SlideShare a Scribd company logo
1 of 18
GDPR vs.APPI
Ikuo Takahashi
GDPR vs. APPI
• Framework
• Personal data vs. Personal information
• APPI is under review
• Case study-Rikunabi case
Personal information protection
Info.Subject
Disclosure(28)
Correction(29)
Cease to processing(30)
Personal Information
Handling Business Operator
Personal Information
・Restriction due to a Utilization Purpose(16)
Proper Acquisition(17)
Assurance etc. about the Accuracy of Data Contents
Security Control Action(20)
Personal
information
Protection
Committee
Report and onsite Inspection
Guidance and Advice
Recommendation &Order
Criminal Sanction
against non compliance of
the order
Issues
Info.Subject
Disclosure(28)
Correction(29)
Cease to processing(30)
Personal Information
Handling Business Operator
Personal Information
・Restriction due to a Utilization Purpose(16)
Proper Acquisition(17)
Assurance etc. about the Accuracy of Data Contents
Security Control Action(20)
Personal
information
Protection
Committee
Report and onsite Inspection
Guidance and Advice
Recommendation &Order
Criminal Sanction
against non compliance of
the order
1 Scope
2 definition
2 definition &
Policy to utilize
3 Subject’s right
4 breach report
1 Scope
Basics
APPI
Chapter1-3
Local
Gov.
Independent
Administration
Legal
Person
State’s
Administration
Legal
Person
PPC
Personal Information
Handling Business
Operator
2 Personal Information (APPI art.2(1))
• The term “personal information” as used in this Act means
that information relating to a living individual which falls
under any of each following item:
• (i) those containing a name, date of birth, or other
descriptions etc. (meaning any and all matters (…) stated,
recorded or otherwise expressed using voice, movement or
other methods in a document, drawing or electromagnetic
record (…)); …) whereby a specific individual can be
identified (including those which can be readily collated with
other information and thereby identify a specific individual)
• (ii) those containing an individual identification code
2 Personal Information- ”Anonymously
processed information“
• ”Anonymously processed information“ in this Act means
information relating to an individual that can be produced from
processing personal information so as neither to be able to
identify a specific individual by taking action prescribed in each
following item in accordance with the divisions of personal
information set forth in each said item nor to be able to restore
the personal information processed information” in this Act
means information relating to an individual that can be produced
from processing personal information so as neither to be able to
identify a specific individual by taking action prescribed in each
following item in accordance with the divisions of personal
information set forth in each said item nor to be able to restore
the personal information
3 APPI is under review
• Section 1 Personal rights regarding personal information
• 2. Disclosure Request Status
• 3. Status regarding suspension of use
• 4). Opt-out regulations and status of measures for rosters
• Section 2 How to Report Data breach
• Current situation in Japan
• Current status in other countries
• review suggestion
• Section 3 Existence of a mechanism that encourages voluntary
efforts by businesses to protect personal information Direction
• 1. Certified personal information protection organization system
• 2. Status of Voluntary Initiatives by Business Operators
• 3. review suggestion
3 APPI is under review
• Section 4 Policies for Data Utilization
• 1. Anonymous processing information system
• 2. Current status of other data utilization policies
• 3. Efforts by private businesses regarding the use of personal data
• 4. Targeting ads
• Section 5 Penalties
