The Commission may approve binding corporate rules, codes of conduct, certification mechanisms or similar instruments for data transfer proposed to it, where the Commission is satisfied that such instruments meet appropriate standards of data protection in accordance with the objectives of this Act.