Please access the Request and Review tab for more information.
(1) to receive information about their personal data processed by the Bank (“Request”, “Request for Information” or “Request Mechanism”); and
The Request Mechanism and Review Mechanism are established through the Bank Personal Data Privacy Request and Review Mechanism Directive. The Bank Procedure Personal Data Privacy Request and Review Mechanisms Procedures set out requirements to conduct these proceedings.
Individuals may submit a request to the World Bank to receive information about their personal data processed by the Bank.
Scope and limitations of the Request for Information process are set out in the Bank Personal Data Privacy Request and Review Mechanism Directive. Procedural provisions, for example on admissibility, are set out in the Bank Procedure Personal Data Privacy Request and Review Mechanisms Procedures.
To submit a Request for Information, please click here.
The World Bank’s Review Mechanism allows individuals to seek redress if they reasonably believe that their personal data has been processed by the World Bank in violation of the World Bank Group Policy on Personal Data Privacy. It is regulated by the Bank Personal Data Privacy Request and Review Mechanism Directive. Procedural provisions, for example on admissibility, are set out in the Bank Procedure Personal Data Privacy Request and Review Mechanisms Procedures.
The Review Mechanism consists of two tiers:
(1) A first internal administrative review is conducted by the Chief Data Privacy Officer who acts as the First Tier Reviewer.
To submit a Call for Review to the First Tier Reviewer, please click here click here.
(2) The second-tier review is conducted:
(a) By the World Bank Administrative Tribunal according to its Statute, for individuals who have standing before it.
(b) By an external, independent panel, the External Expert Reviewer, for all other individuals.
To submit a Call for Review to the External Expert Reviewer, please click here.
The External Expert Reviewer was established by the World Bank Privacy Request and Review Mechanisms Directive. Its activities are regulated by the Bank Directive: Personal Date Privacy: External Expert Reviewer which also includes a code of conduct for its members. The EER meets twice a year for a period of two weeks, in person at World Bank headquarters in Washington, DC, or virtually. Its first session will be in spring 2022.
Members of the EER are appointed by the World Bank Group President for a three-year term which may be renewed once for an additional three years.
The EER is chaired by an expert on privacy and data protection in a public sector entity and has two additional members who are familiar with the World Bank, one of them through first-hand experience.