• 1. Current situation in Japan
• 2. Current status in other countries
• 3. The nature of money imposed under Japanese laws and
regulations
4 Rikunabi case
Recruit Career
Job seeker
Info
score
DMP follow service
Market /Features
• Oligopoly
• My Navi
• Recu Navi
• Features
• New graduate recruitment support market
DMP follow service
• 1)Recruit Career created a prediction model from applicant’s
behavior for contracted companies
• based on the applicant’s result of selection/rejection/withdrawal
and applicant’s browsing and behavioral history.
• 2) Recruit Career calculate the possibilities of the
withdrawal and sell the result.
• based on the applying student information provided by the
contracted company for the current fiscal year
• behaviral log on the “Rikunavi”
Before 2019
Recruit Career
Job seeker
Info
score
ID provided/Calculated based on ID
Judge
Before 2019
Recruit Career
Job seeker
Info
score
ID provided/Calculated based on ID
Judge
Timeline of the case
日付 内容
2019/7/9 Hearing of Personal Information Protection Committee
2019/7/31 Personal Information Protection Committee pointed out that the expression
of the privacy policy might be difficult for students to understand, and
suspended the provision of DMP follow
2019/8/1 Announced press release from Recruit Career
2019/8/2 Investigation by Tokyo Labor Bureau
2019/8/2 the privacy policy on some screens is incomplete
2019/8/3 Fixed deficiencies in privacy policy
2019/8/4 Decided to cease “DMP Follow” service
2019/8/5 Press release regarding deficiencies in privacy policy consent and cease of
services for 7,983 students at DMP Follow
2019/8/5 Started requesting data deletion from companies
Timeline of the case-2
日付 内容
2019/8/9 Apology for 7,983 students started
2019/8/21 a special page opened to identify whether or not you have been subject to
DMP Follow
2019/8/22 Apology for all members of Rikunabi 2020
2019/8/26 PPC‘s Recommendations (42)and Guidance based on Law (41)
2019/9/6 Instructed by Tokyo Labor Bureau for violating the Employment Stabilization
Law and guidelines based on the Law
PPC‘s Recommendations (42)and
Guidance based on Law (41)
• Fact
• Riku Nabi did not make appropriate decisions regarding legal
compliance and did not properly examine the legal application
relationship(...)
• This violates the provisions of Article 20 of the Act.
• Due to the lack of administrative procedures when the privacy policy
was revised in March 2019, the necessary consent was not obtained
from some members. (...)
• This violates the provisions of Article 20 of the Act.
• When providing personal data to a third party, it is necessary to
obtain the consent of the person. (...)
• This is a violation of Article 23, Paragraph 1 of the Act.
Instruction by Tokyo Labor Bureau
• 1.For all the recruitment information provision businesses, including
Rikunabi, which we conduct, confirm that there are no violations of the
Stabilization Law and that the Stabilization Law Guidelines are being
observed, as well as improve business operations and systems, etc. To
take necessary corrections and preventive measures.
• 2. For all employment placement businesses of the Company, confirm
that there are no violations of the Stabilization Law and that the
Stabilization Law Guidelines are being observed, and take necessary
corrections and measures to prevent recurrence.
• 3. Seriously respond to inquiries from students who have been subject
to the provision of information that presumes the possibility of
withdrawal from Rikunabi DMP Follow, and polite explanation of the
information and its provision Take appropriate measures such as.
• 4. In future business operations, conduct business in accordance with
the purpose of the recruitment information provision business and
employment placement business.

