O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

20210507 team datenschutz stammtisch akemi yokota(en)

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Próximos SlideShares
130423egov opendata
130423egov opendata
Carregando em…3
×

Confira estes a seguir

1 de 32 Anúncio

20210507 team datenschutz stammtisch akemi yokota(en)

Baixar para ler offline

This is the material (EN) for the report "Full Revision of the Japanese Personal Information Protection Legislation- Outline of the Bills in 2021" held online on April 9, 2021. Japanese and German versions are also uploaded separately.
2021年4月9日にオンライン開催した報告「日本の個人情報保護法制の全面見直し~2021年(令和3年)法案の概要」の資料(英語版)です。日本語とドイツ語版も別途アップロードしています。

This is the material (EN) for the report "Full Revision of the Japanese Personal Information Protection Legislation- Outline of the Bills in 2021" held online on April 9, 2021. Japanese and German versions are also uploaded separately.
2021年4月9日にオンライン開催した報告「日本の個人情報保護法制の全面見直し~2021年(令和3年)法案の概要」の資料(英語版)です。日本語とドイツ語版も別途アップロードしています。

Anúncio
Anúncio

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Semelhante a 20210507 team datenschutz stammtisch akemi yokota(en) (20)

Anúncio

Mais de Akemi Yokota (20)

Mais recentes (20)

Anúncio

20210507 team datenschutz stammtisch akemi yokota(en)

