ICO approves American Express BCRs


The UK Information Commissioner's Office (ICO), acting as the lead
authority, has approved Binding Corporate Rules for American Express to take effect from 28 January 2013.

The ICO authorised the transfer of personal data under BCRs for American Express on 29 October 2012. According to American Express, it will start using BCRs across all of its global entities.

American Express is now seeking approval of its BCRs across the European Economic Area (EEA) from EEA regulators that are not taking part in the mutual recognition process. American Express expects to receive these approvals during 2013.

"We commend American Express for its commitment to the concept of Binding Corporate Rules and for the respect for individual privacy that
its BCRs demonstrate," said Deputy Information Commissioner, David
Smith. "The ICO welcomes approaches from multinational organisations
that need to share personal information within their own group, but
outside Europe, and who want to use binding corporate rules to enable

Read more about the BCR process at



If you would like to comment on this article, please login or register.


Tag cloud