top of page

Privacy Commissioner leads at digital trade agreement discussions

Updated: Aug 23, 2023

Some of the most critical questions about the modern digital economy relate to how personal information is to be protected and respected when crossing international borders.

Privacy Commissioner Alexander White was invited to speak to members of the newly-formed Global Cross Border Privacy Rules Forum about the benefits and potential for Bermuda and other countries to participate in the data transfer system. Bermuda is considered to be a candidate to join the trade and enforcement cooperation agreement and to help set the worldwide rules of the modern digital economy.

As discussed in our office's previous guidance, certification mechanisms like the Cross Border Privacy Rules (CPBR) can provide a dependable and predictable system for protecting rights while allowing the proper use of data. The CBPR system was originally developed as a regional agreement for the Asia Pacific.

In our March 2021 guidance, PrivCom Bermuda was the first privacy regulator outside the Asia Pacific Economic Cooperation (APEC) to recognise the CBPRs as an effective certification mechanism for overseas data transfers.

Current Global CBPR Forum members include Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the United States of America. If Bermuda were to join, individual Bermudians would gain the ability to hold overseas organisations accountable for their privacy rights. The CBPR Forum would provide Bermudian organisations with a standardised, predictable mechanism to access markets and overseas third parties in participating economies. Businesses would gain certainty in their operations and in the cross-border data transfers that must occur in the course ordinary business.

On 26th to 28th April, the inaugural meeting of the Global Cross Border Privacy Rules (CPBR) Forum was held in Honolulu, Hawaii, USA. Bermuda was one of 20 participating countries at the event, which included representatives from CBPR Forum non-members Bermuda, Brazil, Chile, Colombia, Dubai, and the United Kingdom. Commissioner White was invited to attend and speak as a featured panelist, and Bermuda Government staff participated online. His attendance did not incur a public expense.


To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.


For more information about PrivCom, go to Press Background | PrivComBermuda (

  • The Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System is a voluntary, accountability-based system that facilitates privacy-respecting data flows among APEC economies. There are currently nine participating APEC CBPR system economies: USA, Mexico, Japan, Canada, Singapore, the Republic of Korea, Australia, Chinese Taipei and the Philippines with more expected to join soon. The APEC CBPR System requires participating businesses to implement data privacy policies consistent with the APEC Privacy Framework. These policies and practices must be assessed as compliant with the program requirements of the APEC CBPR System by an Accountability Agent (an independent APEC CBPR system recognised public or private sector entity) and be enforceable by law. For more information, see


bottom of page