Global Cooperation on Privacy and the CBPR System: The Path Forward



Given the deep interest of the Philippine private sector, specifically the BPO industry, and the National Privacy Commission (NPC) in becoming an active and constructive player in the personal and sensitive data flow across international borders, it is exciting to note that there will be a multi-stakeholder workshop on the above subject in the US from 26 to 28 April this week.

We, who are seriously involved and global cooperation in data privacy protection and making full use of the Data Flows Regulation CBPR (Cross Border Privacy Rules) System, will watch the proceedings with deep interest and will contribute to the extent the Philippine private sector can update the participants about the progress here and give some indications regarding the progress of the NPC in becoming an active participant in the APEC CBPR and its implementation through local Accountability Agents.

Let me highlight some of the agenda items which are of great interest to us in the Philippines:

How to establish a CBPR program

This session will provide information on establishing an Accountability Agent from current Accountability Agents’ perspective and will provide a company’s perspective of the process of working with an Accountability Agent to become certified.  This session is best for non-CBPR participant economies and CBPR participants without an Accountability Agent.

This session will include an interactive discussion on how to promote uptake of the CBPR System. This session is best for CBPR members and other participating stakeholders.

In the Philippines, we have been highlighting the international importance of data flow cross border protection and have actively supported the country’s initial steps toward Apec CBPR.

The case for the privacy recognition for processors

This panel will explore the benefits of the Privacy Recognition for Processors (PRP) System. For example, how can it be used to meet vendor due diligence requirements?  How can it help micro, small and medium enterprises’ (MSME) participation in the digital economy?

This topic is very much part of the work of the NPC and getting the smaller and midsize companies involved in the digital economy without running the risk of data privacy breaches.

In this context, I would like to highlight the NPC’s most recent launch of it’s new data breach reporting system called Data Breach Notification Management System (DBNMS).

• Regulator panel

This panel will bring together regulators to discuss enforcement cooperation and how CBPRs can facilitate compliance and trust in cross border transfers.

I am sure the NPC will be listening in.

• Panel discussion on CBPRs and domestic law

This panel will bring together experts to discuss how the CBPR and PRP Systems intersect with domestic law. For example, how do the CBPR and PRP Systems work with domestic certifications? How can CBPR and PRP certifications be recognized in domestic frameworks? Again, something for NPC.

• Presentation on CBPR study by APEC Policy Support Unit

• CBRP Interoperability with other Privacy Frameworks

To create interoperability between the CBPR and other privacy frameworks, it is necessary to identify the differences or gaps between the CBPR program requirements and the requirements of such other frameworks through a detailed mapping exercise. The identified differences or gaps can then be evaluated to determine whether they are significant enough to require that they be addressed or bridged in some way for purposes of creating interoperability.                        

If the gaps are sufficiently significant, there are a number of options for creating bridging mechanisms between the CBPR and other privacy frameworks. Using the example of a previously undertaken mapping between the APEC CBPR and the UK GDPR, this session will explore these issues and consider the possible mechanisms and tools that could be created to bridge any material gaps between the CBPR and other frameworks.

No question, that we will listen in and study the presentation of the CBPR Study.

• Review of CBPR program requirements

This discussion will focus on developing recommendations for updating the program requirements building on the recommendations from the 2019 workshop. The session will also include opportunity to discuss with all stakeholders the process for making any changes.

• Panel for non-CBPR participants on possibilities for engagement

Jurisdictions will discuss the benefits and potential engagement in the CBPR System and how the CBPR System could be leveraged under their domestic frameworks.

• Updates from CBPR participants

Each CBPR participant will have 10 minutes to provide an update on participation in the CBPR System.

CBPRs from an Industry Perspective Current certified companies and prospective participants will share the business case for the CBPR System.

I am providing you with this exciting information so that interested parties can provide us with information of the topics to be discussed. Our aim, of course, is to make the Philippines part of the APEC CBPR development, essential for the local data processing industry. As mentioned above, the Business Data Management industry in the Philippines needs the support provided by the certifications offered by Accountability Agents in the Philippines—hopefully soon.

Your input will be highly appreciated; contact me at [email protected]



Source link