Compliance Management, Governance, Risk and Compliance, Privacy, Data Security, Risk Assessments/Management

US, 6 other nations to develop cross-border privacy and security standards

U.S. Secretary of Commerce Gina Raimondo speaks during the annual North Americas Building Trades Unions Legislative Conference on April 5, 2022, in Washington. (Photo by Drew Angerer/Getty Images).

The United States is pairing up with six other countries to develop privacy and cybersecurity standards for the data that cross over into each other’s borders.

The Department of Commerce announced Thursday that it will be partnering with representatives from the governments of Canada, Japan, South Korea, Singapore, the Philippines and Taiwan to establish a Global Cross Border Privacy Rules forum. The group would be primarily responsible for creating a new international certification system for private businesses and other organizations based on two sets of data privacy protection standards developed by the Asia-Pacific Economic Cooperation (APEC).

In a statement, Secretary of Commerce Gina Raimondo said the effort marks “the beginning of a new era of multilateral cooperation” for protecting the flow of data “that are critically important to our modern economy.”

“The Global CBPR Forum intends to establish the Global Cross Border Privacy Rules and Privacy Recognition for Processors Systems, first-of-their-kind data privacy certifications that help companies demonstrate compliance with internationally recognized data privacy standards,” said Raimondo. “At the same time, the new forum will facilitate trade and international data flows and promote global cooperation, building on our shared data privacy values while recognizing the differences in our domestic approaches to protecting data privacy.”

Apart from developing the new certification system, the partnership would also focus on a range of issues related to privacy and security, including supporting the “free flow” of secure data across borders, periodically review domestic laws to ensure they align with APEC standards, and promote and pursue interoperability with other data protection frameworks.

According to a press release by Commerce, participation will be open “in principle” to other countries “which accept the objectives and principles of the Global CBPR Forum,” though only the U.S. and other six original countries will be full members with voting power and must agree on including new participants.

The group will meet at least twice a year in-person or virtually to implement projects and determine the direction of future projects. While the standards and certification system will exist independent from APEC, companies who have certified prior to the forum’s creation will continue to have their credentials honored “until further notice.”

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.