This document is an excerpt from the EUR-Lex website
Document 22024A01304
Protocol amending the Agreement between the European Union and Japan for an economic partnership
Protocol amending the Agreement between the European Union and Japan for an economic partnership
Protocol amending the Agreement between the European Union and Japan for an economic partnership
ST/16006/2023/INIT
OJ L, 2024/1304, 14.5.2024, ELI: http://data.europa.eu/eli/agree_prot/2024/1304/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
ELI: http://data.europa.eu/eli/agree_prot/2024/1304/oj
Official Journal |
EN L series |
2024/1304 |
14.5.2024 |
PROTOCOL AMENDING THE AGREEMENT BETWEEN THE EUROPEAN UNION AND JAPAN FOR AN ECONOMIC PARTNERSHIP
THE EUROPEAN UNION and JAPAN,
HAVING reassessed the need for inclusion of provisions on the free flow of data into the Agreement between the European Union and Japan for an Economic Partnership, signed at Tokyo on 17 July 2018 (hereinafter referred to as ‘the Agreement’), in accordance with Article 8.81 of the Agreement,
HAVE AGREED AS FOLLOWS:
Article 1
The table of contents of the Agreement shall be amended by deleting the words ‘Articles 8.70 to 8.81’ and replacing them with the words ‘Articles 8.70 to 8.82’.
Article 2
Article 8.71 of the Agreement shall be amended by deleting the word ‘and’ at the end of subparagraph (a), by deleting the period at the end of subparagraph (b)(ii) and replacing it with a semicolon, and by inserting the following subparagraphs immediately after subparagraph (b)(ii):
‘(c) |
“covered person” means:
|
(d) |
“personal data” means any information, relating to an identified or identifiable natural person.’. |
Article 3
Article 8.81 of the Agreement shall be replaced by the following:
‘Article 8.81
Cross-border transfer of information by electronic means
1. The Parties are committed to ensuring the cross-border transfer of information by electronic means where this activity is for the conduct of the business of a covered person.
2. To that end, a Party shall not adopt or maintain measures which prohibit or restrict the cross-border transfer of information set out in paragraph 1 by:
(a) |
requiring the use of computing facilities or network elements in the territory of the Party for information processing, including by requiring the use of computing facilities or network elements that are certified or approved in the territory of the Party; |
(b) |
requiring the localisation of information in the territory of the Party for storage or processing; |
(c) |
prohibiting storage or processing of information in the territory of the other Party; |
(d) |
making the cross-border transfer of information contingent upon use of computing facilities or network elements in the territory of the Party or upon localisation requirements in the territory of the Party; |
(e) |
prohibiting the transfer of information into the territory of the Party; or |
(f) |
requiring the approval of the Party prior to the transfer of information to the territory of the other Party (1). |
3. Nothing in this Article shall prevent a Party from adopting or maintaining measures inconsistent with paragraphs 1 and 2 to achieve a legitimate public policy objective (2), provided that the measure:
(a) |
is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade; and |
(b) |
does not impose restrictions on transfers of information that are greater than necessary to achieve the objective. (3) |
4. Nothing in this Article shall prevent a Party from adopting or maintaining measures on the protection of personal data and privacy, including with respect to cross-border transfers of information, provided that the law of the Party provides for instruments enabling transfers under conditions of general application (4) for the protection of the information transferred.
5. This Article does not apply to cross-border transfer of information held or processed by or on behalf of a Party.
6. A Party may at any time propose to the other Party to review the measures listed in paragraph 2.’.
Article 4
The following Article shall be inserted after Article 8.81 of the Agreement:
‘Article 8.82
Protection of personal data
1. The Parties recognise that individuals have a right to the protection of their personal data and privacy as provided for by the laws and regulations of each Party and that high standards in this regard contribute to trust in the digital economy and to the development of trade. Each Party recognises the right of the other Party to determine the appropriate level of the protection of personal data and privacy, to be provided for by their respective measures.
2. Each Party shall endeavour to adopt measures that protect individuals, without discrimination based on grounds such as nationality or residence, from personal data protection violations occurring within its jurisdiction.
3. Each Party shall adopt or maintain a legal framework that provides for the protection of personal data related to electronic commerce. In the development of its legal framework for the protection of personal data and privacy, each Party should take into account the principles and guidelines of relevant international bodies. The Parties also recognise that high standards of privacy and data protection as regards government access to privately held data, such as those outlined in the OECD Principles for Government Access to Personal Data held by Private Sector Entities, contribute to trust in the digital economy.
4. Each Party shall publish information on the protection of personal data and privacy it provides to users of electronic commerce, including:
(a) |
how individuals can pursue remedies for a breach of the protection of personal data or privacy arising from digital trade; and |
(b) |
guidance and other information regarding compliance of businesses with applicable legal requirements for the protection of personal data and privacy.’. |
Article 5
Article 8.63 of the Agreement shall be deleted.
Article 6
This Protocol shall enter into force in accordance with paragraphs 1 and 2 of Article 23.2 of the Agreement.
Article 7
1. This Protocol, in conformity with Article 23.8 of the Agreement, is drawn up in duplicate in the Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish, Swedish and Japanese languages, all of these texts being equally authentic.
2. In the event of any divergence of interpretation, the text of the language in which this Protocol was negotiated shall prevail.
IN WITNESS WHEREOF, the undersigned, duly authorised to this effect, have signed this Protocol.
(1) For greater certainty, subparagraph 2(f) does not prevent a Party from:
(a) |
subjecting the use of a specific transfer instrument or a particular cross-border transfer of information to approval on grounds relating to the protection of personal data and privacy, in compliance with paragraph 4; |
(b) |
requiring the certification or conformity assessment of ICT products, services and processes, including Artificial Intelligence, before their commercialisation or use in its territory, to ensure compliance with laws and regulations consistent with this Agreement or for cybersecurity purposes, in compliance with paragraphs 3 and 4, and Articles 1.5, 8.3 and 8.65; or |
(c) |
requiring that re-users of information protected by intellectual property rights or confidentiality obligations resulting from domestic laws and regulations consistent with this Agreement, respect such rights or obligations when transferring the information across borders, including with regard to access requests by courts and authorities of third countries, in compliance with Article 8.3. |
(2) For the purposes of this Article, “legitimate public policy objective” shall be interpreted in an objective manner and shall enable the pursuit of objectives such as the protection of public security, public morals, or human, animal or plant life or health, or the maintenance of public order or other similar objectives of public interest, taking into account the evolving nature of digital technologies.
(3) For greater certainty, this paragraph does not affect the interpretation of other exceptions in this Agreement and their application to this Article, and the right of a Party to invoke any of them.
(4) For greater certainty, in line with the horizontal nature of the protection of personal data and privacy, “conditions of general application” refer to conditions formulated in objective terms that apply horizontally to an unidentified number of economic operators and thus cover a range of situations and cases.
ELI: http://data.europa.eu/eli/agree_prot/2024/1304/oj
ISSN 1977-0677 (electronic edition)