information from the source if an individual submits
  evidence challenging the accurracy of information contained in the
  agency’s files; 20 or modification or deletion of records if the agency’s
  independent investigation and evaluation overwhelmingly shows that
  the information is incorrect or unfounded.21 The OMB Guidelines sug­
  gest that, because the disclosing agency is often not in a position to
  evaluate “acceptable tolerances of error for the purposes of the recipi­
  ent of the information,” it may be appropriate for the agency “to advise
  recipients that the information disclosed was accurate as of a specific
  date . . . or of other known limits on its accuracy e.g., its source.” 

  40 Fed. Reg. 28,949

  , 28,965 (July 9, 1975).
  Since implementation of the F.I.R. project may substantially increase
  the volume of requests and disclosures handled by the USNCB, it will
  be particularly important to establish workable procedures and guide­
  lines to implement the USNCB’s obligation under § 552a(e)(6). We
  cannot outline here what “reasonable efforts” would be for the
  USNCB, as that would require a detailed knowledge of how informa­
  tion is collected, stored, retrieved, and disclosed.22 We note, however,
  that the F.I.R. system must provide an adequate opportunity for the
  USNCB to screen all data prior to their dissemination outside the
  federal government and to supplement information disclosed, as appro­
  priate, with caveats about its source, timeliness, or reliability.
  IV. International Initiatives
  You have asked us specifically to address the potential impact on
  federal law enforcement systems of the OECD’s Guidelines Governing
  the Protection of Privacy and Transborder Flows of Personal Data
  " S e e Menard v Saxbe, 

  498 F.2d 1017

  , 1027-28 (D.C Cir. 1974).
  “ See id.; Tarlton v. Saxbe, 

  507 F.2d 1116

  , 1129 (D.C. Cir. 1974).
  21See Murphy v. National Security Agency, C.A. No. 79-1833 (D .D C . Sept. 29, 1981), memorandum
  op. at 9; R.R. v. Dep't o f Army, 

