CCF: Commission for Control of INTERPOL Files (2026)
Article 36 of INTERPOL’s Constitution established the Commission for the Control of INTERPOL’s Files (CCF) as an independent supervisory body. The CCF ensures that all data processing complies with INTERPOL’s rules, advises on data protection projects, and decides individual requests for access, correction, or deletion of personal information held in INTERPOL databases.
Commission for the Control of INTERPOL’s Files (CCF) – an independent body within INTERPOL, created by Article 36 of INTERPOL’s Constitution, that supervises compliance with data protection rules, provides advisory opinions on data processing projects, and decides on individual requests concerning personal data in INTERPOL systems (CCF Statute adopted by Resolution AG-2016-RES-06 at the 85th INTERPOL General Assembly).
Key Takeaways
- Three core functions: supervisory (monitoring data compliance), advisory (guiding data projects), and processing (handling individual access, correction, and deletion requests).
- Since 26 March 2026 at 10:00 CET, all requests must go through a dedicated secure online portal. Email and postal submissions are rejected unless Rule 25(2) of the CCF Operating Rules permits exceptional circumstances—meaning if you miss this deadline window, you cannot use the old methods.
- Access requests: four months from admissibility. Deletion and correction requests: nine months. Plan accordingly if you need a decision by a specific date.
- Revise a CCF decision only if you discover new facts within six months of discovery under Article 42 of the CCF Statute, and only if that fact would have changed the outcome.
- CCF members serve five-year initial terms (renewable once for three additional years) and sign a solemn declaration under Rule 3.1 affirming independent and impartial duties.
What Is the Commission for the Control of INTERPOL’s Files (CCF)?
Article 36 of INTERPOL’s Constitution created the CCF as an independent data protection authority. It ensures that personal information in INTERPOL databases is processed lawfully, accurately, and in compliance with INTERPOL’s Rules on the Processing of Data. Resolution AG-2016-RES-06 at the 85th INTERPOL General Assembly adopted the CCF Statute, with detailed procedures set out in the CCF Operating Rules.
The CCF performs three distinct functions. Supervisory: monitoring all data processing activities across INTERPOL databases for compliance with the Rules on the Processing of Data. Advisory: providing expert guidance to INTERPOL bodies on projects involving personal data and policy changes affecting data protection. Processing: deciding individual requests from people who want to access, correct, or delete personal data in INTERPOL systems.
The CCF Statute defines the body’s structure, powers, competence, and relationship with other INTERPOL bodies including the General Assembly. Article 35 requires the CCF to consult with the data source—typically the National Central Bureau that submitted the information—before disclosing information connected to a request. This protects member countries by ensuring they know when their data submissions are under review and can provide legal justification or updated information.
How Does the CCF Maintain Its Independence from INTERPOL?
Independence matters. The CCF functions as an autonomous decision-maker, separate from INTERPOL’s operational command structure. The CCF Statute and Operating Rules protect this independence through structural and personal mechanisms.
Rule 3.1 requires every CCF member to sign a solemn declaration affirming that they will exercise duties honourably, independently, and impartially. This is not ceremonial. Members commit they will not take instructions from any government, INTERPOL body, or external party when deciding data compliance or individual requests.
Conflict of interest rules go further. Rule 2 of the Operating Rules requires members to withdraw from cases where they have a real or perceived conflict—a personal interest in the outcome, a professional relationship with a party, or any other connection undermining impartiality. When a member recuses themselves, the remaining members handle the case. Objective review replaces bias.
How Does the CCF’s Supervisory Role Work in Practice?
The CCF monitors data processing compliance across all INTERPOL databases and systems to ensure member countries and INTERPOL adhere to the Rules on the Processing of Data. Accuracy, lawfulness, and quality of data entered into Red Notices, Diffusions, stolen and lost travel documents databases, and other core repositories all fall within this oversight.
Investigating potential violations is a core power. When the CCF identifies non-compliance, it can recommend corrective measures—even without an individual request. It reviews whether Red Notice requests meet INTERPOL’s standards. For instance, does the notice rest on an ordinary criminal offence, or does it involve a political, military, religious, or racial matter prohibited under Article 3 of INTERPOL’s Constitution? Non-compliant data gets deleted or corrected by CCF order.
The supervisory function includes proactive monitoring. Systemic patterns emerge: particular National Central Bureaus submitting non-compliant data repeatedly, outdated entries lingering in systems, operational units applying the Rules inconsistently. The CCF reports findings and recommendations to the INTERPOL General Assembly, which directs policy changes or guidance to member countries based on what it learns.
What Is the CCF’s Advisory Role and When Is Consultation Required?
Before INTERPOL launches new databases, systems, or policy changes, the CCF provides expert guidance on data protection implications. This advisory role embeds safeguards at the design stage rather than after problems emerge.
