As we predicted some months ago, a Bill to amend Japan’s Act on protection of personal information (Act number 57 of 2003 (“The Act”)) was submitted to the Japanese Parliament on 10th March last.

The Bill clarifies the definition of personal information, creates an independent watchdog committee, creates restrictions on the processing of sensitive information, tightens restrictions on disclosure to third parties, places obligations on the data controller to keep accurate books and records and sets up a regime for “Big Data” and anonymisation of personal information.

Another interesting part of the Bill is in relation to the extra territorial nature of the Act when it is passed into law. It is intended that where the data controller outside of Japan has collected or collects personal information relating to Japanese citizens then that foreign data controller will be required to comply with the majority of the Act and to this extent Japan is mirroring the extra territorial nature of the proposed EU General Data Protection Regulation.