In late May, the Article 29 Working Party published the letter it sent to the APEC Data Protection subgroup. The letter follows previous discussions and extends cooperation between the two international organisations on data transfer mechanisms, and sets out new plans to align the EU Binding Corporate Rules (‘BCR’) with the APEC Cross-Border Privacy Rules (‘CBPR’) to make it easier for organisations to be granted approval under both regimes.
Three initiatives put forward at the previous meeting were adopted by the Art. 29 Working Party to ‘develop the practical tools that will help organisations implement both requirements from the BCR and CBPR systems’. Both processes currently take significant time and resources to achieve, so the continued relationship between the EU and APEC will benefit organisations certified, or seeking certification, to BCRs and CBPRs. Despite this cooperation, no uniform standard will be produced, and organisations will still need to go through each certification process separately.
The Art. 29 Working Party and APEC will aim to create a common application form that organisations may use to facilitate double certification, and formulate a map of company policies and effectiveness tools that could be submitted to evidence compliance. In the long term, the Art. 29 Working Party and APEC plan to develop a document comparing the respective requirements of the two systems so that organisations will receive recognition for the work undertaken under one system when pursuing approval under the other.
This collaboration should encourage more organisations to sign up to the BCR and CBPR systems, and the two groups are scheduled to meet again in August to continue and finalise discussions.