The answer to this question seems to be that this is the way DB2 works when determining the data type and size for the literal.
From what I've found out, the concepts to understand here seem to be implicit and explicit CASTing. Since no explicit CAST was provided for the empty string literal, and there was no further information available on the right-hand side of the comparison predicate (only the parameter placeholder is present and it provides no definite size information), DB2 will implicitly cast to the size of the literal, in this case CHAR(1) (or maybe VARCHAR(1), I'm not entirely sure on this point).
So, it's not a CLI driver problem or quirk, nor an SQLBindParameters issue. The explicit CAST of CAST('' as VARCHAR(nn)) seems to be the correct solution to avoid the CLI0109E error.
For what it's worth, based strictly on my experiences, Oracle and SQLServer seem to behave differently than DB2 when running the same SQL on those platforms. Their implicit CASTs, absent any available size information upon which to draw, seem to be VARCHAR(large). But the explicit CAST also works just as well for them.