Data & Privacy · Japan
Data & Privacy - Japan
Japan has a comprehensive, cross-sectoral data-protection regime centered on the Act on the Protection of Personal Information (APPI), first enacted in 2003 and substantially amended in 2015, 2020 and 2022. It is enforced by an independent supervisory authority, the Personal Information Protection Commission (PPC), and is recognized by the EU as providing an adequate level of data protection under a mutual adequacy arrangement. A triennial review is currently underway, with further amendments expected (draft law anticipated around 2025, taking effect later in the decade).
The APPI is an omnibus law governing the handling of personal information by private businesses and public bodies alike, covering collection, use, retention, disclosure and cross-border transfer of personal data.
The Personal Information Protection Commission (PPC) is an independent administrative body responsible for enforcement, issuing guidelines, investigating businesses, and issuing recommendations and orders, with powers ranging from administrative guidance to criminal penalties.
Data subjects have rights to access, correction and deletion of their personal data, and (following the 2020 amendment) an expanded right to request cessation of use or to object to processing.
Since the 2020 amendment (in force 2022), businesses must report data breaches that risk harm to individuals' rights and interests to the PPC and notify affected data subjects.
Japan and the EU have a mutual adequacy arrangement (in force since 2019); the European Commission completed its first review in 2023, confirming continued adequacy and extending the review cycle to four years.
Under a statutory three-year review cycle, the PPC published an interim summary in 2024 proposing changes on biometric data, breach-reporting conditions, and stronger enforcement (e.g., injunctive relief); a draft amendment law is expected around 2025.
Machine-assisted translation · verified 5/23/2026 · orientation, not legal advice. English version →