The APEC Cross-Border Privacy Rules (CBPR) System, endorsed by APEC Leaders in 2011, is a voluntary, accountability-based system that facilitates privacy-respecting data flows among APEC economies.

It has four main components:

Recognition criteria for organisations wishing to become an APEC CBPR System certified Accountability Agent

Intake questionnaire for organisations that wish to be certified as APEC CBPR System compliant by a third-party CBPR system certified Accountability Agent

Assessment criteria for use by APEC CBPR System certified Accountability Agents when reviewing an organisation’s answers to the intake questionnaire

A regulatory cooperative arrangement (the CPEA) to ensure that each of the APEC CBPR system program requirements can be enforced by participating APEC economies.

The Joint Oversight Panel (JOP) administers the APEC CBPR system. Decisions about an organisation’s eligibility to be an Accountability Agent are made by APEC economies.

There are currently nine participating APEC CBPR system economies: USA, Mexico, Japan, Canada, Singapore, the Republic of Korea, Australia, Chinese Taipei, and the Philippines with more expected to join soon