On October 19, the US Department of Commerce and the Personal Information Protection Commission of Japan announced their commitment to expand the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) system that applies to cross-border data exchanges within the Asia-Pacific region.
In 2011, APEC leaders agreed to design a framework to encourage cross-border data flows, with the CBPR system ensuring common privacy and data protection principles and enforcement coordination. Under the CBPR system, an Accountability Agent (an independent third party verifier that reviews the business's privacy policies and practices) may designate a business that maintains certain minimum privacy standards as CBPR-certified.
Canada was the last country to adopt the CBPR system in 2015, joining the United States, Japan, and Mexico. While not as widely used as its Privacy Shield relative, the Federal Trade Commission has brought a case against a company related to claims of CBPR certification, and in July 2016 issued 28 warning letters based on the same.
It is yet to be determined whether this affirmation from the United States and Japan will encourage more businesses and economies to participate in the CBPR system.