You are here: Skip breadcrumbAttorney-General's Department >> Rights and protections >> Privacy >> Asia-Pacific Economic Cooperation privacy

Asia-Pacific Economic Cooperation privacy

A cross-border privacy framework developed by the Asia-Pacific Economic Cooperation (APEC) forum, is the blueprint for greater regional cooperation on privacy rules and enforcement.

APEC's activity in privacy issues recognises that personal and business information travels across borders. A goal is to promote consumer trust and business confidence in these cross-border data flows.

Australia is a member of the APEC Data Privacy Sub Group, which developed the framework and meets twice a year to work on privacy issues.

The APEC Privacy Framework

In 2004, APEC endorsed a privacy framework. At its heart are nine principles:

  • preventing harm
  • notice
  • collection limitations
  • uses of personal information
  • choice
  • integrity of personal information
  • security safeguards
  • access and correction
  • accountability.

The principles represent a minimum standard. Prescribing how the principles should be put into practice was not an option given the diversity of economies in APEC. The aim was to encourage their consistent implementation across the APEC region.

The framework took as its starting point the 1980 OECD Guidelines on the Protection of Privacy and Trans-Border Data Flows of Personal Data, which also underpins Australia's Privacy Act 1988.

For more information on APEC and the principles, visit the Asia-Pacific Economic Cooperation website.

More information on the privacy framework is available below:

Data Privacy Pathfinder Initiative

In 2007, APEC approved a Data Privacy Pathfinder Initiative to put the privacy framework into practice. Putting the Pathfinder into practice is the main job of the APEC Data Privacy Sub Group.

The Pathfinder is pursuing multiple projects to promote consumer trust and business confidence in cross-border data flows. It will support business needs, reduce compliance costs, provide consumers with effective remedies, allow regulators to operate efficiently, and minimise regulatory burdens.

The Pathfinder contains general commitments leading to the development of a cross-border privacy rules system.

APEC cross-border privacy rules

Cross-border privacy rules (CBPRs) are developed by businesses to set out what they do with personal information they may collect. Businesses use them as internal rules for privacy procedures. The rules are also a business's promise to its customers about how their personal information will be dealt with.

The rules need to comply with both the APEC Privacy Framework and the domestic laws of the economies where businesses operate.

Accountability is the key privacy principle underlying the CBPR system. A business will be accountable for the promises it makes to its customers about the way in which it will deal with their personal information.

Cross-Border Privacy Enforcement Arrangement

In July 2010, APEC endorsed the APEC Cross-Border Privacy Enforcement Arrangement (CPEA).

The CPEA creates a multilateral framework for regional cooperation in enforcing privacy laws. Participation in the CPEA is open to any privacy enforcement authority in an APEC member economy.

The CPEA aims to:

  • facilitate information-sharing among privacy enforcement authorities in APEC economies
  • provide mechanisms to promote effective cross-border cooperation between authorities in the enforcement of privacy law
  • encourage information-sharing and cooperation on privacy investigation and enforcement with privacy enforcement authorities outside APEC.

Australia strongly supports the CPEA and was instrumental in its establishment. Through the Office of the Australian Information Commissioner, Australia participates in the CPEA and is one of its joint administrators.

Five privacy enforcement authorities currently participate in the CPEA:

  • The Office of the Australian Information Commissioner
  • The New Zealand Office of the Privacy Commissioner
  • The United States Federal Trade Commission
  • The Office of the Privacy Commissioner for Personal Data, Hong Kong, China
  • The Office of the Privacy Commissioner of Canada

For more information on the CPEA, visit the Asia-Pacific Economic Cooperation website.