27 lines
1.2 KiB
Org Mode
27 lines
1.2 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-appi
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title:
|
|
#+filetags: :passepartout:compliance:framework:appi:
|
|
|
|
|
|
Japan's comprehensive privacy law (amended 2022, fully effective 2023).
|
|
Applies to any business handling personal information of Japanese residents.
|
|
Key requirements: consent, purpose specification, data retention limits,
|
|
cross-border transfer restrictions (opt-in required), mandatory breach reporting,
|
|
data subject access/deletion rights, pseudonymized/anonymized data provisions.
|
|
Personal Information Protection Commission (PPC) enforces.
|
|
|
|
Penalties: Up to 100M JPY (~$700K) for violations; criminal penalties up to
|
|
1 year imprisonment. Orders to suspend data processing or delete data.
|
|
|
|
Who must comply: All businesses handling personal information of Japanese
|
|
residents. Extraterritorial — applies to non-Japanese businesses targeting
|
|
Japanese residents.
|
|
|
|
Why it matters: APPI's cross-border transfer restrictions require fine-grained
|
|
control over which data leaves Japan. The gate stack can encode "this data has
|
|
APPI cross-border consent flag = false → block egress." First-mover advantage
|
|
is moderate — few non-Japanese vendors target APPI specifically, and the 2022
|