On July 17, 2018, the European Commission successfully concluded negotiations with Japan on a reciprocal adequacy finding which will allow personal data to flow freely from the EU to Japan (and vice versa).

The adequacy decision has not yet been formally adopted, as it must still undergo the respective EU and Japanese approval procedures, which the EU and Japan expect to complete by fall 2018.  During that period, Japan is expected to implement additional safeguards required in order to meet EU data protection standards (e.g., for onward transfers).

The conclusion of the negotiations follow Japan’s recent modernization of its data protection legislation which increased the convergence between the two systems. By agreeing on a reciprocal adequacy decision, the European Commission (representing the EU) and Japan acknowledge each other’s data protection laws to “adequately” protect personal data.  Once the adequacy decision is adopted, data can flow safely between the EU and Japan without the need to adopt additional safeguards (e.g., standard contractual clauses). The adequacy decision is expected to strengthen trade and economic relations between the EU and Japan.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Anna Sophia Oberschelp de Meneses Anna Sophia Oberschelp de Meneses

I advise companies across the EU on technology laws, with a focus on data protection, cybersecurity, and current consumer protection laws. I help businesses navigate complex regulations like the GDPR, AI Act, Digital Services Act, Unfair Commercial Practices Directive, and the upcoming Digital…

I advise companies across the EU on technology laws, with a focus on data protection, cybersecurity, and current consumer protection laws. I help businesses navigate complex regulations like the GDPR, AI Act, Digital Services Act, Unfair Commercial Practices Directive, and the upcoming Digital Fairness Act, turning legal requirements into practical, business-friendly solutions.

In data protection, I support tailored GDPR compliance, international data transfers, and privacy-conscious marketing. On cybersecurity, I guide clients through risk assessments, incident response, and evolving laws such as NIS2 and the Cyber Resilience Act. Regarding consumer protection, I advise on existing laws to help businesses revise their terms and conditions for compliance and review online interfaces to ensure all mandatory consumer information is clearly provided, tackling issues like dark patterns and unfair contract clauses.

Fluent in multiple languages and experienced across borders, I’m passionate about helping clients embed compliance into their operations and thrive in the fast-changing digital landscape.