Alston & Bird Privacy, Cyber & Data Strategy Blog

U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum

By and

On April 21, 2022, Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States of America issued a  Global Cross-Border Privacy Rules Declaration announcing the establishment of the Global Cross-Border Privacy Rules Forum (“Global CBPR Forum”).  U.S. Secretary of Commerce Gina M. Raimondo, in her statement, described the establishment of the Global CBPR Forum as “the beginning of a new era of multilateral cooperation in promoting trusted global data flows” and its intent to create “first-of-their-kind data privacy certifications that help companies demonstrate compliance with internationally recognized data privacy standards.”

The five objectives of the Global CBPR Forum are to:

1.     establish an international certification system based on the Asia-Pacific Economic Cooperation (“APEC”) Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) Systems;

2.     support the free flow of data and effective data protection and privacy through promotion of the Global CBPR and PRP Systems;

3.     provide a forum for information exchange and cooperation on matters related to the Global CBPR and PRP Systems;

4.     periodically review data protection and privacy standards of members to ensure Global CBPR and PRP program requirements align with best practices; and

5.     promote interoperability with other data protection and privacy frameworks.

Participation in the Global CBPR Forum is intended to be open to all jurisdictions accepting the objectives and principles of the Global CBPR Forum as outlined in the Declaration, subject to a consensus of all members.

The Global CBPR Forum will be independently administered and separate from the APEC Systems. The founding members of the Global CBPR Forum plan to transition operations of the CBPR and PRP Systems from APEC to the Global CBPR Forum and will provide at least 30 days’ notice to Accountability Agents. All approved Accountability Agents and certified companies will automatically be recognized in the new Global CBPR Forum based on the same terms as are recognized within the APEC CBPR and PRP Systems.

Additional information is available on the Global Cross-Border Privacy Rules Declaration FAQs, including information on how the Global CBPR Forum relates to the APEC CBPR and PRP Systems.

About Maki DePalo

Maki DePalo is a partner with Alston & Bird’s Privacy, Cyber & Data Strategy Team. She devotes her practice to clients' initiatives in technology and corporate transactions encompassing intellectual property licensing, strategic outsourcing, Internet-based marketing and advertising, data privacy and security, governance and compliance.

[Read Bio]

About Yin Zhao

Qingyin Zhao is an associate with Alston & Bird’s Technology & Privacy Group. Yin focuses on various data privacy and security issues across international jurisdictions, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and the privacy and security laws of China.

[Read Bio]