Skip to Content

Notice

Applications To Serve as Accountability Agents in the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

ACTION:

Notice of Opportunity for Organizations to Submit Applications to Serve as Accountability Agents in the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System.

SUMMARY:

The International Trade Administration's Office of Technology and Electronic Commerce (OTEC) invites interested organizations to submit applications for recognition by APEC to act as an Accountability Agent for U.S.-based companies that are subject to Federal Trade Commission jurisdiction as part of APEC's Cross Border Privacy Rules system.

DATES:

Applications may be submitted beginning in July 2012. There is no closing date for submitting applications.

ADDRESSES:

All questions concerning this notice should be sent to the attention of Joshua Harris at one of the following addresses. See SUPPLEMENTARY INFORMATION for additional instructions on submitting applications.Joshua Harris: 1401 Constitution Ave. NW., Room 4324, Washington, DC 20230. joshua.harris@trade.gov.

FOR FURTHER INFORMATION CONTACT:

Joshua Harris, Office of Technology and Electronic Commerce, International Trade Administration, U.S. Department of Commerce, by telephone at (202) 482-0142 (this is not a toll-free number) or by email at joshua.harris@trade.gov.

SUPPLEMENTARY INFORMATION:

In 2004, Leaders of the 21 APEC economies endorsed the “APEC Privacy Framework” (Framework). The goal of the Framework is to facilitate the flow of information between the 21 economies in APEC by promoting a common set of privacy principles that will enhance electronic commerce, facilitate trade and economic growth, and strengthen consumer privacy protections. In order to implement this Framework, member economies developed a voluntary system of Cross Border Privacy Rules (CBPR), which was completed in September 2011 and endorsed by APEC Leaders in November 2011 (the Leaders' Declaration is available at http://www.apec.org/Meeting-Papers/Leaders-Declarations/2011/2011_aelm.aspx). The Leaders' Declaration instructs APEC member economies to implement the APEC Cross Border Privacy Rules System to reduce barriers to information flows, enhance consumer privacy, and promote interoperability across regional data privacy regimes. In July 2012, the United States formally commenced participation in the CBPR system.

The 21 APEC economies include Australia, Brunei Darussalam, Canada, Chile, the People's Republic of China, Hong Kong, Indonesia, Japan, the Republic of Korea, Malaysia, Mexico, New Zealand, Papua New Guinea, Peru, Philippines, Russia, Singapore, Chinese Taipei, Thailand, the United States, and Vietnam.

The CBPR system requires organizations to develop their own internal business rules on cross-border privacy procedures, which must be assessed as compliant with the minimum requirements of the APEC system by an independent public or private sector body, called an Accountability Agent. Under the CBPR system, an “Accountability Agent” is a third-party organization that provides verification services related to the data privacy policies and practices for those businesses seeking CBPR certification. Only APEC-recognized Accountability Agents may perform CBPR certifications. A recognized Accountability Agent would only be able to certify as CBPR compliant those organizations that are subject to the enforcement authority of the Cross-border Privacy Enforcement Arrangement (CPEA)—participating privacy enforcement authorities within the economies in which it has been approved to operate. The CPEA creates a framework for regional cooperation in the enforcement of privacy laws. In the case of the United States, organizations interested in serving as an Accountability Agent for U.S.-based companies must be subject to the enforcement authority of the Federal Trade Commission, the U.S. privacy enforcement authority for the CBPR system. APEC recognition is granted by a consensus determination by APEC member economies that an applicant Accountability Agent meets the established recognition criteria.

APEC's “Accountability Agent APEC Recognition Application”, a 61 page document which details the application process as well as the recognition criteria, is available at: www.export.gov/infotech.

Interested organizations must notify the Department of Commerce of their intent to seek APEC recognition and submit a completed application for initial review to the Office of Technology and Electronic Commerce by email at joshua.harris@trade.gov. Only complete application packages will be forwarded on to APEC for consideration of recognition.

Dated: July 25, 2012.

Robin Layton,

Director, Office of Technology and Electronic Commerce, U.S. Department of Commerce.

[FR Doc. 2012-18515 Filed 7-27-12; 8:45 am]

BILLING CODE 3510-DR-P