2018 saw two new members of APEC’s Cross Border Privacy Rules (CBPR) system: Australia and Chinese Taipei. They join the US, Mexico, Canada, Japan, South Korea and Singapore. As we have reported on previously, the CBPR system is meant to help companies transfer information between participating countries. In the coming months, Australia’s Attorney General plans to work with businesses to implement the system. The Chinese Development Council also plans to work with China’s ministries and departments to boost discussions about privacy protection with other countries. The system has often been compared to other cross-border schemes, including the Privacy Shield (see our update to that program). Companies join by completing self-assessments and participating with an “accountability agent” (in the US, there is only one approved accountability agent).

Putting it Into Practice: We will continue to monitor the CBPR. The more countries that participate the broader the potential scope of transfers for companies.