Body

Article 20 (a) of the OPCAT gives NPMs the power to access a wide range of information to fulfil their mandate. The authorities must provide NPMs with access to information including: information about the number of persons deprived of liberty, the places where people are detained, and their treatment and conditions. Large amounts of this information is collected through monitoring, including through interviews in private with detainees and staff and the examination of registers and other documents in detention. 

NPMs, contrary to the SPT, are not bound by a general principle of confidentiality and publish visits reports and recommendations, as well as annual reports.   

These wide-ranging powers, however, come with the corresponding responsibility, to ensure that “Confidential information collected by the national preventive mechanism shall be privileged. No personal data shall be published without the express consent of the person concerned.” (Article 21). This article should be read in concert with the do no harm principle, which guides all aspects of NPM work. Confidentiality is one of the key principles of preventive monitoring. Ensuring that confidentiality is respected, and explaining how the information gathered by NPMs will be used, is of paramount importance in protecting detainees and creating trust. 

NPMs, in implementing their preventive mandate, must be careful to maintain the confidentiality of information, especially when this information includes personal data and/or sensitive data. In practice, this means that NPMs should establish internal guidelines and procedures regarding the collection, storage, access and use of confidential information and personal data.

NPM Category
Institutional development
NPM Topic
Confidentiality and data protection