Privacy & Cybersecurity Law Blog

On July 27, 2017, Singapore submitted its notice of intent to join the APEC Cross-Border Privacy Rules (“CBPR”) system and the APEC Privacy Recognition for Processors System (“PRP”). Singapore would be the sixth member of the CBPR system, joining Canada, Japan, Mexico, the United States and the newest member, South Korea. The announcement was made by Dr. Yaacob Ibrahim, Minister for Communication and Information, at the Personal Data Protection Seminar 2017.

According to Dr Ibrahim, the direct value added to Singapore’s GDP by data connectivity in trade is around 40 percent, and this figure will only increase moving forward. This will lead to a demand for higher cross-border data protection standards. The APEC CBPR system will facilitate overseas data exchanges with Singapore and provide assurances that Singapore will use the data responsibly.

Singapore will align its DP Trustmark standards with the APEC CBPR and PRP systems, and companies that obtain the DP Trustmark standards will concurrently be certified under the APEC CBPR system.

The APEC CBPR system is a regional, multilateral cross-border data transfer mechanism and enforceable privacy code of conduct developed for businesses by the 21 APEC member economies. The CBPR system implements the nine high-level APEC Privacy Principles set forth in the APEC Privacy Framework.

As we previously reported, the APEC PRP system allows information processors to demonstrate their ability to effectively implement an information controller’s privacy obligations related to the processing of personal information. The PRP also enables information controllers to identify qualified and accountable processors, as well as assist small- or medium-sized processors that are not widely known to gain visibility and credibility.

Combined, the CBPR for controllers and PRP for processors now covers the entire information ecosystem.