Electronic Commerce Steering Group
The amount of trade conducted electronically has grown exponentially and electronic commerce has transformed many industry sectors and the way business is done. Business-to-consumer (B2C) e-commerce sales worldwide reached USD2.1 trillion in 2017, and is projected to grow by over 9 per cent this year. Retail e-commerce sales in the Asia-Pacific hit over USD1 trillion in Asia-Pacific in 2017, and its share of global digital spend represents 47.6 per cent of the world market.1
The Electronic Commerce Steering Group (ECSG) promotes the development and use of electronic commerce by supporting the creation of legal, regulatory and policy environments in the APEC region that are predictable, transparent and consistent. The ECSG’s work is geared towards enabling economies across all levels of development to be able to utilize information and communication technologies (ICTs) to drive economic growth and social development. It performs a coordinating role for APEC e-commerce activities, based on the principles set out in the 1998 APEC Blueprint for Action on Electronic Commerce.
The ECSG recognizes the importance of public–private sector collaboration in developing an environment conducive to e-commerce, and encourages the active participation and contribution of the private sector. The group also work closely with guest organizations including the International Chamber of Commerce (ICC), the Pan Asian E-Commerce Alliance (PAA), and the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFAT), the Organisation for Economic Co-operation and Development (OECD), the World Trustmark Alliance (WTA) and the Internet Society (ISOC). Originally established in 1999 as an APEC Senior Official's Special Task Force, the ECSG was aligned with the Committee on Trade and Investment (CTI) in 2007. This alignment enhances the coordinating capacity of the ECSG by ensuring a stronger focus on trade and investment issues.
Last page update: April 2018
The APEC Data Privacy Pathfinder was established by ministers in 2007 to achieve accountable cross-border flow of personal information within the APEC region. This goal is to be achieved by developing and implementing a Cross-Border Privacy Rules (CBPR) system, consistent with the APEC Privacy Framework which was first endorsed by APEC ministers in 2004.
Progress on the implementation of the APEC Privacy Framework includes the application of Information Privacy Individual Action Plans (IAPs) by 14 economies, and the creation of a study group within the Data Privacy Sub-Group (DPS) to analyze and identify best practices and the role of trust-marks in promoting the cross-border flow of information.
A notable progress in this area is the establishment of an APEC Cross-Border Privacy Enforcement Arrangement (CPEA) in July 2010. This multilateral arrangement provides the first mechanism in the APEC region for privacy enforcement authorities (PEAs) to share information and provide assistance for cross-border data privacy enforcement. The CPEA signifies the ongoing commitment within APEC to increase the protection of cross-border flows of personal information and is a significant step in the effective implementation of the APEC Privacy Framework.
APEC ministers endorsed the principal documents of the APEC Privacy Pathfinder in November 2011 in Honolulu, Hawaii. APEC Leaders also committed to implementing the CBPR System “to reduce barriers to information flows, enhance consumer privacy, and promote interoperability across regional data privacy regimes.”
APEC Cross-Border Privacy Rules (CBPR) System
In November 2011, the APEC Leaders issued a directive to implement the APEC Cross Border Privacy Rules (CBPR) system. The CBPR system balances the flow of information and data across borders while at the same time providing effective protection for personal information, essential to trust and confidence in the online marketplace. The system is one by which the privacy policies and practices of companies operating in the APEC region are assessed and certified by a third-party verifier (known as an accountability agent) and follows a set of commonly agreed upon rules, based on the APEC Privacy Framework. By applying this commonly agreed-upon baseline set of rules, the CBPR system bridges across domestic differences that may exist among domestic privacy approaches. Currently, six APEC member economies—Canada, Japan, Republic of Korea, Mexico, Singapore and the United States—have aligned their privacy laws with the APEC Privacy Framework.
APEC Privacy Recognition for Processors (PRP) System
The Privacy Recognition for Processors System (PRP) governance documents were endorsed by APEC in August 2015. The PRP system is designed to help personal information processors assist controllers in complying with relevant privacy obligations, and helps controllers identify qualified and accountable processors. This is done through an intake questionnaire, which sets forth the baseline requirements of the PRP. The APEC-recognized accountability agent will then assess a processor seeking recognition based on a set of requirements. Currently, two APEC member economies—Singapore and the United States—have joined the PRP System.
