IGF 2023 WS #119 Managing cross border data flows in the Asia Pacific region

Organizer 1: Liza Garcia, Foundation for Media Alternatives
Organizer 2: Jessamine Pacis, FMA🔒

Speaker 1: Jamael Jacob, Civil Society, Asia-Pacific Group
Speaker 2: Melinda St. Louis, Intergovernmental Organization, Intergovernmental Organization
Speaker 3: Toshimaru Ogura, Civil Society, Asia-Pacific Group


Liza Garcia, Civil Society, Asia-Pacific Group

Online Moderator

Jessamine Pacis, Civil Society, Asia-Pacific Group


Liza Garcia, Civil Society, Asia-Pacific Group


Panel - 60 Min

Policy Question(s)

1. What are the existing data transfer regimes in different countries, and how do they address data protection needs of citizens, as well as businesses?
2. What is the role of the APEC CBPR and how does it compare with the EU's GDPR?
3. Are systems such as the APEC CBPR able to bridge the differences in the privacy laws of different countries for the exchange of personal information among different economies? Is it able to deliver its promised benefits?

What will participants gain from attending this session? Participants are expected to gain better understanding of data protection regimes in different countries and how such and systems like the APEC CBPR are able to protect their personal data.


If today’s trends are any indication, cross border data flows will continue to increase exponentially in the years to come. Efforts to contain them will also become more pronounced and nuanced. If an institutional mechanism that allows for interoperability and smoother, more coherent data flows is to be achieved, collaboration between countries and international organizations will be crucial.

As state and private actors find more uses for personal data, attendant risks will also scale up and prompt more data protection legislations. While most will try to find balance and avoid installing unnecessary barriers, some will favor data silos and schemes like data localization efforts which are antithetical to free-flowing data streams.

Privacy laws differ from country to country, including some countries with significant transfer restrictions on personal information collected for normal business purposes. The APEC Cross Border Privacy Rules (CBPR) System helps bridge those differences by providing a single framework for the exchange of personal information among participating economies in the APEC region. It is a government-backed data privacy certification that companies can join to demonstrate compliance with internationally-recognized data privacy protections.

The session hopes to raise awareness on the importance of protecting personal data and facilitate stakeholder engagements in future policy-making processes revolving around the protection of personal data as it travels from one corner of the world to the next. It hopes to shed light on initiatives such as the APEC CBPR Systems and how it is being implemented in participating jurisdictions.

Expected Outcomes

The discussion hopes to come up with best practices on cross border data transfer, and feed into discussions for future events. One of the speakers in the panel will also publish a paper assessing the APEC CBPR.

Hybrid Format: The discussion will be done on-site and streamed via Zoom. 5 minutes will be allotted for the introduction of topic and panelists.

Each speaker (3-4 speakers) will be given about 3-5 minutes to answer the questions and 20 minutes will be allotted for follow-up questions (from audience, co-panelist or moderator).

Another 5 minutes will be for summarizing and closing the session.

One organizer will be tasked to monitor the Zoom chat box for any questions and inform the moderator if there is any. The moderator is tasked to entertain questions from on-site and online audience and keep the discussions on-track.