ICC's Commission on E-Business, IT and Telecoms

Policy and Business Practices

What do we do?

How does it work?

Become a member

Leadership

Task Forces

Topics

Internet & Telecoms infrastructure & services

Privacy & Personal Data Protection

Security and Authentication

ICC Tools for e-business

Procuring ICTs

Securing your business

Telecoms liberalization

Putting it right

Resolving disputes online

Privacy toolkit

Information security assurance for executives

Resource guide

Archives

Jurisdiction & Applicable Law

Telecoms

Internet & IT Services

Consumer Policy for E-Business

Electronic Contracting

EBITT opportunities

Internships

Policy Statements, Rules & Codes

Full list

>Business leaders and experts drawn from the ICC membership establish the key business positions, policies and practices on e-business, information technologies and telecommunications through the EBITT Commission.

ICC Commission on E-Business, IT and Telecoms (EBITT)

Task Forces

Task Force on Privacy and the Protection of Personal Data

Chair - Christopher Kuner (Hunton & Williams, Belgium)

This task force articulates business interests in international and regional policy initiatives related to privacy and data protection.

Goals/Objectives

Increase the ability of business to manage personal data flexibly and effectively on a global basis while upholding fair information practices through the policy positions and recommendations to governments and practical tools for business.

Mid/near-term goals/objectives

Continue promoting ICC work on codes of conduct/binding corporate rules to provide another means for use and cross-border transfer of personal data globally through Data Protection Authorities (DPAs)
Continue advocacy efforts to boost the role of model contracts and codes of conduct in ensuring flexible and adequate data protection practices cross-border data transfers.
Help reduce harmful and illegal electronic commercial communications.

ICC submits model clauses to EC on international data transfers

20 October 2006

In a move to standardize and speed up transfers of international data worldwide, the International Chamber of Commerce submitted today to the European Commission (EC) a proposal covering flows of personal data from data controllers to data processors. This follows approval by the EC in 2005 of an earlier draft by ICC of standard clauses for international transfers from data controllers to other data controllers. The clauses were submitted jointly by ICC, the American Chamber of Commerce to the European Union (AmCham EU), the Federation of European Direct Marketing (FEDMA), and the Japan Business Council in Europe (JBCE). The clauses will be made publicly available on the opening day of a conference on international data transfers on 23 October in Brussels which is jointly organized by the EC and the US government.

Basel II initiative of the Bank for International Settlements (bis)

October 2006

Basel II requires banks to collect and exchange huge amounts of data, including customer data falling under data protection legislation. To find out more and collect facts on the problems that banks experience in the field of Basel II and data protection, ICC had developed a questionnaire.

Introduction and questionnaire

Answers to the questionnaire

Standard application for Approval of Binding Corporate Rules for the Transfer of Personal Data outside EU

September 2006

The EU Data Protection Directive 95/46/EC allows personal data to be transferred outside the EU only when the transfer provides an “adequate level of protection” for the data. Binding corporate rules (BCRs) are one of the ways in which such an “adequate level of protection” may be demonstrated.

The use of BCRs to provide a legal basis for international data transfers from the EU requires the approval of the European data protection authorities (DPAs) from whose countries the data are to be transferred. The following form is to be filled out by a group of companies seeking approval of BCRs. The form is based on papers issued by the Article 29 Working Party of European data protection authorities (the “Working Party). It is being submitted to the Working Party in the hope that it will prove useful in furthering acceptance of BCRs as a legal basis for the transfer of personal data outside the EU.

ICC input to the French Data Protection Authority (CNIL) guidelines on anonymous hotlines

December 2005

As the CNIL was asked by the European Commission Art.29 Working Party to review their guidelines on this issue, it was important for ICC to contribute at this national level to be able to respond adequately in the near future at European level.

ICC has no formal position on anonymous hotlines at this time, but it was agreed that an ICC policy statement will be prepared. Thus, the submission was marked as informal input only, from the members of this task force. We would like to reiterate that this informal input and the following ICC policy statement to the CNIL is an important opportunity to raise ICC profile and substantive consultation value with the French and the other European DPAs. This helps raise awareness of the work produced by this task force, especially on past and future work on issues such as model contract clauses and binding corporate rules.

English version (6 pages)

French version (7 pages) that was submitted as requested by the CNIL.

European Commission DG Internal Market - Art.29 Data Protection Working Party
Working Document on data protection issues related to RFID technology - WP 105

In response to the European Commission public consultation on the Working Document on data protection issues related to RFID technology, the Task Force on Privacy and Protection of Personal Data drafted a joint response from the following organizations:

The International Chamber of Commerce - the World Business Organization (ICC) - www.iccwbo.org
The European Information, Communications and Consumer Electronics Technology Industry Association (EICTA) - www.eicta.org
The International Communications Round Table (ICRT) - www.icrt.org
The Japan Business Council in Europe (JBCE) - www.jbce.org

Response by ICC, EICTA, ICRT and JBCE to the public consultation (.pdf - 16 pages)

PRESS RELEASE - European Union approves clauses for international data transfers
On December 27, 2004, the European Commission approved the standard contractual clauses for data transfers proposed by seven international business associations as offering an “adequate level of data protection" under the EU's strict data protection laws.

Click here to read the complete text of the joint business association's press release (.pdf - 2 pages)

Click here to read the European Commission's press release.

Final Approved Version of Alternative Standard Contractual Clauses for the Transfer of Personal Data from the EU to Third Countries (controller to controller transfers)

FAQs and final version of clauses (.pdf - 14 pages)

'Spam' and unsolicited commercial electronic messages January 2005 ICC policy statement (.pdf - 8 pages)

ICC report on binding corporate rules for international transfers of personal data December 2004
Prepared by the ICC Task Force on Privacy and Protection of Personal Data (.pdf - 33 pages)

French version

Arabic version

The arabic translation was produced by courtesy of Abu-Ghazaleh Translation, Distribution and Publishing.

Employee privacy, data protection and human resources

November 2004

ICC policy statement

Privacy toolkit : an international business guide for policymakers, (24 pages)

4 December 2003

For more information please contact: