APEC Cross Border Privacy Rules – Australia’s participation
In July 2017, the Australian Government invited businesses and other interested stakeholders to comment on a discussion paper about the implications of Australia's participation in the CBPR system.
The APEC CBPR system was developed by participating APEC economies with the aim of building consumer, business and regulator trust in cross border flows of personal information.
It requires participating businesses to develop and implement data privacy policies consistent with the APEC Privacy Framework. These policies and practices are assessed against the minimum program requirements of the APEC CBPR system by an Accountability Agent, which is an independent APEC recognised private sector entity. By applying a commonly agreed upon baseline set of rules, the CBPR system bridges differences that may exist between different domestic privacy approaches.
As a result of this consultation and other advice received, the government took forward Australia's application to participate in the system, and submitted its application in August 2018.
Effective from 23 November 2018, APEC has endorsed Australia's application to participate in the Cross Border Privacy Rules (CBPR) system.
Now that Australia's participation has been endorsed, the department will work with Australia's privacy regulator, the Office of the Australian Information Commissioner (OAIC) and businesses during 2019, to implement the CBPR system requirements in a way that will ensure long term benefits for Australian businesses and consumers.