Cédric Laurant comments on recent approval by Mexico of APEC’s Cross-Border Privacy Rules

Representatives from the Article 29 Working Party and APEC economies discussed the similarities between certification and recognition mechanisms in the two regions. Cédric Laurant, Founder of Cédric Laurant Law Firm, said: “Recent discussions between European data protection authorities, their US counterparts and the International Chamber of Commerce have shown interest in making the CBPR system interoperable with the EU Binding Corporate Rules (BCRs).” […]APEC logo

As DataGuidance previously reported, the IFAI, Mexico’s data protection authority, recently published guidelines on a voluntary self-regulatory certification system, as part of the implementation of the CBPR system into its national regime. “The Mexican ‘certifier’ is the equivalent to the ‘accountability agent’ in the CBPR system”, said Laurant. “For foreign companies operating in Mexico, complying with the rules may only require approval of their current self-regulatory framework by a Mexican certifier. For Mexican companies, the learning curve will be much higher as many local companies, unless they already operate globally, do not have yet any self-regulatory framework in place, and it will probably cost them more to adapt to the new rules than their US counterparts, for example”. […]

Laurant notes, however, that a lack of a ‘culture of privacy’ in countries such as Mexico could slow down implementation of the CBPR system. “Being an optimist, I would see the glass ‘half-full’ and bet on the willingness the Mexican Ministry of Economy has demonstrated thus far to use the CBPR system to promote e-commerce between Mexico and neighbouring countries – the United States in the first place – and brandish the country as a top destination for the IT offshoring industry.”

Extract from: “International: APEC and EU bodies discuss regional interoperability”, DataGuidance (United Kingdom), 15 February 2013 [pdf]