Common use of Protecting Personal Information Clause in Contracts

Protecting Personal Information. 1. Each Party shall adopt or maintain a legal framework that provides for the protection of the personal information of the users of digital trade.8 In the development of this legal framework, each Party should take into account principles and guidelines of relevant international bodies, such as the APEC Privacy Framework and the OECD Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013). 2. The Parties recognize that pursuant to paragraph 1, key principles include: limitation on collection; choice; data quality; purpose specification; use limitation; security safeguards; transparency; individual participation; and accountability. The Parties also recognize the importance of ensuring compliance with measures to protect personal information and ensuring that any restrictions on cross-border flows of personal information are necessary and proportionate to the risks presented. 3. Each Party shall adopt or maintain non-discriminatory practices in protecting users of digital trade from personal information protection violations occurring within its jurisdiction. 4. Each Party shall publish information on the personal information protections it provides to users of digital trade, including how: (a) a natural person can pursue a remedy; and (b) an enterprise can comply with legal requirements. 5. Recognizing that the Parties may take different legal approaches to protecting personal information, each Party shall encourage the development of mechanisms to promote compatibility and interoperability between these different approaches. These mechanisms include: (a) broader international and regional frameworks, such as the APEC Cross Border Privacy Rules; (b) mutual recognition of comparable protection afforded by their respective legal frameworks, national trustmarks or certification frameworks; or (c) other avenues of transfer of personal information between the Parties. 6. The Parties shall endeavor to exchange information on how the mechanisms in paragraph 6 are applied in their respective jurisdictions and explore ways to extend these or other suitable arrangements to promote compatibility and interoperability between them. 7. The Parties recognize that the APEC Cross Border Privacy Rules System and/or APEC Privacy Recognition for Processors System are valid mechanisms to facilitate cross-border information transfers while protecting personal information. 8. The Parties shall endeavor to jointly promote the adoption of common cross-border information transfer mechanisms, such as those found in the Global Cross Border Privacy Rules Forum.

Protecting Personal Information. 1. Each Party shall adopt or maintain a legal framework that provides for the protection of the personal information of the users of digital trade.8 trade.1 In the development of this legal framework, each Party should take into account principles and guidelines of relevant international bodies, such as the APEC Privacy Framework and the OECD Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013). 2. The Parties recognize that pursuant to paragraph 1, key principles include: limitation on collection; choice; data quality; purpose specification; use limitation; security safeguards; transparency; individual participation; and accountability. The Parties also recognize the importance of ensuring compliance with measures to protect personal information and ensuring that any restrictions on cross-border flows of personal information are necessary and proportionate to the risks presented. 3. Each Party shall adopt or maintain non-discriminatory practices in protecting users of digital trade from personal information protection violations occurring within its jurisdiction. 4. Each Party shall publish information on the personal information protections it provides to users of digital trade, including how: (a) a natural person can pursue a remedy; and (b) an enterprise can comply with legal requirements. 5. Recognizing that the Parties may take different legal approaches to protecting personal information, each Party shall encourage the development of mechanisms to promote compatibility and interoperability between these different approaches. These mechanisms include: (a) broader international and regional frameworks, such as the APEC Cross Border Privacy Rules; (b) mutual recognition of comparable protection afforded by their respective legal frameworks, national trustmarks or certification frameworks; or (c) other avenues of transfer of personal information between the Parties. 6. The Parties shall endeavor to exchange information on how the mechanisms in paragraph 6 are applied in their respective jurisdictions and explore ways to extend these or other suitable arrangements to promote compatibility and interoperability between them. 7. The Parties recognize that the APEC Cross Border Privacy Rules System and/or APEC Privacy Recognition for Processors System are valid mechanisms to facilitate cross-border information transfers while protecting personal information. 8. The Parties shall endeavor to jointly promote the adoption of common cross-border information transfer mechanisms, such as those found in the Global Cross Border Privacy Rules Forum.