Data Privacy

PH joins APEC privacy system

The Philippines has formally joined the Cross-Border Privacy Rules (CBPR) System, a move seen to expand its trading opportunities within the Asia-Pacific region by eliminating data-flow barriers when transacting with member economies of the Asia Pacific Economic Cooperation (APEC) through the adaption of common standards for data privacy.

The National Privacy Commission (NPC) recently submitted the Philippines’ letter of intent to join the CBPR System, ahead of a meeting by the Electronic Commerce Steering Group (ECSG) – Data Privacy Sub-Group (DPS) held in Puerto Varas, Chile.

In the document, Privacy Commissioner Raymund Liboro said the Philippines intends to use at least one APEC-recognized Accountability Agent to certify local companies as CBPR-compliant.

“When businesses become CBPR-certified, they may then transfer personal data in a safe and seamless manner across other certified companies operating in the APEC region, which accounts for about half of global trade. For Philippine companies, this means gaining entry to a much larger market at reduced compliance costs with respect to cross-border data transfers,” Liboro said.

ECSG chair Shannon Coe welcomes the country’s addition to the CBPR System, saying it would be integral to its long-standing trading relationship with the United States.

For his part, Singapore’s Personal Data Commissioner Tan Kiat How said he looks forward to working closely with the Philippines in encouraging local businesses to be CBPR-certified.

The submission of the country’s letter of intent marks the culmination of an elaborate process of collaboration between the NPC, its mother agency, the Department of Information and Communications Technology (DICT), the Department of Trade and Industry (DTI), and the Department of Foreign Affairs (DFA).

“I think this is a perfect embodiment of inter-agency teamwork, achieving a milestone that not only boosts Philippine data privacy and trade but even our diplomatic relationship with Asia Pacific economies,” Liboro said.

Borne of the APEC Privacy Framework, the CBPR System was endorsed by ministers from the 21-member APEC economies in November 2004 as a voluntary accountability system. Hence, membership requires submission of a letter of intent to the Joint Oversight Panel (JOP) and the accomplishment of an enforcement map, demonstrating adherence to the nine (9) privacy principles under the APEC framework.

The APEC CBPR certification serves as a seal of privacy compliance and accountability, creating a competitive advantage in both local and global markets. It also fosters trust among consumers, assured that their personal data is securely transferred. This, by requiring business entities to observe transparency and streamline the customer complaint process.

The Philippines’ participation in the CBPR System has been anticipated since it became a member in the APEC Cross Border Privacy Enforcement Arrangement (CPEA) back in 2017.

To date, there are eight participating economies in the CBPR System including United States of America, Mexico, Japan, Canada, Republic of Korea, Australia, Singapore, and Chinese Taipei. After evaluation and upon approval by the JOP, the Philippines will be the 9th economy to join the system.