Japan: Implemented increased data protection penalties in 2020 amendment to the Act on the Protection of Personal Information
Description
Implemented increased data protection penalties in 2020 amendment to the Act on the Protection of Personal Information
On 12 December 2020, the increased penalties of the amendment to the Act on the Protection of Personal Information were implemented. The Amendment contains rules on both domestic data protection and cross-border data transfers. Regarding data prot…
Scope
Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament
Complete timeline of this policy change
Hide details
2020-03-10
under deliberation
2020-06-05
adopted
2020-12-12
in force
2021-10-01
in force
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
All
Policy change by business practice
The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
User right to deletion of personal data
User consent: Other requirement
User right to information about third-parties, with which data has been shared
Recordkeeping requirement
User consent: Opt-in requirement
User consent: Permit user opt-out
Regulator notification requirement
Obligation to make customer data available to government agencies
User right to withdraw consent
Sanctions
Fine
Regulated subjects
1
personal data (all forms): storage (any form)
Regulatory tool
User right to deletion of personal data
User consent: Other requirement
User right to information about third-parties, with which data has been shared
Recordkeeping requirement
User consent: Opt-in requirement
User consent: Permit user opt-out
Technical standard adherence
Regulator notification requirement
Obligation to make customer data available to government agencies
Regulator reporting requirement
User right to withdraw consent
Sanctions
Fine
Regulated subjects
1
personal data (all forms): data processing
Regulatory tool
User consent: Other requirement
User right to information about third-parties, with which data has been shared
Recordkeeping requirement
User consent: Opt-in requirement
User consent: Permit user opt-out
Technical standard adherence
Regulator notification requirement
Obligation to make customer data available to government agencies
Regulator reporting requirement
User right to withdraw consent
Sanctions
Fine
Regulated subjects
1
personal data (all forms): transfer: cross-border
Regulatory tool
User consent: Other requirement
User right to information about third-parties, with which data has been shared
Recordkeeping requirement
User consent: Opt-in requirement
User consent: Permit user opt-out
Regulator notification requirement
Private code of conduct requirement
Obligation to make customer data available to government agencies
Regulator approval requirement
User right to withdraw consent
Sanctions
Fine
Regulated subjects
1
personal data: information that is publicly available: data processing
Regulatory tool
User right to information about third-parties, with which data has been shared
User consent: Opt-in requirement
User consent: Permit user opt-out
Technical standard adherence
Regulator notification requirement
Obligation to make customer data available to government agencies
User notification requirement
Sanctions
Regulated subjects
1
personal data: information that is publicly available: transfer (any destination)
Regulatory tool
User right to information about third-parties, with which data has been shared
User consent: Opt-in requirement
User consent: Permit user opt-out
Private code of conduct requirement
User right to withdraw consent
Sanctions
Regulated subjects
1