On November 29, 2011, at the International Association of Privacy Professionals (“IAPP”) Europe Data Protection Congress in Paris, France, Viviane Reding, Vice President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, provided insight into details of the proposals for the revised EU data protection framework. She focused explicitly on solutions for international data transfers, promoting Binding Corporate Rules (“BCRs”) as a solution that can offer a simplified, yet comprehensive, structure for safeguarding international flows of data. Commissioner Reding referred to BCRs as offering the possibility of consistent enforcement and legal certainty, without stifling innovation.
Commissioner Reding’s vision is for BCRs to become the tool of choice for organizations of all sizes and structures, which process data internationally, including those that process data in the cloud. She said she hoped BCRs would be recognized as more than merely a mechanism for facilitating intragroup transfers from the EU. She spoke of further simplifying the approval process for BCRs, so that a single data protection authority would be able to approve a BCR, without the need for additional local approvals. This would shorten the time taken to complete the approval process and dramatically reduce the cost of gaining approval.
Commissioner Reding characterized BCRs as accessible to all organizations and capable of governing all international data flows. According to Commissioner Reding, BCRs should be a code of practice for organizations, rather than merely a mechanism to facilitate international data transfers. In this spirit, she urged organizations to begin now to work on their BCRs.