Privacy & Cybersecurity Law Blog

On April 21, 2022, the United States, Canada, Japan, Singapore, the Philippines, the Republic of Korea and Chinese Taipei published a declaration (the “Declaration”) establishing the Global Cross-Border Privacy Rules Forum (the “Global CBPR Forum”). The Global CBPR Forum will establish an international certification system based on the existing APEC Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) Systems, enabling participation beyond APEC member economies. The Global CBPR and PRP Systems, as they will be known, are designed to support the free flow of data and effective data protection, and enable interoperability with other privacy frameworks.

Functionally, the Global CBPR and PRP Systems will be independent and separate from the existing APEC CBPR and PRP Systems, and the founding members of the Global CBPR Forum will begin working on transitioning operations of the APEC CBPR and PRP Systems in their jurisdictions to the Global CBPR and PRP. APEC CBPR and PRP-certified companies in the founding jurisdictions automatically will be recognized under the Global CBPR and PRP.

Participation in the Global CBPR and PRP is intended to be open to all countries that accept the objectives and principles of the Global CBPR Forum as outlined in the Declaration.

In a supporting statement to the Declaration, U.S. Secretary of Commerce Gina M. Raimondo noted that “[t]he establishment of the Global CBPR Forum reflects the beginning of a new era of multilateral cooperation in promoting trusted global data flows that are critically important to our modern economy.”

From April 26-28, 2022, current CBPR participants, stakeholders and observers will convene in Hawaii for a multi-stakeholder workshop on “Global Cooperation on Privacy and the CBPR System: The Path Forward,” as well as for related government and Accountability Agent meetings.