Peru hosted the Asia Pacific Economic Cooperation’s Data Privacy Subgroup working meetings from February 22 – February 27 and was attended by TRUSTe CEO Chris Babel and TRUSTe Director of Policy Josh Harris. This year marked one of the largest US delegations in recent years, including representatives from over a dozen US companies and led by US Deputy Secretary of Commerce Ted Dean. The increased interest in the APEC approach to cross border data transfers comes as the fourth economy to join the system, Japan, announced formal endorsement of its accountability agent, JIPDEC.
The meetings kicked off with a one day workshop hosted by TRUSTe, The Centre for Information Policy Leadership, The Information Accountability Foundation, and Information Integrity Solutions. Topics of discussion included implementation of the CBPR system, a status report on CBPR-related activities, CBPR’s role in interoperability and the applicability of big data to the APEC Privacy Framework. Speakers included representatives from Apple, CIPL, DBS Bank, HP, IAF, IBM, IIS, the Internet Society, MasterCard, Nymity, TRUSTe and Walmart and from the governments of Australia, Canada, the New Zealand and the United States.
At the Data Privacy Subgroup formal meeting, Information Integrity Solutions presented the results of an APEC-commissioned report on the benefits of the CBPR system to consumers, economies and businesses. Businesses specifically noted CBPR’s role in promoting the development of a single approach to global privacy that can help to simplify compliance with the range of regulatory requirements across the region. In addition, certification to a regionally-recognized system of data transfers encourages consumer confidence in the certified companies’ data practices. The report was based on consultations with government, business, and regulators from Japan, Singapore, Mexico, Canada and the United States and identified significant trade benefits as well as internal business benefits. Based on the findings of this report, APEC economies agreed to develop a coordinated marketing strategy to increase business and consumer awareness of the benefits of the system
It was also formally announced that the Japanese firm JIPDEC has been formally approved to serve as an accountability agent under the CBPR system, joining TRUSTe, named the first accountability agent for APEC Cross Border Privacy compliance in June 2013. In September, Japan passed an amendment to the “Act on the Protection of Personal Information.” Article 24 of the amended law imposes restrictions on the transfer of personal information of Japanese citizens to third parties in foreign countries. Exemptions to these restrictions include when a third party has established a system which meets the Rules of the Commission to “continuously implement equivalent necessary measures.” The draft rules for implementing Article 24 specifically call out a company’s APEC CBPR certification as satisfying this requirement.
The next meeting of APEC’s Data Privacy Subgroup will take place in August, once again in Lima, Peru.