  1. 1. 日本の個人情報保護法制の全面見直し ~2021年(令和3年)法案の概要 Full Revision of the Japanese Personal Information Protection Legislation - Outline of the Bills in 2021 09.04.2021 Stammtisch #TeamDatenschutz Chiba University, Graduate School of Social Sciences Assis. Prof. Dr. Akemi YOKOTA akemi@chiba-u.jp akemi.yokota@gmail.com
  2. 2. Profile Akemi YOKOTA (Chiba University, Graduate School of Social Sciences, Assis. Prof. Dr. ) • Fachgebiet: Verwaltungsrecht Administrative Law • Current research topic: basic principles of information governance law to achieve a new data-driven society. – 2-year research stay at Johannes Gutenberg University Mainz since October 2019. • Main focus: Administration of a digitalized society, information and administration p.2
  3. 3. Profile Since October 2016 member of committee on Impact and Risk Assessment in “The Conference toward AI Network Society” (MIC, Goverment of Japan) Capitel 5 in Robot, AI and Law Robotto, ê-ai to hô p.3
  4. 4. Table of Contents • 1. multiple revisions of the Act on the Protection of Personal Information (APPI) • 2. the package of 6 bills in connection with the digital reform in 2021 • 3. main points of the unification of the Personal Information Protection Law Systems • 4. my personal opinion p.4
  5. 5. 1. multiple revisions of the Act on the Protection of Personal Information (APPI) 5
  6. 6. multiple revisions to the Act on the Protection of Personal Information (APPI) • 2003: Act on the Protection of Personal Information (APPI)enacted • 2015: Personal Information Protection Commission Japan (PPC) starts – 2018: "Supplementary Rules" (not legislative revisions)for mutual " Adequacy Decision" between Japan and the EU (only for private sector) in 2019 • 2020: Revised (Effective April 2022) • 2021: Amendment Bills • Stage 1: Unification of legislation to protect personal information at the national level (probably Effective April 2022?) • Stage 2: Unification including local governments (probably Effective April 2023?) p.6
  7. 7. 2020: Revised (Effective April 2022) – Revision based on the "every three-year review" (Medium Revision) • Strengthening the rights of individuals (data subjects) • Mandatory reporting of leaks, etc., notification to individuals, and prohibition of inappropriate use of personal information • Development of self-regulation and co-regulation • New provisions regarding "Pseudonymized Information” • Strengthening of penalties (incl. Announcement of violation of orders by PPC) • Stricter restrictions on cross-border transfers p.7
  8. 8. 2021: Amendment Bills • 2021: two Stages of the reform • Stage 1: Unification of legislation to protect personal information at a national level • Stage 2: Unification including local governments – As one of the six digital reform bills – First major revision since 2003 • PPC role extends • The Shift from segment law to omnibus law p.8
  9. 9. 9 the Personal Information Protection Commission (PPC) in Japan, Current Legal Framework of the Protection of Personal Information https://www.ppc.go.jp/files/pdf/280222_Current_Legal_Framework_v2.pdf
  10. 10. Current Legal Framework (only Acts and local ordinance level) of the Protection of Personal Information • national law – General issues + Business Operators: • Act on the Protection of Personal Information (APPI) – Administrative organs of National Gov.: • Act on the Protection of Personal Information Held by Administrative Organs (APPI-AO) – Incorporated Administrative Organs (ex. national Univ.): • Act on the Protection of Personal Information Held by Incorporated Administrative Agencies, etc. (APPI-IAA) p.10
  11. 11. Current Legal Framework (only Acts and local ordinance level) of the Protection of Personal Information • Local ordinances (ca. 2000+) • even villages have their own ordinance – administrative organs of local Governments • ex: prefectural police organizations • ex: hospitals and universities established by local governments p.11
  12. 12. 2. the package of 6 bills in connection with the digital reform in 2021 12
  13. 13. the Package of 6 bills related to the digital reform in early 2021 (204th period) • 1)Basic Act on the Formation of a Digital Society (Cabinet Secretary) • 2)Act for Establishment of the Digital Agency (Cabinet Secretary) • 3)Act on the Development of Related Laws for the Formation of a Digital Society (Cabinet Secretary) • 4)Act on Registration of Deposit Accounts for Payment of Public Benefits (Cabinet Office) • 5)Act on Management of Deposit Accounts by Using" My number" Based on the Intention of Depositors (Cabinet Office) • 6)Act on Standardization of Local Government Information Systems (Ministry of Internal Affairs and Communications) p.13 内閣法制局「第204回国会での内閣提出法律案」 https://www.clb.go.jp/recent-laws/diet_bill/id=3796
  14. 14. the Package of 6 bills related to the digital reform in early 2021 (204th period) • 1)Basic Act on the Formation of a Digital Society (Cabinet Secretary) – complete revision of the “IT Basic Act” – Basic Philosophy, Basic Policies, Responsibilities of Governments and Businesses, Establishment of the Digital Agency, and Formulation of Priority Plans for the Digital Society – Basic principles for the formation of a digital society (10 items) p.14 内閣法制局「第204回国会での内閣提出法律案」 https://www.clb.go.jp/recent-laws/diet_bill/id=3796
  15. 15. the Package of 6 bills related to the digital reform in early 2021 (204th period) • 2)Act for Establishment of the Digital Agency – Directly under the Cabinet – Integrated coordination function (with advisory authority) – Integrated development of national information systems – Standardization and communalization of local digital infrastructure – Responsible for “My Number” System – maintenance of the base registry – cybersecurity expert team – Recruitment of digital human resources p.15 内閣法制局「第204回国会での内閣提出法律案」 https://www.clb.go.jp/recent-laws/diet_bill/id=3796
  16. 16. デジタル改革関連法案6本(主管官庁) • 3)Act on the Development of Related Laws for the Formation of a Digital Society (Cabinet Secretary) – unifying the national acts and local ordinances on the Protection of Personal Information into a single law – overall modernization of administrative procedures • review of the need for seals and issuance of written documents • expanding use of My Number • electronic authentication p.16 内閣法制局「第204回国会での内閣提出法律案」 https://www.clb.go.jp/recent-laws/diet_bill/id=3796
  17. 17. the Package of 6 bills related to the digital reform in early 2021 (204th period) • 4)Act on Registration of Deposit Accounts for Payment of Public Benefits (Cabinet Office) • 5)Act on Management of Deposit Accounts by Using" My number" Based on the Intention of Depositors (Cabinet Office) • 6)Act on Standardization of Local Government Information Systems (Ministry of Internal Affairs and Communications) p.17 内閣法制局「第204回国会での内閣提出法律案」 https://www.clb.go.jp/recent-laws/diet_bill/id=3796
  18. 18. 3. main points of the unification of the Personal Information Protection Law Systems 18
  19. 19. 19 個⼈情報保護制度の⾒直しに関するタスクフォース「個⼈情報保護制度の⾒直しに関する最終報告(概要)」(令和2年12月) r0212saisyuhoukoku_gaiyou.pdf (cas.go.jp)
