Statute of the Commission for the Control of INTERPOL’s Files

(1) The definitions given in Article 1 of INTERPOL’s Rules on the Processing of Data shall apply to the present Statute.

(2) “The Commission” refers to the Commission for the Control of INTERPOL’s Files, as provided for in Articles 5 and 36 of INTERPOL’s Constitution.

(3) “INTERPOL’s rules” refers to INTERPOL’s Constitution and its Rules on the Processing of Data, unless otherwise specified in the present Statute.

(1) The Commission shall be competent to perform the functions conferred on it by Article 36 of the Constitution, namely:

(a) Ensure that the processing of personal data by the Organization is in compliance with INTERPOL’s rules;

(b) Provide the Organization with advice about any project, operation, set of rules or other matter involving the processing of personal data in the INTERPOL Information System;

(c) Examine and decide on requests for access to data, and/or for the correction or deletion of data, processed in the INTERPOL Information System for the purposes of international police cooperation as defined in Article 10(2) and (6) of INTERPOL’s Rules on the Processing of Data.

(2) To perform its functions, the Commission shall have:

(a) full access to the INTERPOL Information System in accordance with Article 19 of the present Statute;

(b) the power, as provided for in Article 26 of the present Statute, to carry out the necessary checks and to take decisions binding on the Organization and give opinions concerning the processing of personal data in the INTERPOL Information System;

(c) the exclusive power, as provided for in Article 28 of the present Statute, to examine and take decisions that are final and binding with regard to requests for access to, or correction and/or deletion of, data processed in the INTERPOL Information System.

The Commission shall be independent in the performance of its functions.

The Members of the Organization shall:

(1) respect the competence and independence of the Commission;

(2) respond diligently to requests from the Commission in accordance with their national laws;

(3) to the extent permitted by their national laws, ensure that no national authority within their territories interferes in the Commission’s work or attempts to take decisions directed at the Organization in matters falling within the Commission’s competence.

(1) The Commission shall consist of two chambers:

(a) A Supervisory and Advisory Chamber, which shall have the power to perform the functions described in Article 3(1)(a) and (b) of the present Statute;

(b) A Requests Chamber, which shall have the power to perform the function described in Article 3(1)(c) of the present Statute.

(2) The members of each Chamber of the Commission may consult and/or participate as non-voting members in the work and deliberations of the other Chamber.

(1) The Chairperson shall preside over both Chambers of the Commission, direct their work, and supervise the administration of the Commission and the work of its Secretariat.

(2) The Chairperson shall be elected by all the members of the Commission from among the members of the Requests Chamber.

(1) The Commission shall be composed of seven members, elected from among persons of high moral character, impartiality and integrity who possess the qualifications required for appointment to senior positions in their field of expertise.

(2) The members of the Commission shall be nationals of the Organization’s Members, be of different nationalities, and be fluent at least in one of the working languages of the Organization. As far as possible, the members of the Requests Chamber should represent the principal legal systems of the world.

(3) The Supervisory and Advisory Chamber shall consist of the Chairperson, a member with expertise in data protection, and a member with expertise in electronic data processing.

(4) The Requests Chamber shall consist of five members:

(a) A lawyer with data-protection expertise;

(b) A lawyer with recognized international experience in police matters, in particular international police cooperation;

(c) A lawyer with international criminal law expertise;

(d) A lawyer with human rights expertise;

(e) A lawyer who holds or has held a senior judicial or prosecutorial position, preferably with experience in international judicial cooperation.

(1) The members of the Commission shall be elected by the General Assembly.

(2) Whenever necessary, the Secretary General shall address a written request to the Organization’s Members inviting them to nominate, within a given time, persons with the required qualifications and expertise to perform the duties of a member of the Commission. Each Member may propose one candidate per post.

(3) Every nomination shall be accompanied by a statement specifying the candidate’s qualifications for the position.

(4) The Executive Committee shall prepare a list of all eligible candidates who possess the required qualifications, with the accompanying documents, and submit that list to the General Assembly.

(5) The General Assembly shall elect the members of the Commission by secret ballot in accordance with the Rules of Procedure of the General Assembly. Those candidates who obtain a simple majority of votes shall be considered as elected. Depending on his or her experience, a person may be candidate for several vacant posts.

