As we have written in the past, APEC’s Cross-Border Privacy Rules (CBPR) program is intended to help companies more easily transfer personal data across borders. Participating companies complete self-assessments and participate with their local countries’ “accountability agent.” There are currently seven participating economies, which include the US, Canada, Japan. Those participating economies recently announced the development of a “Global CBPR Forum.” The Forum is tasked with, inter alia, creating an international certification system, reviewing members’ privacy standards, and ensuring that the program is “interoperable with other data protection and privacy frameworks.”

Continue Reading Formation of CBPR Forum Signals Continued Movement

Israel’s Privacy Protection Authority recently announced that Privacy Shield can no longer be relied on for data transfers between Israel and the United States. Israel did not have a direct Privacy Shield arrangement with the U.S., instead permitting the many Israeli companies that exchange data with their American counterparts to rely on a provision of its Privacy Protection Regulations that allows for transfers of data to any country that receives data from the EU under the same terms of such transfer.
Continue Reading Israel Follows Europe’s Lead on Privacy Shield

2018 saw two new members of APEC’s Cross Border Privacy Rules (CBPR) system: Australia and Chinese Taipei. They join the US, Mexico, Canada, Japan, South Korea and Singapore. As we have reported on previously, the CBPR system is meant to help companies transfer information between participating countries. In the coming months, Australia’s Attorney General plans to work with businesses to implement the system. The Chinese Development Council also plans to work with China’s ministries and departments to boost discussions about privacy protection with other countries. The system has often been compared to other cross-border schemes, including the Privacy Shield (see our update to that program). Companies join by completing self-assessments and participating with an “accountability agent” (in the US, there is only one approved accountability agent).
Continue Reading CBPR System Grows with Entry of Australia and Chinese Taipei

The International Conference of Data Protection and Privacy Commissioners, a collection of data and privacy regulators from around the world, recently issued non-binding guidance concerning the privacy rights of autonomous and connected vehicle users. The guidance calls on manufacturers and service providers to “fully respect the users’ rights to the protection of their personal data and privacy and to sufficiently take this into account at every stage of the creation and development of new devices or services.” The guidance may instruct future international data enforcement actions, meaning entities could be fined for failing to comply. Among its many instructions, the guidance encourages manufacturers and service providers to:
Continue Reading Global Body Issues Guidance for Autonomous and Connected Vehicles