The 2020 amendment to Japan’s Act on the Protection of Personal Information (APPI) requires a review every three years, and the latest review is underway. The Personal Information Protection Commission (PPC) released an interim report on June 27, 2024, and is inviting public comments until July 30, 2024. This review could significantly impact businesses and individuals, and the interim report may be revised based on further discussions.
Key issues addressed in the interim report include the handling of biometric data and the prohibition of improper use of personal information. The report proposes new rules for protecting sensitive data, such as facial recognition images, and considers tightening regulations on data controllers’ obligations regarding third-party information sharing. Additionally, it suggests reviewing procedures for handling children’s personal information, including consent and security measures.
The report also explores enhancing monitoring and supervision, such as revising administrative penalties and criminal penalties. It proposes clearer guidelines for administrative fines and expanding the scope of penalties to include illegal profits. Furthermore, the report considers changes to the leakage reporting requirements, suggesting a shift to a risk-based approach and possible exemptions for certain cases.
Finally, the interim report examines support for data utilization initiatives, including the use of data without consent in high-public-interest areas and mandating Privacy Information Assessments and Data Protection Officers. It also contemplates the role of profiling and information obligations for financial institutions. The final review will take into account practices from other jurisdictions, particularly those covered by GDPR, while adapting to Japan’s unique context.
Reference:
