Binding Corporate Rules As a New Concept for Data Protection in Data Transfers

  • Bianka MaksóEmail author
Part of the MPI Studies on Intellectual Property and Competition Law book series (MSIP, volume 28)


It took us only a few decades from the introduction of publicly open and printed telephone-number registers to approach the utopian idea of Laudon’s digital information market for personal data. Through the journey concerning data protection we must face challenges in the fields of technological development as well as jurisdictional and legislative issues such as extraterritorial law-making. This paper attempts to provide a brief composition of the economic aspects of personal data given real commercial and strategic value. Additionally, a focus is on conceptual, procedural and applicability aspects of a new legal institution called binding corporate rules, which can offer a new approach for companies to ensure an adequate level of protection not only in the cases of data transfer to third countries but also in general business interests.


Data protection Binding corporate rules General Data Protection Regulation Data transfer Personal data 


  1. Acquisti, A. (2010), The Economics of Personal Data and the Economics of Privacy, Background Paper #3, OECD, OECD Conference Centre 1 Dec. 2010, available at:
  2. Acquisti, A. (2013), The Economics of Privacy: Theoretical and Empirical Aspects, Carnegie Mellon University, first page, available at:
  3. Baker, R.K. (2006), Offshore IT Outsourcing and the 8th Data Production Principle - Legal and Regulatory Requirements - with Reference to Financial Services, 14 International Journal of Law and Information Technology Issue 1, 1 March 2006, pp 1–27.CrossRefGoogle Scholar
  4. Csegődi, T. L. (1979), A jog pozitivitása mint a modern társadalom feltétele, In: Jog és szociológia., Válogatott tanulmányok KJK, pp. 123-142.Google Scholar
  5. Finn, R.L. / Wright, D. / Friedewald, M. (2013), Seven Types of Privacy, in: S. Gutwirth et al. / R. Leenes / P. de Hert / Y. Poullet (Eds.), European Data Protection: Coming of Age, Springer, pp 3-32.Google Scholar
  6. Horváth-Egri Katalin (2015), A kötelező szervezeti szabályok (Binding Corporate Rules, BCR) és az együttműködési eljárási lehetőségei, Infokommunikáció és Jog, Vol XII, No 64, HVG Orac Lap- és Könyvkiadó Kft, Budapest, 2015. pp. 143 – 147.Google Scholar
  7. Huang, P.H. (1998), The Law and Economics of Consumer Privacy Versus Data Mining, University of Pennsylvania, available at:
  8. Kuner, C. (2015), Extraterritoriality and Regulation of International Data Transfers in EU Data Protection Law, University of Cambridge Faculty of Law Research Paper No. 49/2015, 2015, available at: CrossRefGoogle Scholar
  9. Laudon, K.C. (1996), Markets and Privacy, Association for Computing Machinery, Communications of the ACM, Sep 1996, Vol 39, No 9, 92-104, ABI/INFORM GlobalGoogle Scholar
  10. Luhmann, N. (1979), The unity of the legal system, in: G. Teubner (Ed.), Autopoietic Law: A new approach to law and society, GruyterGoogle Scholar
  11. Moorhead P.: Why Your Personal Data Is The New Oil (2011), please give a sourceOros / Szurday (2003), Európai Füzetek 35.: Adatvédelem az Európai Unióban – Szakmai összefoglaló a magyar csatlakozási tárgyalások lezárt fejezetiből, A Miniszterelnöki Hivatal Kormányzati Stratégiai Elemző Központ és a Külügyminisztérium közös kiadványa.Google Scholar
  12. Oros P. / Szurday K. (2003), Adatvédelem az Európai Unióban – Szakmai összefoglaló a magyar csatlakozási tárgyalások lezárt fejezeteiből, A Miniszterelnöki Hivatal Kormányzati Stratégiai Elemző Központ és a Külügyminisztérium közös kiadványa, Európai Füzetek 35., Budapest, 2003.Google Scholar
  13. Posner, R.A. (1978), The Right of Privacy, 12 Georgia Law Review first page.Google Scholar
  14. Posner, R.A. (2011), Economic Analysis of Law, Aspen PublisherGoogle Scholar
  15. Tóth, J.Z. (2004), Richard Posner és a gazdasági jogelmélet, Jogelméleti Szemle, 2004/1.szám, available at:
  16. Ryngaert, C. (2015) Symposium issue on extraterritoriality and EU data protection, International Data Privacy Law, Volume 5, Issue 4, 1 November 2015, Pages 221–225, Oxford University Press,
  17. Samuelson, P. (2000), Privacy As Intellectual Property?, Stanford Law Review, Vol. 52, No. 5, Symposium: Cyberspace and Privacy: A New Legal Paradigm? (May, 2000), pp. 1125-1173 available at:
  18. Szabó, M.D. (2005), Kísérlet a privacy fogalmának meghatározására a magyar jogrendszer fogalmaival, Információs társadalom, 44-54.Google Scholar
  19. Szőke, G.L. (2015), Az európai adatvédelmi jog megújítása – Tendenciák és lehetőségek az önszabályozás területén, HVG-ORAC Lap- és Könyvkiadó KftGoogle Scholar
  20. Varian, H.R. (1996), Economic aspects of Personal Privacy, In: Lehr W., Pupillo L. (eds) Internet Policy and Economics. Springer, Boston, MA, available at:
  21. Warren, S.D. / Brandeis, L.D. (1890), The Right to Privacy, Harvard Law Review, Vol. 4, No. 5. (Dec. 15, 1890), pp. 193-220.CrossRefGoogle Scholar
  22. Wright, D. / de Hert, P. (2016), Enforcing Privacy: Regulatory, Legal and Technological Approaches Law, Governance and Technology Series, Volume 25, Springer International PublishingGoogle Scholar

Additional Sources

  1. Article 29 Data Protection Working Party: (2003) Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers, available at:
  2. Article 29 Data Protection Working Party: Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in the EU and Cross Border Privacy Rules submitted to APEC CBPR Accountability Agents, Adopted on 27 February 2014, WP212, 538/14/ENGoogle Scholar
  3. Article 29 Data Protection Working Party: WP 74, WP 108, WP 133, WP 153, WP 154, WP 155, WP 176, WP 195, WP 204Google Scholar
  4. European Commission (2015), Commission proposes a comprehensive reform of data protection rules to increase users’ control of their data and to cut costs for businesses, Press Release Database, available at:
  5. European Commission (2011), Social Eurobarometer 359 Attitudes on Data Protection and Electronic Identity in the European Union, available at:
  6. European Commission (2016), Digital Privacy, available at:

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Deák Ferenc Doctoral School of LawUniversity of MiskolcMiskolcHungary

Personalised recommendations