APEC's CBPRs in Operation for Two Years: Low Take-Up, and Credibility Issues
(2014) 129 Privacy Laws & Business International Report, 12-15
6 Pages Posted: 18 Aug 2014 Last revised: 19 Jul 2015
Date Written: June 1, 2014
Abstract
APEC’s Cross-Border Privacy Rules system (CBPRs), like any other form of regulation, cannot simply be assumed to be credible and effective. In addition to its professed standards (considered in the previous article, G Greenleaf (2014) 128 PLBIR, 27-30), its operation in practice must be examined to determine whether it credibly upholds and enforces those standards. APEC’s Cross-Border Privacy Rules system (CBPRs) is not yet in full operation, but the initial operation of any institution is often a major determinant of its future path. The first two years of APEC CBPRs operation is examined in this article and found wanting.
This article shows that the APEC CBPRs processes, despite the conscientious efforts to improve them by representatives from some economies, are lacking in significant respects. The Final Reports by the APEC CBPRs Joint Operations Panel (JOP) lack sufficient independent assessment by JOP of whether an economy’s implementation of its laws will in substance deliver what is required by the APEC CBPRs requirements. The first JOP processes to appoint an AA were flawed, to an extent which should not have been acceptable to APEC member economies. Partly as a result, the first year’s operation of the only existing AA (US company, TRUSTe) has been carried out in a way which is not compliant with CBPRs requirements. This means that the renewal of that AA’s recognition is a major credibility test for JOP.
Keywords: Asia, APEC, cross-border privacy rules, CBPR, TRUSTe, privacy, data protection
Suggested Citation: Suggested Citation