(1) The terms of office of the members of the Commission shall be five years, renewable once for an additional term of three years.

(2) For the purposes of the first election under the present Statute:

(a) one of the members of the Supervisory and Advisory Chamber shall be selected by lot to serve for a term of four years;

(b) two of the members of the Requests Chamber shall be selected by lot to serve for a term of four years;

(c) the other members shall serve for a term of five years;

(d) the current members of the Commission may be elected for one non-renewable term.

(3) If a member of the Commission is no longer able to perform his/her functions, or has resigned, a new member shall be elected for the remainder of his/her predecessor’s term of office. The new member may subsequently be re-elected for one non-renewable term of three years. A temporary replacement may be appointed by the Executive Committee to serve until the next General Assembly session.

(1) The members of the Commission shall serve in their personal capacity.

(2) In the exercise of their functions, the members of the Commission shall be independent, remain free from external influence, whether direct or indirect, and neither solicit nor accept instructions from any person, body or government.

(3) Members of the Commission shall abstain from any action or activity likely to interfere with the exercise of their functions or to affect confidence in their independence.

(4) The Organization and its Members shall abstain from any action which might influence the members of the Commission or its Secretariat, or be prejudicial to the discharge of their functions.

(5) The Chairperson of the Commission shall ensure that the rules on the independence of the Commission and its members are respected.

(1) A member of the Commission shall not participate in any case in which his/her impartiality might reasonably be doubted.

(2) The Commission’s Operating Rules shall set out the criteria and procedures regarding the application of this Article.

The General Assembly shall decide on the remuneration of the members of the Commission. Such remuneration shall not be reduced during their terms of office.

(1) A member of the Commission may be dismissed only by the General Assembly in the following instances:

(a) on the proposal of the Commission in the event of the member’s misconduct or incapacity;

(b) on the proposal of the Executive Committee and after consulting the Commission in the event of the member’s repeated or serious misconduct.

(2) In urgent cases, the Executive Committee may, after consulting the Commission, temporarily suspend a member until the next session of the General Assembly, in the event of his/her misconduct or incapacity.

(1) The Secretariat shall be a permanent body headed by a Secretary who shall act under the authority of the Commission. The Secretary shall be a legal professional with wide experience, notably in the fields of international criminal law, human rights and/or data protection.

(2) The staff of the Secretariat shall be selected by the Commission. In the selection of the Secretariat’s staff, account shall be taken of the need for:

(a) the representation of all working languages of the Organization;

(b) the representation of the principal legal systems of the world;

(c) the appropriate presence of staff members with judicial or court registry experience and/or familiarity with international criminal law, human rights law and/or data protection, and demonstrated skills in legal analysis and writing.

(3) The Secretariat shall assist the Commission in effectively carrying out its functions under the present Statute. In particular, it shall take all appropriate steps to:

(a) perform administrative operations for the Commission, or arrange for them to be performed;

(b) prepare files for consideration by the Commission;

(c) act as an interface and coordinator between the Commission and the Organization or any other body;

(d) carry out studies and other tasks as instructed by the Commission or its Chairperson.

(4) The staff of the Secretariat shall exercise their duties in complete independence and shall receive and accept instructions exclusively from the Commission.

(5) For administrative purposes exclusively, the staff of the Secretariat shall have the rights and obligations of a member of the General Secretariat’s staff.

(1) The Commission shall determine the venue, number and duration of its sessions to carry out its functions effectively, but shall meet at least three times a year. Sessions shall be convened by the Chairperson of the Commission.

(2) The Commission’s sessions shall be held in camera and, in principle, only members of the Commission and its Secretariat may attend them. Nonetheless, the Commission may invite other persons whose presence it considers is necessary.

(3) The Commission shall make publicly available the general timeframe of its planned sessions for each calendar year.

(4) To facilitate the preparation for its sessions, the Commission shall provide the General Secretariat in due time, and preferably one month before each session, with the list of issues to be discussed by both Chambers.

Each of the Commission’s Chambers may delegate some of its powers to one or several of its members in order to perform its functions effectively. Such delegation may include the power to take decisions in between sessions.

