Global CBPRs: A recipe for failure?

Graham Greenleaf reports on the re-packaged APEC system for cross-border data transfers, now applicable globally – but with few differences to be seen from the old rules.

A “Global Cross-Border Privacy Rules Declaration” was announced on 21 April 2022 by the US Department of Commerce.(1) It stated that Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the US, as “current economies participating in the APEC CBPR System”, had established “the Global CBPR Forum”. In fact these are seven of the nine “economies” that have been approved to participate in APEC CBPRs,(2) with the absence of Mexico and Australia going unexplained.

The Declaration only establishes the Forum and declares that it has the objective to “establish an international certification system based on the APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems”. It contains various aspirational statements of which the most ambitious is that it will “promote interoperability with other data protection and privacy frameworks.” It will hold meetings at least biannually.(3)

Continue reading

International Report subscribers: please login to access the full article.

If you wish to subscribe, please see our subscription information.