We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Binding corporate rules (BCR) and apec cross border privacy rules (CBPR)

27 March 2014

On 27 February 2014 the Article 29 Data Protection Working Party adopted an opinion (WP 212) on the analysis of the mutual aspects of BCR in the EU and CBPR in the Asia Pacific region.

Whilst the opinion stresses that the considerable similarities between the two systems does not of itself mean that an approved BCR would automatically be approved in APEC or that an approved CBPR in APEC would be approved in the EU, the opinion hints that in due course there may well be the basis for 'double certification'.

The Opinion goes into detail on the areas of similarity in respect of rights of data subjects and third party beneficiaries, liability, relationships with data processors, relationships as regards onward transfers, consent and use, data quality and proportionality, transparency, security and confidentiality, training, assessments and rights of erasure.

The Opinion also contains useful charts comparing similarities between BCR and CBPR and also explaining where there are differences or additional requirements by the Regulators in the EU or APEC.

The Opinion is available here.

This article was written by Robert Bond.

For more information contact Robert on +44 (0)20 7427 6660 or robert.bond@crsblaw.com