TrustArc Blog

Cross Border Privacy Rules: Uptake Increases as Heads of State Affirm Commitment

November 23, 2016

On November 20, the Heads of State for the 21 APEC member economies met in Lima, Peru at the annual APEC Leaders’ meeting.  In their Joint Declaration, APEC Leaders once again recognized “the importance of implementing the APEC Cross-Border Privacy Rules (CBPR) System, a voluntary mechanism whose participants seek to increase the number of economies, companies, and accountability agents that participate in the CBPR System.”  During his press conference in Lima, President Obama specifically called out the group’s endorsement as a way to advance the digital economy and “to protect the privacy of personal information as it crosses borders.” High-level … Continue reading Cross Border Privacy Rules: Uptake Increases as Heads of State Affirm Commitment

Privacy Insight Series Webinar Recap: Solutions for Cross Border Data Transfers

December 09, 2015

If you missed today’s webinar covering solutions for Cross Border Data Transfers, the short clip below will give you an idea of just some of the material covered. Speakers were Hilary Wandall, AVP Compliance & Chief Privacy Officer at Merck & Co., Inc.; Josh Harris, Director of Policy at TRUSTe, and Melinda Claybaugh, Counsel for International Consumer Protection, Federal Trade Commission. To download the full webinar, click here. Click here for a clip of the webinar.

EU and APEC Officials Agree To Streamline BCR/CBPR Application Process

May 27, 2015

This article originally appeared in the June edition of The Privacy Advisor.


By Angelique Carson, CIPP/US 

In 2014, Hewlett-Packard (HP) became the first company to win approval for both binding corporate rules (BCRs) and cross-border privacy rules (CBPRs). Both processes take a significant number of man hours to achieve, as HP’s privacy staff will tell you. But to demonstrate compliance, many of the administrative hurdles are the same. That’s why, as companies increasingly turn to BCRs—69 to date with 45 or 50 additional companies in the assessment phase—and CBPRs—with 12 to date with another 20 or so in the pipeline—as data transfer mechanisms, an EU/APEC working group has approved a plan for increased interoperability by making it easier for companies to comply with both BCRs and CBPRs at once.

A U.S. Department of Commerce (DoC) official said the main feedback from industry was the heavy lift in applying for approval under both frameworks was not that they had to make substantial changes to their privacy programs but the demonstration of the provisions of those programs.

The EU’s Article 29 Working Party has agreed to the APEC Data Privacy Subgroup’s proposal to develop a common questionnaire based on the forms that now must be completed to apply for BCRs and CBPRs separately.

The idea is that organizations will be able to submit the single questionnaire to both EU DPAs, whose approval is needed for organizations to be granted BCRs, and to APEC Accountability Agents, whose approval is needed to be granted CBPRs, to reach compliance with both systems at once.

Read more “EU and APEC Officials Agree To Streamline BCR/CBPR Application Process”

HP First to Achieve Dual Certification for BCRs and CBPRs

December 02, 2014

Hewlett-Packard (HP) has become the first company to be approved under both the EU Binding Corporate Rules (BCR) and Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules (CBPR) systems. The concept of dual certification was first introduced last March at the IAPP Global Privacy Summit when the Article 29 Working Party and APEC published a Referential mapping the requirements between the two frameworks. The document was introduced as a practical tool to help streamline the process for global companies seeking approval under both frameworks and welcomed as a first step towards to greater inter-operability. For HP, obtaining the TRUSTe APEC Privacy Seal was … Continue reading HP First to Achieve Dual Certification for BCRs and CBPRs