These policies are called "binding corporate rules" (BCRs). A number of companies are already using BCRs in their corporate operations worldwide, but uncertainty remains about their binding legal status in some jurisdictions. The ICC hopes its report will dispel such uncertainty.
The ICC carried out a survey of data transfer solutions as well as the legal enforceability of corporate codes of conduct in a wide range of countries. It became evident, says the ICC, that although existing contractual solutions for data transfer are still useful, they are impractical for many corporate businesses involved in frequent global transfers of data.
According to Christopher Kuner, Chair of the ICC Data Protection Task Force:
"The ICC report demonstrates that BCRs can be legally enforceable under a number of theories, and should thus be recognised under data protection law as a workable solution to provide a legal basis for the international transfer of personal data."
ICC's report examines the factors that companies should take into account when drafting and using BCRs, as well as their binding legal status in some selected jurisdictions around the world.
The report further stresses that BCRs not only help businesses to safely transfer data, but also help to develop consumer confidence by respecting an individual's right to data privacy and security.