Problems relating to Trade and Investment on EU
23. Inefficient administrative procedures, regimes and practices |
|||
Issue |
Issue details |
Requests |
Reference |
| (1) Directive on the Protection of Personal Information | - Discussions are underway whether to beef up / amend EU directive on the protection of individuals personal data. The current EU Directive 95/46/EC directs the member states to permit the transfer of personal data to a third country outside of EU only when an adequate level of protection, which is equivalent to the directive, is ensured, with the exception of special circumstances. However, since the current level of protection under the Japanese scheme is not considered as being adequate level of protection, enterprises globally operating both in Japan and EU must choose between the only two alternatives: observance of the two personal data protection schemes of EU and Japan, or non-transfer of personal data from EU to Japan. - While each EU member state incorporates into the respective domestic law and implements EU data protection directive, in reality, there exits a vast difference by and among the member states. Consequently, in formulating an individual enterprise's personal information protection policy, distinction must be made into two segments, one that allows common approach and the other that deals with individual cases. - The going Directive 95/46/EC on the protection of personal data heavily burdens enterprises by its requirement, among others, for signature on the contracts for data disposal when carrying out personal information to the outside of EU/EEA. - Article 25 of EU Directive 95/46/EC provides: "the transfer to a third country of personal data may take place only if ... The third country in question ensures an adequate level of protection." As it stands, EU does not regard Japan as a country ensuring an adequate level of protection. Nevertheless, Japan severely, thoroughly protects and safeguards Personal Data under Act on the Protection of Personal Information, JISQ15001, etc. In addition, it is indispensable for Enterprises with footholds abroad to acquire and utilise personal information of their employees. In order to observe the EU Directive, conclusion of Agreement is indispensable between the Group Enterprises in EU and outside EU on Transfer of Personal Data. A Firm that globally operates Group Enterprises extensively must complete complex procedures that necessitate an extensive work both in Japan and in EU. - Proposal for a Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) casts shadows of anxiety over the Japanese affiliated enterprises operating in and out of the EU Member States on account of heavier workload and increased cost that become obstacles and impact on their business activity. - A Proposal on General Data Protection Regulation that the European Commission released in 2012 (EU GDP Regulation) contains provisions that could harm business on Provision of Service over the Internet, more precisely as follows: (1)Excessive Fines (2% of worldwide turnover) and their disposal (which should be deployed for cyber security measures, etc. in case of damage brought by hackers), (2)Compulsory notification of personal data breach to the Supervisory Authority: (It is technically difficult to confirm the actual leakage within 24-hours), (3)Ambiguous definition for Personal Data / Data Subject (It should exclude anonymous information which is incapable of individual identification, in as much as so doing can materially interfere with business operation in the "Big Data" Era), and (4)Further streamlining and speeding up of the Binding Corporate Rule for Transfer of Personal Data to Third Countries or International Organisations. |
- It is requested that Japan and EU first of all work together expeditiously to confirm if the Japanese "law on the protection of personal information" provides an adequate level of protection at the same level as the EU Directive. (The ideal ultimate goal is to establish worldwide compatibility of the system to protect personal information in each country.) - European commission envisages formulating uniform data protection within EU by single regulation. While the draft regulation envisages enforcement by the end of 2015, it has come up with new arguments, including the right to be forgotten and more severe requirements concerning agreement. - It is requested that EU streamlines the requirement concerning the Directive on the protection of personal data. - It appears that the Draft amendment of Directive on Protection of Personal Data addresses issues such as unitisation of rules and supervisory institution in the key Member States within the EU. It is requested that EU materialises increased transparency and simplification of procedures in the amended Directive. - It is requested that EU makes the proposed regulation within the reasonably rational limit both in contents and the targeted application by giving due consideration to the impact upon the actual business activity of enterprises. - It is needless to mention the importance of Protecting Personal Data and Information. However, it is requested that the authorities concerned pays special caution in avoiding the harm to the Users' Convenience, to the Enterprises' Innovative Business Activity, and not to bind overly the hands of enterprises engaged in the Worldwide Business Activity. |
- Directive 95/46/EC - A Proposal on General Data Protection Regulation |
| (Info) - Article 25 of Data Protection Directive 95/46/EC empowers the Commission to decide whether the third country in question ensures an adequate level of protection. However, Japan is not designated as such third country by the Commission. - Commission's Regulations concerning standard contractual clauses on transfer of personal data to third countries and data processing enterprises in third countries is enforced in April 2002. - In January 2012, European Commission released draft regulation on general data protection, which was adopted in April 2016 by the Council of the European Union and European Parliament. |
|||
| (Action) - At Japan-EU Regulatory Reform Dialogue, GOJ presented to EU its request for improvements. |
|||
| (2) Nebulous Implementation of EU Regulations | - EU Directive provides for limitation of collection for accounts receivable (A/R) within 60 days of the accrual date of A/R. It is said that this EU Directive is observed particularly in France under its domestic law. However, it is not certain if the French law applies to A/R payable for customers within the Member States outside France. | - In introduction of new taxation scheme, and changes in taxation scheme and in taxation rate, it is requested that the European Commission takes steps to: -- ensure provision of opportunities for exchange of dialogues with foreign funded enterprises and -- ensure transparency by giving sufficient and proper explanation, etc. |
|
| (3) e-Privacy Directive (Cookie Regulation) | - While not being enforced in all EU member states, cookie regulation came into force in 2011, seeks user's consent before the website operator places on his/her device the cookie, employed for online customers' experience improvement activity. Views are divided among the member states whether the user's advance approval should be expressly obtained or if implicit approval is allowable. If the former is necessary, it might affect (bar) business activity. | - The directive is devoid of guidelines on the key areas, as to what constitutes effective agreement. It has met with criticisms for being unrealistic, de facto unfeasible. For the sake of fair and square implementation of the directive, a clear-cut and practically definitive work guidance is indispensable. | - Directive 2002/58 on Privacy and Electronic Communications |
| (4) Member States' Language Requirements on Small Products | - Increasing number of the member states are stipulating into the domestic laws, the requirement for use of the individual languages of all member states on the packages of all products for sale. (Eg., Royal Decree No. 1368/88, Spain). | - On small, non-complicated products (batteries, electric bulbs, headphones,...), from technical/economic reasons, this requirement is virtually impossible to comply. This forms a barrier to transactions, severely frustrating development and sales of small, standardised products. The use of logo mark, replacing all these languages should be allowable. | - Example: Spanish Royal Decree 1368/88 |
<<BACK |