Japan makes changes to its data privacy law

Japan is the only country in Asia to have exchanged joint adequacy findings with the EU, finding the laws roughly equivalent.

Japan makes changes to its data privacy law
Japan makes changes to its data privacy law

Japan makes changes to its data privacy law

Japan has made changes to its 2005 Protection of Personal Information (APPI) Act, bringing the bill closer in line with the EU’s General Data Protection Regulation (GDPR).

The Daily Swig quoted Scott Warren, a partner in the Tokyo office of law firm Squire Patton Boggs as saying that Japan has a robust data privacy law with many similarities to the GDPR.

Japan is the only country in Asia to have exchanged joint adequacy findings with the EU, finding the laws roughly equivalent.

He added that Japan has recently passed an amendment to the law to rectify some of these and other items, including increasing penalties up to $946,000 but it will take well over a year for it to be fully implemented.

Cross-border transfers

While in its current form the APPI applies to any organization obtaining personal information from data subjects located in Japan, this hasn’t been enforceable on foreign businesses. But now they will have to provide reports concerning the processing of Japanese residents’ personal information and can be penalized if they fall short.

Expanding individual rights

In a GDPR-like move, data subjects will now have the right to request access to their data, and to ask for it to be corrected or deleted, where there’s the possibility that their rights or legitimate interests have been breached. This also applies to short-term data – previously, the data had to have been held for six months or more.

Increased penalties

Organizations that violate these rules now face a potential fine of ¥100 million ($942,000), while falsifying a report to the PPC will cost ¥500,000 ($4,708). Meanwhile, any individual found responsible for a breach could face a fine of up to ¥1 million ($9,420) and a year in prison.

The move brings Japan to the forefront of Asian data protection legislation, says Warren, along with Korea, which has had strong data protection laws for years.