National Development Council
December 14, 2018
Chinese Taipei has become a formal member of the APEC CBPR system
Chinese Taipei has received the notification from the APEC Secretariat that Chinese Taipei, along with Australia, has been approved to become a formal member of the APEC CBPR system, after the US, Mexico, Japan, Canada, South Korea and Singapore. According to previous member economies’ experiences in joining the system, it would take roughly one to one and half years for completing related procedures. It only took approximately 8.5 months for Chinese Taipei to join the system and the whole process went rather smoothly.
The APEC CBPR system is one that has been promoted actively by the United States in the APEC for instituting a cross-border privacy protection regime across the Asia-Pacific region. Under the APEC Privacy Framework, it is expected to elevate consumers’ confidence and trust in cross-border data transmission and to promote the development of e-commerce within the region. Chinese Taipei’s participation in the system would help its small and medium enterprises win more overseas business opportunities, boost its international image for attaching high importance to privacy protection, create more opportunities for cross-border collaboration, and shape the beneficial conditions for promoting cross-border digital trade, pursuant to its national interest and the international trend.
The basic tenet of the APEC CBPR system is to promote and facilitate cross-border data transmission and flows. Compared to the EU’s GDPR, which has gone into effect in May this year and has been regarded as the most vigorous regime ever since, the requirements of the APEC CBPR system to enterprises and organizations are less stringent. As the SMEs account for the vast majority of Chinese Taipei’s enterprises, the country’s participation in the system would help establish its own comprehensive regime for personal data protection gradually, and prepare and ready itself further for being in conformance with international standards such as that of the EU. The idea is to prevent the economy from any restrictions and possible impacts from international requirements for personal data protection.
The APEC has been trying to promote the interoperability between the APEC CBPR system and the EU GDPR regime. In addition to the APEC CBPR system, the United States also engages in the Privacy Shield agreement with the EU concurrently in response to the institution of the EU GDPR. On the other side, Japan has also completed its own negotiation with the EU on the same front of bridging its own privacy regime with that of the EU.
As Chinese Taipei does not designate one single competent authority in charge of the personal data protection regime of the country, the task for such participation into the said system would have to involve at least 15 related ministries/commissions, including Ministry of Justice, Ministry of Economic Affairs, Financial Supervisory Commission, etc. The NDC Minster Chen has convened a cross-ministerial meeting this February to set out the division of labor among competent authorities and the NDC was instructed to draft all related documents needed for the application with the confirmation of competent authorities involved. On March 8
th during the APEC SOM1 meeting, Chinese Taipei submitted its application and afterwards communicated back and forth with the APEC regarding its own institution of privacy regime. Later, the APEC completed its review process and submitted the JOP findings report on Nov. 23 for recommending the formal participation of both Chinese Taipei, along with Australia.
According to the design of the APEC CBPR system, there are three essential steps to take for taking part in the system. Firstly, the Privacy Enforcement Authorities of member economy have to acquire the APEC’s approval for joining the APEC Cross-border Privacy Enforcement Arrangement (CPEA). Secondly, after explaining the regime for personal data protection to the APEC and the APEC completing the review process, member economy could then be formally approved to join the system. By completing the previous two steps, Chinese Taipei can now initiate the process of assigning one or more Accountability Agents (AAs) for assisting domestic enterprises or organizations to conform to the APEC process of cross-border privacy protection and acquire the certification in this regard. As international enterprises or organizations have to pay a considerable amount of fees for a series of necessary assistance and consultation before acquiring the certification, at the moment only the US and Japan have established one AA of their own respectively, which could help their own domestic enterprises and serve enterprises of other countries as well.
NDC will continuously work to coordinate among related ministries/commissions and to push forward related matters with the collaboration of them, so as to enhance the exchange of Chinese Taipei with other economies on the front of privacy protection and enhance its international visibility for participating in the international activities.