(1) The working languages of the Commission shall be those of the Organization as specified in Article 54 of the General Regulations, namely Arabic, English, French and Spanish.

(2) The Commission may decide which of the working languages it will use for its internal files and deliberations.

(1) For the purpose of carrying out its functions effectively, the Commission shall have free and unlimited access to all data processed in the INTERPOL Information System, irrespective of the place, form or medium involved.

(2) Notwithstanding paragraph (1), in line with Article 22(6) of INTERPOL’s Rules on the Processing of Data, unless the Commission becomes aware of a potential violation of INTERPOL’s rules, or of the terms and conditions applicable to a specific project, it shall not access INTERPOL’s communications infrastructure for the content of the direct exchanges of data, namely where the General Secretariat is not a recipient of, or has not accessed the exchange, without explicit authorization by the entity concerned.

(1) The files of the Commission shall be confidential.

(2) The requests submitted to the Commission under Chapter 4 of the present Statute shall be treated by the Requests Chamber as confidential and shall not be recorded in the INTERPOL Information System. However, the Requests Chamber may decide:

(a) in order to examine the requests, to disclose information, when deemed necessary in the exercise of its functions, having regard to the facts of the case and the rights and freedoms of the applicant;

(b) to record a request or parts of it in the INTERPOL Information System in order to update or correct data already contained in the INTERPOL Information System.

(3) The members of the Commission, its Secretariat, and any expert appointed by the Commission under the present Statute shall consider as confidential all information that comes to their knowledge in the exercise of their functions, unless the proper discharge of their functions requires otherwise. The obligation of confidentiality shall continue to apply after they cease to be active in any of those capacities.

(1) The Commission may directly consult the General Secretariat, sources of data or other entities which have access to the INTERPOL Information System as provided for in INTERPOL’s Rules on the Processing of Data. Consultation of national entities shall take place through the National Central Bureau of the Member concerned.

(2) The Commission may consult other international or national bodies, including data protection bodies, on matters related to its functions, whereas consultation of national authorities shall take place through the National Central Bureau of the Member concerned.

(3) In consulting other entities or bodies, the Commission shall take into consideration confidentiality requirements and any restrictions.

The Commission may entrust any individual or body with recognized expertise with the task of providing expert advice, subject to confidentiality requirements and restrictions.

(1) The INTERPOL General Secretariat shall provide in due time the necessary support to the Commission to enable it to carry out its functions effectively, in particular by:

(a) providing premises and the necessary infrastructure;

(b) forwarding to the Commission any request made under Chapter 4 of the present Statute as soon as the General Secretariat receives it;

(c) communicating to the Commission any information requested by the Commission and available to the General Secretariat or as provided for in INTERPOL’s Rules on the Processing of Data;

(d) communicating to the Commission any other relevant information to enable it to perform its functions;

(e) facilitating its sessions;

(f) respecting and protecting the Commission’s competence and independence.

(2) The INTERPOL General Secretariat shall ensure that access to information received from the Commission is limited to authorized members of its staff.

Following a proposal from the Commission, the General Assembly shall allocate to the Commission the annual budget necessary to perform its functions.

(1) Subject to the provisions of this Statute, the Commission shall enact its own operating rules to carry out its functions.

(2) The operating rules of the Commission shall include, inter alia, provisions on the following points:

(a) Organization of work;

(b) Procedures for maintaining and protecting the confidentiality of the Commission’s work;

(c) Election procedure and term of office of the Chairperson;

(d) Venue, number and duration of the Commission’s sessions;

(e) Procedures concerning the adoption of decisions by the Commission’s Chambers;

(f) Criteria and procedure for the withdrawal of its members;

(g) Procedure to determine the admissibility of requests;

(h) Procedure for addressing conduct that it considers abusive, improper, or in bad faith;

(i) Other matters relating to the effective functioning of the Commission.

(3) The operating rules adopted by the Commission shall be made public in all working languages of the Organization.