  482 F. Supp. 770

  , .773 (D.D.C. 1980).
  22 This analysis would be more appropriate, for example, for the Interpol Policy Guidelines
  Working Group, which will be responsible for reviewing and updating policies applicable to the
  USNCB’s day-to-day operations.
  385
  (OECD Guidelines) 23 and the Council of Europe’s Convention for the
  Protection of Individuals with Regard to the Automatic Processing of
  Personal Data (Council of Europe Convention),24 and any international
  conflict of laws issues associated with United States participation in
  Interpol and the Interpol F.I.R. project. Both the OECD Guidelines
  and the Council of Europe Convention attempt to balance the need for
  protection of personal privacy arising out of increasing flows of per­
  sonal information across national borders, and the political and eco­
  nomic necessity of maintaining transborder flows of data with minimal
  restrictions. The OECD adopted the approach of voluntary guidelines,
  based on certain “basic principles” of national application intended to
  provide minimum privacy protection,25 and of international application,
  intended to encourage the free flow of data.26 Member countries are
  encouraged to establish, through legislation, self-regulation, or volun­
  tary efforts, legal, administrative, and other procedures or institutions
  for the protection of privacy, and to cooperate with other member
  countries to facilitate international exchanges of information. See Parts
  4, 5. We understand that the United States participated in drafting the
  OECD Guidelines, and has undertaken to abide by the principles
  therein.
  The Council of Europe Convention requires each Party 27 to “take
  the necessary measures in its domestic law to give effect to the basic
  principles for data protection” set out in the Convention. Chap. II, f 1.
  Those principles resemble in content the principles outlined in the
  OECD Guidelines, with the addition of a specific provision that per­
  sonal data that would reveal “racial origin, political opinions or reli­
  gious or other beliefs, as well as personal data concerning health or
  sexual life” or “personal data relating to criminal convictions” may not
  be processed automatically “unless domestic law provides appropriate
  safeguards.” Art. 6. Parties are obligated to provide mutual assistance
  “ T he O E C D is an intergovernmental organization dedicated to problems o f economic develop- '
  ment, whose members include the 19 democratic countries of Europe, the United States, Japan,
  Australia, New Zealand, and Yugoslavia (special associate status).
  24T he Council o f E urope is an intergovernmental organization o f 21 European countries. Its
  members are pledged to cooperate at intergovernmental and interparliamentary levels to promote
  greater E uropean unity. See Hondius, Data Law in Europe, 16 Stan. J. o f Int’l L. 87, 91 (1980). The
  U nited States is not a member of the Council o f Europe.
  25T hese principles encompass limits to collection o f personal data; accuracy, completeness, rel­
  evance, and timeliness o f data; specification o f uses o f data and limitation to those uses; security
  safeguards; openness in the establishment of systems and method of access to data; individual participa­
  tion and access; and accountability. Part 2.
  26 Member countries are to take into consideration the implications for other member countries of
  dom estic processing and re-export of personal data; to take reasonable and appropriate steps to ensure
  that transborder flows of personal d ata are uninterrupted and secure; to refrain from restricting
  transborder flows o f personal data except where necessary; and to avoid developing laws, policies, and
  practices in the name o f the protection of privacy and individual liberties, which would create
  obstacles to transborder flows of personal data that would exceed requirements for such protection.
  Part 3.
  27 N o member o f the Council of E urope has yet ratified the Convention. The Convention will not
  becom e effective until ratified by five members. Art. 22. Non-member states may be invited to accede
  to the Convention following its entry into force. A rt 23.
  386
  to notify other parties of steps taken to implement the Convention, and
  to assist persons resident abroad to exercise rights conferred under the
  domestic laws that give effect to the principles set out in the Conven­
  tion. Arts. 13, 14.
  We note first that neither the OECD Guidelines nor the Council of
  Europe Convention imposes any binding obligations on the United
  States or on federal law enforcement agencies. The OECD Guidelines
  are voluntary. Parts 4 and 5 of the Guidelines discuss various methods
  for implementing the letter and spirit of the principles set forth through
  appropriate domestic legislation and policies and international coopera­
  tion, but do not impose any obligation upon parties other than mutual
  cooperation. The Council of Europe may, after the entry into force of
  the Convention, invite non-members to accede to the Convention. We
  are unaware whether the United States will be invited to accede, and
  whether the United States would accept that invitation. Since accession
  would obligate the United States to pass domestic legislation consider­
  ably broader in scope than that now in effect (see infra), it seems
  unlikely that the United States would accede to the Convention if
  invited, and we assume here that the United States will not accede to
  the Convention. Thus, the impact on federal law enforcement agencies
  will not stem from obligations imposed on the United States under
  either the OECD Guidelines or the Council of Europe Convention, but
  rather will most likely result from actions taken by other nations to
  implement the letter or spririt of those agreements.
  In particular, both the OECD Guidelines and the Council of Europe
  Convention recognize the principle that a nation may restrict data
  flows to another nation if that nation does not afford the same protec­
  tion to that data as is afforded by the originating state, or if the export
  of that data would circumvent the domestic privacy legislation of the
  originating country.28 In that regard, the privacy protection contem­
  plated by the OECD Guidelines and the Council of Europe Convention
  is broader than that afforded by the Privacy Act. The Guidelines and
  the Convention apply to all exchanges of information, private and
  public.29 The Privacy Act, by contrast, leaves untouched information-
  gathering and disclosure by state and local governments and by private
  businesses or individuals.30 Thus, even if the Privacy Act embodies
  most of the substantive requirements outlined in the OECD Guidelines
  and the Council of Europe Convention,31 the coverage afforded by the
  28See, e.g., O ECD Guidelines, Part 3, fl 17; Council of Europe Convention Arts. 3, 6, 12 (U 3(a)).
  29T he Council of Europe Convention, however, applies only to information transmitted through
  automatic data processing. Arts. 1, 2, 3.
  30 There are federal statutes that restrict the use and disclosure of information by state and local
  governments and private parties, but only in limited sectors. See, e.g., Fair Credit Reporting Act, IS
  U.S.C. § 1681; Right to Financial Privacy Act of 1978, Pub. L. No. 95-630, 