More Related Content

Similar to APPI (Japan) and Rikunabi case

PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance PreparationLawPlus Ltd.
 
GDPR Scotland 2018
GDPR Scotland 2018GDPR Scotland 2018
GDPR Scotland 2018Ray Bugg
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersSpain-Holiday.com
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 
Masakazu Masujima, Session 1
Masakazu Masujima, Session 1Masakazu Masujima, Session 1
Masakazu Masujima, Session 1OECD Governance
 
Explain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprExplain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprPierre Feillet
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials   domain 3gkknwqeq3232,sqSecurity essentials   domain 3
gkknwqeq3232,sqSecurity essentials domain 3Anne Starr
 
How to Turn GDPR into a Competitive Advantage
How to Turn GDPR into a Competitive AdvantageHow to Turn GDPR into a Competitive Advantage
How to Turn GDPR into a Competitive AdvantageBeamery
 
ACI Europe - GDPR CUPPS Presentation
ACI Europe - GDPR CUPPS PresentationACI Europe - GDPR CUPPS Presentation
ACI Europe - GDPR CUPPS PresentationStephen H. Baird
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliantTrustArc
 
Gac, money flow, ds, ar, 2 26-14
Gac, money flow, ds, ar, 2 26-14Gac, money flow, ds, ar, 2 26-14
Gac, money flow, ds, ar, 2 26-14ACFCS
 
Understanding & Working with the GDPR
Understanding & Working with the GDPRUnderstanding & Working with the GDPR
Understanding & Working with the GDPRMarketo
 

Similar to APPI (Japan) and Rikunabi case (20)

PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
 
GDPR Scotland 2018
GDPR Scotland 2018GDPR Scotland 2018
GDPR Scotland 2018
 
Overview Data Privacy Bill India
Overview Data Privacy Bill IndiaOverview Data Privacy Bill India
Overview Data Privacy Bill India
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
Masakazu Masujima, Session 1
Masakazu Masujima, Session 1Masakazu Masujima, Session 1
Masakazu Masujima, Session 1
 
Explain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprExplain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdpr
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials   domain 3gkknwqeq3232,sqSecurity essentials   domain 3
gkknwqeq3232,sqSecurity essentials domain 3
 
How to Turn GDPR into a Competitive Advantage
How to Turn GDPR into a Competitive AdvantageHow to Turn GDPR into a Competitive Advantage
How to Turn GDPR into a Competitive Advantage
 
ACI Europe - GDPR CUPPS Presentation
ACI Europe - GDPR CUPPS PresentationACI Europe - GDPR CUPPS Presentation
ACI Europe - GDPR CUPPS Presentation
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant
 
Gac, money flow, ds, ar, 2 26-14
Gac, money flow, ds, ar, 2 26-14Gac, money flow, ds, ar, 2 26-14
Gac, money flow, ds, ar, 2 26-14
 
Understanding & Working with the GDPR
Understanding & Working with the GDPRUnderstanding & Working with the GDPR
Understanding & Working with the GDPR
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 

More from Ikuo Takahashi

Cydef 2021 国際的サイバー防衛法
Cydef 2021 国際的サイバー防衛法Cydef 2021 国際的サイバー防衛法
Cydef 2021 国際的サイバー防衛法Ikuo Takahashi
 
Crossover of Data protection and competition law concerning privacy protection
Crossover of Data protection and competition law concerning privacy protection Crossover of Data protection and competition law concerning privacy protection
Crossover of Data protection and competition law concerning privacy protection Ikuo Takahashi
 
What is contact tracing?
What is contact tracing?What is contact tracing?
What is contact tracing?Ikuo Takahashi
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal IssuesIkuo Takahashi
 

More from Ikuo Takahashi (13)

ACDPub.pptx
ACDPub.pptxACDPub.pptx
ACDPub.pptx
 
Ikuo0823.pdf
Ikuo0823.pdfIkuo0823.pdf
Ikuo0823.pdf
 
Cydef 2021 国際的サイバー防衛法
Cydef 2021 国際的サイバー防衛法Cydef 2021 国際的サイバー防衛法
Cydef 2021 国際的サイバー防衛法
 
Crossover of Data protection and competition law concerning privacy protection
Crossover of Data protection and competition law concerning privacy protection Crossover of Data protection and competition law concerning privacy protection
Crossover of Data protection and competition law concerning privacy protection
 
What is contact tracing?
What is contact tracing?What is contact tracing?
What is contact tracing?
 
Ikuo takahashi0509
Ikuo takahashi0509Ikuo takahashi0509
Ikuo takahashi0509
 
Ikuo takahashi0509
Ikuo takahashi0509Ikuo takahashi0509
Ikuo takahashi0509
 
20slide0306
20slide030620slide0306
20slide0306
 
Ikuoedisclosure Uk
Ikuoedisclosure UkIkuoedisclosure Uk
Ikuoedisclosure Uk
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal Issues
 
10 Keio513
10 Keio51310 Keio513
10 Keio513
 
Sec Wars Episode 3
Sec Wars Episode 3Sec Wars Episode 3
Sec Wars Episode 3
 
Security Wars
Security WarsSecurity Wars
Security Wars
 

Recently uploaded

File Taxes Online Simple Steps for Efficient Filing.pdf
File Taxes Online Simple Steps for Efficient Filing.pdfFile Taxes Online Simple Steps for Efficient Filing.pdf
File Taxes Online Simple Steps for Efficient Filing.pdfTaxHelp desk
 
How to Protect Your Children During a Divorce?
How to Protect Your Children During a Divorce?How to Protect Your Children During a Divorce?
How to Protect Your Children During a Divorce?Mesnik Law Group,Inc.
 
