US-EU-Japan data flows could be eased further under Japanese proposal

Companies that transfer data between the US, EU and Japan could see a further alignment of the three data-protection regimes later this year, MLex has learned.

Japan will set out plans for a “data security” pact between the three jurisdictions at its next summit with the EU, according to meeting documents seen by MLex. But they also say that the EU has some reservations, and needs more clarity before opening talks. As yet there's no date for that high-level meeting, and the documents contain no detail about Japan's vision for a new three-way agreement.

The EU already cooperates with Japan on data transfers under an “adequacy decision” taken on Jan. 23, and with the US under the Privacy Shield agreement.

The new proposal could deepen this cooperation further and add direct ties between Japan and the US.

If all goes well, the proposal will be officially announced at the margins of the G20 summit on June 28-29 in Osaka.

The existing EU-Japan adequacy decision sees the two jurisdictions approve each other’s data-protection regime, safeguarding the world’s biggest stream of data flows. The agreement is designed to ease the regulatory burden on businesses transferring information between the two territories.

The deal entered into force months after missing its original target of May 2018, following disputes on the technical details.

The EU-US Privacy Shield also allows the exchange of personal data. The second annual assessment of this deal late last year saw the EU raise questions about the US’ delayed appointment of a permanent ombudsperson, who would evaluate EU citizens’ complaints about alleged violations of data privacy by US companies. An ombudsperson has been in place since last month.