Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, what assessment he has made of the potential (a) merits and (b) disadvantages of recognising the APEC-CBPR as equivalent to the UK’s data protection laws.

The Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (APEC CBPR) facilitates personal data flows among nine APEC members. As the UK is not an APEC member it cannot join the CBPR system, but we acknowledge the potential benefits this system provides as a baseline for data protection in the region.

UK GDPR provides for a range of personal data international transfer mechanisms including standard contractual clauses, binding corporate rules, codes of conduct and certification. The Department for Digital, Culture, Media and Sport is considering the operation of international frameworks, including the APEC CBPR system. This includes an assessment of similarities and differences between these models and the framework set out in UK GDPR and will inform any future assessment on the merits and disadvantages of pursuing interoperability with the CBPR system.