Global Cross-Border Privacy Rules (CBPR) Declaration

April 21, 2022 10:03 pm Last Edit: July 21st, 2023

Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States of America, as current economies participating in the APEC CBPR System,

Recognising

that growing Internet connectivity and the digitisation of the global economy have resulted in the rapid increase in the collection, use, and transfer of data across borders, a trend that continues to accelerate;

Conscious

that trusted cross-border data flows are indispensable—not just for big, multinational technology companies, but for companies across all sectors of the economy, and for micro, small- and medium-sized businesses, workers, and consumers as well;

Believing

that cross-border data flows increase living standards, create jobs, connect people in meaningful ways, facilitate vital research and development in support of public health, foster innovation and entrepreneurship, and allow for greater international engagement;

Acknowledging

that regulatory barriers threaten to undermine opportunities created by the digital economy at a time when companies are relying increasingly on digital technologies and innovations to continue business operations and recover economically;

Recognising

the importance of strong and effective data protection and privacy in strengthening consumer and business trust in digital transactions;

Acknowledging

the important contribution made by the Asia-Pacific Economic Cooperation (APEC) in developing the APEC CBPR System to foster cross border data flows and interoperability;

Do hereby declare as follows:

1. The establishment of a Global CBPR Forum to promote interoperability and help bridge different regulatory approaches to data protection and privacy;
2. The objectives of the Global CBPR Forum are to:
   1. establish an international certification system based on the APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems;
   2. support the free flow of data and effective data protection and privacy through promotion of the Global CBPR and PRP Systems;
   3. provide a forum for information exchange and cooperation on matters related to the Global CBPR and PRP Systems;
   4. periodically review data protection and privacy standards of members to ensure Global CBPR and PRP program requirements align with best practices; and
   5. promote interoperability with other data protection and privacy frameworks.

SCOPE OF ACTIVITY

3. The Global CBPR Forum is expected to:
   1. promote expansion and uptake of the Global CBPR and PRP Systems globally to facilitate data protection and free flow of data;
   2. disseminate best practices for data protection and privacy and interoperability; and
   3. pursue interoperability with other data protection and privacy frameworks.

MODE OF OPERATION

4. Cooperation is intended to be based on:
   1. the principle of mutual benefit and a commitment to open dialogue and consensus-building, with equal respect for the views of all members;
   2. consultation and exchange of views among representatives of members, drawing upon research, analysis and policy ideas contributed by members and other relevant organisations; and
   3. active multistakeholder participation in appropriate activities.

PARTICIPATION

5. Participation in the Global CBPR Forum is intended to be open, in principle, to those jurisdictions which accept the objectives and principles of the Global CBPR Forum as embodied in this Declaration.
6. Decisions regarding future participation in the Global CBPR Forum should be made on the basis of a consensus of all members.
7. Non-members may be invited to the meetings of the Global CBPR Forum upon such terms and conditions as may be determined by all members.

ORGANISATION

8. Meetings of Global CBPR Forum members should be held at least biannually to determine the direction and nature of activities within the framework of this Declaration and decide on arrangements for implementation. Meetings can be held in person or remotely.
9. Additional meetings may be convened as decided by all members.

FAQs

How is the Global CBPR Forum related to the Asia-Pacific Economic Cooperation (APEC) CBPR and Privacy Recognition for Processors (PRP) Systems?
The Global CBPR Forum intends to establish an international certification system based on the APEC CBPR and PRP Systems, but the system will be independently administered and separate from the APEC Systems. The founding members of the Global CBPR Forum will consult with Accountability Agents and certified companies in the APEC Systems to formally transition operations from APEC to the Global CBPR Forum and will provide at least 30 days’ notice to Accountability Agents.

What if my business is currently certified or is interested in becoming certified in the APEC CBPR or the PRP Systems?
APEC CBPR and PRP certifications will continue to be provided through APEC-approved Accountability Agents until further notice. The founding members of the Global CBPR Forum that are currently participants in the APEC CBPR System plan to transition operations of the CBPR and PRP Systems from APEC to the Global CBPR Forum and will provide at least 30 days’ notice to Accountability Agents. All approved Accountability Agents and certified companies will automatically be recognized in the new Global CBPR Forum based on the same terms that they are recognized within the APEC CBPR and PRP Systems. Please contact your Accountability Agent for more information on the transition to the Global CBPR Forum.

How can I participate in the Global CBPR Forum?
The Global CBPR Forum members welcome consultations with jurisdictions that accept the objectives and principles of the Global CBPR Forum to identify alignment with CBPR System requirements.