Dabholkar-matter-Judgement-1.pdfrefp;sdPp;
Dabholkar-matter-Judgement-1.pdfrefp;sdPp;Dabholkar-matter-Judgement-1.pdfrefp;sdPp;
Dabholkar-matter-Judgement-1.pdfrefp;sdPp;bhavenpr
 
INAUGURAL SIPAC FORUM - POST EVENT REPORT.pdf
INAUGURAL SIPAC FORUM - POST EVENT REPORT.pdfINAUGURAL SIPAC FORUM - POST EVENT REPORT.pdf
INAUGURAL SIPAC FORUM - POST EVENT REPORT.pdfliming4real
 
Mergers and Acquisitions in Kenya - An explanation
Mergers and Acquisitions in Kenya - An explanationMergers and Acquisitions in Kenya - An explanation
Mergers and Acquisitions in Kenya - An explanationRovert3
 
Essential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard ProgramEssential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard ProgramColington Consulting
 
FAMILY LAW - Legacy Semester II .pptx
FAMILY    LAW - Legacy Semester II .pptxFAMILY    LAW - Legacy Semester II .pptx
FAMILY LAW - Legacy Semester II .pptxCADilipkumarMishra1
 
Termination of Employees under the Labor Code.pptx
Termination of Employees under the Labor Code.pptxTermination of Employees under the Labor Code.pptx
Termination of Employees under the Labor Code.pptxBrV
 
REVIVING OUR STAR GOD IMAGES FROM MARRYING OUR 4 HOLY LAWS OF STAR GODS
REVIVING OUR STAR GOD IMAGES FROM MARRYING OUR 4 HOLY LAWS OF STAR GODSREVIVING OUR STAR GOD IMAGES FROM MARRYING OUR 4 HOLY LAWS OF STAR GODS
REVIVING OUR STAR GOD IMAGES FROM MARRYING OUR 4 HOLY LAWS OF STAR GODSCheong Man Keong
 
Streamline Legal Operations: A Guide to Paralegal Services
Streamline Legal Operations: A Guide to Paralegal ServicesStreamline Legal Operations: A Guide to Paralegal Services
Streamline Legal Operations: A Guide to Paralegal ServicesEternity Paralegal Services
 
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdkl
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdklEmbed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdkl
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdklbhavenpr
 
Crime Detection/Prevention and Narco-Analysis Test
Crime Detection/Prevention and Narco-Analysis TestCrime Detection/Prevention and Narco-Analysis Test
Crime Detection/Prevention and Narco-Analysis TestAJAYPRATAPSINGHTOMAR2
 
From Scratch to Strong: Introduction to Drafting of Criminal Cases and Applic...
From Scratch to Strong: Introduction to Drafting of Criminal Cases and Applic...From Scratch to Strong: Introduction to Drafting of Criminal Cases and Applic...
From Scratch to Strong: Introduction to Drafting of Criminal Cases and Applic...Sehrish Saba
 
IRDA role in Insurance sector in India .pptx
IRDA role in Insurance sector in India .pptxIRDA role in Insurance sector in India .pptx
IRDA role in Insurance sector in India .pptxShreyasVyas9
 
Sedition Offences against Property 20-5-2024.pptx
Sedition  Offences against Property 20-5-2024.pptxSedition  Offences against Property 20-5-2024.pptx
Sedition Offences against Property 20-5-2024.pptxRashmiPandey862734
 
dandan liu need to rot when she dies..pdf
dandan liu need to rot when she dies..pdfdandan liu need to rot when she dies..pdf
dandan liu need to rot when she dies..pdfbraydenstoch777
 
