The flow of information is fundamental to doing business in the global economy.  APEC members recognize the importance of protecting information privacy and maintaining information flows between economies in the Asia-Pacific region and between APEC economies and their international trading partners.

 The APEC Cross-border Privacy Enforcement Arrangement (CPEA) creates a framework for regional cooperation in the enforcement of Privacy Laws.  Any Privacy Enforcement Authority (PE Authority) in an APEC economy may participate.

The CPEA aims to:

  • facilitate information sharing among PE Authorities in APEC economies;
  • provide mechanisms to promote effective cross-border cooperation between authorities in the enforcement of Privacy Law; and
  • encourage information sharing and cooperation on privacy investigation and enforcement with PE Authorities outside APEC.

The CPEA is a significant step to assist in cross-border enforcement where there is a Privacy Law and Privacy Enforcement Authority in more than one of the economies involved.  The CPEA will assist participating PE Authorities in the APEC region to address these challenges, through cross-border cooperation on consumer privacy investigations and enforcement matters.


APEC's 1998 Blueprint for Action on Electronic Commerce emphasizes that the potential of electronic commerce cannot be realised without government and business cooperation.

In 2004, the APEC Privacy Framework was endorsed by APEC Ministers recognizing that cooperation to balance and promote effective information privacy protection and the free flow of information in the Asia-Pacific region is key to improving consumer confidence and ensuring the growth of electronic commerce.

In 2007, a Data Privacy Pathfinder initiative was established to progress the implementation of the APEC Privacy Framework. The Pathfinder involves multiple projects aimed at promoting consumer trust and business confidence in cross-border data flows. It also includes general commitments regarding the development of a Cross-Border Privacy Rules system.

The CPEA is an outcome of the Pathfinder initiative. It focuses on one of the four key goals of the APEC Privacy Framework, namely to facilitate both domestic and international efforts to promote and enforce information privacy protections.

The CPEA aims to contribute to consumer confidence in electronic commerce involving cross-border data flows by establishing a framework for regional cooperation in the enforcement of Privacy Laws. The CPEA was endorsed by APEC Ministers in November 2009 and commenced on 16 July 2010.

CPEA Administrators:

APEC Secretariat

The Office of the Privacy Commissioner for New Zealand

The U.S. Federal Trade Commission

Consumer Affairs Agency of Japan

The Office of the Commissioner for Privacy and Data Protection (Privacy and Data Protection Victoria)

CPEA participants (to-date):

  1. The Office of the Australian Information Commissioner (OAIC) (formerly the Office of the Privacy Commissioner)
  2. The New Zealand Office of the Privacy Commissioner (NZOPC)
  3. The United States Federal Trade Commission (US FTC)
  4. The Office of the Privacy Commissioner for Personal Data, Hong Kong, China (PCPD)
  5. The Office of the Privacy Commissioner of Canada (OPCC)
  6. Ministry of Foreign Affairs of Japan
  7. Ministry of Economy, Trade and Industry of Japan
  8. Ministry of Internal Affairs and Communications of Japan
  9. Ministry of Finance of Japan
  10. Ministry of Justice of Japan
  11. Ministry of Agriculture, Forestry and Fisheries of Japan
  12. Ministry of Land, Infrastructure, Transport and Tourism of Japan
  13. Ministry of Defense of Japan
  14. Ministry of Health, Labour and Welfare of Japan
  15. Ministry of Education, Culture, Sports, Science and Technology of Japan
  16. Ministry of Environment of Japan
  17. Cabinet Office of Japan
  18. Consumer Affairs Agency of Japan
  19. Financial Services Agency of Japan
  20. National Police Agency of Japan
  21. Ministry of Government Administration and Home Affairs - Korea (MOGAHA)
  22. Korea Communications Commission (KCC)
  23. Federal Institute for Access to Information and Data Protection of Mexico
  24. Reconstruction Agency of Japan
  25. Personal Data Protection Commission, Singapore (PDPC)

For further details, please contact: