The Department of Commerce announced the approval of the United States’ participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (CBPR). The CBPR promotes “a baseline set of data privacy practices for companies doing business in participating APEC economies. The goal of the system is to enhance electronic commerce, facilitate trade and economic growth, and strengthen consumer privacy protections across the Asia Pacific region.” The CBPR is a voluntary but enforceable code of conduct implemented by participating businesses. In the U.S., the Federal Trade Commission (FTC) will be the Privacy Enforcement Authority (PE Authority).
In its role as PE Authority, the Federal Trade Commission will enforce information privacy law and have power to conduct investigations and pursue enforcement proceedings. According to APEC, under the CBPR, “[r]egulators can cast their net wider in relying on voluntary assistance from fellow PE Authorities.” Further, PE Authorities may seek assistance from each other, such as cooperating on enforcement action, sharing information about an organization or matter being investigated, collecting evidence related to privacy investigations or transferring an information privacy complaint to another Public Enforcement authority.