Export of Personal Data, have developed guidelines to ensure that the flow of personal data across national boundaries does not result in the unlawful storage. the abuse or unauthorized disclosure of such data.
Export of Personal Data has two sets of guidelines
►Organization for economic Co-operation and Development Fair Information Practices(1980)
►European Union Data Protection
Organization for economic Co-operation and Development Fair Information Practices(OECD)
■ an international organization consisting of 30 member countries worldwide including large countries like United Kingdom, Australia, Italy, Japan, United States and etc.
■ Its goal is to set policy and come to agreement on topics for multilateral is necessary for individual countries to make progress in a global economy.
European Union Data Protection(EU)
■ This guidline is only exclusive to the western europe
■ EU requires any company doing business within a border of 15 western European nations for implement a set of privacy directives on the fair and appropriate use of info.
■The directive requires member countries to ensure that data transferred to non-European Union countries is protected.
This paragraph discuss Binding Corporate Rules(BCR) and data transfer.
On 1 October 2008, 9 data protection authorities agreed to a mutual recognition arrangement. Then, on 10 December 2008 a further 4 data protection authorities joined the arrangement, making a total of thirteen. The thirteen are Cyprus, France, Germany, Iceland, Ireland, Italy, Latvia, Liechtenstein, Luxembourg, The Netherlands, Norway, Spain and the UK. The intention is that all these data protection authorities commit to agree a BCR application, once the lead authority has approved it.
In some jurisdictions the applicant will still need to submit an application for its data exports to be authorised. However, participating data protection authorities should authorise the BCRs as a matter of course.
There are, however, still some differences of approach within the thirteen: some authorities have clearly committed to follow the lead authority’s view; others consider themselves to be working towards such a position. We will, therefore, have to wait and see how this works in practice. A number of BCR applications are about to be submitted on this basis, so within weeks we may see the impact of this new process.
Binding Corporate Rules
In 2003, procedures were established to allow organisations to transfer personal information using “binding corporate rules”. These form a binding code of practice for a multinational to protect its personal information. The Information Commissioner’s Office in the UK gave the first approval on this new basis in 2005. However, since then progress has been slow, with only a few further approvals in the UK and other jurisdictions. One of the key concerns for organisations looking to use BCRs is the process of national approval of the BCRs. One authority receives the application (the lead authority) and obtains and circulates the comments of all relevant authorities. Responding to these comments can be time consuming and frustrating.