APEC Cross-border Privacy Enforcement Arrangement (CPEA)
Font Size

The flow of information is fundamental to doing business in the global economy. APEC members recognise the importance of protecting information privacy and maintaining information flows between economies in the Asia-Pacific region and between APEC economies and their international trading partners.


The APEC Cross-border Privacy Enforcement Arrangement (CPEA) creates a framework for regional cooperation in the enforcement of Privacy Laws. Any Privacy Enforcement Authority (PE Authority) in an APEC economy may participate.


The CPEA aims to:

  • facilitate information sharing among PE Authorities in APEC economies;
  • provide mechanisms to promote effective cross-border cooperation between authorities in the enforcement of Privacy Law; and
  • encourage information sharing and cooperation on privacy investigation and enforcement with PE Authorities outside APEC.


The CPEA is a significant step to assist in cross-border enforcement where there is a Privacy Law and Privacy Enforcement Authority in more than one of the economies involved. The CPEA will assist participating PE Authorities in the APEC region to address these challenges, through cross-border cooperation on consumer privacy investigations and enforcement matters.




APEC's 1998 Blueprint for Action on Electronic Commerce emphasises that the potential of electronic commerce cannot be realised without government and business cooperation.


In 2004, the APEC Privacy Framework was endorsed by APEC Ministers recognising that cooperation to balance and promote effective information privacy protection and the free flow of information in the Asia-Pacific region is key to improving consumer confidence and ensuring the growth of electronic commerce.


In 2007, a Data Privacy Pathfinder initiative was established to progress the implementation of the APEC Privacy Framework. The Pathfinder involves multiple projects aimed at promoting consumer trust and business confidence in cross-border data flows. It also includes general commitments regarding the development of a Cross-Border Privacy Rules system.


The CPEA is an outcome of the Pathfinder initiative. It focuses on one of the four key goals of the APEC Privacy Framework, namely to facilitate both domestic and international efforts to promote and enforce information privacy protections.


The CPEA aims to contribute to consumer confidence in electronic commerce involving cross-border data flows by establishing a framework for regional cooperation in the enforcement of Privacy Laws. The CPEA was endorsed by APEC Ministers in November 2009 and commenced on 16 July 2010.


CPEA Administrators:

APEC Secretariat

The Office of the Privacy Commissioner for New Zealand

The U.S. Federal Trade Commission

Consumer Affairs Agency of Japan

The Office of the Commissioner for Privacy and Data Protection (Privacy and Data Protection Victoria)



CPEA participants (to-date):

The Office of the Australian Information Commissioner (OAIC) (formerly the Office of the Privacy Commissioner)

The New Zealand Office of the Privacy Commissioner (NZOPC)

The United States Federal Trade Commission (US FTC)

The Office of the Privacy Commissioner for Personal Data, Hong Kong, China (PCPD)

The Office of the Privacy Commissioner of Canada (OPCC)

Ministry of Foreign Affairs of Japan

Ministry of Economy, Trade and Industry of Japan

Ministry of Internal Affairs and Communications of Japan

Ministry of Finance of Japan

Ministry of Justice of Japan

Ministry of Agriculture, Forestry and Fisheries of Japan

Ministry of Land, Infrastructure, Transport and Tourism of Japan

Ministry of Defense of Japan

Ministry of Health, Labour and Welfare of Japan

Ministry of Education, Culture, Sports, Science and Technology of Japan

Ministry of Environment of Japan

Cabinet Office of Japan

Consumer Affairs Agency of Japan

Financial Services Agency of Japan

National Police Agency of Japan

Ministry of Government Administration and Home Affairs - Korea (MOGAHA)

Korea Communications Commission (KCC)

Federal Institute for Access to Information and Data Protection of Mexico

Reconstruction Agency of Japan

Personal Data Protection Commission, Singapore (PDPC)