In accordance with Article 3 of the present Statute, the Supervisory and Advisory Chamber of the Commission shall have the power to:

(1) in its supervisory capacity, carry out the necessary checks to ensure that the processing of personal data by the Organization is in compliance with INTERPOL’s rules, and take decisions binding on the Organization on the measures required to remedy any non-compliance with INTERPOL’s rules as well as recommendations on how to improve the processing of personal data by the Organization;

(2) in its advisory capacity, give opinions on all matters referred to in the INTERPOL Rules on the Processing of Data and on any other matter involving the processing of personal data, either on its own initiative or at the request of the General Secretariat.

(1) The decisions, opinions and recommendations shall be made in writing and shall be reasoned.

(2) The Supervisory and Advisory Chamber shall communicate its decisions, opinions and recommendations to the General Secretariat.

(3) The General Secretariat shall implement the decisions of the Supervisory and Advisory Chamber as soon as possible, and shall report to the Commission on such implementation.

(4) The General Secretariat shall strive to follow up on opinions and recommendations made by the Supervisory and Advisory Chamber as soon as possible, and shall report to the Commission on their implementation.

(5) If the General Secretariat disagrees with the opinions or recommendations made by the Supervisory and Advisory Chamber, it shall so inform the Commission as soon as possible and indicate the reasons for its disagreement. In such a case, the Commission may inform the Executive Committee of that disagreement, so that the latter may take any appropriate measure.

(1) In accordance with Article 3 of the present Statute, the Requests Chamber shall have exclusive power to:

(a) decide on its competence to process requests submitted under the present Statute;

(b) examine and decide on requests for access to, or correction and/or deletion of, data processed in the INTERPOL Information System for the purposes of international police cooperation as defined in Article 10(2) and (6) of INTERPOL’s Rules on the Processing of Data.

(2) Nothing in the present Statute shall prevent:

(a) any person or entity from submitting a request to the competent authorities of the source of the data asking those authorities to take action regarding the data processed by that source in the INTERPOL Information System;

(b) the source of data from correcting or deleting the data it processes in the INTERPOL Information System;

(c) the General Secretariat from blocking, correcting or deleting, in accordance with INTERPOL’s rules, data processed in the INTERPOL Information System.

(3) To perform its functions, the Requests Chamber shall have the power to decide on appropriate measures to address conduct that it considers abusive, improper, or in bad faith by an applicant, a duly authorized representative, or the source of the data, including to:

(a) dismiss a request, an application for revision, or a written submission where it determines that there has been a serious abuse of its proceedings;

(b) report substantiated suspicions of serious abuse or misconduct to the General Secretariat. The General Secretariat may decide in coordination with the Commission to refer the matter to the relevant authorities, including law enforcement;

(c) bring the attention of the Organization’s bodies to reported acts of intimidation, coercion, or reprisal in connection to a request or to an application for revision, subject to consideration of confidentiality requirements.

(4) The Requests Chamber shall notify and provide the reasoning of the decision taken pursuant to Article 28(3) of the present Statute to the applicant, duly authorized representative, or source of the data, subject to confidentiality requirements and restrictions.

(1) Any person or entity shall have the right to submit directly to the Commission a request for access to, or correction and/or deletion of, data processed in the INTERPOL Information System and concerning that person or entity.

(2) The Organization and its Members undertake to respect this right.

(1) For the purposes of the present Chapter, any individual or entity submitting a request to the Commission shall be referred to as an applicant.

(2) A request shall be submitted to the Commission in writing, in one of INTERPOL’s working languages, by the applicant or a duly authorized representative. A request for correction or deletion of data shall set out the reasons therefor.

(3) There shall be no charge for the submission of a request.

(1) The Requests Chamber shall acknowledge the receipt of a request at the earliest opportunity, and shall inform the applicant of the applicable procedure and timeframe.

(2) The Requests Chamber shall be the only point of contact for the applicant during the entire proceedings.

(3) On request or at its own initiative, the Requests Chamber shall inform both the applicant and the source of data of the status of the request and any relevant developments. In addition, the Requests Chamber shall inform them of the date on which the request will be examined and the deadline for any additional submissions.

(4) The Requests Chamber shall communicate with the applicant and the source of the data in the working languages of the Organization used by them, and shall use different forms of communication as appropriate, including electronic forms of communication.

(1) The Requests Chamber shall examine the admissibility of each request and inform the applicant, at the earliest opportunity and no later than one month from its receipt by the Commission, whether the request is admissible.

