Representatives of the Article 29 Working Party (WP29), in which all European Union data protection authorities are assembled, and the Asia-Pacific Economic Cooperation recently met for the first time in Jakarta, Indonesia to develop a set of tools to facilitate transfers of personal data, for multi-national companies that operate both in Europe and the Asia-Pacific.
In the EU, Binding Corporate Rules (BCR) have been developed in order to govern international data transfers made by companies or groups of companies. These binding internal rules define a company’s policies on data transfers in order to ensure adequate safeguards for personal data transferred from the EU to third economies.
In 2012, APEC member economies completed the development of the Cross-Border Privacy Rules (CBPR) system for the protection of personal data throughout the Asia-Pacific. Like the BCR system, the CBPR system is designed to ensure that a company’s privacy policies meet established standards for the protection of personal information. Such policies must be validated by APEC-recognized Accountability Agents.
Both the EU BCR system and the CBPR system are based on a similar approach, which is the use of internal binding rules for cross-border transfers of personal data, subject to prior approval by EU Data Protection Authorities or by APEC-recognized Accountability Agents.
The WP29 recently concluded a study of the CBPR system in order to identify the similarities and differences with the BCR system. Using this initial comparison as a starting point, the WP29 and participating APEC economies are cooperating to develop practical tools, including a common referential, for those multinational companies that have data collection and/or processing-related activities in both the EU and APEC region.
On 31 January 2013, the so-called BCR/CBPR Committee met for the first time to discuss this topic. Participants from the EU included representatives from the CNIL (France), the German Federal Commissioner for Data Protection and Freedom of Information, the European Data Protection Supervisor and the European Commission.
From APEC, 10 member economies participated, including Canada, Chinese Taipei, Japan, Korea, Malaysia, New Zealand, the Philippines, Singapore, Thailand and the United States. It is anticipated that a roadmap will be adopted in the upcoming months by the WP29 and APEC in order to continue their cooperation and to materialize such practical tools for use by companies doing business in Europe and the Asia-Pacific region.
Following this meeting, Jacob Kohnstamm, the Chair of the WP29, declared: “This is a great progress in strengthening international cooperation on data protection and in developing global solutions for organizations operating both in the EU and the APEC region.”
On the APEC side, Lourdes Yaptinchay, the Chair of the APEC Electronic Commerce Steering Group, said that “The cooperative work being pursued by APEC member economies and the EU is an important next step towards better protecting personal data and could provide a foundation for more fruitful exchange between companies with a stake in the two regions.”
# # #