Privacy & Information Security Law Blog

On May 29, 2015, Article 29 Working Party Chairwoman Isabelle Falque-Pierrotin sent a letter to APEC Data Privacy Subgroup (“DPS”) Chair Danièle Chatelois, expressing the Working Party’s continued support for the collaboration between the two groups.

In March 2014, the two groups released a joint “Referential” that maps the respective requirements of the APEC Cross-Border Privacy Rules (“CBPR”) system and EU Binding Corporate Rules (“BCRs”). In her letter, Falque-Pierrotin characterized their collaboration to date as “fruitful” and expressed the Working Party’s continued support for further collaboration “to develop practical tools that will help organizations implement both requirements from the CBPR and BCR systems.”

Referring to the joint Working Party-DPS action plan adopted at the Working Party’s 100th plenary meeting on April 14-15 in Brussels (view the press release from April 15), the letter sets forth the following agreed action items for the BCRs-CBPRs working team:

In the short term:

• Develop a common CBPRs/BCRs application form that organizations seeking dual certification can submit to European data protection authorities and APEC Accountability Agents.
• Develop compliance mapping tools with respect to the CBPRs and BCRs that must be submitted along with the application.

In the long term:

• Develop a mapping document comparing the respective requirements of the BCRs for processors and the APEC Privacy Recognition for Processors.

The three action items were based on recommendations developed during the BCR-DPS working team meeting in the margins of the last round of APEC privacy meetings earlier this year in Subic Bay, Philippines, and a subsequent consultation with businesses experienced in seeking dual certification under both systems.