Privacy & Information Security Law Blog

On March 6, 2018, Singapore’s Ministry of Communications and Information announced that Singapore has joined the APEC Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) systems. As we previously reported, Singapore submitted its intent to join both systems in July 2017.

Singapore becomes the sixth APEC economy to join the CBPR system, joining the U.S., Mexico, Canada, Japan and South Korea, and the second APEC economy to join the PRP system, after the U.S. The decision to join will mean that once the CBPR are fully operationalized in Singapore, through a local Accountability Agent that will certify companies, Singapore-based organizations will be able certify to the CBPR and rely on them as a cross-border data transfer mechanism. Other APEC economies actively working on joining the CBPR and PRP systems include Australia, Chinese Taipei and the Philippines.

The APEC CBPR system is a regional, multilateral cross-border data transfer mechanism and an enforceable privacy code of conduct developed for businesses by the 21 APEC member economies. The CBPR system implements the nine high-level APEC Privacy Principles set forth in the APEC Privacy Framework.

As we previously reported, the APEC PRP system allows information processors to demonstrate their ability to effectively implement an information controller’s privacy obligations related to the processing of personal information. The PRP also enables information controllers to identify qualified and accountable processors, as well as to assist small- or medium-sized processors that are not widely known to gain visibility and credibility.