(2) The Commission shall declare inadmissible any request considered to be incompatible with the provisions of the present Statute and the admissibility criteria defined by the Commission in its Operating Rules.

(3) If the request is declared inadmissible in whole or in part, the Requests Chamber shall explain the reasons to the applicant.

(1) When a request is considered admissible, the Requests Chamber shall notify the General Secretariat of the request and make the information contained therein available to the General Secretariat.

(2) The Requests Chamber shall request the General Secretariat to check and advise whether data concerning the applicant are being processed in the INTERPOL Information System. The General Secretariat shall notify the Commission within 45 days from the date of the request of the Requests Chamber whether data concerning the applicant are being processed in the INTERPOL Information System.

(3) If no data concerning the applicant are being processed at the time the request is examined, the Requests Chamber may decide on appropriate measures, taking into consideration confidentiality requirements.

(4) If data concerning the applicant are being processed in the INTERPOL Information System, and if the request is for correction or deletion, the Requests Chamber shall examine the compliance of the processing of the data with INTERPOL’s rules. If the request only concerns access to the data, the Requests Chamber may nonetheless decide to examine the compliance of the processing of those data with INTERPOL’s rules. The scope of review of a request shall be limited to examining the compliance of the processing of data with INTERPOL’s rules.

(5) If the Requests Chamber has an admissible request at the same time as the General Secretariat is examining the compliance of the data concerned with INTERPOL’s rules, the Requests Chamber shall examine the request only after the General Secretariat has decided on such compliance. Once the General Secretariat has decided on the compliance of the data concerned and implemented its decision, it shall promptly notify the Commission. The time required for the General Secretariat to take its decision may constitute circumstances warranting an extension of the time limit in accordance with Article 40(3) of the present Statute.

(1) If additional information is required to examine the request, the Requests Chamber shall seek information or clarification from the source of the data and/or the General Secretariat.

(2) The Requests Chamber may also seek information or clarification from any other entity in accordance with Article 21 of the present Statute.

(1) Information connected with a request shall be accessible to the applicant and the source of the data, subject to the restrictions, conditions and procedures set out in this article.

(2) Prior to disclosing information, the Requests Chamber shall consult the owner of that information, namely the applicant or source of the data.

(3) The communication of information may be restricted at the decision of the Requests Chamber, on its own initiative or at the request of the source of data, the General Secretariat or the applicant, for one or more of the following reasons:

(a) To protect public or national security or to prevent crime;

(b) To protect the confidentiality of an investigation or prosecution;

(c) To protect the rights and freedoms of the applicant or third parties;

(d) To enable the Commission or the Organization to properly discharge their duties.

(4) Any restriction on the disclosure of information must be justified and must specify whether some information, such as summaries, may be provided. The absence of justification alone will not lead to the disclosure of the content of the information but may be taken into consideration by the Requests Chamber in assessing and deciding on a request.

(5) Where deemed appropriate, and provided that this does not compromise the confidentiality of the case, the Requests Chamber may direct the applicant to contact the competent authorities of the source(s) of data.

The Requests Chamber shall examine a request on the basis of written submissions. Hearings may be held only if deemed necessary by the Requests Chamber for the examination of requests.

(1) At any time during the proceedings, the Requests Chamber may decide on provisional measures to be taken by the Organization in relation to the processing of the data concerned.

(2) Provisional measures shall be implemented in accordance with the procedure specified in Article 41 of the present Statute.

(1) The decisions of the Requests Chamber shall be final and binding on the Organization and the applicant.

(2) Decisions shall be given in writing in one of the Organization’s working languages. They shall be reasoned and shall contain, inter alia, a summary of the proceedings, the submissions of the parties, a statement of the facts, the application of INTERPOL’s rules, an analysis of legal arguments, and operative parts.

(3) Decisions shall be provided to the applicant and the source of data, subject to confidentiality requirements and restrictions and in accordance with Article 41 of the present Statute.

(1) The Requests Chamber may decide on any appropriate corrective actions to ensure that data are processed in the INTERPOL Information System in accordance with INTERPOL’s rules.

