Speech delivered at the Keidanren Seminar EU-Japan - Privacy and Data
Ladies and gentlemen,
Let me first thank the Keidanren for organising this seminar. I am very happy to address you today at this critical moment for the EU-Japan business relationship.
This is the first time an EU Commissioner for Justice visits Japan. But it is also my very first time in Tokyo. I am very impressed with the way this city is running, with your beautiful parks and infrastructure. I got a chance to take a metro ride and got lost at the Shibuya crossing.
And I was also looking forward to visit a country of your great writer Murakami, [whose books I enjoy reading]. In one of them he wrote that ‘Mutual understanding is of critical importance. There are those who say that ‘understanding' is merely the sum total of our misunderstandings”.
I came here to do basically this; to build more mutual understanding with my Japanese colleagues, especially the PPC, and push forward our talks on adequacy of personal data protection systems.
But I have already had positive and fruitful meetings with my counterparts in the Japanese government – with the Ministry of Economy, Trade and Industry (METI), the Ministry of Justice (MOJ), and the Ministry for Internal Affairs and Communications (MIC) – and of course with the Personal Information Protection Commission (PPC).
I was also impressed by this morning's visit to some of the iconic Japanese high tech companies.
With this visit, I want to show, first and foremost, that the European Union and Japan share similar values with respect to human rights and personal data protection.
The landmark trade agreement that the EU and Japan concluded last week, the Economic Partnership Agreement, is also a testimony of our renewed strategic partnership that promotes our interests and values.
My main objective here is to complement the trade agreement with simultaneous adequacy findings to ensure free flow of personal data. Data are emerging among the most important assets of the 21st century economy and are underpinning the trade relations. We want to get it right, so both you and your European partners can fully enjoy the potential of our economies.
The EU's commitment to the objective of reaching simultaneous adequacy findings between our two economies early next year is clear.
I believe we are making good progress.
First of all, we noticed many things in common between the EU and Japanese system. I will come back to this in a moment.
But there are also some relevant differences that need to be clarified.
We have finished mapping the existing differences and entered a new phase in our talks. Now we started discussing practical solutions to bridge these differences. It is clear that these solutions must be legally binding and enforceable.
If we show good will and creativity in finding solutions, I am confident that we can adopt adequacy findings next year without the necessity of amending the APPI.
There are several reasons for my optimism, but the main one is that we, Japan and the EU, have lots in common when it comes to data protection.
First, we both understand that in our data-driven economy, data protection is central to consumer trust.
It gives a competitive advantage to businesses which can use their high privacy standards to attract and retain customers.
In other words, we both view data protection as a benefit, rather than a burden.
Second, the EU and Japan value data protection as a fundamental right. That is why we have both put in place a comprehensive data protection law with strong principles and obligations for data processing, individual rights and independent oversight at its core.
This is the gold standard for data protection. And it is bound to be the global standard for the future.
These convergences between our two systems are crucial for us. They constitute the very basis for a possible finding that Japan provides a level of data protection that is broadly comparable to our own EU rules.
And an 'adequacy finding' will be key for you, the business community, as it will ensure the free flow of data between the EU and Japan, in the same way as between two EU Member States. Together with the the EU-Japan trade agreement this will provide Japanese businesses with easy access to the EU market and a clear competitive advantage compared to business operators in other parts of the world.
An adequacy decision would be great news for business as it would allow for the transfer of personal data from the EU to Japan without the need for extra authorisations.
This will cut red tape and thus reduce costs. And of course boost business!
But for these benefits to materialise, we need to make sure that the adequacy decision is well prepared.
In the EU, because data protection is a fundamental right, adequacy decisions are subject to strict scrutiny – including from our highest court. This is why I have explained to my Japanese counterparts that we need to address the open issues and build bridges.
Only this will allow us to adopt a solid decision which will withstand any political or legal challenge. And only this will ensure legal certainty and trust.
We have made progress – but we are not yet there.
The remaining issues to be addressed are essential. They concern elements of protection which are indispensable for an adequacy decision.
But, as I said, it will require creativity, flexibility and commitment on both sides. We need commitment not only from authorities, but also stakeholders, including you and companies that your organisation represents.
I am optimistic as one of the key take-away from my meetings in Tokyo is that my interlocutors and I are determined to make adequacy happen.
Beyond this, I know that creativity and flexibility are some of the very talents that Japan – and especially the Japanese businesses – are famous for.
Ladies and gentlemen,
My visit marks another high point in our privileged data dialogue with Japan.
I am confident that our discussions, including with this seminar today, will help improve our mutual understanding and provide important feedback for our work on data protection and data flows.
Let me conclude by insisting that what I want to build with Japan goes beyond adequacy.
Together, we can shape the global standards for data protection and show common leadership in this important field, to the benefit of both our citizens and business.
As you may know, in May next year in Europe our new data protection framework becomes applicable. All businesses that deal with personal data in Europe will have to comply with these rules.
Those of you whose businesses include personal data in Europe must know it very well and you know that the changes are also good for businesses.
The GDPR will offer one set of rules for the whole EU, replacing the kaleidoscope of the existing solutions. It will be one law for one continent.
With the new rules, non-EU companies, including Japanese, will apply, when offering their services to customers in the EU, the same rules as EU companies; thus creating a level playing field.
The new rules are also technologically neutral and fit for innovation and big data analytics. They encourage privacy-friendly techniques such as pseudonimysation, anonymisation, encryption and data protection by design and by default.
Of course our data adequacy talks already take into account the new legislation.
But I would appreciate your input also about EU's GDPR and your experience in complying with it. At the end of January we will publish Guidance on the GDPR and a practical online questions and answers tool aimed primarily at SMEs and citizens. I would also like to have your feedback on this tool as this is crucial for the success of this endeavour.
I am therefore committed to continue the dialogue with you.
I hope we will find more opportunities to discuss these important issues, perhaps next time in Brussels. Thank you.