The Rakuten Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the European Union is provided to employees and clients of Rakuten when their personal data are transferred to entities within the same group located outside of the EU.
BCR are considered as appropriate safeguards in terms of data protection and thus can be used as a solution for multinational companies like Rakuten that need to do a lot of international transfers of personal data. Rakuten Inc is an Internet service company. The group's international headquarters are in Japan and their European headquarters are based in Luxembourg.
For over a year, Rakuten has cooperated with the CNPD, as the lead authority, under the mutual recognition procedure with data protection authorities from seven other European countries where the group is established (Germany, Austria, Spain, Estonia, France, Ireland and the United Kingdom). These authorities have approved the results obtained by the CNPD.