Mandatory consultation applies whenever INTERPOL implements a new system processing personal data or makes significant changes to existing databases. The CCF reviews proposals against the Rules on the Processing of Data—are safeguards adequate? Is the data retention period justified? Advisory opinions are not legally binding, but INTERPOL bodies must weigh them seriously. Ignoring CCF advice without documented reasons creates accountability questions before the General Assembly.
Data source consultation works similarly. Article 35 of the CCF Statute requires the CCF to consult with the data source before disclosing information connected to a request. Practically: an individual requests access to a Red Notice, and the CCF notifies the National Central Bureau that submitted it. That bureau gets an opportunity to provide legal justification, investigation context, or updated information before the CCF decides. This balances the individual’s right to know what data exists against the need to protect ongoing investigations and sensitive law enforcement information.
How Can Individuals Submit Access, Correction, or Deletion Requests to the CCF?
Individuals believing INTERPOL holds personal data about them—in a Red Notice, Diffusion, stolen travel document entry—can request access, correction, or deletion. The submission method changed decisively on 26 March 2026. From 10:00 CET that day forward, only a dedicated secure online portal accepts requests. Email and postal submissions are rejected unless Rule 25(2) of the CCF Operating Rules permits exceptional circumstances. This means missed the portal deadline? You cannot default to the old method.
Three request types exist. Access requests ask whether INTERPOL holds data about you and demand a copy. Correction requests amend inaccurate or incomplete information. Deletion requests remove data violating INTERPOL rules—a Red Notice based on a political offence, or outdated entries no longer necessary.
Rule 25(2) permits alternatives only in exceptional circumstances, which the rule does not define exhaustively but would include: no reliable internet access, technical barriers preventing portal use despite genuine effort, or detention without online access. The requester must explain in writing; the CCF assesses each case individually and may reject the request if circumstances do not justify bypassing the mandatory portal.
What Are the Time Limits for CCF Decisions on Requests?
Four months from admissibility for access requests. Nine months for deletion and correction. These CCF Statute and Operating Rules timelines give individuals decision windows to plan around.
Admissibility kicks in once the CCF confirms jurisdiction (data exists in an INTERPOL system), sufficient information identifies the data in question, and the request fits one of three permitted categories. Reaching admissibility itself takes weeks if documentation is incomplete or clarification is needed.
Several factors consume time within statutory limits. Multiple National Central Bureaus involved? Article 35 requires consultation with each, and their responses delay processing. Novel legal issues? Extensive document review? The CCF uses the full statutory period. No interim updates arrive during processing—requesters receive a decision only when the review is complete.
What Information Do I Need to Submit a Request to the CCF?
Every request requires identity verification. This is the gate-keeper step: without it, the CCF cannot confirm you’re actually the person whose data you’re requesting. The secure online portal asks for scanned copies of a passport or national identity card, and if a lawyer is submitting on your behalf, a power of attorney from you.
For access requests, think practically about search strategy. You need to give the CCF enough detail to actually find you in INTERPOL databases – your full name as it appears in official documents, date and place of birth, nationality, and any known aliases. If you suspect a Red Notice or Diffusion exists, include any reference numbers, the country you believe issued the request, and the approximate date. The more specific you are, the faster they locate your file.
Correction and deletion requests demand heavier lifting. You must pinpoint the specific data you believe is inaccurate or unlawful, explain why it violates INTERPOL rules (citing the relevant articles if you can), and back it up with supporting documents – court judgments, official letters, legal opinions. For deletion based on political offence grounds, you’ll typically need evidence that the underlying charge is politically motivated: documents showing that the prosecution targets your political activity, membership in an opposition party, or exercise of rights protected under international human rights law.
The portal walks you through requirements step by step. Language matters practically here too: the CCF accepts submissions in INTERPOL’s working languages (English, French, Spanish, and Arabic). If your supporting documents are in another language, you may need certified translations – a delay many applicants don’t anticipate – so the CCF can properly assess your request.
When Can You Request a Revision of a CCF Decision?
Article 42 of the CCF Statute opens one narrow window: revision is possible if you discover a new fact after the decision is issued, the fact was genuinely unknowable during the original proceedings, and it would have changed the outcome. You have six months from the moment you discover it to file.
Here’s what revision is not: it’s not an appeal. The CCF won’t reconsider the same facts or re-examine legal arguments you already made. It exists specifically for when genuinely new evidence surfaces – a court judgment issued after the CCF decision that vacates the conviction underlying your Red Notice, or newly released government documents proving prosecution was politically motivated. The burden falls on you to prove three things: the fact is new, you couldn’t have found it earlier through reasonable effort, and it’s material enough to change the conclusion.
The clock starts from when you discovered the fact, not from the original CCF decision. Suppose a court issues a favourable judgment three years after the CCF rejected your deletion request. You then have six months from that judgment date to file for revision. This flexibility matters: new facts can emerge long after the original decision, especially in cases with ongoing criminal proceedings or evolving political situations. But miss that six-month window, and the CCF cannot reopen the case.
What Qualifies as a “Newly Discovered Fact” for Revision Purposes?
