Japanese Information Banks
MyData Global community webinar 19 July 2019
These slides: https://mydata-global.org/community-webinar-japan-data-banks
Konnichiwa!
Viivi Lähteenoja
Deputy General Manager, MyData Global
viivi@mydata.org, @viivilahteenoja, @mydataorg
2
Why Data Banks?
3
2011 Tōhoku earthquake and tsunami
4
CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=14641958
What Are They?
5
Nomenclature
6
7
Who’s Involved?
8
Government & NGO Actors
9
Legal landscape
10
The Act on the Protection of Personal Information (APPI, 2016)
11
Article 23
“(1) A personal information handling business operator shall, except in those cases set forth in the following, not provide personal data to a third party without obtaining in advance a principal's consent.
(i) cases based on laws and regulations
(ii) cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent
(iii) cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent
(iv) cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs.”
The Basic Act on the Advancement of Utilizing Public and Private Sector Data (2018)
12
Article 12
“For the purpose of promoting the smooth circulation of public and private sector data concerning individuals, the State is to develop the foundations for enabling a wide variety of actors to utilize in an appropriate manner public and private sector data concerning individuals, with the participation of the relevant individuals, and to implement other necessary measures while giving consideration to the protection of the competitive position and other legitimate interests of companies.”
Certification
13
Guideline ver 1.0 on Certification of “Personal Data Trust Bank” by the Japanese Government
14
Guideline ver 1.0 on Certification of “Personal Data Trust Bank” by the Japanese Government
15
CERTIFICATION CRITERIA
Certification Issuers
16
17
Two Types of Certificates by IT Renmei
18
Cost and Duration of IT Renmei certification
19
※ Changes according to the presence or absence of privacy mark, ISMS certification acquisition, business scale.
※ Fluctuates by the existence of local examination, questions and answers, excess of application acceptance, etc.
Existing Banks
20
Two “P” Authorised TPDMS
21
Companies and Products Planning to Become Data Banks
22
Political will
23
The “Osaka Track”
by Prime Minister Abe
24
“An overarching framework promoting cross-border data flow with enhanced protections … “Data Free Flow with Trust” concept, a move spearheaded by Japan that calls for the creation of a set of international rules enabling the free movement of data across borders. … seeks to standardize rules in global movement of data flows with better protection in personal information, intellectual property and cybersecurity.”