Privacy & Information Security Law Blog

On November 20, 2016, the heads of state of the 21 member economies of the Asia-Pacific Economic Cooperation (“APEC”) forum reaffirmed the APEC Cross-Border Privacy Rules (“CBPR”) system in their Leaders’ Declaration at the APEC Leaders’ Meeting in Lima, Peru as follows: “We recall the APEC Leaders 2011 Honolulu Declaration and recognize the importance of implementing the APEC Cross-Border Privacy Rules System, a voluntary mechanism whose participants seek to increase the number of economies, companies, and accountability agents that participate in the CBPR system.” The fact that the CBPR system is mentioned in the Leaders’ Declaration reflects its priority status on the APEC agenda.At the same meeting, Chinese Taipei announced its intention to join the CBPR system and that it will finalize its domestic review process to join the system in 2017.

The APEC CBPR system was initially endorsed by the APEC economies in the 2011 Leaders’ Declaration in Honolulu. The current participants in the system are the United States, Mexico, Canada and Japan. Last month, the U.S. and Japan held bilateral meetings in which they committed to stepping up their efforts to broaden the participation of additional APEC economies. Additional APEC economies are taking active steps to join, or are considering joining, the CBPR system in the near future.

During his press conference at the Leaders’ Meeting, President Obama personally reminded the audience of the CBPR by stating, “With regard to the digital economy, we endorsed rules to protect the privacy of personal information as it crosses borders.”

The 2016 APEC Ministerial Meeting in Lima that immediately preceded the Leaders’ Meeting also addressed the CBPR in the context of “Next Generation Trade and Investment Issues,” as follows: “We recognize the importance of the APEC Cross Border Privacy Rules System…and we support enhanced cooperation in this area, including through promoting capacity building.”

The APEC CBPR system is a regional, multilateral, cross-border data transfer mechanism and enforceable privacy code of conduct developed for businesses by the 21 APEC member economies. The CBPRs implement the nine high-level APEC Privacy Principles set forth in the APEC Privacy Framework. Although in 2011, all 21 APEC economies endorsed the system in principle, in order to participate, individual APEC economies must officially join and satisfy certain requirements. More information about the CBPR system can be found at www.cbprs.org.