Japan and the EU have agreed to recognise each other's data protection systems as 'equivalent', which will allow data to flow safely and legally between them. The EU and Japan today agreed to create the world's largest area of safe data flows, the EU Commission says.
“Each side will now launch its relevant internal procedures for the adoption of its adequacy finding. For the EU, this involves obtaining an opinion from the European Data Protection Board (EDPB) and the green light from a committee composed of representatives of the EU Member States. Once this procedure will have been completed, the Commission will adopt the adequacy decision on Japan.”
“With this agreement, the EU and Japan affirm that, in the digital era, promoting high privacy standards and facilitating international trade go hand in hand. Under the GDPR, an adequacy decision is the most straightforward way to ensure secure and stable data flows,” the EU Commission says.
The agreement also covers personal data exchanged for law enforcement purposes. However, Japan still has some work to do, including:
- A complaint-handling mechanism to investigate and resolve complaints from Europeans regarding access to their data by Japanese public authorities. This new mechanism will be administered and supervised by the Japanese independent data protection authority.
- A set of rules providing individuals in the EU whose personal data are transferred to Japan with additional safeguards that will bridge several differences between the two data protection systems. These additional safeguards will strengthen, for example: the protection of sensitive data; the conditions under which EU data can be further transferred from Japan to another third country; and the exercise of individual rights to access and rectification. These rules will be binding on Japanese companies importing data from the EU and enforceable by the Japanese independent data protection authority (PPC) and courts.
At PL&B’s Conference in Cambridge 2-4 July, Bruno Gencarelli, Head of International Data Transfers and Protection Unit at the European Commission said, in a significant announcement, that Japanese companies cannot use APEC’s Cross-Border Privacy Rules for onward transfers. This system was developed to build bridges between the differing national privacy laws within the APEC region but has not developed momentum.
Read more about this topic in the August edition of PL&B International Report.