"Newsletter Data Protection (February 2018)"

Newsletter Data Protection (February 2018)

Published: (Thu) 01 Feb 2018

Due to the continuing digitalization of society and business the issue of data protection gains increasing importance also from a legal perspective. Faced with the rapid technological developments, Japan has reformed the Japanese Data Protection Act (“Act on Protection of Personal Information“ – “APPI“), which has become effective on 30 May 2017 (“Amendment”). The Amendment is the first major reform of the APPI since its enactment in 2005. This special newsletter provides an overview of the main changes to the APPI as well as the measures companies need to consider in light of the Amendment.

1. Reform of the data protection law in Japan
The only statutory law on the protection of personal information in Japan is the APPI. The APPI establishes rules concerning handling of personal information, including the acquisition, use and transfer of such personal information. While not legally binding, for certain areas guidelines established by the competent ministry inter alia include suggestions for interpreting the APPI, e.g. the “Financial Services Agency of Japan Guidelines” (“FSA Guidelines”), the “Ministry of Economy, Trade and Industry of Japan Guidelines” (“METI Guidelines”), and the “Ministry of Health, Labor and Welfare Guidelines” (“MHLW Employment Guidelines”).

a) Under the Amendment, the scope of the APPI has been extended. In its pre-amended version, the APPI was not applicable to business operators having no more than 5,000 identifiable individuals in its database on any day during the past six months. For a large number of companies, in particular small and medium-size subsidiaries of foreign companies, the APPI therefore did not apply. This has changed with the Amendment. Due to the extension of the scope, also those business operators, handling a smaller number of data, so-called “Small-Size Database Operators“, are now covered and need to comply with the requirements of the APPI.

b) For the first time the Amendment introduces and defines the term “Sensitive Personal Information“. This new category includes information, such as race, religious beliefs, social status, criminal records, and medical history or any other information that may lead to a discrimination or prejudice. The collection and handling of Sensitive Personal Information by a business operator requires a prior explicit consent of the individual concerned. Several directives (such as of the FSA) further include additional provisions concerning the handling of such sensitive personal information.

c) Likewise a new category of “Anonymized Data“ has been introduced. This category includes any personal data that does not contain particular descriptions or items that could be used to identify a person. No prior consent is necessary for the transfer of anonymized data to third parties under certain conditions.

d) Additionally, a New Data Protection Committee for Supervision and Enforcement of Data Protection Regulations was established. The Committee, which consists of experts from practice and academics, operates as a first point of contact for questions regarding data protection as well as supervisory body. The further responsibilities include defining the countries which will be considered as having an adequate level of data protection as Japan as further described under item 1. e) below.


Continue Reading (PDF)

More Newsletters…

Newsletter German Supply Chain Act (October 2021)

German Supply Chain Act

The new German Supply Chain Due Diligence Act (the “Act”) introduces compliance obligations to prevent human rights and certain environmental risks along the entire value chain, from exploiting raw materials until delivering the final product to end customers. The Act follows a global trend of requiring companies to monitor their compliance with human rights and environmental core values.

read more

Newsletter Reform of German Competition Law Part 2 (May 2021)

Part 2: “Updating” the Competition Act

The recent amendment of the Competition Act is entitled “Act for Digitizing the Competition Act”. The German legislator is the first worldwide to address many of the challenges of digital ecosystems that have been discussed at global level over the past few years.

Public debate in Germany has focused on a new provision aimed at regulating “GAFA” (short for: Google, Apple, Facebook, Amazon), the giants of the data economy (see below section 3).

read more

Newsletter Reform of German Competition Law (April 2021)

Part 1: Unburdening small and medium-sized companies

The German Act Against Restraints of Competition (“Competition Act”) has been amended to address challenges of the digital economy, to make merger control more efficient for small and medium-sized companies, and to implement EU legislation. This reform of January 2021 concerns several aspects that are of relevance to foreign investors. Those aimed at unburdening small and medium-sized companies will be outlined in this newsletter. A subsequent newsletter will give an overview of the tightened antitrust rules for “Big Data” companies.

read more