PH joins APEC privacy system

The Philippines has formally joined the Cross-Border Privacy Rules (CBPR) System, a move seen to expand its trading opportunities within the Asia Pacific region by eliminating data-flow barriers when transacting with member economies of the Asia Pacific Economic Cooperation (APEC) through the adaption of common standards for data privacy.

The National Privacy Commission (NPC) recently submitted the Philippines’ letter of intent to join the CBPR System, ahead of a meeting by the Electronic Commerce Steering Group (ECSG) - Data Privacy Sub-Group (DPS) held in Puerto Varas, Chile. In the document, Privacy Commissioner Raymund Enriquez Liboro said the Philippines intends to use at least one APEC-recognized Accountability Agent to certify local companies as CBPR-compliant.

“When businesses become CBPR-certified, they may then transfer personal data in a safe and seamless manner across other certified companies operating in the APEC region, which accounts for about half of global trade. For Philippine companies, this means gaining entry to a much larger market at reduced compliance costs with respect to cross-border data transfers,” Liboro said.

ECSG Chairperson Shannon Coe welcomes the country’s addition to the CBPR System, saying it would be integral to its long-standing trading relationship with the United States.

“The Philippines – as the United States’ 31st largest trading partner – would be a key addition to the CBPR System for U.S. businesses. The United States and the Philippines have a historic trading relationship and many U.S. companies rely on the favorable market and skilled workforce in the Philippines to process data throughout the Asia-Pacific region. The Philippines’ participation in the CBPR System would strengthen the business case for U.S. companies looking to invest in the Philippines, through our bilateral commercial relationship,” Coe said.

“Many U.S. companies value the opportunity to partner with or invest in businesses abroad with a strong commitment to privacy. As protecting privacy becomes a bigger part of all corporate operations, MSMEs and SMEs that take steps to strengthen their privacy practices – including by joining the CBPR System – are only becoming more competitive and attractive to consumers and businesses they partner with,” Coe added.

For his part, Singapore’s Personal Data Commissioner Tan Kiat How said he looks forward to working closely with the Philippines in encouraging local businesses to be CBPR-certified.

“Singapore welcomes more economies on board the APEC CBPR systems. With the growing Digital Economy and the need for the movement of data across borders to support global commerce, the APEC CBPR system allows data to be transferred safely and seamlessly across APEC economies. We look forward to working with the Philippines to encourage businesses to be CBPR certified,” Tan said.

The submission of the country’s letter of intent marks the culmination of an elaborate process of collaboration between the NPC, its mother agency, the Department of Information and Communications Technology (DICT), the Department of Trade and Industry (DTI), and the Department of Foreign Affairs (DFA).

“I think this is a perfect embodiment of inter-agency teamwork, achieving a milestone that not only boosts Philippine data privacy and trade but even our diplomatic relationship with Asia Pacific economies,” Liboro said.

In his endorsement letter, DTI Secretary Ramon M. Lopez emphasized that the country’s participation in the CBPR is aligned with the government thrust of helping local companies become part of the global market. “This would provide our micro, small and medium enterprises opportunities for growth by gaining access across APEC markets and participating in global supply chains which rely on the free movement of data across borders,” Lopez said.

Meantime, DICT Secretary Gregorio B. Honasan III has acknowledged the significance of participating in the System and expressed support for the initiative.

“Institutionalizing the implementation of data privacy policies consistent with the APEC Privacy Framework opens opportunities for cross-border data flows and provides a step forward, towards building a robust Philippine digital economy,” Honasan said.

Borne of the APEC Privacy Framework, the CBPR System was endorsed by ministers from the 21-member APEC economies in November 2004 as a voluntary accountability system. Hence, membership requires submission of a letter of intent to the Joint Oversight Panel (JOP) and the accomplishment of an enforcement map, demonstrating adherence to the nine (9) privacy principles under the APEC framework.

The APEC CBPR certification serves as a seal of privacy compliance and accountability, creating a competitive advantage in both local and global markets. It also fosters trust among consumers, assured that their personal data is securely transferred. This, by requiring business entities to observe transparency and streamline the customer complaint process.

“By taking steps to expand the CBPR System to the Philippines and beyond, we are building a growing coalition of pro-growth and pro-privacy economies that see the importance of balancing privacy and economic prosperity. In this digital age, there’s no ignoring the importance of privacy practices and consumers around the world are imploring governments to help create solutions that enhance privacy without hindering innovation,” Coe said.

The Philippines’ participation in the CBPR System has been anticipated since it became a member in the APEC Cross Border Privacy Enforcement Arrangement (CPEA) back in 2017.

To date, there are eight (8) participating economies in the CBPR System, namely: United States of America, Mexico, Japan, Canada, Republic of Korea, Australia, Singapore, and Chinese Taipei. After evaluation and upon approval by the JOP, the Philippines will be the 9th economy to join the system.

# # #