Latest news with #GlobalCrossBorderPrivacyRules
Yahoo
02-06-2025
- Business
- Yahoo
TrustArc Launches Global CBPR and PRP Certifications, Expanding Privacy Protection and Accountability
SAN FRANCISCO, June 2, 2025 /PRNewswire/ -- TrustArc, the privacy platform for navigating global compliance and AI risk, is proud to announce the official launch of the Global Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Certifications through TRUSTe as an approved Accountability Agent in the United States. This milestone marks a significant evolution in international data transfer compliance, expanding the reach of the widely respected APEC certifications to a global framework. The Global CBPR and PRP systems launched by the Global CBPR Forum provide a government-backed, interoperable, and flexible approach for validating robust privacy practices and cross-border data transfers. The certifications allow companies to build and demonstrate trust across multiple participating jurisdictions, including Canada, the United States, Japan, Australia, Mexico, Singapore, and more. Interest continues to grow with countries like India exploring participation and more than 24 countries participating in Global CBPR workshops, underscoring the international momentum for cooperative privacy governance. The Chair of the Global CBPR Forum, Shannon Coe, emphasized the importance of these certifications in today's digital economy. She states, "The launch of the Global CBPR and Global PRP Systems empowers companies worldwide to uphold the highest standards of data privacy, fosters trust, enables trade, and drives innovation in a connected future. We encourage companies operating in the global market to consider becoming certified and jurisdictions to join the Forum to make this tool available to companies in their jurisdictions." With decades of experience certifying privacy programs under APEC CBPR and other global frameworks, TrustArc, through its TRUSTe certification offerings, has been a pioneer in accountability-based privacy assurance. As the first U.S. Accountability Agent and the first in the world to certify companies to the APEC systems since 2013, TRUSTe has helped shape the global approach to cross-border data protection. The launch of this certification comes at a pivotal time as businesses face increasing complexity in international data transfer requirements and rising consumer expectations for responsible data stewardship. "TrustArc is proud to support the Global CBPR Forum in this significant evolution of cross-border privacy governance," said Noël Luke, Chief Assurance Officer at TrustArc. "As one of the first Accountability Agents for the Global CBPR and PRP systems, we're excited to help organizations meet growing international privacy expectations. These certifications provide businesses with a meaningful way to demonstrate accountability, while giving consumers the assurance that their data is handled with care, no matter where it goes." TrustArc's certification services for the Global CBPR and PRP systems are now available to organizations seeking to validate their privacy practices and streamline cross-border data transfers across jurisdictions. Certification through TrustArc offers a structured path to compliance and public trust, helping companies differentiate themselves in a competitive, privacy-conscious Global Report Highlights Importance of Cross-Border Data Transfer Certifications The upcoming 6th annual 2025 Global Privacy Benchmarks Report from TrustArc, set to release later this June, sheds light on the operational challenges and strategic priorities privacy teams face around the world. The report, developed by TrustArc based on extensive global survey data, reveals that cross-border data transfer compliance remains a top concern and a key differentiator for mature privacy programs. Early insights from the 2025 report include: 42% of respondents report that managing cross-border data transfers is challenging or extremely challenging. Cross-border data transfer issues rank in the Top 5 challenges organizations face in managing their overall privacy programs. Top-performing organizations scoring highest on the Global Privacy Index are significantly more likely to align with structured, global accountability frameworks such as APEC CBPR & PRP, NYMITY, AICPA/CICA, and COBIT. These companies report a 75% privacy competence score, highlighting the strong link between certification and privacy program maturity. To receive the full 2025 Global Privacy Benchmarks Report when it launches, subscribe here. To learn more about TrustArc's Global CBPR and PRP certification offerings, visit: For more information about TrustArc, please visit or contact pr@ About TrustArc TrustArc is redefining privacy for the AI era. With 28+ years of global privacy expertise and assurance services, we deliver the only platform that blends regulatory intelligence, automation, and AI to orchestrate end-to-end data privacy and governance. From automated DSR fulfillment to AI risk assessments and real-time compliance reporting, TrustArc helps organizations embed trust at every touchpoint. Headquartered in the San Francisco Bay Area with a global footprint, our privacy-first approach powers responsible innovation while reducing risk, ensuring our customers lead with confidence in a rapidly evolving regulatory landscape. Discover how at TrustArc Inc2121 N. California Blvd. Suite 290Walnut Creek, CA 94596Phone: +1-415-520-3490 View original content to download multimedia: SOURCE TrustArc Sign in to access your portfolio
Economic Times
30-05-2025
- Business
- Economic Times
Draft data rules introduce potential for data localisation requirements: trade associations to IT ministry
The draft Digital Personal Data Protection (DPDP) rules introduce the potential for new data localisation needs that are inconsistent with the DPDP Act's supportive approach for data flows, trade bodies told the IT ministry in a letter last week. The draft rules were published on January 3. The final rules are yet to be notified. The Information Technology Industry Council, one of the signatories to the letter, counts Big Tech companies like Amazon, Apple, Google, Meta, Microsoft, Nvidia, and OpenAI as its members.'We urge the government to narrow and align these rules to bring them into alignment with the original intent of the DPDP Act,' the letter's nine signatories said. The other signatories are US India Business Council, Software and Information Industry Association, ACT | The App Association, Asia Internet Coalition, Asia Video Industry Association, Coalition of Services Industries, Computer and Communications Industry Association, and K-Internet. The industry bodies were referring to Rules 12 and 14 of the draft DPDP rules. 'This could be achieved by setting out a clear process, including timelines and safeguards, as well as adequate consultations and timelines for implementing any potential localisation requirements, and determining when and how such data localisation determinations will be made,' the associations said in their letter to The Ministry of Electronics and Information Technology (MeitY), a copy of which was seen by ET. 'We would also urge the government to view any potential restrictions on data free flows from a future "bilateral digital trade "agreement perspective,' the signatories said. The associations also want that Rules 3-15, 21 and 22 shouldn't take effect until or after two years from the date of notification. Rule 22, as currently drafted, provides the potential for an excessively broad scope of government access to private sector data without making clear that this will follow a robust, proportionate, and transparent process with proper avenues of redress and review, they said. Giving further clarity on this process, including by referencing globally-recognised Trusted Government Access principles, would be an effective way to provide clarity and reassurance on this point, they added. The associations supported the Global Cross Border Privacy Rules (CBPR) forum and similar regimes that facilitate the free flow of data across borders, promote interoperability between privacy regimes, and encourage responsible data use and strong privacy protections, they said. Also, personal data breach reporting requires clear, risk-based reporting thresholds to ensure reporting timelines and processes do not end up compromising the efficiency of risk mitigation measures, the associations wrote in their letter dated May 21. They have also asked the MeitY to 'strongly consider' adding back language proposed in previous drafts of the DPDP Act to give critical exclusion for data pertaining to credit reporting to facilitate financial transparency and fraud prevention while supporting financial inclusion. Credit bureaus such as TransUnion CIBIL, Experian, Equifax, and CRIF High Mark are approved by the Reserve Bank of India for operating in the country.
