South Korea has became the fifth member economy to join the Asia-Pacific Economic Cooperation’s (“APEC”) Cross-Border Privacy Rules (“CBPR”) system, a voluntary but legally enforceable code of conduct that aims to facilitate secure data transfers and e-commerce between parties to the agreement.

Established in 2011, the CBPR system aims to provide a minimum level of protection for personal information exchanged among member economies as e-commerce continues to boom. It helps mitigate privacy concerns led by the ever-increasing flow of personal data across borders and build consumer trust by ensuring that data is processed in compliance with the CBPR’s high security standards without restricting data flows.  Countries and businesses that took part in the multilateral system agree to implement APEC’s nine privacy principles, which include, for example, preventing harm, notice, collection limitation, integrity, and accountability, in all cases involving the transfer or processing of personal information.

In a statement released by the Korea Communications Commission, the South Korean government expressed hope that the country’s accession to the agreement can help South Korean companies gain the trust of foreign consumers and companies whose data they process, improving their competitiveness overseas.  Under the agreement, companies in a member country can become CBPR-certified by adhering to APEC’s privacy principles and undergoing a review by an APEC-approved Accountability Agent.

With South Korea’s membership in the CBPR system, the number of Internet users represented in the agreement has surpassed 500 million.  This number could increase in the near future as other countries and businesses consider joining. In addition to the Philippines and Singapore, Taiwan has also expressed interest in becoming a member of the CPBR agreement.