  20. 20. 20 A figure revised and translated at the author's responsibility Competent authorities Ministry of Internal Affairs and Communications(MIC) PPC local government (2000 or more) Applicable laws APPI-AO APPI-IAA APPI local ordinances (2000 or more) Target Administrative organs of National Gov. Incorporated Administrative Organs Business Operators Administrative organs of local governments Special provisions for academic research purposes No special provisions APPI completely excluded No special provisions Definition of ”personal information” "identify an individual by comparing that information with other information" "be readily collated with" (be unique in each: some incl. "a dead person's) Definition of "anonymization" "Anonymized Personal Information" "Anonymously processed information" only a Few have rules Competent authorities PPC Applicable laws APPI (new) Content of the provisions according to the target Administrative organs of National Gov. Administrative organs of local governments Hospitals (national and public), Universities (national and public), National Research and Development Agency Business Operators Special provisions for academic research purposes APPI applies, and Refining exceptions for academic research purposes Definition of ”personal information” "be readily collated with" Definition of "anonymization" "Anonymously processed information"
  21. 21. 21 A figure revised and translated at the author's responsibility Competent authorities Ministry of Internal Affairs and Communications(MIC) PPC local government (2000 or more) Applicable laws APPI-AO APPI-IAA APPI local ordinances (2000 or more) Target Administrative organs of National Gov. Incorporated Administrative Organs Business Operators Administrative organs of local governments Special provisions for academic research purposes No special provisions APPI completely excluded No special provisions Definition of ”personal information” "identify an individual by comparing that information with other information" "be readily collated with" (be unique in each: some incl. "a dead person's) Definition of "anonymization" "Anonymized Personal Information" "Anonymously processed information" Only a few have rules
  22. 22. 22 A figure revised and translated at the author's responsibility Competent authorities PPC Applicable laws APPI (new) Content of the provisions according to the target Administrative organs of National Gov. Administrative organs of local governments Hospitals (national and public), Universities (national and public), National Research and Development Agency Business Operators Special provisions for academic research purposes APPI applies, and Refining exceptions for academic research purposes Definition of ”personal information” "be readily collated with" Definition of "anonymization" "Anonymously processed information"
  23. 23. 1)Unifying the national acts and local ordinances on the Protection of Personal Information into a single law p.23 What is included in the new APPI • APPI (Current Edition) • APPI-AO • APPI-IAA + • uniformed rules applicable to local governments – The special provisions in the ordinance are limited to "minimum necessary protection measures.“ Warning: The existing article numbers will shift significantly.
  24. 24. 2) Unification of regulations in medical and academic fields – Until now: regulations varied between national goverments, private and local governments sectors – New Bill: applies to Private Sector Rules in principle • “Actor that continuously engages in joint work using data with private counterparties in a position similar to the private sector“ • However: provisions for public entities will continue to apply to the Act on Access to Information and Open Data p.24
  25. 25. 3) Review of exemptions for academic research • Currently: no unified regulation for academic research purposes, especially, no application to private sector (ethical guidelines apply instead) – Criticism: "International transfers based on adequacy decisions are not applicable because of sectorial exclusion“ • Aims: GDPR Adequacy decisions applicable to academic research (bill author´s view) • Future: Personal Information Protection Commission has surveillance authority p.25
  26. 26. 3) Review of exemptions for academic research Details of the new regulations: • Special Provisions for Academic Research Purposes – Restriction by Purpose of Use – Restriction on Acquisition of Special Care-required Personal Information – Restrictions on third-party provision (detailed requirements) • Provisions that will also apply to academic research purposes – safety management measures – Identification and publication of the purpose of use – Prohibition of improper use and acquisition – obligation to report leakage – Disclosure of retained personal data (national and public sectors only) p.26
  27. 27. 4) Unification of definitions – Definitions of ”personal information” • “readily collated with”(APPI) or not (APPI-AO, APPI-IAA) • Some local ordinances incl. “a dead person’s“ – Definitions of "anonymization“ • Distinguished terms were used – “Anonymized Personal Information” as non-personal information in the private sector(APPI) – Anonymously processed information” as personal information in the public sector(APPI-AO, APPI-IAA) • Both are reclassified into regulations for the private sector (APPI). p.27
  28. 28. 5) Common provisions for local governments – now: Each local government (“Gemeinde” unit in Germany) has its own ordinance • so-called "2000 problems" – in the future: APPI(as a national law) is applied • PPC will have the authority to monitor local government organizations – the special provisions in the ordinance are limited to "minimum necessary protection measures." • some provisions are also introduced in local governments (ex. Special care-required personal information) p.28
  29. 29. 4. my personal opinion 29
  30. 30. in my view • undoubtedly a major revision – Formally, it can be said that "the PPC oversees everything in Japan.“ • Not only My Number but also all personal information at all levels of the national, private and local governments – First step in public sector adequacy decision p.30
  31. 31. in my view • Open-remaining questions – Is it possible to achieve only by this revision “the extension of the Adequacy Decision to academic research purposes"? – Any backlash from local governments? – Why is there no debate about discipline in the police sector? • Especially important: no discussion of the law enforcement directive (LED)! p.31
  32. 32. Acknowledgment • ご清聴ありがとうございました! – Twitter: @akmykt (日本語) • Besten Dank für Ihre Aufmerksamkeit! – Twitter:@akyokota (Deutsch und Englisch) https://www.slideshare.net/akemiyokota83 Acknowledgment Thank you Dr. Matthias Lachenmann for helping me to correct the terms. https://www.bho-legal.com/team-datenschutz-japanisches- datenschutzrecht/ This work was supported by JSPS KAKENHI Grant Number 19K13491 and 19KK0330. p.32

×