This chapter explores the essential role of Binding Corporate Rules (BCRs) in managing and facilitating secure health data transfers within corporate groups under the EU General Data Protection Regulation (GDPR). BCRs are tailored to ensure compliance with the GDPR and similar international data protection laws, presenting a flexible mechanism for transferring sensitive health and genomic data. The chapter situates BCRs within the broader spectrum of the GDPR international data transfer mechanisms, addressing the unique challenges posed by the sensitive nature of health data and the increased adoption of AI technologies. The European Data Protection Board (EDPB) Recommendations 1/2022 on BCRs, issued following the Schrems II decision, are critically analyzed, highlighting their stringent requirements and the need for a balanced approach that prioritizes data protection and an AI governance framework. The chapter outlines the BCR approval process, stressing the importance of streamlining this process to encourage broader adoption. It underscores the necessity of a multidisciplinary approach in developing BCRs, incorporating recently adopted international standards and frameworks, which offer valuable guidance for organizations to build trustworthy AI management systems. They guarantee the ethical development, deployment, and operation of AI, which is essential for its successful integration and the broader digital transformation. In conclusion, BCRs are positioned as essential tools for secure health data management, fostering transparency, accountability, and collaboration across international borders. The chapter calls for proactive measures to incentivize BCR adoption, streamline approval processes, and promote more innovative approaches, ensuring BCRs remain a robust mechanism for global data protection and compliance.

翻译：本章探讨了《约束性企业规则》在欧盟《通用数据保护条例》框架下，于企业集团内部管理和促进安全健康数据传输方面所发挥的关键作用。BCRs旨在确保符合GDPR及类似的国际数据保护法律，为传输敏感的健康与基因组数据提供了一种灵活的机制。本章将BCRs置于GDPR国际数据传输机制的更广阔谱系中进行定位，探讨了健康数据的敏感性特质以及人工智能技术日益普及所带来的独特挑战。文章对欧洲数据保护委员会在Schrems II案裁决后发布的《关于BCRs的第1/2022号建议》进行了批判性分析，强调了其严格的要求，以及需要采取一种优先考虑数据保护和人工智能治理框架的平衡方法。本章概述了BCR的审批流程，强调了简化该流程以鼓励更广泛采用的重要性。它着重指出，在制定BCRs时需要采取多学科方法，纳入近期通过的国际标准与框架，这些标准与框架为组织建立可信赖的人工智能管理体系提供了宝贵指导。它们保证了人工智能在伦理上的开发、部署与运行，这对于其成功整合及更广泛的数字化转型至关重要。总之，BCRs被定位为安全健康数据管理的重要工具，能够促进跨国界的透明度、问责制与合作。本章呼吁采取积极措施，激励BCR的采用，简化审批流程，并推动更具创新性的方法，确保BCRs继续作为全球数据保护与合规的稳健机制。