PPC Japan Releases Global Cross-Border Data Strategy

The Global Strategy

of the Personal Information Protection Commission

1 April 2026 Personal Information Protection Commission

1. Background
   With the importance of the secure and seamless cross-border data transfer, including personal information, has further increased with the development of digitalization, the Government of Japan is promoting "Data Free Flow with Trust" (DFFT) as a whole-of- government effort. In Japan, the Personal Information Protection Commission (the PPC) has played a leading role in the promotion and operationalization of DFFT at the international level, particularly in the field of personal information protection and privacy. In addition, the PPC does not take an exclusive approach, but aims at realizing an international environment with interoperability, while respecting the diverse personal information protection systems and international frameworks of relevant countries and regions, as well as taking into account the needs of businesses. In light of these developments, and in order to fulfill its statutory mandate under the jurisdiction of the PPC as stipulated in Article 132 of the Act on the Protection of Personal Information, the PPC sets out its international strategy from a medium- to long-term outlook, consisting of three pillars focusing on key areas of action, together with supporting initiatives, as follows.

2. Key Areas of Action
   To promote and operationalize DFFT, the PPC aims to develop an international environment that allows businesses to transfer personal information across borders securely and seamlessly, enabling them to choose the most suitable cross-border transfer scheme from multiple options according to their needs, while also facilitating the development and promotion of cross-border data transfer tools. At the same time, in order to address threats to DFFT and challenges related to economic security, the PPC will actively contribute to international discussions and work toward establishing global standards.

 Further development of the mutual adequacy arrangements *1 As a top priority, the PPC will aim for the early conclusion of consultations on expanding the scope of the mutual adequacy arrangements with the EU and the UK to the academia and the public sector. The PPC will also engage in discussions toward the establishment of new mutual adequacy arrangements with like-minded countries and regions that share fundamental values.

*1 Mutual adequacy arrangements：frameworks that facilitate seamless personal data transfers with countries or regions recognized as having personal information protection at a level systems substantially equivalent to that of Japan.

 Promoting the international corporate certification systems *2 The PPC will lead discussions on international corporate certification systems, primarily through the Global Cross-Border Privacy Rules (CBPR) Forum, and promote the expansion of participation by jurisdictions and businesses. In addition, with the aim of promoting the system domestically, the PPC will continue conduct public relations and outreach activities aimed at domestic businesses, while working to facilitate the participation of new Accountability Agents, and thereby creating an environment that encourages businesses to obtain certification.

*2 Corporate certification systems：systems for internationally certifying companies that meet certain personal data protection requirements.

Pillar 1: Developing an International Environment for the Secure and Seamless Cross-Border Transfer of Personal Information

 Initiatives towards the establishment of Global Model Contractual Clauses *3 (MCCs) The PPC will aim to introduce Global MCCs in a phased manner in cooperation with relevant countries and regions. The PPC will proceed with consideration toward the formulation of the Japan MCCs. While cooperating with relevant countries and regions, including through collecting information, the PPC will aim to enhance international interoperability by advancing consideration of conducting joint comparative research with precedents, such as the EU Standard Contractual Clauses (SCCs) and ASEAN MCCs.

*3 Model Contractual Clauses：model contractual clauses that set out measures necessary to maintain the level of protection for personal data transferred across borders.

 Addressing the risks surrounding personal information protection

The PPC will actively contribute to international discussions on risks surrounding personal information protection, such as unlimited government access, and will continue its work within international frameworks, including efforts to reflect these risks in the Organisation for Economic Co-operation and Development (OECD) Privacy Guidelines. Pillar 2: Strengthening international cooperative relationships with relevant countries and regions and developing new ones The PPC will participate in the global policy-making discussions within frameworks with like- minded countries and regions. In addition, the PPC will engage in the exchange of information on legal frameworks and enforcement practices regarding personal information protection, and discuss ways to enhance cooperative relationships, thereby deepening mutual understanding of legal systems and advancing cross-border enforcement cooperation. Furthermore, the PPC will work to strengthen bilateral and multilateral cooperative relationships, and develop new ones, to address the expansion of cross-border business activities and the growing volume of their international data transfers.

 Strengthening cooperative relationships in the multilateral and regional

frameworks The PPC will consolidate the outcomes of the G7 Data Protection and Privacy Authorities (DPAs) Roundtable as the unified voice of the G7 DPAs, and promote them at other international fora, to expand the common perspectives. In addition, the PPC will participate in international frameworks such as the Global Privacy Assembly (GPA) and the Asia Pacific Privacy Authorities (APPA), as well as conferences organized by private organizations, to communicate the PPC's initiatives and engage in exchanges of views.

 Strengthening bilateral and multilateral cooperative relationships and building

new ones The PPC will promote collaboration with relevant foreign authorities and work to strengthen relationships so as to ensure that the necessary cooperation can be reliably obtained when needed in specific enforcement cases. In addition, with a view to building effective cooperative relationships, the PPC will work toward the conclusion of new Memoranda of Cooperation (MOC) on personal information protection with like-minded countries and regions that share fundamental values. Furthermore, the PPC will also engage in cooperation, including support for the development and improvement of personal information protection legislation, prioritizing the Asia-Pacific region.

Pillar 3: Monitoring international developments and Public Communication The PPC will actively monitor the latest international developments regarding personal information protection and incorporate them into its policy-making process. Furthermore, in addition to the information collected, the PPC will effectively communicate its initiatives and related activities both domestically and internationally, ensuring that businesses operating across borders can utilize them.

 Monitoring international developments

The PPC will aim to build and expand networks with relevant countries and regions, as well as relevant organizations, to enable the appropriate collecting of meaningful information. The PPC will exchange information on relevant developments and challenges regarding technological innovations, such as artificial intelligence (AI), as well as social shifts. Furthermore, taking into account the latest global developments, the PPC will incorporate these insights into Japan's policy-making process.

 Public Communication

The PPC will widely share the information that the PPC collected, and make publicly available communicated to ensure it can be used by businesses operating across borders. In addition, the PPC will conduct research on foreign personal information protection legislation and provide information on its results. As a part of the PPC's initiatives, in addition to its domestic communications, the PPC will provide information internationally with the aim of fostering a deeper understanding among relevant authorities, experts, and businesses abroad through its website and Social Networking Services.

1. Strengthening Institutional Foundations and Human Resource Developme nt To implement the above initiatives, the PPC will secure sufficient human resources to carry out its duties properly and strengthen the organizational capacity for international operations by exploring secondment opportunities to international organizations, Japan's diplomatic missions and DPAs in relevant countries and regions. In addition, for the human resource development of its staff engaged in international affairs, the PPC will enhance their expertise and capabilities in presentation, facilitation and information-gathering.