ICO approves American Express BCRs

The UK Information Commissioner's Office (ICO), acting as the lead authority, has approved Binding Corporate Rules for American Express to take effect from 28 January 2013.

The ICO authorised the transfer of personal data under BCRs for American Express on 29 October 2012. According to American Express, it will start using BCRs across all of its global entities.

American Express is now seeking approval of its BCRs across the European Economic Area (EEA) from EEA regulators that are not taking part in the mutual recognition process. American Express expects to receive these approvals during 2013.

"We commend American Express for its commitment to the concept of Binding Corporate Rules and for the respect for individual privacy that its BCRs demonstrate," said Deputy Information Commissioner, David
Smith. "The ICO welcomes approaches from multinational organisations that need to share personal information within their own group, but outside Europe, and who want to use binding corporate rules to enable that."

Read more about the BCR process.