Japan Joins APEC-CBPRs: Does It Matter?

(2016) 144 Privacy Laws & Business International Report, 18-21

6 Pages Posted: 9 May 2017

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: December 1, 2016


Japan has stepped up its involvement in APEC’s Cross-Border Privacy Rules system (CBPRs) during 2016. After signalling its intention to join CBPRs in 2013, it did not take the final step until February 2016, when it appointed an ‘Accountability Agent’ (AA), the Japan Institute for Promotion of Digital Economy and Community (JIPDEC), a trustmark provider.

Then in November 2016, Japan’s Personal Information Protection Commission (PIPC) announced a decision under Japan’s Amended Act on the Protection of Personal Information (PIPA) to the effect that APEC CBPRs compliant ‘business operators’ are not required to comply with the Act’s restrictions on exports of personal data from Japan.

This article examines which (if either) of these two developments are important, and to whom? In doing so, it may explain something about the extreme limitations of the APEC CBPRs system that are contrary to how it is presented by its promoters, who give rosy assurances of its success and expansion.

The conclusions reached by the article are that:

(i) The fact that Japan has fully joined APEC CBPRs, by appointing JIPDEC as an AA, will mean nothing of any significance to anyone, even when JIPDEC does some accreditations, because Japan already has a data privacy law with higher standards than APEC. In contrast, the US CBPRs participation is of some effect, because it does not have data privacy laws meeting APEC standards (low as they are).

(ii) However, the ‘recognition’ of CBPRs accreditation in overseas countries by Japan’s PIPC is of significance, though its practical effect is at present limited to facilitating data exports to a handful of businesses in one country, the US.

The bottom line is that APEC CBPRs is of significance at present to a small number of US companies, and to no-one else. APEC CBPRs will remain irrelevant, provided its limitations are understood.

Keywords: Privacy, Data Protection, APEC, APEC-CBPRs, Japan

Suggested Citation

Greenleaf, Graham, Japan Joins APEC-CBPRs: Does It Matter? (December 1, 2016). (2016) 144 Privacy Laws & Business International Report, 18-21, Available at SSRN: https://ssrn.com/abstract=2964499

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics