RGPD Japón

This post is also available in: Español

Article 45 of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR) gives the European Commission (EC) the power to decide whether a third country offers an adequate level of protection in the case of data transfers to that country, therefore ensuring that these transfers are similar to those carried out within the European Union.

To adopt this decision, the EC examines the data protection laws of the country in question. We must highlight that, in the Maximillian Schrems Case, the Court of Justice of the European Union (CJEU) held that the level of protection did not have to be identical, only requiring third countries to offer a similar level of protection of privacy and implementation, supervision, and compliance as the European Union.

To date, the EC has recognized Andorra, Argentina, Canada, Guernsey, Faroe Islands, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay, and the United States of America (in the framework of the”Privacy Shield”).

Japan could be added to this list. The EC started the procedure for taking a decision on September 5. In the analysis of Japan’s legal system, two key aspects are the (i) enshrinement of the right to privacy as a constitutional right (Japanese Supreme Court, 1969), and (ii) fundamental principles of the APPI (Data Protection Act, 2003) along with supplementary law.

If this decision is confirmed, data transfers that data controllers and processors in a Member State of the European Economic Area carry out to organizations located in Japan could be simplified by not having to meet the requirements in article 46 GDPR. However, it appears that the decision will include qualifications regarding certain respects, and that transfers of personal data relating to news media, education, religious bodies, and political parties will not be permitted.

This post is also available in: Español



54 artículos



52 artículos

Jorge Monclús