Commission Implementing Decision (EU) 2019/419 of 23 January 2019 pursuant to Reg... (32019D0419)
INHALT
Commission Implementing Decision (EU) 2019/419 of 23 January 2019 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by Japan under the Act on the Protection of Personal Information (Text with EEA relevance)
- COMMISSION IMPLEMENTING DECISION (EU) 2019/419
- of 23 January 2019
- pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by Japan under the Act on the Protection of Personal Information
- (notified under document C(2019) 304)
- (Text with EEA relevance)
- 1.
- INTRODUCTION
- 2.
- THE RULES APPLYING TO THE PROCESSING OF DATA BY BUSINESS OPERATORS
- 2.1.
- The Japanese data protection framework
- 2.2.
- Material and personal scope
- 2.2.1.
- Definition of personal information
- 2.2.2.
- Definition of personal data
- 2.2.3.
- Definition of retained personal data
- 2.2.4.
- Definition of anonymously processed personal information
- 2.2.5.
- Definition of Personal Information Handling Business Operator (PIHBO)
- 2.2.6.
- Concepts of controller and processor
- 2.2.7.
- Sectoral exclusions
- 2.3.
- Safeguards, rights and obligations
- 2.3.1.
- Purpose limitation
- 2.3.2.
- Lawfulness and fairness of processing
- 2.3.3.
- Data accuracy and minimisation
- 2.3.4.
- Storage limitation
- 2.3.5.
- Data security
- 2.3.6.
- Transparency
- 2.3.7.
- Special categories of data
- 2.3.8.
- Accountability
- 2.3.9.
- Restrictions on onward transfers
- 2.3.10.
- Individual rights
- 2.4.
- Oversight and enforcement
- 2.4.1.
- Independent oversight
- 2.4.2.
- Judicial redress
- 3.
- ACCESS AND USE OF PERSONAL DATA TRANSFERRED FROM THE EUROPEAN UNION BY PUBLIC AUTHORITIES IN JAPAN
- 3.1.
- General legal framework
- 3.2.
- Access and use by Japanese public authorities for criminal law enforcement purposes
- 3.2.1.
- Legal basis and applicable limitations/safeguards
- 3.2.1.1.
- Compulsory investigation based on a court warrant
- 3.2.1.2.
- Request for voluntary disclosure based on an "enquiry sheet"
- 3.2.1.3.
- Further use of the information collected
- 3.2.2.
- Independent oversight
- 3.2.3.
- Individual redress
- 3.3.
- Access and use by Japanese public authorities for national security purposes
- 3.3.1.
- Legal basis and applicable limitations/safeguards
- 3.3.2.
- Independent oversight
- 3.3.3.
- Individual redress
- 4.
- CONCLUSION: ADEQUATE LEVEL OF PROTECTION FOR PERSONAL DATA TRANSFERRED FROM THE EUROPEAN UNION TO BUSINESS OPERATORS IN JAPAN
- 5.
- ACTION OF DATA PROTECTION AUTHORITIES AND INFORMATION TO THE COMMISSION
- 6.
- PERIODIC REVIEW OF THE ADEQUACY FINDING
- 7.
- SUSPENSION OF THE ADEQUACY DECISION
- 8.
- FINAL CONSIDERATIONS
- Article 1
- Article 2
- Article 3
- Article 4
- ANNEX 1
- SUPPLEMENTARY RULES UNDER THE ACT ON THE PROTECTION OF PERSONAL INFORMATION FOR THE HANDLING OF PERSONAL DATA TRANSFERRED FROM THE EU BASED ON AN ADEQUACY DECISION
- (1) Special care-required personal information (Article 2, paragraph 3 of the Act)
- Article 2 (paragraph 3) of the Act
- Article 2 of the Cabinet Order
- Article 5 of the Rules
- (2) Retained personal data (Article 2, paragraph 7 of the Act)
- Article 2 (paragraph 7) of the Act
- Article 4 of the Cabinet Order
- Article 5 of the Cabinet Order
- (3) Specifying a utilization purpose, restriction due to a utilization purpose (Article 15, paragraph 1, Article 16, paragraph 1 and Article 26, paragraphs 1 and 3 of the Act)
- Article 15 (paragraph 1) of the Act
- Article 16 (paragraph 1) of the Act
- Article 26 (paragraphs 1 and 3) of the Act
- (4) Restriction on provision to a third party in a foreign country (Article 24 of the Act; Article 11-2 of the Rules)
- Article 24 of the Act
- Article 11-2 of the Rules
- (5) Anonymously processed information (Article 2, paragraph 9 and Article 36, paragraphs 1 and 2 of the Act)
- Article 2 (paragraph 9) of the Act
- Article 36 (paragraph 1) of the Act
- Article 19 of the Rules
- Article 36 (paragraph 2) of the Act
- Article 20 of the Rules
- ANNEX 2
- Her Excellency Ms. Věra Jourová, Commissioner for Justice, Consumers and Gender Equality of the European Commission
- Collection and use of personal information by Japanese public authorities for criminal law enforcement and national security purposes
- I.
- The general legal principles relevant for government access
- A. Constitutional framework and reservation of law principle
- B. Specific rules on the protection of personal information
- II.
- Government access for criminal law enforcement purposes
- A) Legal bases and limitations
- 1) Collection of personal information by compulsory means
- (a)
- Legal bases
- (b)
- Limitations
- (1) Limitations following from the Constitution and the empowering statute
- (2) Limitations following from the APPIHAO
- 2) Collection of personal information through requests for voluntary cooperation (Voluntary investigation)
- a)
- Legal basis
- b)
- Limitations
- (1) Limitations following from the Constitution and the empowering statute
- (2) Limitations with respect to certain business operators
- (3) Limitations based on the APPIHAO
- B) Oversight
- 1) Judicial oversight
- 2) Oversight based on the APPIHAO
- 3) Oversight by the Public Safety Commissions as regards the police
- 4) Oversight by the Diet
- C) Individual Redress
- 1) Judicial redress against compulsory collection of information based on a warrant (Article 430 Code of Criminal Procedure)
- 2) Judicial redress under the Code of Civil Procedure and State Redress Act
- 3) Individual redress against unlawful/improper investigations by the Police: complaint to the Prefectural Public Safety Commission (Article 79 Police Law)
- 4) Individual redress under the APPIHAO and the Code of Criminal Procedure
- a)
- APPIHAO
- b)
- Code of Criminal Procedure
- 5) Individual redress against unlawful/improper investigations by public authorities: complaint to the PPC
- III.
- Government access for national security purposes
- A. Legal bases and limitations for the collection of personal information
- 1) Legal bases for information collection by concerned ministry/agency
- (1) Cabinet Secretariat
- (2) The NPA/Prefectural Police
- (3) Public Security Intelligence Agency (PSIA)
- (4) Ministry of Defense (MOD)
- 2) Limitations and safeguards
- a)
- Statutory limitations
- (1) General limitations based on the APPIHAO
- (2) Specific limitations applicable to the police (both NPA and Prefectural Police)
- (3) Specific limitations applicable to the PSIA
- (4) Specific limitations applicable to the MOD
- b)
- Other limitations
- B. Oversight
- 1) Oversight based on the APPIHAO
- 2) Oversight over the police by the Public Safety Commissions
- 3) Oversight of the MOD by the Inspector General’s Office of Legal compliance
- 4) Oversight of the PSIA
- 5) Oversight by the Diet
- C. Individual redress
- IV.
- Periodic review
Feedback