Cross Border Privacy Rules Goes Global: A Deep Dive on CBPRs
May 15, 2024
On April 30, the U.S. Department of Commerce announced the establishment of the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) Systems. In this episode of Priv, host Dona Fraser is joined by Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives to take you from APEC to global CBPRs, explaining all of the acronyms in between.
Privacy professionals are faced with what seems like a never-ending, sometimes overwhelming stream of new privacy laws and regulations, both here in the U.S. and abroad. Our goal with this episode is to break down the “what you need to know” knowledge about the global CBPR system, quickly review the “how we got here” facts, and provide you with the “what do I do now” information you need, whether you are a data controller or data processor.
_____________________________________________________________
Related Resources
Cross-Border Privacy Rule Services
Department of Commerce Announcement on the CBPR Global Forum
BBB National Programs Statement on Launch of CBPR Global System
_____________________________________________________________
In this episode of Privacy Abbreviated, Dona Fraser and Victoria Akosile discuss the Cross-Border Privacy Rules (CBPR) program and its recent expansion to become the Global CBPR Forum. They explain how the CBPR framework provides a uniform set of privacy requirements that coalesce around an international baseline for compliance. They also discuss the role of Accountability Agents, such as BBB National Programs, in helping companies obtain and maintain their CBPR certification. The conversation highlights the importance of data privacy interoperability and the benefits of CBPR and PRP certifications for both data controllers and processors. They also touch on the SolarWinds case and the upcoming Global CBPR Forum meeting in Tokyo.
(2:58) The CBPR framework establishes a unified set of privacy requirements, fostering international alignment for compliance. It serves as a benchmark for companies to ensure their privacy practices meet a globally recognized standard. By adhering to CBPR requirements, companies can enhance consumer trust and mitigate risks associated with data privacy non-compliance.
(8:05) Integration into the CBPR program enables companies to assess and fortify their privacy procedures. Participation facilitates a structured review process, identifying areas for improvement in privacy management. It empowers companies to adapt to evolving privacy regulations and consumer expectations, ensuring resilience against data breaches and regulatory penalties.
(13:47) CBPR and PRP certifications present an opportunity to revolutionize vendor management strategies. Companies can leverage certifications to vet vendors, selecting partners with robust privacy safeguards. Certification streamlines data transfers by providing assurance of compliant data handling practices across the supply chain.
(24:07) BBB National Programs acts as an accountability partner, aiding companies in obtaining CBPR and PRP certifications. Through collaborative engagement, BBB National Programs assists companies in navigating the certification process efficiently. Our expertise helps companies uphold high privacy standards, fostering consumer trust and regulatory compliance.
(33:11) The forthcoming Global CBPR Forum meeting in Tokyo anticipates widespread interest from nations seeking to join the framework and advance data privacy interoperability. The event serves as a platform for sharing best practices and fostering collaboration among participating countries. It underscores the global momentum towards harmonizing data protection regulations, promoting cross-border data flows while safeguarding individual privacy rights.
Subscribe to Privacy Abbreviated to get new episodes delivered straight to your inbox. Please contact us with any questions about this episode, CBPR requirements, or BBB National Programs' Global Privacy Division.
Latest Podcasts
Likely to be Accessed: Do You Know Who Your Users Are?
Join us for this episode of Priv, where Dona Fraser is joined by Phyllis Marcus to discuss the broad operational, financial, and logistical impacts and challenges of trying to protect both children and teens online under the same laws and regulations.
Ad Watchers: Clear and Conspicuous Disclosures: Can You Read the Fine Print?
From small fonts to fast talking and distracting music, our hosts revisit this common issue area in advertising law, discuss what it takes for a disclosure to be considered clear and conspicuous, and share some lessons learned from a series of advertisements, both print and in TV commercials, that didn’t quite meet the clear and conspicuous standard.
Breaking Down AdTech: Cookies and Pixels and SDKs, Oh My!
This episode of Priv breaks down the most talked about issues in the adtech space, including the impact of the death of the cookie, the focus of regulators on the newest kid on the block - the pixel, lessons learned from recent SDK legal cases, what all of this looks like for children and teens, and what the legislative and regulatory road ahead looks like.
Ad Watchers: The best subject in advertising law: Is it puffery?
For this episode of Ad Watchers, join us for Eric’s favorite ad law topic: puffery, an exaggerated, blustering, or boastful statement or general claim that could only be understood to be an expression of opinion, not a statement of fact. But where is the line between puffery and a claim that needs a reasonable basis?