Privacy Groups Win Changes to APEC CBPR System

Privacy advocates and civil society representatives have been campaigning for two years for reform of the APEC Cross Border Privacy Rules system (APEC CBPRs). On 27 January 2015, APEC announced significant changes, meeting around 90% of the demands from that campaign. Advocates had argued that the first implementation of the APEC CBPRs (using TRUSTe as the Accountability Agent (AA) in the United States) had failed to meet basic APEC Privacy Framework requirements, both in relation to TRUSTe’s original AA application in 2013 and in its 2014 application for renewal of its AA status.

Although APEC chose to ultimately approve TRUSTe’s continued role as an Accountability Agent (at least for a further 12 months), the decision was accompanied by massive changes and improvements in the APEC CBPRs, including a completely new set of TRUSTe APEC Program Requirements. This article gives details of those improvements, and the criticisms on which they are based, and notes continuing deficiencies and what is needed to remedy them.

The criticisms of the renewal of TRUSTe's AA status are in Connolly, C, Greenleaf, G and Waters N 'Privacy self-regulation in crisis?: TRUSTe's 'deceptive' practices' (2014) 132 Privacy Laws & Business International Report, 19-21, available at: http://ssrn.com/abstract=2567090.

Keywords: privacy, data protection, cross border rules, APEC, Asia-Pacific

Suggested Citation: Suggested Citation

Connolly, Chris and Greenleaf, Graham and Waters, Nigel, Privacy Groups Win Changes to APEC CBPR System (February 15, 2015). (2015) 133 Privacy Laws & Business International Report, 32-33 , UNSW Law Research Paper No. 2015-23, Available at SSRN: https://ssrn.com/abstract=2603530