On 6 July 2023, the United Kingdom (“UK”) became the first country to be granted Associate status in the Global Cross Border Privacy Rules (“CBPR”) Forum. In addition to the benefits of sharing best practices and pursuing interoperability with other privacy frameworks, the Global CBPR Forum seeks to establish and promote adoption of the Global Cross-Border Privacy Rules (CBPR) System and Global Privacy Recognition for Processors (PRP) System to facilitate data protection and free flow of data globally.
The Global CBPR system is a government-backed data privacy certification process that businesses can join in order to validate compliance with internationally acknowledged data privacy safeguards. Many large multinational corporations have already been certified under the framework, and it is one of the few bodies that supports the secure flow of data across multiple countries, removing barriers and working towards a universal set of data transfer standards.
Key perks of membership:
- Information sharing among members to facilitate cross-border cooperation and information between members in connection with data protection and privacy.
- Cross-border cooperation in investigation and enforcement.
- Increased cross-border flows of personal information between member entities.
- Interoperability of the Global CBPR System and PRP System with other data protection and privacy frameworks recognised by member entities.
Why this is notable:
International data transfers, as well as the necessity to transmit consumer and company information from one jurisdiction to another, are an unavoidable component of modern global commercial transactions. In 2021, it was reported that 93% of the UK’s service exports was data-enabled, indicating that the trustworthy movement of data between countries is quickly becoming a key contributor to economic growth. As the UK government strives to establish a worldwide system that can stimulate new technologies while protecting the protection of personal data as it goes across borders, a practical approach is a key priority. The UK’s participation in the Global CBPR Forum provides the UK opportunities to explore access to improved data transfer tools and arrangements, particularly with current members. It is also clear now that there are many different approaches to global data flows. We see so much reference to ‘adequacy’ as the GDPR focused route to data flow solutions. However, it is becoming clear that the world is complex and dynamic, so are data flows for global business. So plurality in data flow solutions should not ignore the increasing significance of CBPRs.
Co-authored with Micayla Colman