A newly discovered fact is information that was unavailable to you and the CCF during the original proceedings and that directly affects whether the data in INTERPOL systems is lawful or accurate. Court decisions issued after the CCF decision are the clearest examples – also changes in legal status (charges dismissed, acquittal rendered), and documentary evidence previously classified or withheld by authorities.
But public information you simply missed doesn’t count. If a court judgment existed before the CCF decision and you didn’t submit it, that isn’t a newly discovered fact – it’s evidence you could have presented earlier. New legal arguments or reinterpretations of existing facts also fail. The CCF won’t revisit its reasoning unless the factual foundation has actually shifted.
What does work: a European Court of Human Rights judgment finding your trial violated fair trial guarantees, issued after the CCF decision. A decision by the requesting country’s prosecutor to withdraw the arrest warrant, happening after the CCF upheld the Red Notice. Leaked government documents proving your prosecution was ordered by political officials, documents that became public only after the CCF decision.
What doesn’t: discovering that another person’s similar case succeeded before the CCF – that’s precedent, not new fact about your case. Obtaining a legal opinion from an expert supporting your position – expert opinions are arguments, not evidence. Learning additional political context that was already publicly known during the original proceedings.
Who Serves on the CCF and How Are Members Appointed?
INTERPOL’s General Assembly appoints CCF members for an initial five-year term, renewable once for three more years. This structure balances two competing needs: continuity, so members develop genuine expertise in INTERPOL data protection over time, against turnover that prevents entrenchment and brings fresh thinking.
Selection criteria are strict. Members must have expertise in data protection, international law, or law enforcement, and they must be demonstrably independent of any government or INTERPOL operational body. Before starting, each member signs a solemn declaration under Rule 3.1 of the CCF Operating Rules committing to exercise their functions honourably, independently, and impartially – without seeking or accepting instructions from any government or organisation.
Member count and geographical distribution are set by the General Assembly to reflect INTERPOL’s global reach and ensure the CCF can handle request volume and supervisory work. Members work part-time, meeting several times yearly to review requests, conduct oversight, and advise on data protection projects. The CCF Secretariat – administrative staff working full-time – handles daily request processing, documentation, correspondence with requesters and National Central Bureaus, and case file preparation for members’ review.
⚠️ Time is critical — every day matters
Get a free case assessment
Our team specialises in cases with an international element. We review applicable treaties, assess risks, and prepare an action plan.
Frequently Asked Questions
Is the CCF Truly Independent from INTERPOL?
Yes. Article 36 of INTERPOL’s Constitution and the CCF Statute enshrine the CCF as autonomous with its own decision-making authority – not just in name, but structurally. Every member signs a solemn declaration under Rule 3.1 of the CCF Operating Rules affirming independent and impartial performance of duties, and Rule 2 requires withdrawal from cases with conflicts of interest. This isn’t procedural window-dressing; it’s the governing framework.
How Long Does It Take to Get a Response from the CCF?
Access requests must be decided within four months from admissibility; deletion and correction requests within nine months. But the admissibility determination itself can take several weeks, especially if more documentation is required – which stretches the overall timeline. Processing can extend to the full statutory limit if the request involves multiple National Central Bureaus requiring consultation under Article 35 of the CCF Statute or raises complex legal issues. Plan accordingly; decisions rarely arrive faster than three months.
What Happens If I Miss the Deadline for Requesting Revision?
The six-month deadline for revision under Article 42 is absolute. Miss it, and the CCF has no authority to reopen the case based on that newly discovered fact. Your options then narrow: wait for another genuinely new fact to emerge, request the issuing country to withdraw the Red Notice directly, or challenge the underlying legal proceedings in national courts. All require additional effort and time.
Can I Submit a Request on Behalf of Someone Else?
Only with formal authorisation. If you’re a lawyer, you must provide a signed power of attorney from the data subject granting authority to act on their behalf. Both documents – the power of attorney and identity verification for the data subject and representative – get uploaded through the secure online portal. Family members and friends cannot submit requests without formal legal authority, regardless of circumstance.
Does the CCF Decision Override INTERPOL Decisions?
Within its jurisdiction, yes. When the CCF orders deletion or correction, INTERPOL and National Central Bureaus must implement it. But that jurisdiction has limits. If a country maintains a national arrest warrant independent of INTERPOL, the CCF decision doesn’t touch it – the warrant stays valid in that country even after the Red Notice is deleted. You may have won at INTERPOL and still face consequences at home.
Are CCF Proceedings Confidential?
Yes. Confidentiality protects both requesters and law enforcement interests. The CCF doesn’t publicly disclose requester names, request content, or decision details. Only the data subject, their authorised representative, and consulted National Central Bureaus under Article 35 receive information about the proceedings. The CCF does publish anonymised summaries of selected decisions for guidance – these never identify individuals or countries involved.
What If My Request Is Rejected – Do I Have Other Options?
Rejection isn’t the end. You have realistic paths forward.