Global Cross-Border Privacy Rule...
Global Cross-Border Privacy Rules (CBPR)...

Global Cross-Border Privacy Rules (CBPR) Forum Established

The forum looks to build on the contributions of the APEC and PRP Systems

Alexis Kateifides Senior Center of Excellence Counsel

clock3 Min Read

Featured Image

With data protection and privacy regulations popping up more frequently than ever, the landmark Global Cross-Border Privacy Rules (CBPR) Forum was just launched by multiple countries worldwide. The forum includes Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States.  

The Forum aims to promote trusted cross-border data transfers and establish the Global Cross Border Privacy Rules and Privacy Recognition for Processors Systems – international certifications to ensure that its members are constantly adhering to the level of data protection and privacy standards based on the Asia Pacific Economic Cooperation CBPR and PRP systems. 

On April 21, 2022, Commerce Secretary Gina M. Raimondo issued the statement below on the establishment of the Global Cross-Border Privacy Rules (CBPR) Forum:

“The establishment of the Global CBPR Forum reflects the beginning of a new era of multilateral cooperation in promoting trusted global data flows that are critically important to our modern economy […]  

With this unique approach founded on creating practical compliance tools and based on cooperation, we can make the digital economy work for consumers and businesses of all sizes alike.” 

The main objectives of the Global CBPR Forum are to:  

  • Establish international certifications based on the Asia-Pacific Economic Cooperation Cross Border Privacy Rules (APEC CBPR) and Privacy Recognition for Processors (PRP) 
  • Enable free flow of data, data protection and privacy through the promotion of the Global CBPR and PRP 
  • Provide a forum to share information and cooperate on matters related to the Global CBPR and PRP
  • Regularly review data protection and privacy standards of members to guarantee Global CBPR and PRP program requirements are aligned with industry best practices 
  • Promote interoperability with other data protection and privacy frameworks 

What does the Global CBPR Forum mean for businesses? 

The Global CBPR Forum recognizes the influx of regulations that have hit the world of data protection, processing, and privacy. However, the forum looks to find the most effective way to enable cross-border data transfers, calling them “indispensable, not just for big, multinational technology companies, but for companies across all sectors of the economy, and for micro, small- and medium-sized businesses, workers, and consumers as well”. 

For businesses, this will mean easier avenues to operate on a global scale regarding data transfers. With the certifications and standards that the Forum looks to set, it will also mean less complexity and ambiguity for businesses when dealing with vendors and other parties internationally.

The objectives of the Global CBPR Forum also clearly mention promoting “interoperability”. 

This is a welcome sign for businesses, as the number of regulations, laws and frameworks doesn’t look to be waning any time soon. Having the Forum focus on how to have their certificates, standards, and best practices interoperable in other regions and frameworks is a huge step forward for business growth internationally.  

Regarding certifications, businesses that are already certified by APEC and PRP Systems will be transitioned away to the Global CBPR Forum, with a 30-day notice period to complete the process.  

Accountability Agents will continue to provide APEC and PRP certifications, however, these will be automatically recognized in the new Forum after Agents and certified companies obtain approval.  

Further Resources on the Global CBPR Forum:

Global Cross-Border Privacy Rules Declaration FAQ

OneTrust Data Guidance CTA

You Might Also Be Interested In

MARCH 10, 2023

Transform retail experiences with consent and preferences

MARCH 10, 2023

The ROI of purpose-based consent and preference management

MARCH 10, 2023

What is Data Discovery?

MARCH 8, 2023

UK Data Protection and Digital Information Bill re-introduced to Parliament

MARCH 8, 2023

How to manage third-party risk across your entire business

MARCH 8, 2023

The ultimate guide to board diversity and skills requirements

MARCH 7, 2023

How to manage privacy and security compliance? 6 questions with GRC experts

MARCH 7, 2023

Why data privacy and third-party risk teams need to work together

Onetrust All Rights Reserved