The Global Forum Assembly, the policy-making authority of the Global Cross Border Policy Rules (CBPR) Forum, has appointed Singapore as its Vice Chair.
In April 2022, Singapore and other participants of the APEC CBPR System co-founded the Global CBPR Forum. Through the establishment of the Global CBPR and Privacy Recognition for Processors (PRP) Systems, the Forum seeks to facilitate the free flow of data and effective data protection and privacy globally. With the publication of the Global CBPR Framework and the selection of its leadership team, the Forum is now accepting participation from additional jurisdictions.
The Global CBPR Framework supplements the Global CBPR Declaration (2022) by outlining the Forum’s principles and objectives. The Framework lays out the fundamental requirements upon which the Global Cross-Border Privacy Rules and PRP Systems will be predicated.
“Our economy is increasingly driven by data. The Global CBPR Forum will boost trust in data flows across borders and unlock the potential for more data-driven innovation,” said Lew Chuen Hong, Chief Executive of Infocomm Media Development Authority (IMDA).
Adding that it is a privilege for Singapore to serve as the Global Forum Assembly’s deputy chair. This demonstrates the country’s leadership in digital thought and dedication to influencing global norms and standards to create a brighter digital future for everyone.
With the introduction of the Global Cross-Border Privacy Rules Framework and the Forum’s Terms of Reference, interested states were invited to participate.
In outlining the Forum’s values and aims, the Framework supplements the Global CBPR Declaration (2022). It is based on the APEC Privacy Framework and adheres to the main principles of the OECD’s Guidelines on Privacy and Trans-Border Flows of Personal Data. The Global CBPR Framework defines the fundamental requirements for the Global Cross-Border Privacy Rules and Global PRP Systems.
The Terms of Reference provide the requirements and procedure for jurisdictions to participate in the Forum. The Terms of Reference also outline the Forum’s organisational structure, which includes the policy-making body, the Global Forum Assembly (GFA), as well as the working committees. This structure establishes a clear foundation for the Forum’s initial operations while also allowing for future growth and development.
Personal information protection should be created to avoid the misuse of such information while considering the interests of the individual to legitimate expectations of privacy and data protection.
Additionally, specific obligations should account for this risk and corrective actions should be proportionate to the likelihood and gravity of the harm threatened by the collection, use, and transfer of personal information. This is because there is a possibility that harm could arise from such misuse of personal information.
This Principle acknowledges that one of the Framework’s primary goals is to prevent the misuse of personal information and the resulting injury to individuals. Consequently, data protection and privacy approaches, such as self-regulatory efforts, education and awareness campaigns, laws, regulations, and enforcement mechanisms, should be designed to safeguard individuals from harm caused by the improper collection and misuse of their personal information.
Thus, organisational controls should be designed to prevent harm caused by the improper collection or misuse of personal information and should be proportional to the probability and severity of any harm threatened by the collection, use, or transfer of personal information.
Notifying Privacy Enforcement Authorities and the affected individuals in the event of a significant security violation involving personal information may help reduce the risk of adverse consequences to the individuals.