On 26 March 2013, the Article 29 Working Party (Working Party) confirmed that representatives of the Working Party have met with representatives of the Asia Pacific Economic Cooperation (APEC) to develop a set of tools to facilitate transfers of personal data for multinational companies that operate both in Europe and the Asia Pacific.
The Working Party is an independent advisory body that represents data protection authorities in the European Union (EU). APEC meanwhile plays a critical role in the Asia Pacific region by promoting a policy framework designed to ensure the continued free flow of personal information across borders while establishing protection for the privacy and security of personal information. APEC has 21 member economies, 10 of which participated in the initial meeting: Canada, Chinese Taipei, Japan, Korea, Malaysia, New Zealand, the Philippines, Singapore, Thailand and the United States.
To date, a similar approach has been taken in both the EU and the Asia Pacific region to create a system for the cross-border transfers of personal data – that of internal binding rules, approved by the relevant data protection authority:
- Binding Corporate Rules (BCRs): BCRs have been developed in order to govern transfers of data from countries within the European Economic Area (EEA) to countries outside the EEA in compliance with the requirements of the Data Protection Directive relating to cross-border transfers. These binding internal rules (which must be approved by the relevant EU Data Protection Authorities) define a company’s policies on data transfers in order to ensure adequate safeguards for personal data transferred outside the EEA in accordance with the Directive.
- Cross-Border Privacy Rules (CBPR): in 2012, the APEC member economies completed the development of the CBPR system for the protection of personal data to other participating APEC economies. The CBPR system requires organisations to develop their own internal business rules on cross-border privacy procedures which must be assessed as compliant with the minimum requirements of the APEC system by an APEC-recognised Accountability Agent.
The Working Party has recently conducted a comparative study of the CBPR and BCR systems in order to identify the similarities and differences. This study is being used as the basis of talks to develop practical tools, including a common frame of reference, for those multinational companies that have data collection and/or processing-related activities in both the EU and the Asia Pacific region. It is anticipated that a roadmap will be adopted in the upcoming months by the Working Party and APEC in order to continue their cooperation and to materialise such practical tools for use by companies doing business in these regions.
This initiative is likely to be welcomed by many multinational companies given the current limited options for transferring data from the EEA to Asian countries, especially as Canada and New Zealand are currently the only APEC member economies on the ‘White List’ of countries which the European Commission has recognised as providing adequate safeguards for the purposes of the Directive.
Link to Working Party press release: http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/20130326_pr_apec_en.pdf
Link to APEC press release: http://www.apec.org/Press/News-Releases/2013/0306_data.aspx