Just over a year ago, on 21 April 2022, seven economies, including Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the USA, announced the launch of the Global CBPR Forum. Since then, Australia and Mexico have joined the Forum, marking a significant stride towards a global approach to data privacy cooperation.
In this highly anticipated webinar, we explore the background, the future direction, and assess the potential business case for companies considering certification under the new Global CBPR System. As an Associate Member of the Forum, the UK has demonstrated a keen interest in joining this innovative system, making it the first country outside the APEC region to express such intent.
3. Agenda
○ Understanding the CBPR
System
○ Key Components of the CBPR
System
○ Comparing GDPR and CBPR
System
○ How the CBPR System Works
○ The Global CBPR Forum
○ Q & A
4. Poll Time!
Are you familiar with the
Cross-Border Privacy Rules
(CBPR) System and its
implications for global data
privacy cooperation?
5. 5
Understanding the CBPR System
● Comprehensive Principles-Based Approach:
○ CBPR is built upon a comprehensive set of privacy principles, making
it a robust framework for cross-border data transfers
○ These principles cover various aspects of data protection and security
● Accountability Agent:
○ Through CBPR system Accountability Agent works with companies
to ensure that the privacy practices of participating companies meet
the program requirements of PRP and / or CBPR
○ Certification by a third-party adds credibility and ensures impartial
evaluation
● Implementing appropriate data protection
● Importance of free data flows and trade
● Encouraging accountability
● Promoting interoperability
6. 6
Key Components of the CBPR System
● CBPR (Cross-Border Privacy Rules): CBPR is designed for data controllers
(organizations that determine the purposes and means of processing personal
data) to demonstrate their compliance with CBPR program requirements.
● PRP (Privacy Recognition for Processors): A key component of the CBPR
System, PRP is designed for processors (organizations that process data on
behalf of data controllers, corporate clients). It establishes a framework for
assessing and certifying processor privacy practices and security safeguard.
● CBPR as a Data Transfer Mechanism: Companies can leverage CBPR
certification to streamline data flows across jurisdictions while adhering to
established privacy principles based on the globally recognized OECD
Guidelines (Japan, Singapore, DIFC, Bermuda, USMCA).
● Enhancing Privacy Against Globally Recognized Principles: The CBPR
System enables companies to demonstrate compliance with globally
recognized privacy principles.
● Recognition from the State of Tennessee: As a mechanism to demonstrate
that a privacy program is in place
7. 7
Comparing GDPR and CBPR System
CBPR Principles (GDPR vs. CBPR) GDPR CBPR
1 Access, Correction Data Subject Rights Access, Correction,
Deletion
2 Collection Limitation Specified, explicit,
legitimate purposes
Collection limited to
specific purposes
3 Use of Personal
Information
Data minimization The use limited to
fulfill specified
purposes of collection
4 Choice Consent - freely
given, specific,
informed and
unambiguous
indication of the data
subject’s wishes (if
applicable)
Express consent for
non compatible
purposes.
8. 8
How the CBPR System Works
● Building Privacy Programs with CBPR based on
globally recognized framework
● Third-Party Accountability Agent
● Certification against CBPR Framework
● Strong Case for Processors
● PRP Example
9. The Global
CBPR Forum
● Introduction to the Global CBPR Forum:
The Global CBPR Forum seeks to support
the free flow of data by providing an
interoperable mechanism for effective data
protection and privacy globally.
● Operationalizing Global CBPR Privacy
Principles: The Forum will establish an
international certification system based on
the APEC CBPR and PRP systems.
● Seamless Transition to the Global CBPR
System: The Global CBPR Forum
emphasizes a seamless transition
approach.
11. Thank You!
See http://www.trustarc.com/insightseries for the
2023 Privacy Insight Series and past webinar
recordings.
If you would like to learn more about how TrustArc can support you with
privacy and data security compliance, please reach out to
sales@trustarc.com for a free demo.