South Korea has became the fifth member economy to join the Asia-Pacific Economic Cooperation’s (“APEC”) Cross-Border Privacy Rules (“CBPR”) system, a voluntary but legally enforceable code of conduct that aims to facilitate secure data transfers and e-commerce between parties to the agreement.

Established in 2011, the CBPR system aims to provide a minimum level of protection for personal information exchanged among member economies as e-commerce continues to boom. It helps mitigate privacy concerns led by the ever-increasing flow of personal data across borders and build consumer trust by ensuring that data is processed in compliance with the CBPR’s high security standards without restricting data flows.  Countries and businesses that took part in the multilateral system agree to implement APEC’s nine privacy principles, which include, for example, preventing harm, notice, collection limitation, integrity, and accountability, in all cases involving the transfer or processing of personal information.

In a statement released by the Korea Communications Commission, the South Korean government expressed hope that the country’s accession to the agreement can help South Korean companies gain the trust of foreign consumers and companies whose data they process, improving their competitiveness overseas.  Under the agreement, companies in a member country can become CBPR-certified by adhering to APEC’s privacy principles and undergoing a review by an APEC-approved Accountability Agent.

With South Korea’s membership in the CBPR system, the number of Internet users represented in the agreement has surpassed 500 million.  This number could increase in the near future as other countries and businesses consider joining. In addition to the Philippines and Singapore, Taiwan has also expressed interest in becoming a member of the CPBR agreement.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Yan Luo Yan Luo

Yan Luo advises clients on a broad range of regulatory matters in connection with data privacy and cybersecurity, antitrust and competition, as well as international trade laws in the United States, EU, and China.

Yan has significant experience assisting multinational companies navigating the…

Yan Luo advises clients on a broad range of regulatory matters in connection with data privacy and cybersecurity, antitrust and competition, as well as international trade laws in the United States, EU, and China.

Yan has significant experience assisting multinational companies navigating the rapidly-evolving Chinese cybersecurity and data privacy rules. Her work includes high-stakes compliance advice on strategic issues such as data localization and cross border data transfer, as well as data protection advice in the context of strategic transactions. She also advises leading Chinese technology companies on global data governance issues and on compliance matters in major jurisdictions such as the European Union and the United States.

Yan regularly contributes to the development of data privacy and cybersecurity rules and standards in China. She chairs Covington’s membership in two working groups of China’s National Information Security Standardization Technical Committee (“TC260”), and serves as an expert in China’s standard-setting group for Artificial Intelligence and Ethics.

Yan is named as Global Data Review’s40 under 40” in 2018 and is frequently quoted by leading media outlets including the Wall Street Journal and the Financial Times.

Prior to joining the firm, Yan completed an internship with the Office of International Affairs of the U.S. Federal Trade Commission in Washington, DC. Her experiences in Brussels include representing major Chinese companies in trade, competition and public procurement matters before the European Commission and national authorities in EU Member States.

Yan is a Certified Information Privacy Professional (CIPP/Asia) by the International Association of Privacy Professionals and an active member of the American Bar Association’s Section of Antitrust Law.