Data Privacy Subgroup (DPS)
The APEC Data Privacy Pathfinder was established by Ministers in 2007 to achieve accountable cross-border flow of personal information within the APEC region. This goal is to be achieved by developing and implementing a Cross-Border Privacy Rules (CBPR) system, consistent with the APEC Privacy Framework which was endorsed by APEC Ministers in 2004.
Progress on the implementation of the APEC Privacy Framework includes the application of Information Privacy Individual Action Plans (IAPs) by 14 economies, and the creation of a study group within the Data Privacy Sub-Group (DPS) to analyze and identify best practices and the role of trust-marks in promoting the cross-border flow of information.
A notable progress in this area is the establishment of an APEC Cross-Border Privacy Enforcement Arrangement (CPEA) in July 2010. This multilateral arrangement provides the first mechanism in the APEC region for Privacy Enforcement Authorities (PEAs) to share information and provide assistance for cross-border data privacy enforcement. The CPEA signifies the ongoing commitment within APEC to increase the protection of cross-border flows of personal information and is a significant step in the effective implementation of the APEC Privacy Framework.
APEC Ministers endorsed the principal documents of the APEC Privacy Pathfinder in November 2011 in Honolulu, Hawaii. APEC Leaders also committed to implementing the CBPR System “to reduce barriers to information flows, enhance consumer privacy, and promote interoperability across regional data privacy regimes.”
APEC Cross-Border Privacy Rules (CBPR) System
In November 2011, the APEC Leaders issued a directive to implement the APEC Cross Border Privacy Rules System (CBPR). The CBPR system balances the flow of information and data across borders while at the same time providing effective protection for personal information, essential to trust and confidence in the online marketplace. The system is one by which the privacy policies and practices of companies operating in the APEC region are assessed and certified by a Third party verifier (known as an “Accountability Agent”) and follows a set of commonly agreed upon rules, based on the APEC Privacy Framework. By applying this commonly agreed-upon baseline set of rules, the CBPR system bridges across domestic differences that may exist amongst domestic privacy approaches. Currently, four (4) APEC member economies - Canada, Japan, Mexico and the United States - have aligned their privacy laws with the APEC Privacy Framework.
APEC Privacy Recognition for Processors (PRP) System
The Privacy Recognition for Processors System (PRP) Governance Documents was endorsed by APEC in August 2015. The PRP system is designed to help personal information processors assist controllers in complying with relevant privacy obligations, and helps controllers identify qualified and accountable processors. This is done through an intake questionnaire which sets forth the baseline requirements of the PRP. The APEC-recognized Accountability Agent will then assess a processor seeking recognition based on a set of requirements.
Stock-Take of the APEC Privacy Framework
The DPS is currently engaged in a stock-take of the APEC Privacy Framework. The APEC Privacy Framework 2015 is envisioned to address the gaps in policies and regulatory frameworks on E-Commerce to ensure that the free flow of information and data across borders is balanced with the effective protection of personal information essential to trust and confidence in the online market place.
Promoting Interoperability between APEC-EU Privacy Rules Systems
In September 2012, a joint APEC-EU Working Group was created with Senior Official Meeting’s (SOM) approval. The Working Group consists of interested APEC Economies and representatives from data protection authorities in the European Union Article 29 Working Party and from the European Commission.
Since its inception, the Working Committee has been engaged in the discussions regarding similarities and differences between the APEC Cross Border Privacy Rules System (CBPR) and the EU system of Binding Corporate Rules System (BCR) to promote interoperability and facilitates transfers of personal information between the two regions.
In January 2014, the joint APEC-EU Working Committee led to the development and completion of a Common Referential for the Structure of the EU System of Binding Corporate Rules and APEC Cross Border Privacy Rules System. The goal of this referential is to serve as an informal pragmatic checklist for companies applying for authorization of the EU system of Binding Corporate Rules System (BCR) and certification under APEC’s Cross Border Privacy Rules system (CBPR). In addition to outlining compliance and certification requirements of both APEC CBPR and EU BCR systems, the referential also identifies common elements and additional requirements for each. This will be useful for companies applying for certification under both systems. This initiative is just the first step of the work on APEC CBPR and the EU BCR. The long-term goal is to work on the interoperability of these systems.
Since 2015, both sides explored the possibility further cooperation to foster interoperability between the APEC CBPR and EU BCR systems. In response to private sector requests, the DPS submitted an expression of interest to the EU Article 29 Working Party in April 2015, to which a response was received in May 2015. The EU agreed to, in the short to medium term to work with the DPS on a joint application form for the BCRs and CBPR System, and a mapping of policies, practices, tools that are to be submitted as part of applications under both systems. In the longer term, the EU agreed to work on a common referential for processor recognition, mapping the requirements of the BCRs for processors and the APEC PRP. Since August 2015, the joint APEC-EU Working Committee held a discussion with private sector stakeholders who provided views and advice on the functionalities and important elements of a common questionnaire. The Working Committee is currently continuing work in developing this common questionnaire.
Paperless Trading Subgroup (PTS)
ECSG has been working to implement the Supply-Chain Connectivity Framework and Action Plan to address current bottlenecks, specifically those that involve customs and other cross-border trade procedures.
Through the Paperless Trading Subgroup (PTS), ECSG has been developing projects that integrate paperless trading in commercial processes, particularly projects that use e-solutions or electronic procedures and processes in cross-border trade, in order to save time and cut costs and uncertainties for firms and government agencies.