(2) If the Requests Chamber finds that data have not been processed in accordance with those rules, in addition to any decision on the corrective actions to be taken with regard to such data, it may decide on other appropriate remedies to be granted by the Organization to the applicant.

(3) Any remedy to be granted by the Organization may only relate to the Organization’s responsibilities in the particular case and to the processing of data in the INTERPOL Information System.

(4) To determine such remedies, the Requests Chamber shall take into consideration, inter alia, the following factors:

(a) The information available to the Organization when the data were processed;

(b) The role and responsibilities of the relevant entities involved in the processing of data;

(c) The steps that have been taken or should reasonably have been taken by the applicant before the competent authorities of the source of the data;

(d) Any remedy already provided to the applicant by the competent authorities of the source of data, or available to him/her from those authorities;

(e) The position expressed by the Organization;

(f) The obligation of non-interference with the Organization’s functions, as provided for in Article 46 of the present Statute.

(1) The Requests Chamber shall decide on a request for access to data within four months from the date on which the request was declared admissible.

(2) The Requests Chamber shall decide on a request for correction and/or deletion of data within nine months from the date on which the request was declared admissible.

(3) The Requests Chamber may decide that the circumstances of a particular request warrant an extension of the time limit. Any such extension shall be reasonable, promptly communicated to the General Secretariat, the source of data and the applicant, and shall also be explained in the decision.

(4) The Requests Chamber may take decisions between sessions and devise any appropriate procedures in order to discharge its function effectively within the time limits set by the present Article.

(1) The written decision of the Requests Chamber shall be provided to the General Secretariat within one month from the date on which the decision was made.

(2) The General Secretariat shall implement a decision within one month from the date on which it was received, unless it seeks further clarifications needed for the implementation of the decision. In the latter case, the General Secretariat shall proceed with the implementation within one month from the date on which the clarifications were received. The General Secretariat shall promptly notify the Commission of the implementation of its decision.

(3) The Requests Chamber shall provide its written decision to the applicant and to the source of data and notify them of the implementation of its decision by the Organization taking into consideration confidentiality requirements and restrictions. Decisions on requests for access shall be provided within one month from the date on which they were adopted by the Requests Chamber. Decisions on requests for correction and/or deletion of data shall be provided promptly and no later than one month from the date on which the Requests Chamber received notification of their implementation.

(4) If data have been corrected or deleted as a result of a decision by the Commission, the General Secretariat shall promptly notify the Organization’s Members which had received the data concerned, other than the source of the data, of any corrections or deletions. At the request of a Member other than the source of data, and subject to confidentiality requirements and restrictions, the Commission may supply its decision and any clarification.

(1) Applications for the revision of decisions of the Requests Chamber may be made only when they are based on the discovery of facts which could have led the Requests Chamber to a different conclusion if that fact had been known at the time at which the request was being processed.

(2) Applications for revision must be made within six months after the discovery of the fact.

(3) The timeframe for a decision on a request for revision shall be that provided for in Article 40 of the present Statute.

(1) The Commission shall produce an annual report on all its activities and submit it to the General Assembly.

(2) The Commission’s annual report shall be made public in all working languages of the Organization.

Subject to the confidentiality requirements, restrictions and other conditions set forth in the present Statute, the Commission shall endeavour to make its decisions, opinions, recommendations and reports public in all working languages of the Organization.

(1) The Commission shall keep its files, its decisions, opinions and recommendations for a period of 30 years.

(2) The Commission may nevertheless retain the files, decisions, opinions and recommendations necessary for the pursuit of any other legitimate purpose set out in Article 132 and in accordance with the timeframe specified in Article 134 of INTERPOL’s Rules on the Processing of Data.

Nothing in the present Statute shall be interpreted as allowing any fundamental interference with the assets and activities necessary for the functioning of the Organization.

The present Statute constitutes an appendix to the Organization’s Constitution.

The present Statute abrogates and replaces the Rules on the Control of Information and Access to INTERPOL’s Files which were adopted by the General Assembly at its 73rd session by Resolution AG-2004-RES-08.

The present Statute may be amended by a decision of the General Assembly in accordance with Article 44 of the Constitution and the General Assembly’s Rules of Procedure.

The present Statute shall enter into force on 11 March 2017.