Article 29 Working Party And APEC Authorities Release 'Practical Tool' To Map The Requirements Of The BCR And CBPR Regimes

Author:Ms Cynthia O'Donoghue
Profession:Reed Smith

At the beginning of March, representatives of the EU Article 29 Working Party and the Asia-Pacific Economic Cooperation (which includes, among others, the United States and the People's Republic of China) announced the introduction of a new Referential on requirements for binding corporate rules (the Referential).

Both the EU and Asia-Pacific Economic Cooperation (APEC) regimes place restrictions on the transfer of data across borders. Under the EU regime, implementing a set of binding corporate rules (BCR) that have been approved in advance by national authorities will allow a company or group of companies to transfer data outside of the EEA without breaching the EU Data Protection Directive. Under the APEC regime, Cross-Border Privacy Rules (CBPR) serve the same purpose, allowing data to be transferred between participating economies. Both regimes require the rules to be approved in advance by regulators before they can be relied on.

The Referential does not achieve mutual recognition of both the EU and APEC systems, but it is intended to be a "pragmatic checklist for organizations applying for authorization of BCR and/or certification of CBPR". The Referential acts as a comparison document, setting out a "common block" of elements that are shared by both systems, and "additional blocks" which list their...

To continue reading