Privacy & Information Security Law Blog

On June 26, 2023, the Centre for Information Policy Leadership (CIPL) published the third edition of its Frequently Asked Questions on Cross-Border Privacy Rules, Privacy Recognition for Processors, and Global CBPR and PRP (FAQs).

The updates reflect the recent work of the Global CBPR Forum to develop global privacy and data transfer certifications for controllers and processors –Global Cross-Border Privacy Rules (Global CBPR) and a Global Privacy Recognition for Processors (Global PRP) respectively–that are modeled on the APEC CBPR and PRP. APEC CBPR and PRP operationalize the nine Privacy Principles set forth in the 2005 APEC Privacy Framework.

The CBPR and PRP were developed originally as regional transfer mechanisms for APEC member economies. In 2022, however, a number of APEC economies established the Global CBPR Forum for the purpose of globalizing the CBPR and PRP model, inviting participation in this work from countries outside of APEC.

The main impetus for globalizing the CBPR and PRP has been the recognition that in a globalized digital and data economy, businesses require efficient global solutions for accountable cross-border data transfers as well as due diligence solutions for global vendor management. The idea is to create a global “one stop shop” for data transfers and vendor due diligence within a trusted and enforceable framework. A Global CBPR system is intended to be able to co-exist alongside other transfer and due diligence mechanisms that may continue to be useful.

The current members of the Global CBPR Forum are Australia, Canada, Japan, Mexico, Republic of Korea, Philippines, Singapore, Chinese Taipei and the United States–all current participants in the APEC CBPR and PRP systems. The UK recently applied for “Associate Status” in the Global CBPR Forum.

A key component of the globalization work will involve a review and update of the current CBPR and PRP substantive Program Requirements. CIPL anticipates that the key governance and operational elements of the current CBPR and PRP systems will transition seamlessly to the global framework and that the current FAQ’s pertaining to the APEC CBPR and PRP will largely remain valid under the Global CBPR and PRP. However, CIPL will update these FAQs as necessary, as the Global CBPR Forum continues to develop the Global CBPR and PRP.