Interested in becoming APEC CBPR certified?
CBPR certification is currently available to companies headquartered in Japan, Korea, Singapore and the United States. For more information, contact your local Accountability Agent listed below:
The ability to transfer information across country borders is a fundamental tool for business in the global economy.
This can be particularly challenging as privacy laws differ from country to country, including some countries with significant transfer restrictions on personal information collected for normal business purposes. The APEC Cross Border Privacy Rules (CBPR) System helps bridge those differences by providing a single framework for the exchange of personal information among participating economies in the APEC region.
There are currently nine participating APEC CBPR System economies: USA, Mexico, Japan, Canada, Singapore, the Republic of Korea, Australia, Chinese Taipei, and the Philippines with more expected to join soon. Additionally, the APEC Electronic Commerce Steering Group (ECSG) and the EU Article 29 Working Party have produced a common referential for the requirements of the APEC CBPR system and the EU Binding Corporate Rules.
Only organizations currently certified by an APEC-recognized Accountability Agent may display a seal, trustmark, or otherwise claim to participate in the CBPR System. False representations of CBPR system participation may subject the organization to applicable law enforcement action.
How can the APEC CBPR System help your business?
The APEC CBPR System bridges differing national privacy laws within the APEC region, reducing barriers to the flow of information for global trade. Also, by promoting your business’ adherence to an enforceable standard of best practices, you can demonstrate your commitment to consumer privacy. For more information on the benefits the CBPR certification can have on your business, see: Benefits of CBPR System
How can personal information processors demonstrate their accountability?
The APEC Cross Border Privacy Rules (CBPR) System, finalised in 2011, only applies to personal information controllers (“controllers”), as the APEC Privacy Framework (the Framework), pursuant to which the CBPR System was created, also applies only to controllers.
The Privacy Recognition for Processors (PRP) is designed to help personal information processors (“processors”) demonstrate their ability to assist controllers in complying with relevant privacy obligations. The PRP also helps controllers identify qualified and accountable processors. The PRP intake questionnaire sets forth the baseline requirements of the PRP against which an APEC-recognised Accountability Agent will assess a processor seeking recognition. To receive such recognition, the processor must meet this set of requirements.
The PRP system was endorsed by APEC in February 2015. For more information about this System, please see the Purpose and Background document.
*The CBPR System covers transfer of information from CBPR-certified companies in participating economies, including onward transfers aligned with the company’s privacy practices. Please note, companies may be subject to additional laws and regulations varying by economy.