Privacy & Cybersecurity Law Blog

On September 5, 2018, the European Commission (the “Commission”) announced in a press release the launch of the procedure to formally adopt the Commission’s adequacy decision with respect to Japan.

The press release notes that the EU-Japan talks on personal data protection were completed in July 2018, and announces the publication of the draft adequacy decision and related documents which, among other things, set forth the additional safeguards Japan will accord EU personal data that is transferred to Japan. According to the release, Japan is undertaking a similar formal adoption process concerning the reciprocal adequacy findings between the EU and Japan.

The adequacy decision intends to ensure that Japan provides privacy protections for EU personal data that are “essentially equivalent” to the EU standard. The key elements of the agreement include:

• Specific safeguards to be applied by Japan to bridge the difference between EU and Japanese standards on issues such as sensitive data, onward transfer of EU data to third countries, and the right to access and rectification.
• Enforcement by the Japan Personal Information Protection Commission.
• Safeguards concerning access to EU personal data by Japanese public authorities for law enforcement and national security purposes.
• A complaint-handling mechanism.

The press release also notes that the adequacy decision will complement the EU-Japan Economic Partnership Agreement by supporting free data flows between the EU and Japan and providing for privileged access to 127 million Japanese consumers.

Finally, the press release also outlines the next four steps in the formal approval process:

• Opinion from the European Data Protection Board.
• Consultation of a committee composed of representatives from the EU Member States (comitology procedure).
• Update of the European Parliament Committee on Civil Liberties, Justice and Home Affairs.
• Adoption of the adequacy decision by the College of Commissioners.