Japan started the dialogue with the EU Commission in April 2016 to realize free cross-border personal data flows and after thorough discussion, the mutual adequacy certification agreement between the EU and Japan was concluded and became effective in January 2019. While the adequacy agreement is a welcome event, this article examines if the policy which the Japanese government pursued is defensible.�This article focuses on the difficulty in comparing the (General Data Protection Regulation) GDPR with data protection law in a third country especially where its tradition and language are greatly different from the EU. It explains this difficulty in terms of the institutional aspect (the creation of an independent organ), the substantive adequacy of data protection law (rights of data subjects and obligations of data controllers) and the adequacy of enforcement of data protection law (administrative, civil and criminal enforcement).�It is understandable that the EU takes an adequacy approach for the data protection of their residents, but the time and effort involved in the assessment could be significant. The article suggests that an international agreement or convention could be a preferable option by drawing on the experience of Council of Europe Convention 108 and similar models when we narrow down the issues of data protection to the problem of crossborder data flows in the private sector.�Personal Information Protection, Japan, General Data Protection Regulation, Adequacy
{"title":"Reflections on the GDPR Adequacy Assessment and Strategy of Japan: For the Enhancement of Transborder Data Flows","authors":"Takayuki Kato","doi":"10.54648/gplr2020092","DOIUrl":"https://doi.org/10.54648/gplr2020092","url":null,"abstract":"Japan started the dialogue with the EU Commission in April 2016 to realize free cross-border personal data flows and after thorough discussion, the mutual adequacy certification agreement between the EU and Japan was concluded and became effective in January 2019. While the adequacy agreement is a welcome event, this article examines if the policy which the Japanese government pursued is defensible.\u0000This article focuses on the difficulty in comparing the (General Data Protection Regulation) GDPR with data protection law in a third country especially where its tradition and language are greatly different from the EU. It explains this difficulty in terms of the institutional aspect (the creation of an independent organ), the substantive adequacy of data protection law (rights of data subjects and obligations of data controllers) and the adequacy of enforcement of data protection law (administrative, civil and criminal enforcement).\u0000It is understandable that the EU takes an adequacy approach for the data protection of their residents, but the time and effort involved in the assessment could be significant. The article suggests that an international agreement or convention could be a preferable option by drawing on the experience of Council of Europe Convention 108 and similar models when we narrow down the issues of data protection to the problem of crossborder data flows in the private sector.\u0000Personal Information Protection, Japan, General Data Protection Regulation, Adequacy","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121078430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Foreword: 1964 and 2020 – Where Does the Japanese Personal Information Protection Stand?","authors":"S. Fujiwara","doi":"10.54648/gplr2020088","DOIUrl":"https://doi.org/10.54648/gplr2020088","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"458 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129587346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"After the Banquet and Beyond: Privacy and Data Protection in Japan","authors":"Ceyhun Necati Pehlivan","doi":"10.54648/gplr2020085","DOIUrl":"https://doi.org/10.54648/gplr2020085","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132451558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The GDPR Dispute Resolution Mechanism and the Elephant in the Room","authors":"Jason Flint","doi":"10.54648/gplr2020090","DOIUrl":"https://doi.org/10.54648/gplr2020090","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128771078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
On 23 January 2019, the safe and smooth transborder transfer of personal data was realized between Japan and the European Union (EU). This mutual adequacy decision was the first in the world, and Japan was the first to be certified under Article 45 of the General Data Protection Regulation (GDPR). The EU and European Economic Area (EEA) (Iceland, Liechtenstein and Norway) were also the first in the world to be certified by Japan under Article 24 of the 2015 Amended Act on the Protection of Personal Information (APPI). It is the first mutual adequacy decision in the world and in the history of data protection.�The PPC’s dialogue and cooperation with the European Commission started in 2016 and further dialogue continued in 2017. In the first half of 2018, two important issues were raised. One was how to bridge differences between two systems, and the other was how to deal with access and use of personal data transferred from the EU by public authorities in Japan. The APPI only covers the private sector and the PPC does not deal with the handling of personal data by public authorities. These solutions are explained in the article.�adequacy decision, mutual recognition, cross-border data flows, independent institution, Personal Information Protection Act, Waseda University, Benesse Data Breach
{"title":"The Realization of Mutual Adequacy Recognition Between Japan and the EU and Issues Raised in the Process","authors":"M. Horibe","doi":"10.54648/gplr2020091","DOIUrl":"https://doi.org/10.54648/gplr2020091","url":null,"abstract":"On 23 January 2019, the safe and smooth transborder transfer of personal data was realized between Japan and the European Union (EU). This mutual adequacy decision was the first in the world, and Japan was the first to be certified under Article 45 of the General Data Protection Regulation (GDPR). The EU and European Economic Area (EEA) (Iceland, Liechtenstein and Norway) were also the first in the world to be certified by Japan under Article 24 of the 2015 Amended Act on the Protection of Personal Information (APPI). It is the first mutual adequacy decision in the world and in the history of data protection.\u0000The PPC’s dialogue and cooperation with the European Commission started in 2016 and further dialogue continued in 2017. In the first half of 2018, two important issues were raised. One was how to bridge differences between two systems, and the other was how to deal with access and use of personal data transferred from the EU by public authorities in Japan. The APPI only covers the private sector and the PPC does not deal with the handling of personal data by public authorities. These solutions are explained in the article.