ARTICLE IV

CONFIDENTIALITY PROVISIONS

1. [The Organization] shall conduct its activities provided for under this Protocol in the least intrusive manner consistent with the timely and efficient accomplishment of their objectives. It shall request only the information and data necessary to fulfil its responsibilities under this Protocol and shall use this data and information only for the purpose of this Protocol. [It shall avoid, to the extent possible, any access to information and data not related to the aims of this Protocol.] It shall take every precaution to protect the confidentiality of information on civil and military activities and facilities [including such information coming to its knowledge] in the implementation of this Protocol and, in particular, shall abide by the confidentiality provisions set forth in this Protocol. 

2. Each State Party shall treat as confidential and afford special handling to information and data that it receives in confidence from [the Organization] in connection with the implementation of this Protocol. It shall treat such information and data exclusively in connection with its rights and obligations under this Protocol and in accordance with the provisions set forth in this Protocol. 

3. Each State Party shall have the right to take measures as it deems necessary to protect confidential information, [provided that it fulfils] [without prejudice to] its obligations [to demonstrate compliance] in accordance with the provisions of the Protocol. 

4. (a) The Director-General shall have the primary responsibility for ensuring the protection of [all] confidential information [which comes into possession of the Technical [Secretariat] [Body] from any source]. Based on guidelines provided for within this Protocol, the Director-General shall establish and maintain a stringent regime [governing the handling of confidential information by the Technical [Secretariat] [Body] as well as the necessary procedures to be followed in case of breaches or alleged breaches of confidentiality] to ensure effective protection against unauthorized disclosure. This regime shall be approved and periodically reviewed by [the ...]; 

(b) The regime referred to in paragraph 4 (a) above shall include, among others, provisions relating to:

(i) General principles for the handling of confidential information;

(ii) Conditions of staff employment relating to the protection of confidential information;

(iii) Measures to protect confidential information [obtained] in the course or as a result of on-site activities;

(iv) Procedures in cases of breaches or alleged breaches of confidentiality;

(v) Procedures for archiving of confidential information.  

[5. Data required by States Parties to be assured of the continued compliance with the Convention and this Protocol by other States Parties shall [on a reciprocal basis as appropriate] be [routinely] [, upon request,] provided to them [at the premises of the Technical [Secretariat] [Body]]. Such data shall encompass: 

(a) The initial and annual declarations provided by States Parties under Article III, section D, in accordance with the provisions set forth in the Annex; 

(b) General reports on the results and effectiveness of compliance monitoring activities; [reports on investigations and summary reports on visits in accordance with Annex B ... and Annex D ... and which are to be processed in accordance with paragraph 12 of Annex E, section III, as well as periodical reports required under Article VII]; 

(c) Information to be supplied to all States Parties in accordance with the provisions of this Protocol.]⁵⁵ 

[ 6. Without prejudice to the privileges and immunities to be accorded pursuant to this Protocol, the Organization, the Director-General and staff members of the Technical [Secretariat] [Body] shall, in accordance with the applicable laws specified in the private international law of the State of forum, be liable to the natural or legal persons for any damage caused by the Director-General and staff members of the Technical [Secretariat] [Body] through unauthorized disclosure of confidential information coming to their knowledge in connection with the implementation of this Protocol.] 

6 bis The Director-General shall impose appropriate [punitive and] disciplinary measures on employees of [the Technical [Secretariat] [Body]] who violated their obligations to protect confidential information. In case of [serious] breaches, the immunity of employees of [the Technical [Secretariat] [Body]] [or of [the Organization]] from jurisdiction [may] be waived [by the Director-General] in accordance with the provisions in Annex E. 

[7. The Conference of the States Parties shall establish and appoint, at its first session, a Commission for the settlement of disputes related to confidentiality (hereinafter referred to as "Confidentiality Commission") as its subsidiary organ in accordance with Article IX, paragraph 24 (j). The Commission shall have the powers and functions as set forth in this Protocol.] 

[8. Any State Party to this Protocol which considers that it has been affected by a breach of confidentiality or that its natural or legal persons have suffered from damage through such a breach [shall] [may] seek to settle the dispute in accordance with the provisions set forth in Article XII which may include referring it to the Confidentiality Commission in accordance with paragraph 8 of Annex E, section IV.] 

[8 bis For disputes regarding alleged breaches involving both States Parties and the Technical [Secretariat] [Body] or two or more States Parties, a commission for the settlement of the dispute related to confidentiality, set up as a subsidiary organ of the Conference, shall consider the case in accordance with the provisions set forth in Annex E. The Commission shall be approved by the Conference.]

Notes

 55. There is a need to consider whether the declarations shall be available to all States Parties or only to those States Parties which have submitted their declarations.