  92 Stat. 3697

   (codified at
  scattered sections in 31 U.S.C.).
  51The “basic principles'* o f data protection listed in Part 2 of the OECD Guidelines parallel in most
  respects the underlying principles of the Privacy Act. See n. 25 supra.
  387
  Privacy Act is narrower than that of those agreements. The practical
  result of this may be that nations adhering to one or both of those
  agreements may refuse to disclose information to federal law enforce­
  ment agencies within the United States, such as the USNCB, because
  the United States does not provide protection for personal data that is
  equivalent to that provided by the originating country.32 Under the
  OECD Guidelines, United States agencies could similarly refuse to
  disclose data if the requesting country could not adequately protect the
  security or use of that information.
  O f course, even without the express recognition of this principle
  contained in the OECD Guidelines and the Council of Europe Conven­
  tion, individual NCBs are free to restrict data flows for any reason,
  including the lack of privacy legislation in the receiving country. The
  express recognition of that prerogative in the OECD Guidelines and
  the Council of Europe Convention has highlighted the problem of
  protecting transborder data flows while ensuring personal privacy,
  however, and we cannot predict what the practical impact will be on
  federal law enforcement. This is clearly an area in which mutual co­
  operation and voluntary compliance with privacy protection guidelines
  could alleviate future problems.
  It would be premature for us at this point to comment other than
  generally on the possible international conflicts of law issues raised by
  U.S. participation in Interpol and in the F.I.R. system. We note first
  that Interpol, as an organization, occupies a somewhat anomalous posi­
  tion under our law, as it was not established by treaty or protocol, and
  is not generally accorded status as an international organization.33
  While our participation is authorized by statute, the Interpol constitu­
  tion has never been expressly approved by Congress or the Executive
  Branch and does not have treaty status. Consequently, the Interpol
  constitution and resolutions and rules adopted by the Interpol General
  Assembly do not have the force of law in the United States and do not
  confer any rights on United States citizens or residents that are enforce­
  able in our courts. See U.S. Const., Art. VI, cl. 2; see generally,
  Mannington Mills, Inc. v. Congoleum Corp., 

  595 F.2d 1287

  , 1298 (3d Cir.
  1979); B ell v. Clark, 

  427 F.2d 200

   (4th Cir. 1971). Where there is a
  32 Federal, state, and local governments and private parties are not, of course, precluded from
  voluntarily supplementing the protections required by applicable domestic legislation, in an effort to
  avoid this potential problem.
  33 T he Interpol constitution was adopted by the Interpol General Assembly in June, 1956. Ratifica­
  tion o f the constitution does not require formal approval by member countries. All countries repre­
  sented at Interpol are dee hied to be Interpol members unless they subsequently declare through
  appropriate governmental authority th at they cannot accept the constitution. The United States has
  never submitted any such nonacceptance declaration. The Interpol constitution has not been expressly
  approved by the Executive Branch o r Congress. See Report o f the Comptroller General o f the United
  States, “ United States Participation in IN TERPO L, T he International Criminal Police Organization”
  (Dec. 27, 1976) at 9, 25. Interpol is not listed as an “international organization” for purposes of
  immunity under the International Organizations Immunities Act, 22 U.S C. § 288
  388
  conflict between the USNCB’s obligations under the Interpol constitu­
  tion or rules and its obligations under U.S. law, the latter will prevail.
  Somewhat more difficult questions are presented under the domestic
  laws of the various countries that participate in Interpol. Particularly as
  the exchange of information among NCBs increases with implementa­
  tion of the F.I.R. project, individuals of one country who are damaged
  by disclosures of information through Interpol may seek redress based
  on a variety of legal theories, such as defamation or invasion of pri­
  vacy.34 In the simplest situation, where an NCB in country A discloses
  information to an NCB in country B, and a person aggrieved by that
  disclosure sues in one of those countries, a conflict of law question
  would be presented as between the jurisdiction or substantive law of
  country A and country B which could probably be handled under
  existing principles of conflicts of law. See Restatement o f the Foreign
  Relations Law o f the United States (2d) § 40. Exchanges of information
  through the Interpol General Secretariat are more difficult because
  they would raise the possibility that the jurisdiction and law of yet
  another country (France) may be invoked. If the F.I.R. project is
  implemented, the conflicts problems could become yet more compli­
  cated, because information could be switched through a number of
  countries, either by design or for technical reasons, on its way between
  country A and country B.35 The OECD Guidelines and Council of
  34 For example, in recent years at least two suits involving disclosures by the USNCB or by the
  Interpol General Secretariat have been filed in United States courts, both seeking recovery for alleged
  defamation by an official o f the USNCB or by the General Secretariat in connection with requests
  forwarded through Interpol to detain or arrest an individual. See Steinberg v. InternationaI Criminal
  Police Organization, 

