In this Draft Mapping Report, CIPL examines the European Union’s General Data Protection Regulation (GDPR) to assess whether—and to what extent—the GDPR aligns with the Global CBPR Program Requirements (as updated in 2026) and the existing Global PRP Program Requirements. The analysis shows that more than 70% of Global CBPR Program Requirements, as revised, align […]

What are the Global Cross-Border Privacy Rules (Global CBPR)? What is the Global Privacy Recognition for Processors (Global PRP)? How do these systems work? What benefits do they provide to businesses and individuals alike? These questions and more are addressed in CIPL’s Global CBPR & Global PRP Systems Playbook, which explains how these programs provide […]

Since the CJEU Schrems II Judgment in July 2020, European data protection authorities (DPAs) in the EU have developed a “zero risk” theory in relation to Chapter V of the General Data Protection Regulation (GDPR). They have been asking data controllers and processors that transfer personal data outside the EU to “eliminate” all risks of […]

This document addresses commonly asked questions about the Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) systems, which are data transfer mechanisms developed by the Asia-Pacific Economic Cooperation (APEC) member economies. CBPR and PRP operationalize the nine Privacy Principles set forth in the 2005 APEC Privacy Framework. In 2022, several APEC economies established […]

Data underpins the digital transformation of our economies and society. It can be considered one of the most valuable economic assets – responsible use of data enables economic growth and brings benefits and progress to people, governments, and societies at large. Data is also central to governmental and societal interests, such as national security, cyber […]

In this paper, TLS explores one rationale that some proponents of localization have advanced: that localization will insulate companies from foreign governments’ ability to legally compel access to their data. We examine not only the legal framework in the United States (U.S.), but also those of other countries, and conclude that legal systems, in general, […]

This document presents a comparison of the APEC Cross-Border Privacy Rules (CBPR) Requirements and the EU-U.S. Privacy Shield Requirements to the requirements of the UK General Data Protection Regulation (GDPR). For purposes of this analysis, we analyzed relevant documents pertaining to participation in both the CBPR and Privacy Shield certification system. We present recommendations, as […]

Cross-border data flows foster innovation and growth, support cybersecurity, and enable access to essential services. They are important for delivering public services and empowering individuals to access them, including healthcare and education. Cross-border data flows make access to transformational technologies like AI equally available to individuals and public and private sector organizations who might otherwise […]

This document addresses some commonly asked questions about the APEC Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) systems. The following questions are addressed in these FAQs: What is APEC? What are the APEC Cross-Border Privacy Rules (CBPR)? Which APEC economies participate in the CBPR? What is the APEC Privacy Recognition for Processors […]

On July 16th 2020, the Court of Justice of the European Union (CJEU) confirmed, in the case known as “Schrems II”, that Standard Contractual Clauses (SCCs) are a valid mechanism for the transfer of personal data outside of the EU, while invalidating the EU Commission’s adequacy decision on the EU-US Privacy Shield. The Judgment substantially impacts […]

Data flows between India and the United States are of unquestionable value to India’s modern digital economy and society. According to a 2019 digital trade report1 from the Hinrich Foundation, digital trade contributed $32.5 billion to India’s domestic economy in 2017. The report further notes that this has the potential to grow to $480 billion […]

This document addresses some commonly asked questions about the APEC Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) systems. The following questions are addressed in these FAQs: What is APEC? What are the APEC Cross-Border Privacy Rules (CBPR)? Which APEC economies participate in the CBPR? What is the APEC Privacy Recognition for Processors […]

Global data flows are the product of the increasing globalization and digitalization of business processes and society. They are foundational to the modern digital economy. The ability to use, share and access information across borders stimulates innovation, enables data-driven products and services, fuels economic growth and ideas, and is often the lifeline for remote communities. […]

Legislatures in many countries currently are drafting or amending data protection laws. Often, these drafts and amendments attempt to regulate cross-border data transfers by imposing restrictions on transfers of personal data to other countries that do not have similar data privacy laws. Sometimes they also include so-called data localization provisions that require data or copies […]