Corporate Data-sharing

On June 3rd, the European Data Protection Working Party adopted the Working Document Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers.

Multinational corporations will often require their subsidiaries, branches and affiliated companies located in other countries to transfer data regarding employees, suppliers and clients to them in order to better oversee the management of the organisation, or to control certain aspects of the corporate activities. This type of data-sharing has largely been hampered by the rules set out in the Directive 95/46/EC, which prohibits cross-border data transfers except where certain conditions are satisfied.

The Working Party document sets out new conditions that would allow multinational organisations to adopt “corporate binding rules”, under article 26 (2) of the Directive 95/46/EC, in order to facilitate data flows outside the European Union.

The following questions have been addressed in this article:

How does the EU Commission determine if a country offers an adequate level of protection for personal data coming from the EU?
Is it possible for multinationals to carry out transborder data transfers when there isn’t an EU Commission decision regarding the adequacy of protection?
What are ‘binding corporate rules’?
Who can use the binding corporate rules?


Facebook Twitter RSS