Earlier this month, TRUSTe CEO Chris Babel participated in the APEC Data Privacy Subgroup (DPS) and Electronic Committee Steering Group (ECSG) meeting in Beijing to discuss the implementation of the APEC Cross-Border Privacy Rules (CBPR) system and cross-border interoperability and ways to speed up uptake among APEC Member Economies and businesses.
TRUSTe continues to remain involved in the discussions around the compatibility of frameworks which address cross border data flows between the APEC Member Economies and the United States. Currently three APEC Member Economies participate in the CBPR system, the United States, Mexico and Japan, with Canada having formally submitted its notice of intent to participate in the system. As an Accountability Agent, TRUSTe reviews, certifies, monitors and enforces the privacy practices of participating companies to ensure compliance with the CBPR system. Within the past year, TRUSTe has certified six companies under its APEC Privacy certification program that is based on the CBPR system with 14 additional companies in the process of being certified.
A few highlights from the meeting include:
- Cross-Border Privacy Rules for Processors – currently the CBPR system applies only to data controllers and APEC is developing a set of standards for data processors that would complement the CBPR system.
- APEC CBPR System and EU Binding Corporate Rules Next Steps – earlier this year, APEC and Article 29 Working Party released the Referential to map APEC CBPRs to EU BCRs and the discussion in Beijing focused on next steps towards interoperability based on case studies which address real issues companies are faced with as they pursue approval under both systems. It was determined that additional documentation and checklists would prove as a valuable resource as companies apply for approval and certification under both systems.
- 10-Year Stocktake of APEC Privacy Framework – the DPS agreed that a working group led by Australia would consider proposals for updates to the APEC Privacy Framework to ensure that it remains relevant as the market evolves with innovations in technology.
- ECSG Workshop – topics of discussion during the one-day workshop included: advancements in technology and business models that drive economic growth and the regulatory frameworks that can support them, organizational accountability and implementing an organizational compliance framework.
For more information about the TRUSTe APEC Privacy program, please visit http://www.truste.com/apec