Client Alerts & Newsletters

Global Data Transfer Developments: Taking the APEC CBPR System Global

April 22, 2022

On April 21, Canada, Singapore, Japan, the U.S., the Republic of Korea, Chinese Taipei, and the Philippines released a joint declaration announcing the creation of a Global Cross-Border Privacy Rules (CBPR) Forum. This global CBPR Forum, which is drawn from the Asia-Pacific Economic Cooperation (APEC) forum’s existing CBPR and Privacy Recognition for Processors (PRP) Systems, will allow for the expansion of the CBPR system beyond APEC’s twenty-one economies into a truly international framework.

The expansion of the CBPR system will promote the free flow of data over international borders, while promoting effective and robust data protections for consumers. A globalized CBPR system is intended to promote trust in the digital economy, spur economic growth, and increase competitiveness for participating companies and countries.

The CBPR Forum will establish an international certification system to recognize companies that institute high-standard privacy protections and ensure that robust safeguards are in place when participating organizations transfer data globally. The system builds off of the existing CBPR framework developed within the Asia-Pacific Economic Cooperation (APEC) forum.

The objective will be for participating member economies to recognize the Global CBPR system as a valid legal basis for cross-border data transfers, and incorporate it into their domestic privacy legislation and otherwise recognize it under trade agreements or other bilateral and/or multilateral frameworks. The Global CBPR system will therefore add a vitally needed additional data transfer mechanism that can be available for companies of all sizes and industries that seek to demonstrate their commitment to privacy and strong data governance protections.

The promotion of voluntary, interoperable frameworks for data transfers – such as the CBPR system – is important given the rapidly-evolving landscape of international privacy legislation. New, comprehensive privacy frameworks have proliferated around the world over the last decade, with the EU’s General Data Protection Regulation (GDPR) the most prominent – and most often copied – example. Yet the resulting data protection landscape is quite fragmented, with countries and economies adding unique provisions and creating new standards to reflect their own unique cultural attributes, economic status, and traditions. For companies that need to share data with global partners, vendors, and customers, this has increased compliance costs, imposed legal uncertainty, and generally led to inefficiency in the modern digital economy.

The members of the new Global Forum will seek to address these challenges by promoting this trusted framework as an interoperable mechanism that can bridge the varying privacy regimes – and allow a more seamless, efficient pathway to ensure the trusted flow of data.

In the formal announcement of the new Global Forum, United States Secretary of Commerce, Gina M. Raimondo, declared that it heralded a “new era of multilateral cooperation in promoting trusted global data flows that are critically important to our modern economy.” It is also a timely development amid the ongoing negotiations between the U.S. and EU to establish a new trans-Atlantic data transfer mechanism, to replace the former U.S.-EU Privacy Shield framework. The Biden Administration has hinted that expansion of the CBPR framework, to promote recruitment of new member economies, may feature in its broader negotiations to launch the Indo-Pacific Economic Framework.

Companies should take note of the globalized CBPR system as a potentially cost-effective, proven framework to demonstrate their commitment to consumer privacy. Countries as varied as the United Kingdom, Brazil, and the United Arab Emirates had previously expressed interest in the APEC CBPR system. As the system now “goes global” – and with the rising attention given to robust privacy legislation around the world – we can expect that other countries and economies will sign on to recognize the CBPR system as legally-recognized pathway to transfer personal data around the world.

The formal announcement and declaration of the founding parties of the Global CBPR Forum can be found here. To learn more about how the CBPR system works and its benefits, you can find a helpful primer developed by C&M International on the official CBPR website.

To discuss how our firm helps multinational clients understand and navigate the rapidly-changing global data governance landscape, please don’t hesitate to reach out.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Robert Holleyman
Partner and C&M International President & CEO – Washington, D.C.
Phone: +1.202.624.2505
Email: rholleyman@crowell.com

Clark Jennings
C&M International Managing Director, Asia – Singapore
Phone: +65.9111.0610
Email: cjennings@crowell.com

Jeffrey L. Poston
Partner – Washington, D.C.
Phone: +1.202.624.2775
Email: jposton@crowell.com

Christopher D. Gundermann
C&M International Associate Consultant – Washington, D.C.(CMI)
Phone: +1.202.508.8770
Email: cgundermann@crowell.com

Crowell & Moring LLP is an international law firm with offices in the United States, Europe, MENA, and Asia that represents clients in litigation and arbitration, regulatory and policy, and transactional and corporate matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation and government-facing matters, as well as its ongoing commitment to pro bono service and diversity, equity, and inclusion.

View Desktop Site | Mobile Sitemap |

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2022
Attorney advertising - prior results do not guarantee a similar outcome.