For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

For Business

The ability to exchange information across country borders is a fundamental tool for business in the global digital economy. This can be particularly challenging as privacy laws differ from country to country. The APEC Cross Border Privacy Rules (CBPR) system helps bridge those differences by providing a single framework for the exchange of personal information among participating economies in the APEC region. 

There are currently four participating APEC CBPR system economies: USA, Mexico, Japan and Canada, with more expected to join soon. Additionally, the APEC Electronic Commerce Steering Group (ECSG) and the EU Article 29 Working Party have produced a common referential for the requirements of the APEC CBPR system and the EU Binding Corporate Rules.       

Only organizations currently certified by an APEC-recognized Accountability Agent may display a seal, trustmark, or otherwise claim to participate in the CBPR System. False representations of CBPR system participation may subject the organization to applicable law enforcement action.

 

How can the APEC CBPR system help your business?
The APEC CBPR system bridges differing national privacy laws within the APEC region, reducing barriers to the flow of information for regional trade. Also, by promoting your adherence to a standard of best practices, you can demonstrate your commitment to consumer privacy.   

 

Interested in becoming APEC CBPR certified?
APEC CBPR certifications are conducted by APEC CBPR system recognised Accountability Agents, which certify that organisations comply with the CBPR Program Requirements. In the process, Accountability Agents will use either the CBPR Intake Questionnaire OR, if it is using its own approved procedures, another intake document. 

To be APEC CBPR certified, your company (or other entity) must be subject to the laws of one or more APEC CBPR system participating economies. There must also be at least one Accountability Agent offering its services in your participating economy or economies. There are currently four participating APEC economies: USA, Mexico, Japan and Canada.

How can personal information processors demonstrate their accountability?
The APEC Cross Border Privacy Rules (CBPR) system, finalised in 2011, only applies to personal information controllers ("controllers"), as the APEC Privacy Framework (the Framework), pursuant to which the CBPR system was created, also applies only to controllers.
 
The Privacy Recognition for Processors (PRP) is designed to help personal information processors ("processors") demonstrate their ability to assist controllers in complying with relevant privacy obligations. The PRP also helps controllers identify qualified and accountable processors. The PRP intake questionnaire sets forth the baseline requirements of the PRP against which an APEC-recognised Accountability Agent will assess a processor seeking recognition. To receive such recognition, the processor must meet this baseline set of requirements.
 
The PRP system was endorsed by APEC in February 2015, and will be operationalised in the coming months with further guidance for potential participating Member Economies and domestic Accountability Agents. For more information about this system, please see the Purpose and Background document.


* CBPR system certification is for personal information transfers between participating APEC economies. Please note that some economies may have higher internal privacy standards and impose additional requirements on businesses that are subject to their jurisdiction.