In September 2016, Japan passed the “Amended Act on the Protection of Personal Information (APPI)” with implementing regulations released in January, 2017. The final revised law is set to go into effect on Tuesday, May 30, 2017. Key changes under the new law include: Establishment of the Personal Information Protection Commission (PPC): The new PPC serves as the central supervisory authority for the APPI. Previous authority was divided across multiple regulatory authorities by sector. Establishment of a Legal Framework for Anonymously Processed Information: The revised APPI provides specific guidance on the use of anonymized data (including approved methods for anonymizing … Continue reading Japan’s Amended Privacy Law to Go into Effect May 30, 2017 – CBPRs Recognized as an Approved Transfer Mechanism
1) Jurisdiction-Specific Transfer Benefits: In Japan, companies that have a CBPR certification do not have to obtain consent to transfer data to another country, which is otherwise required under Japanese law. 2) Facilitation of APEC-European Interoperability: An APEC CBPR certification may make it easier for an organization to obtain approval of their Binding Corporate Rules in the European Union. Since 2013, APEC member Economies and EU officials have been collaborating to promote interoperability between the two regional transfer mechanisms. 3) Alignment with Global Frameworks: An APEC CBPR certification is based on many of the same principles that inform the OECD … Continue reading 5 Benefits of APEC CBPR Certification You Should Know About
On March 1st, Merck & Co. Inc. (Merck) formally concluded their Binding Corporate Rules (BCR) approval process with the Belgian Data Protection Authority, becoming the 82nd company to achieve the compliance landmark. But in a global first, Merck based its BCR application on its APEC Cross Border Privacy Rules (CBPR) certification. This work was facilitated by Merck’s use of a common referential developed by the Article 29 Working Party and APEC’s Data Privacy Sub Group in 2014 to facilitate interoperability between companies seeking certification under both systems. In October 2013, TRUSTe certified Merck as the first health-care company and the second … Continue reading Merck Successfully Concludes First APEC-based BCR Approval
This week, TRUSTe announced that it is the first approved Accountability Agent for the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System. The primary goal of APEC is to support sustainable economic growth and prosperity in the Asia-Pacific region. The APEC CBPR System is a self-regulatory initiative that addresses cross border data flows between the United States and other APEC Member Economies, through voluntary and enforceable codes of conduct adopted by participating businesses.
The APEC CBPR system is the first framework approved for the transfer of personal data between all 21 APEC Member Countries. The United States is the first formal participant in the CBPR system, and the Federal Trade Commission is the system’s first enforcement authority.
U.S. Acting Secretary of Commerce Cameron Kerry congratulated TRUSTe on becoming the first accountability agent to be endorsed to participate in the APEC Cross Border Privacy Rules system.
“This is a critical first step in implementing a groundbreaking new system which will facilitate data flows and support trade throughout the APEC region,” said Kerry. “It also represents a concrete example of how we are implementing the Administration’s Privacy Blueprint to further interoperability of privacy frameworks all over the world. We look forward to seeing more accountability agents join the APEC CBPR system, and to realizing fully all the benefits that this initiative will bring in the near future.”
The Electronic Commerce Steering Group (ECSG) is responsible for data protection issues, including the CBPR framework. Read more “TRUSTe Named First Accountability Agent for APEC Cross Border Privacy”