Privacy & Information Security Law Blog

On August 24, 2017, APEC issued a statement on the renewed talks between APEC and the EU on creating interoperability between the APEC Cross-Border Privacy Rules (“CBPR”) and the EU data transfer mechanisms.

The APEC Data Privacy Subgroup (“DPS”) met with a representative of the European Commission on August 22, 2017 in Ho Chi Minh City, Vietnam, as part of the bi-annual meetings of the APEC DPS to discuss possible next steps in creating interoperability, particularly in light of the EU General Data Protection Regulation (“GDPR”) and its transfer mechanisms, including GDPR certifications and codes of conduct.

The August 22 meeting picked up where an earlier working group between the DPS and the EU’s Article 29 Working Party left off three years ago after it had developed a document (the “Referential”) comparing the requirements of the CBPR and the EU Binding Corporate Rules and taken initial steps to develop ways to streamline dual certifications under both systems. The aim of the meeting in Vietnam earlier this week was to explore ways to continue this work in light of the opportunities presented by the GDPR and the increasing interest among governments, regulators and industry in this work. The revived APEC/EU working group agreed to continue their discussions intersessionally between now and the next round of APEC privacy meetings in Papua New Guinea in early February 2018.

The EU Commission representative also attended the other meetings of the APEC DPS, where the principal focus remained on the ongoing implementation of the APEC CBPR system across the Asia-Pacific region, and on efforts to further enhance the infrastructure and governance framework needed to accommodate the growing number of APEC economies that are joining the CBPR system.