Starbucks Corp. v. Sardarbuksh Coffee Co.
Starbucks Corp. v. Sardarbuksh Coffee Co.Starbucks Corp. v. Sardarbuksh Coffee Co.
Starbucks Corp. v. Sardarbuksh Coffee Co.aniruddhabamal
 
Embed-6 (1).pdfc p;p;kdk[odk[drskpokpopo
Embed-6 (1).pdfc p;p;kdk[odk[drskpokpopoEmbed-6 (1).pdfc p;p;kdk[odk[drskpokpopo
Embed-6 (1).pdfc p;p;kdk[odk[drskpokpopobhavenpr
 
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekpEmbed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekpbhavenpr
 

Recently uploaded (20)

File Taxes Online Simple Steps for Efficient Filing.pdf
File Taxes Online Simple Steps for Efficient Filing.pdfFile Taxes Online Simple Steps for Efficient Filing.pdf
File Taxes Online Simple Steps for Efficient Filing.pdf
 
How to Protect Your Children During a Divorce?
How to Protect Your Children During a Divorce?How to Protect Your Children During a Divorce?
How to Protect Your Children During a Divorce?
 
Dabholkar-matter-Judgement-1.pdfrefp;sdPp;
Dabholkar-matter-Judgement-1.pdfrefp;sdPp;Dabholkar-matter-Judgement-1.pdfrefp;sdPp;
Dabholkar-matter-Judgement-1.pdfrefp;sdPp;
 
INAUGURAL SIPAC FORUM - POST EVENT REPORT.pdf
INAUGURAL SIPAC FORUM - POST EVENT REPORT.pdfINAUGURAL SIPAC FORUM - POST EVENT REPORT.pdf
INAUGURAL SIPAC FORUM - POST EVENT REPORT.pdf
 
Mergers and Acquisitions in Kenya - An explanation
Mergers and Acquisitions in Kenya - An explanationMergers and Acquisitions in Kenya - An explanation
Mergers and Acquisitions in Kenya - An explanation
 
Essential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard ProgramEssential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard Program
 
FAMILY LAW - Legacy Semester II .pptx
FAMILY    LAW - Legacy Semester II .pptxFAMILY    LAW - Legacy Semester II .pptx
FAMILY LAW - Legacy Semester II .pptx
 
Trending Topics in ITC Litigation with Knobbe Martens
Trending Topics in ITC Litigation with Knobbe MartensTrending Topics in ITC Litigation with Knobbe Martens
Trending Topics in ITC Litigation with Knobbe Martens
 
Termination of Employees under the Labor Code.pptx
Termination of Employees under the Labor Code.pptxTermination of Employees under the Labor Code.pptx
Termination of Employees under the Labor Code.pptx
 
REVIVING OUR STAR GOD IMAGES FROM MARRYING OUR 4 HOLY LAWS OF STAR GODS
REVIVING OUR STAR GOD IMAGES FROM MARRYING OUR 4 HOLY LAWS OF STAR GODSREVIVING OUR STAR GOD IMAGES FROM MARRYING OUR 4 HOLY LAWS OF STAR GODS
REVIVING OUR STAR GOD IMAGES FROM MARRYING OUR 4 HOLY LAWS OF STAR GODS
 
Streamline Legal Operations: A Guide to Paralegal Services
Streamline Legal Operations: A Guide to Paralegal ServicesStreamline Legal Operations: A Guide to Paralegal Services
Streamline Legal Operations: A Guide to Paralegal Services
 
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdkl
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdklEmbed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdkl
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdkl
 
Crime Detection/Prevention and Narco-Analysis Test
Crime Detection/Prevention and Narco-Analysis TestCrime Detection/Prevention and Narco-Analysis Test
Crime Detection/Prevention and Narco-Analysis Test
 
From Scratch to Strong: Introduction to Drafting of Criminal Cases and Applic...
From Scratch to Strong: Introduction to Drafting of Criminal Cases and Applic...From Scratch to Strong: Introduction to Drafting of Criminal Cases and Applic...
From Scratch to Strong: Introduction to Drafting of Criminal Cases and Applic...
 
