GoTo Advances Global Trust With APEC, CBPR, and PRP Privacy Certifications



As a global company with users in nearly every country around the world, we are committed to maintaining and continuously improving our global data privacy program to protect the personal and identifiable information of our customers, users, and end-users. To further that commitment, we are pleased to announce GoTo has received certifications in both the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) frameworks. These certifications put GoTo among a small group of leading and world-class organizations and builds upon GoTo’s existing privacy and data protection program, which takes into account regimes including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws, as well as participation in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and TRUSTe’s Verified Privacy certification.

The APEC CBPR and PRP certifications are built on the nine principles and 50 program requirements of the APEC Privacy Framework, which was ratified by all 21 APEC economies. The Organisation for Economic Co-operation and Development’s (OECD) “Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data” underpin many of the principles in leading data protection regimes throughout the world, including APEC’s Privacy Framework and the GDPR. The Privacy Framework, and by extension, the CBPR and PRP, are the first data regulation frameworks approved for the transfer of personal data between APEC-member countries.

GoTo sought to achieve both the CBPR and PRP certifications to ensure broad coverage of personal data transfers for participating economies, designed to safeguard and secure the flow of personal information across APEC-member economy borders. The CBPR system specifically governs privacy practices of GoTo acting as a data controller, while the PRP does the same when GoTo provides and operates its services to its users and customers as a data processer. GoTo’s certifications were obtained and independently validated through TrustArc, an APEC-approved third-party leader in compliance and data protection.

To learn more about GoTo’s data privacy and security programs, please visit GoTo’s Trust & Privacy Center.