These e-solutions include the following: Electronic Certificate of Origin (ECO), e-negotiation, e-invoicing, Electronic Sanitary and Phyto-Sanitary Certificate (e-SPS), archiving of e-documents and e-trade financing. The goal is to build up e-commerce as the main driver and integration tool that will enhance the efficiency of supply-chains.
Enhancing Global Supply Chain Efficiency by E-Manifest in the APEC Region (China)
This APEC-funded project which completed in 2014 analyzed the efficiency of current manifest submission procedures, evaluated the impact on the stakeholders, and identified guidelines for the effective implementation of the e-manifest declaration.
The ECO Project
The ECO pathfinder project, which started operation in May 2010 continues to be implemented between Chinese Taipei and Korea. The success of the project has been documented by the APEC Policy Support Unit (PSU) in 2011. Discussions and systems testing with other member economies are ongoing to expand the scope of the project within APEC.
Noting the rather slow implementation of the project, the APEC-funded Study on the Readiness of ECO Implementation in Cross-border Trade in APEC Region was organized by China in Beijing in July 2012 to determine the obstacles to the project.
Enhancing Reliable Supply Chains by e-B/L Exchange in APEC Region
To complement the work of PTS on ECO and to implement part of the roadmap for trade facilitation, this project was implemented by Korea together with China and Russia.
This project addressed necessary steps for the practical use of e-B/L among traders, carriers, forwarders, banks and other parties in international trade. This project also identified the viability of the e-B/L international exchange model in Korea, China, Russia, Vietnam, Malaysia and the Philippines, as well as other APEC member economies.
The ECSG has guided numerous capacity building projects that promote the development and use of electronic commerce and ICTs within the APEC region including:
Cross-Border Privacy Rules (CBPR) System
- Japan Institute for Promotion of Digital Economy and Community (JIPDEC) was approved as the second Accountability Agent for the APEC Cross-Border Privacy Rules System in January 2016, following TRUSTe’s recognition in 2013.
- Canada became the latest entrant into the APEC Cross-Border Privacy Rules System in April 2015, boosting the protection of consumer data from security threats as it is transmitted around the Asia-Pacific while cutting compliance costs for businesses that increasingly depend on these information flows to operate and grow. The move follows the addition of Japan in 2014, Mexico in 2013 and the United States in 2012 to the system. It paves the way for the expansion of the system among the remaining 16 APEC members, with implications for data flows ranging from apps, cloud computing, and email to biometrics, GPS information and online purchases of goods and services.
Privacy Recognition for Processors (PRP) System
- The Privacy Recognition for Processors System (PRP) Governance Documents was endorsed by APEC in August 2015. The PRP system is designed to help personal information processors assist controllers in complying with relevant privacy obligations, and helps controllers identify qualified and accountable processors. This is done through an intake questionnaire which sets forth the baseline requirements of the PRP. The APEC-recognized Accountability Agent will then assess a processor seeking recognition based on a set of requirements.
- In January 2014, the joint APEC-EU Working Committee led to the development and completion of a Common Referential for the Structure of the EU System of Binding Corporate Rules and APEC Cross Border Privacy Rules System. The goal of this referential is to serve as an informal pragmatic checklist for companies applying for authorization of the EU system of Binding Corporate Rules System (BCR) and certification under APEC’s Cross Border Privacy Rules system (CBPR). In addition to outlining compliance and certification requirements of both APEC CBPR and EU BCR systems, the referential also identifies common elements and additional requirements for each. This will be useful for companies applying for certification under both systems. This initiative is just the first step of the work on APEC CBPR and the EU BCR. The long-term goal is to work on the interoperability of these systems.
The ECSG's Paperless Trading Subgroup develops projects on the use of paperless trading in commercial processes involving business-to-business (B2B) and business-to-government (B2G) transactions and promotes the use of electronic documents and internet technologies in international trade.
These projects aim to use "e-solutions" or electronic procedures and processes in cross-border trade to save time and costs for firms and government agencies seeking regulatory compliance information from traders. Areas covered by these projects include: electronic certificates of origin (ECO), electronic invoicing, business requirements for data harmonisation and a single window, best practices in paperless trading, archiving of e-documents and e-trade financing. Among those projects, the ECO project has been implemented in live transactions between member economies beyond its pilot stage, saving substantial cost and time and thus realizing the benefits of trade facilitation.
Work is underway to implement APEC's Strategies and Actions Toward a Cross-Border Paperless Trading Environment to enable the electronic transmission of trade-related information across the region by 2020.
17 economies have submitted Individual Action Plans on Paperless Trading outlining progress made "to reduce or eliminate the requirement for paper documents needed for customs and other cross-border trade administration and other documents and messages relevant to international sea, air and land transport" as set out in the APEC Blueprint for Action on E-Commerce.
Ted Dean (Mr)
Chair, ECSG, Acting Chair ECSG-PTS
Deputy Assistant Secretary for Services
U.S. Department of Commerce, International Trade Administration
Shinji KAKUNO (Mr)
International Affairs Office Commerce and Information Policy Bureau Commerce and Information Policy Bureau, Ministry of Economy, Trade and Industry
Andrew Flavin (Mr)
Assistant to the ECSG Chair
Policy Advisor, Office of Digital Services Industries, U.S. Department of Commerce
Caitlin Fennessy (Ms)
Vice Chair, ECSG-DPS
Policy Advisor, Office of Digital Services Industries
U.S. Department of Commerce
Colin MINIHAN (Mr)
Vice Chair, ECSG-DPS
Principal Legal Officer, Attorney-General’s Department, Australia
Karen Yeo (Ms)
Michelle Lim (Ms)