Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
March 7 --The European Commission's Article 29 Working Party of data protection officials from the European Union member states and the 21 Asia-Pacific Economic Cooperation (APEC) member economies March 6 made public a document aimed at helping companies navigate the similarities and differences between the two blocs' cross-border data transfer mechanisms.
The new document, known as a “referential,” is the result of a project aimed at comparing, or “mapping,” the differences in the systems and finding ways to move towards interoperability.
The effort was welcomed by privacy trust seal organization TRUSTe Inc., which oversees the application of the APEC system in the U.S.
“This is important for businesses,” TRUSTe Director of Product Policy Joanne Furtsch told Bloomberg BNA March 7. “We are very excited because this highlights greater interoperability to make both systems more effective for a wider range of businesses,” she said.
The referential lists “the main elements generally required by national Data Protection Authorities” in the EU and “the relevant bodies in APEC Economies.”
In the EU, binding corporate rules (BCRs) are binding internal privacy commitments by companies that apply to data transfers within a multinational entity, allowing it to transfer personal data across European Economic Area borders without violating the EU Data Protection Directive (95/46/EC).
APEC's Cross Border Privacy Rules (CBPR) system is based on approval of a company's privacy practices by an independent auditor with government regulators in participating economies acting as an enforcement backstop.
APEC's Data Privacy Subgroup has been working on coordinating the APEC's CBPR system with the EU BCR system as part of its general review of the APEC Privacy Framework during the framework's 10-year anniversary (13 PVLR 45, 1/6/14).
In July 2012, the U.S. became the first formal participant in the CBPR system and named the Federal Trade Commission as its backstop regulator (11 PVLR 1191, 7/30/12).
The referential was announced by FTC Chairwoman Edith Ramirez and Isabelle Falque-Pierrotin, head of the French data protection authority (CNIL), who was recently elected to be chairwoman of the Art. 29 Party (13 PVLR 388, 3/3/14).
The Art. 29 Party approved the referential in a formal opinion adopted Feb. 27 and made public March 6.
The FTC also March 6 announced that it had entered into a cross-border personal information protection memorandum of understanding with the U.K. Information Commissioner's Office (see related report).
The CBPR system is based on the nine privacy principles set out in the Privacy Framework. APEC leaders pledged to implement the system in a November 2011 declaration .
The APEC CBPR system has only accredited one “accountability agent,” TRUSTe, to certify whether organizations are CBPR-compliant.
TRUSTe in turn has made public some certified companies--International Business Machines Corp. and Merck & Co. ; and Yodlee Inc. (13 PVLR 264, 2/10/14) --as being in compliance with CBPR requirements.
Furtsch said that TRUSTe has certified other companies as being in compliance with the CBPR, but the companies have elected not to make their certifications public.
TRUSTe Chief Executive Officer Chris Babel recently told Bloomberg BNA that he expected that 15 of the 21 APEC member economies will have joined the CBPR system by 2015 (13 PVLR 264, 2/10/14).
Meanwhile, some EU lawmakers have promoted the expanded use of BCRs as part of its move to replace the Data Protection Directive, which requires transposition into national law by each EU member state, with a harmonized data protection regulation for the entire bloc.
But in the wake of revelations of government surveillance efforts, there have been calls to disallow the use of BCRs “where it is established that the law to which the data importer is subject imposes upon him requirements which go beyond the restrictions necessary in a democratic society” (13 PVLR 97, 1/13/14).
The European Parliament is slated to vote March 12 on the proposed regulation as well as on a nonbinding resolution on surveillance (see related report).
To contact the reporter on this story: Donald G. Aplin in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Katie W. Johnson at email@example.com
The referential, Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in the EU and Cross Border Privacy Rules submitted to APEC CBPR Accountability Agents, is available at http://www.apec.org/~/media/Files/Groups/ECSG/20140307_Referential-BCR-CBPR-reqs.pdf.
The Art. 29 Working Party's Opinion 02/2014 on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in the EU and Cross Border Privacy Rules submitted to APEC CBPR Accountability Agents is available at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp211_en.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)