Proposals for further consideration by the Friend of the Chair on Confidentiality Issues

ANNEX E. CONFIDENTIALITY PROVISIONS

I. GENERAL PRINCIPLES FOR THE HANDLING OF CONFIDENTIAL INFORMATION

(A) THE CONFIDENTIALITY REGIME

1. In order to establish and maintain the Confidentiality Regime ~~governing the handling of confidential information~~ pursuant to Article IV ~~(hereinafter referred to as “the Confidentiality Regime”)~~, an appropriate unit of the Technical Secretariat (hereinafter referred to as “the Confidentiality Unit”) under the direct responsibility of the Director-General shall be charged with overall supervision of the administration of confidentiality provisions.

It is proposed to add a reference to Article IX, bringing the text into line with other paragraphs addressing sub-elements of the Confidentiality Regime such as the classification system further down:

2. The Confidentiality Regime shall be considered and approved by the Conference pursuant to Article IX, paragraph 22 (i). The Organization shall not process, handle or distribute information or data supplied to it in confidence by States Parties until the regime has been approved by the Conference.

It is proposed to clarify that recommendations will be made to the Conference of States Parties:

3. The Executive Council shall establish a sub-committee in accordance with its rules of procedure to monitor and make recommendations to the Conference on the Confidentiality Regime being applied by the Technical Secretariat.

4. ~~Subsequently~~, The Director-General shall report annually to the Conference on the implementation of the Confidentiality Regime by the Technical Secretariat.

(B) THE ESTABLISHMENT OF A CLASSIFICATION SYSTEM

5. A classification system shall be introduced, which shall provide for clear criteria ensuring the inclusion of information into appropriate categories of confidentiality and the justified durability of the confidential nature of information. While providing for the necessary flexibility in its implementation, the classification system shall protect the right of States Parties providing confidential information. The classification system shall be considered and approved by the Conference pursuant to Article IX, paragraph 22 (i).

6. Each State Party from which information was received or to which information refers shall have the right, in consultation with the Confidentiality Unit as the State Party may consider appropriate, to classify such information in accordance with the classification system. Any such classification shall be binding for the Organization.

7. The essential factors to be considered in determining the classification of an item of information are as follows:

(a) The degree of potential damage which its disclosure could cause to a State Party, a natural or legal person of a State Party, or to the Protocol or the Organization; and

(b) The degree of potential advantage its disclosure could offer to a State, or to a natural or legal person.

(D) ACCESS TO CONFIDENTIAL INFORMATION

8. Access to confidential information shall be regulated in accordance with its classification and shall be on a need-to-know basis.

9. Not less than 30 days before an employee is given clearance for access to confidential information that refers to activities on the territory or in any other place under the jurisdiction or control of a State Party, the State Party concerned shall be notified of the proposed clearance. The proposal shall be regarded as accepted unless the State Party declares within 30 days its non-acceptance in writing. Individuals on the list of designated personnel as provided for in Annex D, section I, paragraphs 1 to 16 after acceptance by States Parties, shall be deemed to have fulfilled this requirement.

10. [If necessary to fulfil its obligations under this Protocol, the Technical Secretariat may grant access to information and data classified as confidential to entities or individuals outside the Technical Secretariat. Such access] [The information and data classified as confidential shall not be made available outside the Organization. Authorized experts appointed to serve on specific organs or bodies established in accordance with the provisions of this Protocol which are not on the staff of the Technical Secretariat shall be granted access to information and data classified as confidential only if there is a specific need-to-know. In case such access is requested, it] shall be strictly limited to the minimum necessary and shall be granted only on specific approval by the Director-General accompanied by explicit consent of the State Party concerned as well as on the basis of a specific secrecy agreement and in conformity with the procedures of the Confidentiality Regime.

Note: The above paragraph covers access to authorized experts. It does not apply to ad hoc experts as investigation personnel, which are covered by the preceding paragraph 9 in conjunction with Annex D, section I, paragraphs 11 to 16, and which are considered staff members of the Technical Secretariat when designated. It would apply to experts of the Confidentiality Commission, the Scientific Advisory Board or working groups of scientific experts established by the Director-General. It is also important to note that this provision does not apply to the release of confidential information outside the Organization and beyond governments of States Parties, which is covered under the following sub-section (E) “Obligations for intended release of confidential information”.

11. Each access to confidential information at the Technical Secretariat shall be recorded on file when accessing and exiting. This record shall be retained for 10 years.

12. To the greatest extent consistent with the effective implementation of the provisions under this Protocol, confidential information shall be handled and stored by the Technical Secretariat in a form that precludes direct identification of the facility to which it pertains.

(E) OBLIGATIONS FOR INTENDED RELEASE OF CONFIDENTIAL INFORMATION

13. No confidential information obtained by the Technical Secretariat in connection with the implementation of this Protocol shall be published or otherwise released, except as follows:

(a) Any information may be released with the express consent of the State Party from which the information was received and the State Party to which the information refers;

(b) Information classified as confidential shall be released by the Organization only through procedures which ensure that the release of information only occurs in strict conformity with the needs of this Protocol. Such procedures shall be considered and approved by the Conference pursuant to Article IX, paragraph 22 (i).

II. CONDITIONS OF STAFF EMPLOYMENT RELATING TO THE PROTECTION OF CONFIDENTIAL INFORMATION

No changes proposed.

III. PROCEDURES IN CASE OF BREACHES OR ALLEGED BREACHES OF CONFIDENTIALITY

(A) OBLIGATION FOR INQUIRY

It is proposed to delete paragraph 1 which is fully covered by paragraph 3 of Article IV and section I of this Annex:

1. The Director-General shall establish procedures to be followed in case of breaches or alleged breaches of confidentiality, which shall be considered and approved by the Conference pursuant to Article IX, paragraph 22 (i). The Director-General shall also implement decisions of the Conference of States Parties amending the procedures related to the issue of breaches or alleged breaches of confidentiality.

2 1. The Director-General shall promptly initiate an inquiry when there is indication that obligations concerning the protection of confidential information have been violated. The Director-General shall also promptly initiate an inquiry if an allegation concerning a breach of confidentiality is made by a State Party.

3 2. In case of an allegation of a breach of confidentiality, States Parties and/or staff members which are named in the allegation or which might be involved in the alleged breach shall be informed of that allegation immediately. The Director-General shall hold consultations with the concerned States Parties in the course of the inquiry.

4 3. States Parties shall, to the extent possible, cooperate with and support the Director-General in conducting an inquiry of any breach or alleged breach of confidentiality and in taking appropriate action in accordance with applicable laws and regulations in case a breach has been established.

5 4. An inquiry shall result in a written report, which shall remain confidential and be subject to the application of the need-to-know principle. The Director-General shall, upon request, provide the report to the States Parties concerned. The results of the inquiry shall be reported to the Conference of the States Parties in a form from which specific confidential material has been removed to ensure that confidential information connected with a breach is not further disclosed beyond its authorized scope of access, and to respect those elements of the privacy of the individual staff members not relevant to the case.

(B) INTERIM MEASURES

6 5. The Director-General may take interim measures any time after the commencement of the inquiry in order to prevent further damage. These measures may include withdrawal of personnel concerned from specific functions, denial of access to certain information and, in serious cases, temporary suspension, pending completion of procedures contained in this section.

7 6. In case of a breach or an alleged breach of confidentiality by an agent or official of a State Party or by a staff member of the Technical Secretariat, consultations shall be held between the States Parties concerned or between the Organization and States Parties concerned to address the case. If such consultations are not concluded to the satisfaction of the parties involved within 60 days, each State Party shall have the right to initiate the proceedings of the Confidentiality Commission to consider the case. The Commission shall seek to settle the case through mediation, inquiry, conciliation, arbitration or other peaceful means. The Commission may request the Director-General to submit the result of the inquiry pursuant to paragraph 1.

It is proposed to move paragraph 6 of Article IV here and to merge it with the following paragraph. It is further proposed to limit the case treated here to the measures taken by the Director-General in case of breaches of confidentiality by staff members of the Technical Secretariat. The possibilities of a waiver of immunity of the Director-General or of the Organization, on which there is not yet agreement, are covered in Article IX and there is no need to repeat that language or to mention it here:

8 7. When the inquiry pursuant to paragraph 2 1 establishes that there has been a breach of confidentiality by a staff member of the Technical Secretariat, ~~Article IV, paragraph 6, and section E of Article IX shall apply. The~~ the Director-General shall impose appropriate disciplinary measures ~~on staff members of the Technical Secretariat who violated their obligations to protect confidential information.~~ The Director-General shall have the right to waive ~~In case of breaches of confidentiality,~~ the immunity of ~~[the Director-General and]~~ the staff members of the Technical Secretariat ~~[as well as the immunity of the Organization] may be waived~~ in accordance with the provisions on privileges and immunities contained in Article IX of this Protocol and the agreement referred to in paragraph 49 of that Article.