\u0000adequacy decision, mutual recognition, cross-border data flows, independent institution, Personal Information Protection Act, Waseda University, Benesse Data Breach","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122040749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Book Review: Manuel de Droit Européen de la Protection des Données à Caractère Personnel, Olivia Tambou ed., Brussels: Belgium 2020.","authors":"F. Berrod","doi":"10.54648/gplr2020096","DOIUrl":"https://doi.org/10.54648/gplr2020096","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128795343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article aims to overview the recent amendment of the Act on the Protection of Personal Information in Japan and discusses how it has made advancements and how it should address new challenges; furthermore, it shows future perspectives of Japanese data protection regime from both the national and international viewpoints. Overall, this amendment has heightened data protection levels by strengthening individual rights, reinforcing the obligations of Business Operators Handling Personal Information, raising the maximum amount for pecuniary fines, strengthening enforcements, and enhancing transparency.�There are certain similarities and differences between the General Data Protection Regulation in the EU and the Japanese Act on the Protection of Personal Information. It is important to elaborate on international coordination between enacting sanctions delivered by multiple jurisdictions.�In addition to the amended Act, the Cabinet Secretariat and the Personal Information Protection Commission in Japan jointly launched the Expert Committee on Reviewing Personal Information Protection System in order to review Japan’s overall data protection regime. The current Japanese personal information protection system stipulates multiple regulations depending on the category of entities that handle personal information. Creating a comprehensive data protection mechanism by eliminating unnecessary divergences in data protection provisions would be a great advancement in achieving ideal data protection system.�Personal Information Protection, Japan, General Data Protection Regulation, Adequacy
{"title":"Advancements in the Personal Information Protection System in Japan","authors":"Kaori Ishii","doi":"10.54648/gplr2020093","DOIUrl":"https://doi.org/10.54648/gplr2020093","url":null,"abstract":"This article aims to overview the recent amendment of the Act on the Protection of Personal Information in Japan and discusses how it has made advancements and how it should address new challenges; furthermore, it shows future perspectives of Japanese data protection regime from both the national and international viewpoints. Overall, this amendment has heightened data protection levels by strengthening individual rights, reinforcing the obligations of Business Operators Handling Personal Information, raising the maximum amount for pecuniary fines, strengthening enforcements, and enhancing transparency.\u0000There are certain similarities and differences between the General Data Protection Regulation in the EU and the Japanese Act on the Protection of Personal Information. It is important to elaborate on international coordination between enacting sanctions delivered by multiple jurisdictions.\u0000In addition to the amended Act, the Cabinet Secretariat and the Personal Information Protection Commission in Japan jointly launched the Expert Committee on Reviewing Personal Information Protection System in order to review Japan’s overall data protection regime. The current Japanese personal information protection system stipulates multiple regulations depending on the category of entities that handle personal information. Creating a comprehensive data protection mechanism by eliminating unnecessary divergences in data protection provisions would be a great advancement in achieving ideal data protection system.\u0000Personal Information Protection, Japan, General Data Protection Regulation, Adequacy","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123072023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Inferences drawn from personal data have arguably become more dangerous to individual privacy than the vast collection and storage of the data itself. Recently there have been questions raised about whether the General Data Protection Regulation (GDPR) has sufficient protection for these inferences. Probably not surprisingly, and learning from this possible shortcoming, the California Consumer Privacy Act (CCPA) specifically includes ‘inferences drawn’ as part of its definition of personal information. This article explores the widespread use of inferential data and compares the protection provided under the GDPR and the CCPA for such inferences.�privacy, data protection, inferences drawn, GDPR, CCPA
{"title":"Protection for ‘Inferences Drawn’: A Comparison Between the General Data Protection Regulation and the California Consumer Privacy Act","authors":"Jordan M. Blanke","doi":"10.54648/gplr2020080","DOIUrl":"https://doi.org/10.54648/gplr2020080","url":null,"abstract":"Inferences drawn from personal data have arguably become more dangerous to individual privacy than the vast collection and storage of the data itself. Recently there have been questions raised about whether the General Data Protection Regulation (GDPR) has sufficient protection for these inferences. Probably not surprisingly, and learning from this possible shortcoming, the California Consumer Privacy Act (CCPA) specifically includes ‘inferences drawn’ as part of its definition of personal information. This article explores the widespread use of inferential data and compares the protection provided under the GDPR and the CCPA for such inferences.\u0000privacy, data protection, inferences drawn, GDPR, CCPA","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"107 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127011449","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article analyses the new ruling of the European Court of Human Rights (ECHR) ‘López Ribalda II’ and the possibility for employers to use hidden video surveillance cameras in order to monitor employees in the workplace. The criteria of the Spanish Constitutional Court and the first judgement of the ECHR in the ‘López Ribalda’ case are also studied in order to understand the evolving criteria and the importance of the new ECHR decision for the future of labour relationships. In short, the new ruling of the ECHR ‘López Ribalda II’ justifies the installation of hidden cameras due to the existence of reasonable suspicions of employee’s irregularities when this is a proportional decision and there are no less intrusive measures.�ECHR, hidden cameras, fundamental rights, privacy, suspicions, proportionality principle, video surveillance, irregularities.
