Greetings from Austin, Texas!
Those of you who have been keeping close watch on the APEC Privacy Framework may have noticed a major recent development: Its principles were firmly endorsed in the recently negotiated United States-Mexico-Canada Agreement. Here at our Privacy. Security. Risk. conference deep in the heart of Texas, it's getting a great deal of attention.
If you missed it last week, make sure to read Josh Harris' overview of the privacy implications of the agreement, as you should expect them to reverberate throughout the APEC countries. Essentially, each country in the agreement is only allowed to implement data-transfer restrictions if they also continue to recognize the Cross-Border Privacy Rules as a valid transfer mechanism. This will inevitably lead companies to examine CBPRs with a much more interested eye and lock at least these three countries into the CBPR program going forward.
Will this finally kick the CBPR program into high gear? Regardless of the activity we've seen among countries joining in, we simply haven't seen many companies taking part. Just a couple dozen are CBPR certified at the moment, and just a handful have joined in the last year. People doing risk assessment and compliance are unlikely to jump on board with a program where they're forced to be seen as an early adopter.
This enshrinement of CBPRs in the USMCA might just be the assurance they need that they're not walking out onto a precarious limb. Stay tuned to the APAC Digest. We'll be watching.
If you want to comment on this post, you need to login.