For the first time, the White House, along with the leaders of the other Asia-Pacific Economic Cooperation (APEC) economies, has called out the APEC-EU privacy interoperability project as one of the key initiatives APEC member economies will prioritize in order to enhance regional economic integration for the Asia Pacific region. The interoperability project is working to establish mechanisms to facilitate a company’s simultaneous participation in the Cross Border Privacy Rules (CBPR) and Binding Corporate Rules (BCR) systems. The goal of this dual-certification approach is to streamline global privacy practices while eliminating the unnecessary duplication of efforts, something that many companies are looking at in light of the ECJ ruling on the validity of Safe Harbor.
Since March of last year when the APEC economies and the Article 29 Working Party released a joint referential as a kind of official gap analysis of the BCR and CBPR systems, work on this project has continued apace, however quietly. But late last week, the White House released a fact sheet detailing the outcomes of this year’s APEC meetings and highlighting the interoperability project as a key outcome that should be continued and expanded.
At the conclusion of the last round of meetings in Manila last week, the heads of state for the 21 APEC member economies agreed to a set of ambitious initiatives under the theme of “Building Inclusive Economies, Building a Better World.” As part of this cooperative work, leaders and ministers committed to “continue to promote cross-border privacy, and to protect consumer interests” and specifically to facilitate “cross border business activity through the expansion of globally interoperable privacy frameworks through economy and industry participation in the APEC-CBPR system, as well as working to develop bridges between APEC-CBPRs and similar systems in Europe.”
The CBPR system, endorsed by APEC leaders in 2011, is a voluntary accountability-based system to facilitate privacy-respecting data flows among APEC economies. To date, the United States, Canada, Mexico and Japan have formally joined the CBPR system. In August, U.S. Secretary of Commerce Penny Pritzker announced the goal of doubling current member economy participation by 2017 and adding 100 new US companies to the system by the end of 2016.
Renewed efforts by APEC officials to expand data privacy protection and cooperation come as progress continues to be made between APEC member economies and the Article 29 Working Party on the interoperability of the CBPR and the BCR approval processes. In May, Article 29 Working Party Chairwoman Isabelle Falque-Pierrotin sent a letter to the APEC Data Privacy Subgroup outlining proposed next steps between the two groups, which includes the development of a “common application form based on the BCR application form WP133 and the CBPR Intake questionnaire, identifying similarities and differences, which could be completed by organizations and submitted to both national DPAs in the EU and APEC Accountability Agents to facilitate double certification” and “[a] mapping of the company policies and associated personal data and privacy program practices and effectiveness tools that must be submitted with this common questionnaire to demonstrate compliance with both systems.”
Work between the two groups on these initiatives is ongoing and is expected to continue in advance of the next APEC meetings in Lima, Peru in February 2016.
While it is too early to judge its ultimate success, this 49 nation project represents a unique opportunity that can benefit consumers, industry and governments alike.
Note: Hilary Wandall, Chief Privacy Officer at Merck and Melinda Claybaugh, Counsel for International Consumer Protection at the Federal Trade Commission will be joining Josh Harris to talk about this topic in a webinar on December 9th.
If you want to comment on this post, you need to login.