Task Force on Privacy and the Protection of Personal Data 

_{Chair - Christopher Kuner (Hunton & Williams, Belgium)} 

_{Data Protection and Privacy} 

_{In today's digital and interconnected world, businesses need to move and process information across locations and networks to serve their global customers in faster, more efficient and cost-effective ways. Members of this task force are kept up to date on data protection developments around the world that affect their businesses in areas such as international data transfer, RFID, whistleblower hotlines, and human resources data. This task force works to streamline processes and save companies money by developing standardized, practical tools.} 

_{EU Standard Contractual Clauses for the Transfer of Personal Data} 

_{In a move to standardize and speed up transfers of international data worldwide, ICC, in conjunction with other business organizations, has worked with the European Commission to improve standard contractual clauses for international transfers of data. On 27 December 2004, the European Commission approved standard contractual clauses for the transfer of personal data from EU to non-EU countries proposed by seven international business associations, judging them as offering an “adequate level of data protection" under the EU's strict data protection laws. In February 2010, the commission approved changes to the standard contract clauses covering flows of personal data from the EU to non-EU countries between data controllers and data processors.} 

 _{Related documents:} 

• Feb 2010 announcement: New EU data transfer rules bear ICC imprint    

• Redline version explaining the position on behalf of Hunton & Williams

• New EU Commission Standard Contractual Clauses for the Transfer of Personal Data from the EU to Third Countries (data controller to data processor transfers) 

• Final Approved Version of Alternative Standard Contractual Clauses for the Transfer of Personal Data from the EU to Third Countries (controller to controller transfers) 
  
  
• Joint associations' press release,EU press release    

_{Return to top}    

 

_{Binding Corporate Rules for the Transfer of Personal Data outside EU} 

The EU Data Protection Directive 95/46/EC allows personal data to be transferred outside the EU only when the transfer provides an "adequate level of protection" for the data. Binding corporate rules (BCRs) - corporate codes which contain measures to ensure data protection in transfers from one country within the EU to a country outside it - are one of the ways in which such an "adequate level of protection" may be demonstrated. Until ICC introduced its standard application, companies had to submit different application forms to each EU member state when asking data protection authorities to approve their BCRs. ICC’s initiative to help businesses demonstrate their compliance and standardize the process for transferring data internationally from any EU country is now the foundation of the form adopted by all European data protection authorities. 

 _{Related documents:} 

•  Standard application for approval of binding corporate rules for the transfer of personal data outside EU   

•  ICC report on binding corporate rules for international transfers of personal data   

Available in English, French and Arabic. The Arabic translation was provided courtesy of Abu-Ghazaleh Translation, Distribution and Publishing. 

Return to top  

 

_{Basel II initiative of the Bank for International Settlements (BIS)} 

_{Basel II requires banks to collect and exchange huge amounts of data, including customer data falling under data protection legislation. To find out more and collect facts on the problems that banks experience in the field of Basel II and data protection, ICC developed a questionnaire.} 

_{Related documents:} 

•  Introduction to ICC work on Basel II and questionnaire   

•  Answers to ICC fact-finding questionnaire Basel II and data protection 

Return to top

 

_{Privacy Toolkit}  

_{Effective and appropriate privacy protection is a business enabler, not a barrier. It is a way to ensure consumer confidence and trust, and an enabler of lasting and fruitful customer relationships. Global business supports the use of a wide range of privacy enabling measures, and recognizes that there is no ‘one size fits all’ approach to privacy protection. This Toolkit sets out the business context for privacy protection and describes the characteristics and benefits of optimal privacy protection regimes.} 

_{ICC advocates consensus on principles for the use of personal data, and flexibility on the many mechanisms that can be used to apply these principles and ensure compliance. This Toolkit points out the potential adverse effects of relying too heavily on overly burdensome and legislation-centered approaches to privacy protection. It concludes with a set of action items for governments to promote appropriate and effective privacy protection regimes.} 

_{Related documents:} 

•  Privacy Toolkit  

Return to top  

 

_{Tools for Business} 

•  Binding Corporate Rules for the Transfer of Personal Data outside EU   

•  Basel II Initiative by the Bank for International Settlements (BIS)   

•  Privacy Toolkit   

_{Policy Statements} 

• ICC Policy Statement on Spam and Unsolicited Commercial Electronic Messages 

• ICC Policy Statement on Employee Privacy, Data Protection and Human Resources   
  

 

_{Other topics} 

• _{French Data Protection Authority (CNIL) guidelines on anonymous hotlines – ICC input in Englishand in French}  

• _{Data Protection Issues related to RFID technology – EU Article 29 Working Party Joint response by ICC, EICTA, ICRT and JBCE}   

For further information, please contact :

Constance Weise Policy Assistant Tel: +33 1 49 53 33 89 Fax: +33 1 49 53 57 97

Click here to email

 

Back to EBITT Commission page