New Tool for Cross-Border Data Transfers: APEC Approves U.S. Participation in Cross-Border Privacy Rules System

Privacy & Information Security Update

Date: August 01, 2012

Overview

On July 26, 2012, acting U.S. Secretary of Commerce Rebecca Blank announced that the Asia Pacific Economic Cooperation (APEC) Joint Oversight Panel has approved the United States' participation in the APEC Cross-Border Privacy Rules (CBPR) system, which operates to enhance the protection of consumer data that moves among APEC member countries. Blank also announced that the Oversight Panel established the Federal Trade Commission (FTC) as the U.S. system's first enforcement authority. For U.S.-based companies with international operations or those that participate in Asia Pacific markets, the CBPR system provides an additional means for harmonizing the cross-border flow of business information with international privacy standards.

Going forward, the United States will nominate one or more "accountability agents" to represent it on the Oversight Panel. Once a nominee has been approved by the Oversight Panel, interested U.S. companies will be able to submit their international privacy policies to be recognized as meeting or exceeding the APEC data privacy standards. Although participation in the CBPR system is voluntary, once privacy rules have been recognized by the U.S. accountability agent, they are enforceable against the participating business. Participants will be rewarded with facilitated information sharing among APEC countries and the ability to promote their compliance with the CBPR system. It must be noted, however, that participation in the CBPR process does not relieve companies from independently complying with applicable national privacy laws in APEC member countries.

FTC Commissioner Edith Ramirez applauded the United States' participation. "The APEC privacy rules offer the promise of significant benefits to companies, consumers and privacy regulators, and the FTC is pleased to be the first privacy enforcement authority in the Cross-Border Privacy Rules system," Ramirez said. "We hope that many more APEC economies will soon join and help realize the system's potential as a model for global interoperability among privacy regimes."

In addition to the United States, the 21 APEC members include Australia, Brunei, Canada, Chile, China, Hong Kong, Indonesia, Japan, Malaysia, Mexico, New Zealand, Papua New Guinea, Peru, the Philippines, Russia, Singapore, South Korea, Taiwan, Thailand and Vietnam.