Last week, the Asia-Pacific Economic Cooperation (APEC) announced that Japan had been approved as a participant in the Cross Border Privacy Rules (CBPR) System, whose requirements have been approved by all 21 APEC Member Economies. The APEC-CBPR System is the first truly pan-global framework that has been endorsed by regulators and that addresses data flows between the United States and other APEC Member Economies.


Japan joins the United States and Mexico who were both approved within the last two year as participants in the APEC-CBPR System, which aims to both provide effective information privacy protection and promote the free flow of information among APEC Member Countries.


To become a participant in the CBPR system, an APEC Member Country must fulfill certain requirements, including a commitment to use an APEC-approved accountability agent, a legal basis for enforcing obligations imposed by that accountability agent, and a “backstop” privacy regulator or privacy enforcement authority.


Japan is forecasted to have “robust growth this year,” and as one of the six largest high-income economies, has the potential to transform the Asian and Pacific economies and mobilize additional countries to support international efforts for data protection. According to the findings report, Japan “expects to have at least one APEC-recognized Accountability Agent” and includes a list of 15 Japanese Privacy Enforcement Authorities who are members of the APEC Cross Border Privacy Enforcement Arrangement (CPEA) and will serve as the Japanese enforcement authority.


TrustArc TRUSTe was approved by the APEC Member Countries as the first accountability agent for the APEC-CBPR System in 2013. We certify data transfer practices under the CBPR Framework for those companies that are subject to US Federal Trade Commission jurisdiction. Already, companies like and Yodlee have received APEC privacy certification.


Join them, and let consumers, regulators and other stakeholders know that you are complying with one of the world’s leading data protection standards.