EBay has received permission to use binding corporate rules (BCRs) to transfer data across borders. The Luxembourg data protection authority, Commission Nationale pour la Protection des Données (CNPD), approved the company’s application recently.
BCRs are legally binding regulations that demonstrate a company’s capacity to transfer data across borders safely. The approval lets eBay transfer and share personal data within the company without having to use other legal instruments such as model contractual clauses.
“We were very pleased with the exceptional work provided by [eBay and eBay’s outside counsel Allen & Overy], of the quality of the documents elaborated and of the constructive dialogue in the process of validation and implementation of eBay’s binding corporate rules,” said CNPD President Gerard Lommel.
EBay is the first e-commerce company to receive BCR approval, according to a company press release. It gained approval for both employee and customer BCRs. The authorization came under the new BCR mutual recognition procedure.
EBay Global Privacy Leader Scott Shipman, CIPP, called the approval a “major milestone” and said: “The level of cooperation and communication eBay received from the CNPD and the other DPAs was greatly appreciated and made the project a success.”