IRDA role in Insurance sector in India .pptx
IRDA role in Insurance sector in India .pptxIRDA role in Insurance sector in India .pptx
IRDA role in Insurance sector in India .pptx
 
Sedition Offences against Property 20-5-2024.pptx
Sedition  Offences against Property 20-5-2024.pptxSedition  Offences against Property 20-5-2024.pptx
Sedition Offences against Property 20-5-2024.pptx
 
dandan liu need to rot when she dies..pdf
dandan liu need to rot when she dies..pdfdandan liu need to rot when she dies..pdf
dandan liu need to rot when she dies..pdf
 
Starbucks Corp. v. Sardarbuksh Coffee Co.
Starbucks Corp. v. Sardarbuksh Coffee Co.Starbucks Corp. v. Sardarbuksh Coffee Co.
Starbucks Corp. v. Sardarbuksh Coffee Co.
 
Embed-6 (1).pdfc p;p;kdk[odk[drskpokpopo
Embed-6 (1).pdfc p;p;kdk[odk[drskpokpopoEmbed-6 (1).pdfc p;p;kdk[odk[drskpokpopo
Embed-6 (1).pdfc p;p;kdk[odk[drskpokpopo
 
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekpEmbed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
 

APPI (Japan) and Rikunabi case

  • 2. GDPR vs. APPI • Framework • Personal data vs. Personal information • APPI is under review • Case study-Rikunabi case
  • 3. Personal information protection Info.Subject Disclosure(28) Correction(29) Cease to processing(30) Personal Information Handling Business Operator Personal Information ・Restriction due to a Utilization Purpose(16) Proper Acquisition(17) Assurance etc. about the Accuracy of Data Contents Security Control Action(20) Personal information Protection Committee Report and onsite Inspection Guidance and Advice Recommendation &Order Criminal Sanction against non compliance of the order
  • 4. Issues Info.Subject Disclosure(28) Correction(29) Cease to processing(30) Personal Information Handling Business Operator Personal Information ・Restriction due to a Utilization Purpose(16) Proper Acquisition(17) Assurance etc. about the Accuracy of Data Contents Security Control Action(20) Personal information Protection Committee Report and onsite Inspection Guidance and Advice Recommendation &Order Criminal Sanction against non compliance of the order 1 Scope 2 definition 2 definition & Policy to utilize 3 Subject’s right 4 breach report
  • 6. 2 Personal Information (APPI art.2(1)) • The term “personal information” as used in this Act means that information relating to a living individual which falls under any of each following item: • (i) those containing a name, date of birth, or other descriptions etc. (meaning any and all matters (…) stated, recorded or otherwise expressed using voice, movement or other methods in a document, drawing or electromagnetic record (…)); …) whereby a specific individual can be identified (including those which can be readily collated with other information and thereby identify a specific individual) • (ii) those containing an individual identification code
  • 7. 2 Personal Information- ”Anonymously processed information“ • ”Anonymously processed information“ in this Act means information relating to an individual that can be produced from processing personal information so as neither to be able to identify a specific individual by taking action prescribed in each following item in accordance with the divisions of personal information set forth in each said item nor to be able to restore the personal information processed information” in this Act means information relating to an individual that can be produced from processing personal information so as neither to be able to identify a specific individual by taking action prescribed in each following item in accordance with the divisions of personal information set forth in each said item nor to be able to restore the personal information
  • 8. 3 APPI is under review • Section 1 Personal rights regarding personal information • 2. Disclosure Request Status • 3. Status regarding suspension of use • 4). Opt-out regulations and status of measures for rosters • Section 2 How to Report Data breach • Current situation in Japan • Current status in other countries • review suggestion • Section 3 Existence of a mechanism that encourages voluntary efforts by businesses to protect personal information Direction • 1. Certified personal information protection organization system • 2. Status of Voluntary Initiatives by Business Operators • 3. review suggestion
