Summary

• On April 1, 2022, the revised Act on the Protection of Personal Information (”APPI”) came into effect, strengthening the rights of individuals to request the cessation of use or deletion of their own information and the obligations imposed on business operators.
• The background of this revision is the flaming incidents caused by inadequate privacy protection in the handling of personal data, and the global trend toward tighter regulations. It is expected that laws will continue to be revised on a short cycle.
• Meanwhile, GAFA and other mega-platformers are trying to overcome these regulations with their massive financial resources and to collect and utilize personal data not only in the online world but also in the real world.
• In this report, I propose the significance of establishing ”privacy governance,” a mechanism for companies themselves to both protect and utilize personal data, in order to respond flexibly to tighter regulation and avoid being dominated by GAFA, and also suggest how ”privacy investments” should be made for this purpose.

• Shintaro Kobayashi

  Public Policy Group Manager