Japan Ministry Files Application to Join APEC Cross-Border Privacy Rules System

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Toshio Aritake  


TOKYO--The Japanese government recently submitted an application to participate in the Asia-Pacific Economic Cooperation's Cross-Border Privacy Rules (CBPR) System, the Ministry of Economy, Trade and Industry's (METI) Information Policy Division told BNA June 13.

If the application, which was filed June 7, is accepted, Japan will undertake measures to ensure the protection of cross-border information of businesses and others under a common set of principles adopted by the 21 APEC member economies, METI said.

U.S., Mexico Already on Board

Under APEC's CBPR System, companies adopt and agree to abide by internal privacy rules coupled with third-party oversight by accountability agents. The government of the relevant country is tasked with overseeing and enforcing the process.

APEC leaders pledged to implement the CBPR in a November 2011 declaration (10 PVLR 1673, 11/21/11).

The CBPR is based on APEC's 2004 information privacy principles, METI officials said.

In July 2012, the U.S. Department of Commerce announced that the United States had been approved as the first formal participant in the CBPR System, and the Federal Trade Commission confirmed that it would be the system's first privacy enforcement authority (11 PVLR 1191, 7/30/12).

On Feb. 8, Mexico announced that its CBPR application had been approved (12 PVLR 286, 2/18/13).

Japan expects that it will be the third APEC economy to be accepted, METI officials said.

Too Early to Gauge Companies' Interest

Under the CBPR plan, when companies apply for certification, they agree to voluntarily examine their own privacy protection rules and frameworks related to cross-border private information, METI explained.

The corporation work would be examined by an independent certification organization, or accountability agent, appointed by the country and approved by APEC.

Koji Toyoshima, METI's privacy chief, told BNA June 14 that “Japanese companies have yet to make preparations for CBPR. We should be able to tell the level of interest after the accountability agent is created.”

Japan's application should be formally accepted by APEC in the next few months, he said, based on how long the process took for the United States and Mexico.

Request Bloomberg Law: Privacy & Data Security