On January 16, 2020, the Senate approved the United States-Mexico-Canada Agreement (“USMCA”), sending it to the President’s desk for ratification. Mexico ratified the Agreement in June 2019, and Canada is expected to follow suit later this month. To coincide with its ratification, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth issued a white paper entitled What Does the USMCA Mean for a U.S. Federal Privacy Law?
The white paper focuses on Article 19.8 in the USMCA’s chapter on digital trade, which requires all three countries to “adopt or maintain a legal framework that provides for the protection of the personal information of the users of digital trade” and formally recognizes the validity of the Asia-Pacific Economic Cooperation (“APEC”) Cross-Border Privacy Rules (“CBPR”) system. It also encourages each country to develop “mechanisms to promote compatibility” between their different privacy regimes.
The white paper argues that in light of this language, a federal U.S. privacy law also must recognize and enable the APEC CBPR as well as privacy certifications and codes of conduct generally, to be consistent with the undertakings of the USMCA. The white paper also provides a brief description of the APEC CBPR system and outlines the numerous benefits to all stakeholders of including certifications and codes of conduct in a federal privacy law, even apart from the USMCA mandate to do so. In addition, the paper highlights existing examples of certifications and accountability-based privacy programs in draft legislation and existing privacy law.