What is the APPI?
From April 1, 2022, the Japanese Amended Act on the Protection of Personal Information (APPI) has brought about some significant changes, particularly in breach internal procedures, cross-border data transfers, and the requirements for obtaining cookie consent. In this article, we'll take a closer look at the new cookie consent requirements under the Amended APPI.
The revised APPI places a stronger emphasis on protecting the rights of individuals when it comes to transferring their personal data to third parties. Generally, organizations are now required to obtain the individual's consent before sharing any personal data with third parties. However, there's also an option for organizations to rely on an "opt-out consent" approach. This means that if individuals are properly informed and given the choice to object or opt out, their consent can be assumed. Regarding the use of cookies, especially third-party cookies, it's not explicitly stated whether organizations must obtain "opt-in consent" or rely on the "opt-out consent" mechanism.
In the context of this law, "opt-out consent" refers to a situation where user consent is assumed by default, and individuals have the freedom to choose not to participate or object to the processing of their data. On the other hand, the amended APPI specifically requires "opt-in consent" for the use of PRI (Personalized Recognizable Information). PRI differs from Personal Information as it doesn't directly identify individuals, but with the help of additional data elements, it can be used to create profiles and identify users. Therefore, it's recommended that companies using third-party advertising cookies (such as those used for targeted advertising and marketing) and social plug-in tracking cookies utilize a cookie consent banner that seeks "opt-in consent" from users.
By following these updated cookie consent requirements, organizations can ensure they comply with the Amended APPI and provide a transparent and respectful approach to handling personal data and user preferences.
If you want to know more about the different regulations you can access our article "Laws and regulations for each region"
What type of banner would comply with this?
This regulation, unlike others, is much stricter and clearer regarding the storage of personal data. Therefore, at illow, we recommend that to comply smoothly with this, taking into account the concepts of personal data and their distinct difference, your cookie banner should include the following:
- Include a Button to Reject Cookies: Although it does not specifically clarify a button as in other cases, we must provide an opt-out option that “takes effect immediately and is consistent.”
- Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
- Alert the User if the Website Shares Data with Third Parties: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
- Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.
- Include a Link to the Cookie Settings: This isn’t required under GDPR as long as users have the choice to reject all cookies. However, it does have the benefit of allowing users who would otherwise reject all cookies to permit some forms of data collection.
Observations: With illow´s GLOBAL banner, your site will be ready to comply with this regulation.
If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article