  • 9. 3 APPI is under review • Section 4 Policies for Data Utilization • 1. Anonymous processing information system • 2. Current status of other data utilization policies • 3. Efforts by private businesses regarding the use of personal data • 4. Targeting ads • Section 5 Penalties • 1. Current situation in Japan • 2. Current status in other countries • 3. The nature of money imposed under Japanese laws and regulations
  • 10. 4 Rikunabi case Recruit Career Job seeker Info score DMP follow service
  • 11. Market /Features • Oligopoly • My Navi • Recu Navi • Features • New graduate recruitment support market
  • 12. DMP follow service • 1)Recruit Career created a prediction model from applicant’s behavior for contracted companies • based on the applicant’s result of selection/rejection/withdrawal and applicant’s browsing and behavioral history. • 2) Recruit Career calculate the possibilities of the withdrawal and sell the result. • based on the applying student information provided by the contracted company for the current fiscal year • behaviral log on the “Rikunavi”
  • 13. Before 2019 Recruit Career Job seeker Info score ID provided/Calculated based on ID Judge
  • 14. Before 2019 Recruit Career Job seeker Info score ID provided/Calculated based on ID Judge
  • 15. Timeline of the case 日付 内容 2019/7/9 Hearing of Personal Information Protection Committee 2019/7/31 Personal Information Protection Committee pointed out that the expression of the privacy policy might be difficult for students to understand, and suspended the provision of DMP follow 2019/8/1 Announced press release from Recruit Career 2019/8/2 Investigation by Tokyo Labor Bureau 2019/8/2 the privacy policy on some screens is incomplete 2019/8/3 Fixed deficiencies in privacy policy 2019/8/4 Decided to cease “DMP Follow” service 2019/8/5 Press release regarding deficiencies in privacy policy consent and cease of services for 7,983 students at DMP Follow 2019/8/5 Started requesting data deletion from companies
  • 16. Timeline of the case-2 日付 内容 2019/8/9 Apology for 7,983 students started 2019/8/21 a special page opened to identify whether or not you have been subject to DMP Follow 2019/8/22 Apology for all members of Rikunabi 2020 2019/8/26 PPC‘s Recommendations (42)and Guidance based on Law (41) 2019/9/6 Instructed by Tokyo Labor Bureau for violating the Employment Stabilization Law and guidelines based on the Law
  • 17. PPC‘s Recommendations (42)and Guidance based on Law (41) • Fact • Riku Nabi did not make appropriate decisions regarding legal compliance and did not properly examine the legal application relationship(...) • This violates the provisions of Article 20 of the Act. • Due to the lack of administrative procedures when the privacy policy was revised in March 2019, the necessary consent was not obtained from some members. (...) • This violates the provisions of Article 20 of the Act. • When providing personal data to a third party, it is necessary to obtain the consent of the person. (...) • This is a violation of Article 23, Paragraph 1 of the Act.
  • 18. Instruction by Tokyo Labor Bureau • 1.For all the recruitment information provision businesses, including Rikunabi, which we conduct, confirm that there are no violations of the Stabilization Law and that the Stabilization Law Guidelines are being observed, as well as improve business operations and systems, etc. To take necessary corrections and preventive measures. • 2. For all employment placement businesses of the Company, confirm that there are no violations of the Stabilization Law and that the Stabilization Law Guidelines are being observed, and take necessary corrections and measures to prevent recurrence. • 3. Seriously respond to inquiries from students who have been subject to the provision of information that presumes the possibility of withdrawal from Rikunabi DMP Follow, and polite explanation of the information and its provision Take appropriate measures such as. • 4. In future business operations, conduct business in accordance with the purpose of the recruitment information provision business and employment placement business.