Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsEU and Japan Recognize Reciprocal Adequacy of Data Protection Laws
The European Union and Japan have reached an agreement to permit the sharing and transfer of personal data between the two regions without additional safeguards as part of a huge free trade deal that cuts or eliminates tariffs on nearly all goods. The reciprocal adequacy decision means that both sides will recognize their data protection laws as equivalent and no further protections are warranted for cross-border transfers.
In Europe, an adequacy decision is a procedure taken by the European Commission to establish that the domestic law or international commitments of a third country provide a comparable data protection level to the European Union. As a result, all operators in the country (Japan, in this case) will be able to transfer the personal data of EU citizens into the country without any further protections.
The European Commission is expected to adopt the adequacy decision in the fall after several procedural matters are completed. Japan will also need to complete internal procedures to finalize its decision to recognize Europe’s General Data Protection Regulation (“GDPR”). It is the first time that the EU and a third country have agreed on reciprocal recognition of adequacy, although the EU has unilateral adequacy determinations with several other countries.
GDPR prevents companies from storing Europeans’ personal information on foreign servers unless the countries guarantee a high level of privacy or other protections are taken. The U.S. currently meets that standard through the Privacy Shield, an agreement to provide the necessary level of protections to the personal data of EU citizens by companies that have self-certified themselves and renew it annually.
The Privacy Shield has been under fire lately in Europe as the European Parliament has called for its suspension in September. The MEPs may not have the power to revoke the adequacy determination around the Privacy Shield, but they can put pressure on the European Commission to reverse its annual ruling that the deal provides adequate protection for the personal information of EU citizens.
The adequacy decision between the EU and Japan occured despite a Reuters Corporate Survey conducted during June that said Japanese firms had made only modest progress in compliance with GDPR and that they have been slow to get compliant with the new privacy rules. The EC website also lists South Korea as another country where it has been engaged in talks about recognition for adequacy.
There has been some speculation that California may be able to independently qualify for adequacy when the California Consumer Privacy Act goes into effect. The law could be considered comprehensive data protection legislation by the EU. Nevertheless, California would have to identify or create a government agency to serve as a data protection authority to assist EU residents with enforcement of their rights. GDPR permits a “territory” to get adequacy, although that term has so far been limited to territories of EU Members. The California economy currently ranks as the world’s fifth largest.
More Blog Posts from Clarip:
Prep for a GDPR Split via a No Deal Brexit
First Fines of 100 Data Controllers Over UK Data Protection Fee
EU Issues Opinions on Adequacy of Japanese Data Protections
The UK’s Brexit White Paper on Data Protection
Contact Clarip for Help with Your Privacy Program
The Clarip data privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping software, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie consent manager, Clarip can help strengthen your privacy program.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with our consent software.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
