APEC's CBPRs in Operation for Two Years: Low Take-Up, and Credibility Issues

Greenleaf, Graham; Waters, Nigel

APEC's CBPRs in Operation for Two Years: Low Take-Up, and Credibility Issues

(2014) 129 Privacy Laws & Business International Report, 12-15

UNSW Law Research Paper No. 2014-49

6 Pages Posted: 18 Aug 2014 Last revised: 19 Jul 2015

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Nigel Waters

University of New South Wales (UNSW) - Faculty of Law

Date Written: June 1, 2014

Abstract

APEC’s Cross-Border Privacy Rules system (CBPRs), like any other form of regulation, cannot simply be assumed to be credible and effective. In addition to its professed standards (considered in the previous article, G Greenleaf (2014) 128 PLBIR, 27-30), its operation in practice must be examined to determine whether it credibly upholds and enforces those standards. APEC’s Cross-Border Privacy Rules system (CBPRs) is not yet in full operation, but the initial operation of any institution is often a major determinant of its future path. The first two years of APEC CBPRs operation is examined in this article and found wanting.

This article shows that the APEC CBPRs processes, despite the conscientious efforts to improve them by representatives from some economies, are lacking in significant respects. The Final Reports by the APEC CBPRs Joint Operations Panel (JOP) lack sufficient independent assessment by JOP of whether an economy’s implementation of its laws will in substance deliver what is required by the APEC CBPRs requirements. The first JOP processes to appoint an AA were flawed, to an extent which should not have been acceptable to APEC member economies. Partly as a result, the first year’s operation of the only existing AA (US company, TRUSTe) has been carried out in a way which is not compliant with CBPRs requirements. This means that the renewal of that AA’s recognition is a major credibility test for JOP.

Keywords: Asia, APEC, cross-border privacy rules, CBPR, TRUSTe, privacy, data protection

Suggested Citation: Suggested Citation

Greenleaf, Graham and Waters, Nigel, APEC's CBPRs in Operation for Two Years: Low Take-Up, and Credibility Issues (June 1, 2014). (2014) 129 Privacy Laws & Business International Report, 12-15 ; UNSW Law Research Paper No. 2014-49. Available at SSRN: https://ssrn.com/abstract=2481812