eBay counts on binding corporate rules (BCRs)
Category: NachrichtenBy: M. Schröder - 2B Advice GmbH - the privacy benchmark
In a globalized world, data does not stop at the border. eBay is now (at the latest from November 1, 2010) counting on binding corporate rules in order to maintain and protect the level of European data protection for member data upon any data transmission within the eBay Group beyond the borders of Europe.
BCRs are intern guidelines that ensure data protection within a corporate group and facilitate transnational data exchange within a corporate group. For this purpose, in the BCRs, the group must bind itself to the principles and material elements of European data protection (IV. eBay BCR). In this manner, the level of data protection does not drop away upon a transmission. Thereby, it is not sufficient to record the BCRs in writing and to distribute them to the companies belonging to the group; the BCRS must be implemented within the companies. It is necessary that, upon a violation of the BCRs, consequences are threatened against those persons in the particular companies that have violated the BCRs (III. and VI. eBay BCR). The implementation of the BCRs within the group is a substantial item of any set of BCRs. For this purpose, eBay has implemented an internal "data protection team," which is responsible for the complaint procedure (X eBay BCR). Upon the implementation of the BCRs, it may become necessary to change already existing structures, or to create new structures within the group.
The BCRs must be examined and approved by the supervisory authority in charge; for eBay, this was the Luxembourg CNPD. Subsequently, the supervisory authorities of the other European countries in which the companies belonging to the group have their registered offices must likewise approve the BCRs, which, owing to the so-called "mutual recognition procedure," by now occurs relatively rapidly.
For corporate groups, the expenses for the production, implementation and approval of BCRs pay for themselves. In place of innumerable contractual provisions, a central and company-uniform policy serves as a dependable basis for permissibility for data transmission within the group. BCRs minimize error probability, may reduce administrative expenses and save time. BCRs reach their limits if a transmission is to take place to a location outside of the group.
Sources:
news.ebay.de/globalnews/item/show/1458
pages.ebay.de/help/policies/binding-corporate-rules.html
pages.ebay.de/help/policies/privacy-policy.html
(1342 times viewed)