{"title":"The ECHR Grand Chamber ‘López Ribalda II’ Judgement Dated 17 October 2019. Analysis on the Validity of Concealed Cameras Based on Case Law from the Spanish Constitutional Court","authors":"Raul Torres","doi":"10.54648/gplr2020084","DOIUrl":"https://doi.org/10.54648/gplr2020084","url":null,"abstract":"This article analyses the new ruling of the European Court of Human Rights (ECHR) ‘López Ribalda II’ and the possibility for employers to use hidden video surveillance cameras in order to monitor employees in the workplace. The criteria of the Spanish Constitutional Court and the first judgement of the ECHR in the ‘López Ribalda’ case are also studied in order to understand the evolving criteria and the importance of the new ECHR decision for the future of labour relationships. In short, the new ruling of the ECHR ‘López Ribalda II’ justifies the installation of hidden cameras due to the existence of reasonable suspicions of employee’s irregularities when this is a proportional decision and there are no less intrusive measures.\u0000ECHR, hidden cameras, fundamental rights, privacy, suspicions, proportionality principle, video surveillance, irregularities.","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131250298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The 2015 Schrems decision established that for an adequacy decision authorizing personal data transfers from the European Union (EU) to a third country, that third country has to have a level of protection of fundamental rights and freedoms ‘essentially equivalent’ to that in the EU. Since May 2018, the European Commission (Commission) has the exclusive competence not only to assess third countries for an adequacy decision in relation to the General Data Protection Regulation (GDPR) but also in relation to the Law Enforcement Directive (LED). However, so far, no LED adequacy decision has been adopted.�The absence of any LED adequacy decisions and the presence of GDPR adequacy decisions (the latest concerning Japan) invites a comparative analysis of adequacy decisions under both EU instruments, also to assess whether GDPR adequacy decisions could serve as orientation for the adequacy assessment under the LED as suggested by the Commission. Having conducted this comparison, I argue that actually LED adequacy decision would have to be properly separated from GDPR adequacy decisions, as even though they aim to achieve the same standard of essential equivalence, their system of protection for issues connected to the processing of personal data in a law enforcement context differs.�Adequacy decisions, law enforcement, LED, international personal data transfers, fundamental rights, standard of essential equivalence, GDPR
{"title":"Comparing LED and GDPR Adequacy: One Standard Two Systems","authors":"L. Drechsler","doi":"10.54648/gplr2020081","DOIUrl":"https://doi.org/10.54648/gplr2020081","url":null,"abstract":"The 2015 Schrems decision established that for an adequacy decision authorizing personal data transfers from the European Union (EU) to a third country, that third country has to have a level of protection of fundamental rights and freedoms ‘essentially equivalent’ to that in the EU. Since May 2018, the European Commission (Commission) has the exclusive competence not only to assess third countries for an adequacy decision in relation to the General Data Protection Regulation (GDPR) but also in relation to the Law Enforcement Directive (LED). However, so far, no LED adequacy decision has been adopted.\u0000The absence of any LED adequacy decisions and the presence of GDPR adequacy decisions (the latest concerning Japan) invites a comparative analysis of adequacy decisions under both EU instruments, also to assess whether GDPR adequacy decisions could serve as orientation for the adequacy assessment under the LED as suggested by the Commission. Having conducted this comparison, I argue that actually LED adequacy decision would have to be properly separated from GDPR adequacy decisions, as even though they aim to achieve the same standard of essential equivalence, their system of protection for issues connected to the processing of personal data in a law enforcement context differs.\u0000Adequacy decisions, law enforcement, LED, international personal data transfers, fundamental rights, standard of essential equivalence, GDPR","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116087160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: