The FTC Joins the Global CBPR Party

Jan 29, 2024 by BBB National Programs' Global Privacy Division

This month, the Federal Trade Commission (FTC) announced participation in the Global Cooperation Arrangement for Privacy Enforcement (Global CAPE), which supplements the global Cross Border Privacy Rules (CBPR) program, which itself will be expanding globally to become the CBPR Global Forum

In the statement the FTC clarified that their position is nonbinding and supports the necessary alignment between the agency and the work being completed on aligning privacy and data security issues focused on law enforcement, “without having to negotiate a separate memorandum of understanding with each participant.”

The FTC’s announcement signals the agency’s interest in keeping pace with the increasingly global nature of commerce and marks an important step forward for the global expansion of CBPRs. 

During workshops on the evolving CBPR system that took place last fall, it was clear that the CBPR system, which was once focused on only the Asian Pacific and Eastern economies, is indeed moving to a more global posture, adding countries with shared privacy values and regulatory frameworks from beyond the Eastern hemisphere. 

This movement reflects the need for more uniform global cooperation, sustainability, longevity, and interoperability in global data privacy. 

As it stands currently, more than 125 countries have their own unique data privacy laws, creating a fragmented ecosystem of data privacy laws and regulations worldwide. The CBPR framework offers a uniform solution to the existing patchwork, by bringing together the common requirements that are also most vital to safe and secure data processing and sharing across economies.

 

What do companies need to know? 

Companies proactively demonstrating compliance to the current CBPR framework will be seamlessly grandfathered in to the Global CBPR framework. 

Of note, the CBPR framework is very closely aligned (78%, to be exact) to other interoperable privacy programs like the EU-U.S. Data Privacy Framework (formerly Privacy Shield), which means that companies can feel a renewed confidence that they are not duplicating the work, but instead able to work toward uniform compliance across a series of data privacy regimes in the East and West. 

 

Which economies will participate? 

At this point it is not clear which countries will be added to the list of nine existing economies (United States, Mexico, Japan, Canada, Korea, Singapore, Australia, Philippines, and Chinese Taipei, with the UK as an associate).

However, we do know that some of the most interested countries may include: Sri Lanka, Nepal, Maldives, Peru, Colombia, Brazil, South Africa, Qatar, Ghana, and Saudi Arabia.

 

What new requirements could be added when CBPR goes global? 

It is yet to be determined whether new requirements will be added that go beyond the current CBPR framework. Topics such as risk assessments to appropriately assess harm, data breach requirements to signal robust data security safeguards, and data mapping and governance will remain as important additional, business compliance considerations when leveraging the CBPR framework. 

Learn more about BBB National Programs’ CBPR Program and Data Privacy Framework Services.

Suggested Articles

Blog

American Privacy Rights Act: A Primer for Business

Was it the recent series of natural phenomena that prompted Congress to move on a bipartisan, bicameral federal privacy bill? We can’t say with certainty, but we can outline for you what we believe to be, at first glance, the most compelling elements of the American Privacy Rights Act of 2024 (APRA).
Read more
Blog

Take Care of Your “Health-Lite” Claims

Some advertisers believe they can avoid scrutiny when making health-related claims by making their claim “softer.” But context is key. Health benefit claims must comply with the FTC’s Health Products Compliance Guidance. The substantiation bar is not lowered by changing the approach to the health-related claim.
Read more
Blog

Bullish but Cautionary: A Balanced Way to Approach the Impact of AI

Business and nonprofit leaders in the U.S. may not feel so weighty a responsibility in assessing the global impact of AI, but we must realize AI’s power to impact our organizations, our local economies, our sectors, and our nation.
Read more
Blog

New Rules of the Road Can Sustain US Leadership on Interoperable Digital Data Flows

President Biden closed February 2024 with an EO that signaled an important development for how the U.S. plans to position and guard itself from global adversaries, and speaks volumes about how the U.S. views the next-generation impacts of data flows on the digital economy and how our nation can be better equipped as a global leader. Read our takeaways and future considerations.
Read more