2.2.1 - Definition of personal information2.2.2 - Definition of personal data2.2.3 - Definition of retained personal data2.2.4 - Definition of anonymously processed personal information2.2.5 - Definition of Personal Information Handling Business Operator (PIHBO)2.2.6 - Concepts of controller and processor2.2.7 - Sectoral exclusions
2.3.1 - Purpose limitation2.3.2. - Lawfulness and fairness of processing2.3.3. - Data accuracy and minimisation2.3.4. - Storage limitation2.3.5. - Data security2.3.6. - Transparency2.3.7. - Special categories of data2.3.8. - Accountability2.3.9. - Restrictions on onward transfers2.3.10. - Individual rights
3.1 - General legal framework3.2 - Access and use by Japanese public authorities for criminal law enforcement purposes3.2.1 - Legal basis and applicable limitations/safeguards3.2.1.1 - Compulsory investigation based on a court warrant3.2.1.2 - Request for voluntary disclosure based on an "enquiry sheet"3.2.1.3 - Further use of the information collected3.2.2 - Independent oversight3.2.3 - Individual redress3.3 - Access and use by Japanese public authorities for national security purposes3.3.1 - Legal basis and applicable limitations/safeguards
3.3.2 - Independent oversight
3.3.3 - Individual redress
(11)
The APPI has been reformed in recent years. The amended APPI was promulgated on 9 September 2015 and came into force on 30 May 2017. The amendment introduced a number of new safeguards, and also strengthened existing safeguards, thus bringing the Japanese data protection system closer to the European one. This includes, for instance, a set of enforceable individual rights or the establishment of an independent supervisory authority (PPC) entrusted with the oversight and enforcement of the APPI.
(11)
The APPI has been reformed in recent years. The amended APPI was promulgated on 9 September 2015 and came into force on 30 May 2017. The amendment introduced a number of new safeguards, and also strengthened existing safeguards, thus bringing the Japanese data protection system closer to the European one. This includes, for instance, a set of enforceable individual rights or the establishment of an independent supervisory authority (PPC) entrusted with the oversight and enforcement of the APPI.
(70)
Under the accountability principle, entities processing data are required to put in place appropriate technical and organisational measures to effectively comply with their data protection obligations and be able to demonstrate such compliance, in particular to the competent supervisory authority.
(95)
In order to ensure that an adequate level of data protection is guaranteed also in practice, an independent supervisory authority tasked with powers to monitor and enforce compliance with the data protection rules should be in place. This authority should act with complete independence and impartiality in performing its duties and exercising its powers.
(164)
These oversight mechanisms, which are further strengthened through the possibility for individuals to trigger the intervention of the PPC as an independent supervisory authority (see below section 168), provide adequate guarantees against the risk of abuse by Japanese authorities of their powers in the area of national security, and against any unlawful collection of electronic information.
