TrustArc Blog

Singapore Joins APEC’s Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processor (PRP) Systems

March 08, 2018

The CBPR and PRP systems continue to build momentum in the Asia Pacific region, with Singapore becoming the sixth APEC economy to join the CBPR system and the second to join the PRP system. This follows on the heels of South Korea’s announcement late last year.

In the digital economy, data-related economic activities often straddle borders, as services – particularly digital services – can easily scale regionally if not globally. As a globally connected digital economy, Singapore supports open data flows across borders and robust data protection standards to ensure that data is exchanged and used in a responsible way. –  Office of the Personal Data Protection Commission (PDPC)

Singapore submitted its Notice of Intent to participate in the APEC CBPR and PRP systems in July, and was approved by the APEC Joint Oversight Panel in February.

As described by Singapore’s Ministry of Communications and Information in Tuesday’s press release, “[t]he APEC CBPR and PRP systems are multilateral certification mechanisms that ensure certified organisations have in place data protection policies consistent with the APEC Privacy Framework. CBPR applies to data controllers, which include organisations that control the collection, holding, processing, or use of data. PRP applies to data processors, which include organisations that process data on behalf of other organisations at their instruction.”

It is the second economy to join the PRP system, alongside the USA, and joins the following APEC economies in CBPR participation: USA, Mexico, Canada, Japan and the Republic of Korea. The CBPR system was endorsed by APEC member economies in 2012 for businesses established in the APEC region that collect and transfer personally identifiable information from consumers. Participating in the APEC system offers benefits to companies because it allows transfer of personal data across borders, while mitigating risk by raising privacy standards.

TRUSTe was named the first Accountability Agent for the system in June 2013. Learn more about obtaining a TRUSTe CBPR certification here.

Subscribe to Blog