The APEC Data Privacy Pathfinder (Pathfinder) was formally endorsed by APEC members when they met in Sydney last year. The purpose of the Pathfinder is to develop a framework to regulate the transfer of personal information by business across national borders, which aims to ensure that an individual's personal information is protected no matter which APEC country the information is transferred from or to.
The Pathfinder involves 13 APEC member economies developing and road testing a number of projects, each with the aim of achieving one or more of the following elements considered to be central to an effective regulatory system:
- self-assessment
- compliance review
- recognition or acceptance
- dispute resolution or enforcement
The participating APEC member economies are Australia, Canada, Chile, Hong Kong, China, Japan, Korea, Mexico, New Zealand, Peru, Chinese Taipei, Thailand, United States, and Vietnam.
A total of nine projects have been agreed as part of the Pathfinder, two of which are outlined below.
The first Pathfinder project involves the development of a 'template' self-assessment document to be used by organisations when developing their own cross border privacy rules for the transfer of personal information (CBPRs). This document will aim to ensure consistency with the nine APEC information privacy principles (APEC Privacy Principles).
The introduction of a standard self-assessment document is expected to assist organisations develop their own CBPRs, assist in achieving consistency against the APEC Privacy Principles and increase consumer confidence that CBPRs are developed in accordance with a standard document.
Another Pathfinder project contemplates the appointment of 'trustmark' entities to assess whether an organisation's CBPRs comply with the APEC Privacy Principles.
By way of background, 'trustmarks' are labels or other visual indicators of participation in a scheme in which a third party guarantees an organisation's compliance with certain requirements. Trustmark schemes are currently in operation in a number of countries, including Japan and Singapore.
At this stage, it is unclear how the implementation of the Pathfinder initiatives will interact with Australian privacy laws as they currently stand. Concern has been expressed that the existence of a lower standard of data protection compliance in some APEC economies, which may translate into their CBPRs, may in turn result in Australian companies being placed in a position of competitive disadvantage by having to comply with a higher standard of protection.
More information on the Pathfinder can be found here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.