Acting U.S. Commerce Secretary Rebecca Blank Announces U.S. Participation in APEC's Cross Border Privacy Rules System
Acting U.S. Commerce Secretary Rebecca Blank today announced the United States’ participation in the Asia-Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules (CBPR) system. This voluntary system promotes a baseline set of data privacy practices for companies doing business in participating APEC economies. The goal of the system is to enhance electronic commerce, facilitate trade and economic growth, and strengthen consumer privacy protections across the Asia Pacific region.
“U.S. participation in APEC’s Cross Border Privacy Rules system is a significant milestone in international data protection and is an important step in the implementation of the global privacy strategy outlined in the Obama administration’s February 2012 Data Privacy Blueprint,” said Acting Secretary Rebecca Blank. “This system will enable participating companies in the United States and other APEC member economies to more efficiently exchange data in a secure manner and will enhance consumer data privacy by establishing a consistent level of protection and accountability in the APEC region. The CBPR system directly supports the president’s National Export Initiative goal of doubling U.S. exports by the end of 2014 by decreasing regulatory barriers to trade and commerce, and creating more export opportunities for American companies, and more American jobs. We are committed to working with our trading partners in APEC to help maximize its implementation throughout the region.”
The 21 member economies in APEC comprise a market of 2.7 billion consumers, and account for 55 percent of world real gross domestic product, as well as 44 percent of world trade. On November 13, 2011, President Obama and representatives from the other APEC economies endorsed the CBPR system at the APEC Leaders Summit in Honolulu, Hawaii. In the APEC Leaders’ Declaration, President Obama and his counterparts committed to implementing the CBPR system to further open markets and facilitate regional trade. The United States plans to work with APEC to launch the system in the next six months.
U.S. Department of Commerce Accepting Accountability Agent Applications for APEC Recognition
On July 26 2012, the United States formally commenced participation in the Asia Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules (CBPR) system. The CBPR requires interested organizations to develop their own internal business rules on cross-border privacy procedures, which must be assessed as compliant with the minimum requirements of the APEC system by an independent public or private sector body, called an Accountability Agent. Under the CBPR system, an “Accountability Agent” is a third-party organization that provides verification services related to the data privacy policies and practices for those businesses seeking CBPR certification.
Only APEC-recognized Accountability Agents may perform CBPR certifications. A recognized Accountability Agent would only be able to certify as CBPR compliant those organizations that are subject to the enforcement authority of the Cross-border Privacy Enforcement Arrangement (CPEA) -- participating privacy enforcement authorities within the economies in which it has been approved to operate. The CPEA creates a framework for regional cooperation in the enforcement of privacy laws. In the case of the United States, organizations interested in serving as an Accountability Agent for U.S.-based companies must be subject to the enforcement authority of the Federal Trade Commission, the U.S. privacy enforcement authority for the CBPR system. APEC recognition is granted by a consensus determination by APEC member economies that an applicant Accountability Agent meets the established recognition criteria.
Interested organizations must notify the Department of Commerce of their intent to seek APEC recognition and submit the completed “Accountability Agent APEC Recognition Application”, a 61 page document which details the application process as well as the recognition criteria application for initial review to the Office of Technology and Electronic Commerce by e-mail at email@example.com.
Only complete application packages will be forwarded on to APEC for consideration of recognition.
The United States’ “Notice of Intention to Participate in the CBPR System” can be found here. APEC’s “Confirmation Report” on U.S. participation can be found here. More information about the Cross Border Privacy Rules is available via the APEC Electronic Commerce Steering Group website.