Free flowing data between the UK and Japan

On Friday 11 September 2020, after three months of negotiation, the UK and Japan secured a free trade agreement. The terms of the deal were agreed in principle between the Secretary of State for International Trade, Elizabeth Truss and Japan’s Foreign Minister Motegi Toshimitsu. Official details of the deal have not yet been released with the agreement still needing to be ratified by the Japanese parliament, which is not expected to happen before December 2020.

The trade deal, concluded in ‘record time’, represents the UK’s first major agreement post-Brexit and is estimated to increase UK-Japan trade by £15bn. Whilst symbolic, critics have cited that the deal is only set to boost the UK’s GDP by 0.07% in the short-term, a fraction of the 5% that is expected to be lost from leaving the EU’s single market and custom union.

Data sharing

Whilst the deal is similar in many ways to the one struck between the EU and Japan, which took effect last year, the government has said that it will include digital and data provisions that go ‘far beyond’ the European counterpart, and which enable the ‘free flow of data whilst maintaining high standards of protection for personal data.’ At present, it is not exactly clear how this will be achieved, with the agreement looking more likely to make a small number of liberalisations to the EU-Japan deal.

Important to the success of the agreement were recent steps that Japan has taken to strengthen the country’s data protection mechanisms that were put in place in the run-up to the EU-Japan deal. These include:

• The implementation of a set of supplementary rules that bridge a number of differences between the two data protection systems. Most notably, Japan extended the definition of sensitive data to facilitate the exercise of individual rights and further transfers of Europeans’ data from Japan to another third country (onward transfers) are also subject to a higher level of protection.
• The Japanese government has given assurances that it will only access personal data that is necessary and proportionate in respect of criminal law enforcement and national security matters.
• A complaint-handling mechanism has been put in place to investigate and resolve complaints about Japanese public authorities and their access to data.

Similarly to the way that data flows freely between the EU and Japan, without the need for additional safeguards (which would typically be required under Article 46 GDPR), the UK-Japan deal is also looking to uphold the principles of net neutrality – whereby all data on the internet is be treated equally by internet service providers, irrespective of its origin. In looking to achieve this, data localisation regulations enforcing how data can be processed in a certain territory are banned under the agreement. This will be of particular interest to UK financial services firms which will no longer have to bear the extra cost of setting up servers in Japan.

The two countries have also agreed that they will not mandate disclosure of source code of software or algorithms, or share encryption information with the other country. This is marginally more expansive than the EU-Japan deal, which still mandates disclosure of source code of algorithms.

Next steps

Once the official details of the trade deal have been released, businesses will need to assess the extent to which their data sharing falls within the scope of the agreement. These decisions will also need to be made in the context of the UK’s currently uncertain data sharing relationship with the EU.