  672 F.2d 927

   (D.C Cir. 1981); Sami v. United States, 

  617 F.2d 755

   (D.C. Cir.
  1979). In both decisions, the court discussed only jurisdictional questions arising under United States
  law, and did not address possible conflicts of law questions. In Sam i v. United States, the court held
  that the Interpol General Secretariat was not “doing business” in the District o f Columbia for
  purposes of exercise o f the D.C. long-arm statute, 

  D.C. Code §§ 13-334

  . T he claim in that case arose
  out of communications made by an official of the USNCB to the German NCB through Interpol
  channels, requesting arrest of plaintiff, a citizen of Afghanistan, on the basis of an outstanding Florida
  warrant. By contrast, in Steinberg v. International Criminal Police Organization, the same court held
  that there was m personam jurisdiction over Interpol under the same statute, where the claim involved
  Interpol's transmission o f a publication (a “ Blue Notice” requesting arrest) into the District of
  Columbia. The court distinguished its result from that reached m Sam i on the basis that the Steinberg
  case involved “an invocation of specific, not general, adjudicatory authority.” Slip op. at 5. The court
  noted that it did not intend by its holding to foreclose any other defense, “jurisdictional or otherwise,”
  that Interpol or its Secretary General might raise. 

  Id. at 12, n.13

  .
  35 A recent article has hypothesized the following situation to illustrate the problem. The health
  records of a Swiss national are collected by his employer in Switzerland, and transmitted to corporate
  headquarters in Amsterdam where they are processed,, stored, and aggregated with health records of
  other nationals working in other countries. The aggregated data are then sent on via international
  facilities to a United States-owned data processing service in the United States. While they are being
  held in that facility, however, the main computer breaks down and an automatic switch sends the data
  through international telecommunications facilities on to a secondary processing facility in Hong
  Kong. The data are processed there and returned to the primary facility in the United States. A copy
  o f the processed data is sent to storage at the primary site and the data are returned to Amsterdam.
  The employer then sends it along to the employer’s insurance carrier, an Italian firm whose primary
  data processing facilities are stored in Spain The insurance carrier again processes the data, stores
  them in M adnd on magnetic tape, and issues the apprppriate group health policy to the employer. See
  Fishman, Introduction to Transborder Data Flows, 16 Stan Int’l L.J. 1, 21 (1980). While this example is
  drawn from the private processing of data, it is not difficult to imagine equally convoluted trails for
  exchanges of criminal history information through F.I.R.
  389
  Europe Convention recognize that existing conflicts of laws principles
  may not be adequate to deal with exchanges of information through
  automated data processing in the future. The OECD’s Expert Group,
  which drafted the guidelines, specifically rejected any detailed rules on
  conflicts of law questions, following extensive debate. See Explanatory
  Memorandum (Appendix), 1J22. The final Guidelines provide only that
  “Member countries should work towards the development of princi­
  ples, domestic and international, to govern the applicable law in the
  case of transborder flows of personal data.” OECD Guidelines Part 5,
  ^|22. The Council of Europe Convention does not address the possible
  conflicts of laws questions, other than to require Parties to render
  “mutual assistance” in implementation of the Convention, including any
  assistance necessary to facilitate the exercise of rights under a Party’s
  domestic privacy legislation by “any person resident abroad.” Art. 14.
  It is thus clear that before the F.I.R. project is implemented, the
  members of Interpol will have to grapple with potential conflicts of
  laws problems. Since the resolution of those problems has implications
  beyond those arising out o f Interpol’s activities, it may not be possible
  for the members of Interpol to reach a definitive consensus. It may be
  possible, however, to avoid or mitigate some of the problems that may
  arise from technical operation of the system (see n.36 supra) in the way
  the system is structured. In the absence of concrete plans for the
  system, it is difficult for us to speculate on what the problems or
  possible solutions may be. We will, of course, be willing to work with
  you and other federal agencies to develop applicable principles and
  proposals, and to implement guidelines for operation of the F.I.R.
  system, if the project is approved.
  L a r r y L . S im m s
  Deputy Assistant Attorney General
  Office o f Legal Counsel
  390
  

• Sign In
• Sign Up