Skip to Main Navigation

Data Privacy

   

  • image
    Image

     

    Data Privacy at the World Bank

    As data becomes more important to fulfill the World Bank Group’s Twin Goals of alleviating extreme poverty and promoting shared prosperity, so does the importance of responsibly collecting, using, and sharing data–including personal data. Recognizing this, the World Bank Group issued a Policy on Personal Data Privacy (the “Privacy Policy”) that governs the use of personal data by the World Bank Group institutions: the International Bank for Reconstruction and Development and the International Development Association (together the “World Bank”), the International Finance Corporation, the Multilateral Investment Guarantee Agency, and the International Centre for Settlement of Investment Disputes. The Privacy Policy signals to the world the World Bank Group’s leadership on the responsible use of personal data by international organizations.

    Please click here to review the Privacy Policy.

     

    Request and Review

    Individuals who have interacted with the World Bank have the ability, subject to limitations and conditions, to request information about their personal data and to seek redress if they reasonably believe their personal data has been used by the Bank in violation of the Privacy Policy.

    Please access the Request and Review tab for more information.

     

    About the World Bank Data Privacy Office

    The World Bank Data Privacy Office oversees the World Bank’s compliance with the Privacy Policy. The Data Privacy Office’s vision is to embed data privacy by design into the fabric of the Bank’s work around the world. 

     

    News and Events

  • Request and Review

    Section III (7) (b) of the World Bank Group Policy on Personal Data Privacy (the “Privacy Policy”) requires the Bank to “adopt mechanism(s) to . . . provide individuals with a method, subject to reasonable limitations and conditions, to: i. request information regarding the individual’s Personal Data Processed by [the Bank] ; and ii. seek redress if the individual reasonably believes that the individual’s Personal Data has been Processed in violation of this Policy”.

     

    The Privacy Policy expressly addresses two options for living individuals, whose personal data is processed by the World Bank:

     

    (1) to receive information about their personal data processed by the Bank (“Request”, “Request for Information” or “Request Mechanism”); and

     

    (2) to seek redress in case of a reasonable suspicion that their personal data is or has been processed in violation of the Privacy Policy (“Review” or “Review Mechanism”).

     

    The Request Mechanism and Review Mechanism are established through the Bank Personal Data Privacy Request and Review Mechanism Directive. The Bank Procedure Personal Data Privacy Request and Review Mechanisms Procedures set out requirements to conduct these proceedings.

     

    Request

    Individuals may submit a request to the World Bank to receive information about their personal data processed by the Bank.

     

    Scope and limitations of the Request for Information process are set out in the Bank Personal Data Privacy Request and Review Mechanism Directive. Procedural provisions, for example on admissibility, are set out in the Bank Procedure Personal Data Privacy Request and Review Mechanisms Procedures.

     

    To submit a Request for Information, please  click here.

     

    Review

    The World Bank’s Review Mechanism allows individuals to seek redress if they reasonably believe that their personal data has been processed by the World Bank in violation of the World Bank Group Policy on Personal Data Privacy. It is regulated by the Bank Personal Data Privacy Request and Review Mechanism Directive. Procedural provisions, for example on admissibility, are set out in the Bank Procedure Personal Data Privacy Request and Review Mechanisms Procedures.

     

    The Review Mechanism consists of two tiers:

    (1) A first internal administrative review is conducted by the Chief Data Privacy Officer who acts as the First Tier Reviewer.

    To submit a Call for Review to the First Tier Reviewer, please click here click here.

     

    (2) The second-tier review is conducted:

    (a) By the World Bank Administrative Tribunal according to its Statute, for individuals who have standing before it.

    (b) By an external, independent panel, the External Expert Reviewer, for all other individuals.

    To submit a Call for Review to the External Expert Reviewer, please click here.

     

    Policies and Procedures

    Bank Personal Data Privacy Request and Review Mechanism Directive.

    Bank Procedure Personal Data Privacy Request and Review Mechanisms Procedures

  • External Expert Reviewer

    The World Bank’s External Expert Reviewer (EER), a panel composed of three members, is an independent second-tier reviewer for complaints brought by individuals who do not have standing before the World Bank Administrative Tribunal and who suspect a violation of the World Bank Group Privacy Policy by the World Bank in relation to their personal data. The EER considers such cases de novo after an internal administrative first tier review by the World Bank’s Chief Data Privacy Officer. For that purpose, it conducts written proceedings and may hold oral proceedings if necessary. The EER is assisted by a secretariat.

     

    The External Expert Reviewer was established by the World Bank Privacy Request and Review Mechanisms Directive. Its activities are regulated by the Bank Directive: Personal Date Privacy: External Expert Reviewer which also includes a code of conduct for its members. The EER meets twice a year for a period of two weeks, in person at World Bank headquarters in Washington, DC, or virtually. Its first session will be in spring 2022.

     

    Members of the EER are appointed by the World Bank Group President for a three-year term which may be renewed once for an additional three years.

     

    The EER is chaired by an expert on privacy and data protection in a public sector entity and has two additional members who are familiar with the World Bank, one of them through first-hand experience.

     

    Policies and Procedures

    Bank Directive: Personal Date Privacy: External Expert Reviewer



CONTACTS

Data Privacy Office 1818 H street, N.W Washington, DC 20433, U.S.A
privacy@worldbank.org