TrustArc proudly participated at events co-sponsored by the Singapore Personal Data Protection Commission (PDPC) and the global privacy and security think-tank, Centre for Information Policy Leadership (CIPL), on November 15-16 in Singapore.
On topics ranging from certifications and the Asia-Pacific Economic Cooperation (APEC), to regulatory sandboxes, to artificial intelligence, TrustArc was honored to be invited to engage in terrific conversations and workshops with global thought-leaders in the public and private sectors.
Darren Abernethy, TrustArc Senior Counsel, spoke on a panel entitled “The Role of Certifications as Accountability and Compliance Tools.” This session focused on how certifications can serve accountability and compliance functions for organizations by facilitating achievement of a comprehensive privacy and data protection program; providing third party verification; offering oversight and dispute resolution; and, in some cases, supplying government backstop enforcement. There was also consensus that industry-recognized certifications are highly useful in the B2B vendor selection process for risk mitigation; act as a symbol of trust to the C-suite, consumers and partners; and are increasingly relevant in the mergers and acquisitions context.
Before the 200-plus audience members, special attention was given to the APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems, as these certifications meet the above criteria and have taken on new significance for multi-national corporations and small and medium-sized enterprises (SME) alike, with the certification systems’ recent and ongoing adoption in additional APEC member economies (including four of the top six U.S. trading partners), the extension to data processors through the PRP System, and the certification of SMEs. TRUSTe serves as the Accountability Agent for CBPR and PRP certifications in the U.S.
Darren moderated a second panel entitled “The Role of Certifications in Data Transfers and Global Interoperability.” This session focused on interoperability–which in addition to the possibility of mutual recognition, can also encompass scalably leveraging work done towards one certification or compliance framework in service of another–and began with an overview of different global data transfer mechanisms. The latter included discussion of EU binding corporate rules (BCRs), adequacy decisions, the up-to-the-minute status of GDPR certifications, codes of conduct, and the APEC CBPR/PRP Systems.
Discussion points on the panel included the heightened prevalence and significance of the APEC Privacy Framework in free trade agreements; the use of the BCR-CBPR “Referential” to interoperably achieve each transfer mechanism; how governments and regulators can incentivize certification participation; and examples of how regional transfer frameworks are expanding. A common view was that the APEC Systems have a foundational advantage over many others in that they offer an already-established infrastructure for enforceable, accountability-based mechanisms for intra- and inter-company cross-border transfers.
TrustArc also participated in a working session held in the Singapore offices of a leading technology company, wherein the diverse group of industry participants discussed the key features of the concept of a “regulatory sandbox.” This notion may be understood as a supervised safe space for piloting and testing innovative products, services, business models or delivery mechanisms in the real market, using the personal data of real individuals. The participants evaluated some of the hypothetical pros, cons and challenges of such an approach.
Lastly, TrustArc took part in an all-day interactive working session on accountable and responsible artificial intelligence, likewise co-sponsored by the Singapore PDPC and CIPL. This engaging series of sessions showcased current AI-related uses by varied companies, with an eye towards how to generate sufficiently robust and inclusive data sets, manage the “training” of such datasets, how best to address the issue of inherent bias and unintended discrimination, and industry approaches to demonstrating accountable and responsible AI in practice–from a regulatory and internal practices standpoint. The sessions were both informative and a great springboard for future developments.