APEC Privacy Framework
The updated APEC Privacy Framework 2015 addresses the gaps in policies and regulatory frameworks on e-commerce to ensure that the free flow of information and data across borders is balanced with the effective protection of personal information essential to trust and confidence in the online market place. The update of the Privacy Framework was endorsed by ministers in November 2016.
Promoting Interoperability between the APEC–EU Privacy Rules Systems
In September 2012, a joint APEC–EU Working Group was created with the approval of the Senior Official Meeting (SOM). The working group consists of interested APEC economies and representatives from data protection authorities in the European Union Article 29 Working Party and from the European Commission.
Since its inception, the working committee has been engaged in discussions regarding similarities and differences between the APEC Cross Border Privacy Rules (CBPR) system and the EU system of Binding Corporate Rules (BCR) to promote interoperability and facilitates transfers of personal information between the two regions.
In January 2014, the joint APEC–EU Working Committee led to the development and completion of a common referential for the structure of the EU system and the APEC system. The goal of this referential is to serve as an informal pragmatic checklist for companies applying for authorization in the EU’s BCR and certification under APEC’s CBPR. In addition to outlining compliance and certification requirements of both APEC CBPR and EU BCR systems, the referential also identifies common elements and additional requirements for each. This will be useful for companies applying for certification under both systems. This initiative is just the first step. The long-term goal is to work on the interoperability of these systems.
Since 2015, both sides have explored the possibility of further cooperation to foster interoperability between the APEC CBPR and EU BCR systems. In response to private-sector requests, the DPS submitted an expression of interest to the EU Article 29 Working Party in April 2015, to which a response was received in May 2015. The EU agreed to work in the short to medium term with the DPS on a joint application form for the BCRs and CBPR systems, and a mapping of policies, practices, tools that are to be submitted as part of applications under both systems. In the longer term, the EU agreed to work on a common referential for processor recognition, mapping the requirements of the BCRs for processors and the APEC PRP. Since August 2015, the joint APEC-EU Working Committee held a discussion with private sector stakeholders who provided views and advice on the functionalities and important elements of a common questionnaire. The working committee is currently developing this common questionnaire.
In 2017, both sides also exchanged information on the APEC CBPR system and the EU’s General Data Protection Regulation (GDPR), which goes into effect in May 2018, with the aim of exploring interoperability between the two systems. The working group explored options for collaboration and a future work plan—including discussing mechanisms established under the GDPR such as certifications and codes of conduct—and agreed to continue discussions in Papua New Guinea in 2018.
Singapore Joins APEC Data Privacy System
Korea Joins APEC Data Privacy Program
APEC Launches Online Regulatory Learning Tool
APEC Makes Digital Economy Inclusion Push
APEC Enhances Personal Data Security with System Expansion
Greater Protection for Consumers as Canada Joins Asia-Pacific Privacy Regime
APEC Expands Data Privacy System to Protect Consumers
Promoting cooperation on data transfer systems between Europe and the Asia-Pacific
Consumer protection in Asia-Pacific gets boost as Mexico joins privacy regime
APEC Cross-Border Privacy Rules System goes public
- Electronic Commerce Steering Group - Data Privacy Subgroup Meeting with European Union
- APEC Individual Action Plans
- ECSG Publications
- Enhancing the Global Supply Chain Efficiency
- Enabling Electronic Commerce: The Contribution of APEC’s Data Privacy Framework
- APEC Electronic Commerce Business Alliance (APEC ECBA)
- APEC Digital Opportunity Center
- ECSG Page on APEC Collaboration System (ACS) ~ members’ access only
ECSG 01 2018 – APEC Cross-Border Privacy Rules System Fostering Accountability Agent Participation for Participants, Developing Economies, and MSMEs Benefit WorkshopHonolulu, United States
Mr Andrew Flavin
Assistant to ECSG Chair
Mr Michael Rose
Vice Chair to ECSG-DPS
U.S. Department of Commerce
Ms Shannon Coe
U.S. Department of Commerce
Mr Adrian CHENG