Global Cross-Border Privacy Rules Declaration
Recognising
that growing Internet connectivity and the digitisation of the global economy have resulted in the rapid increase in the collection, use, and transfer of data across borders, a trend that continues to accelerate;
Conscious
that trusted cross-border data flows are indispensable—not just for big, multinational technology companies, but for companies across all sectors of the economy, and for micro, small- and medium-sized businesses, workers, and consumers as well;
Believing
that cross-border data flows increase living standards, create jobs, connect people in meaningful ways, facilitate vital research and development in support of public health, foster innovation and entrepreneurship, and allow for greater international engagement;
Acknowledging
that regulatory barriers threaten to undermine opportunities created by the digital economy at a time when companies are relying increasingly on digital technologies and innovations to continue business operations and recover economically;
Recognising
the importance of strong and effective data protection and privacy in strengthening consumer and business trust in digital transactions;
Acknowledging
the important contribution made by the Asia-Pacific Economic Cooperation (APEC) in developing the APEC CBPR System to foster cross border data flows and interoperability;
Do hereby declare as follows:
- The establishment of a Global CBPR Forum to promote interoperability and help bridge different regulatory approaches to data protection and privacy;
- The objectives of the Global CBPR Forum are to:
- establish an international certification system based on the APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems;
- support the free flow of data and effective data protection and privacy through promotion of the Global CBPR and PRP Systems;
- provide a forum for information exchange and cooperation on matters related to the Global CBPR and PRP Systems;
- periodically review data protection and privacy standards of members to ensure Global CBPR and PRP program requirements align with best practices; and
- promote interoperability with other data protection and privacy frameworks.
SCOPE OF ACTIVITY
- The Global CBPR Forum is expected to:
- promote expansion and uptake of the Global CBPR and PRP Systems globally to facilitate data protection and free flow of data;
- disseminate best practices for data protection and privacy and interoperability; and
- pursue interoperability with other data protection and privacy frameworks.
MODE OF OPERATION
- Cooperation is intended to be based on:
- the principle of mutual benefit and a commitment to open dialogue and consensus-building, with equal respect for the views of all members;
- consultation and exchange of views among representatives of members, drawing upon research, analysis and policy ideas contributed by members and other relevant organisations; and
- active multistakeholder participation in appropriate activities.
PARTICIPATION
- Participation in the Global CBPR Forum is intended to be open, in principle, to those jurisdictions which accept the objectives and principles of the Global CBPR Forum as embodied in this Declaration.
- Decisions regarding future participation in the Global CBPR Forum should be made on the basis of a consensus of all members.
- Non-members may be invited to the meetings of the Global CBPR Forum upon such terms and conditions as may be determined by all members.
ORGANISATION
- Meetings of Global CBPR Forum members should be held at least biannually to determine the direction and nature of activities within the framework of this Declaration and decide on arrangements for implementation. Meetings can be held in person or remotely.
- Additional meetings may be convened as decided by all members.
See: annotated text.