As we have written in the past, APEC’s Cross-Border Privacy Rules (CBPR) program is intended to help companies more easily transfer personal data across borders. Participating companies complete self-assessments and participate with their local countries’ “accountability agent.” There are currently seven participating economies, which include the US, Canada, Japan. Those participating economies recently announced the development of a “Global CBPR Forum.” The Forum is tasked with, inter alia, creating an international certification system, reviewing members’ privacy standards, and ensuring that the program is “interoperable with other data protection and privacy frameworks.”
For companies interested in participating in the CBPR program, the current country accountability agents will continue to provide certifications, the US Department of Commerce clarified. There will be a transition from those agents to the process created by the CBPR Forum, but only upon 30 days prior notice. Those companies who currently have been certified under the existing system will be automatically recognized under the new regime.
Putting It Into Practice: While this announcement will not have an immediate effect on companies, it signals a desire by participating countries the streamlining and simplifying of the cross-border data transfer process.