Ladies and gentlemen,
I am very glad to be for the second time in Tokyo. My last visit in December was very productive as Japan and EU are working towards mutual adequacy findings to let personal data flow freely between our economies.
I came here again to push forward our talks on adequacy of personal data protection systems.
At least one important thing happened since I last was here. As you know, the EU has reformed its data protection rules, and the General Data Protection Regulation – or GDPR – entered into application exactly one week ago, on 25 May.
And this day certainly did not go unnoticed. I learned for example that last week, the GDPR had more hits on Google than Beyoncé. This clearly shows that there is a wide interest when it comes to privacy and data protection, not only among experts but among the real people.
For the EU, the 25th of May marks the completion of a process of intensive debate and reflection on how to best protect our citizens’ personal data. And also how to balance this with the legitimate interests of businesses.
Now, many of you in the audience do business in Europe or with European partners and I am sure the question you have asked yourself is: do we have to comply with the GDPR. The answer is yes, if you target individual customers in the EU market.
GDPR offers important benefits for businesses both European and foreign. For instance, the harmonisation and simplification brought about by the GDPR will make life much easier for companies, as they will now only have to deal with one set of rules. They will also benefit from reduced compliance costs and flexible tools to meet their obligations.
The importance of having strong data protection frameworks has once again been highlighted by the recent Facebook/Cambridge Analytica scandal. Like a magnifying glass, these abuses focus our attention on some core challenges that we face today when we think about the protection of personal data.
And the reality is that we leave our data basically at every step we take, especially in the digital world. So, in Europe, we realise that if we want the digital revolution to be embraced by the people, the people need to have some trust in the digital economy.
Data protection is therefore directly linked to trust: individuals who are afraid that others will not respect their privacy, or fail to protect the security of their data, quickly lose confidence and will be reluctant to share those data. Trust is thus a key resource of the digital economy.
I believe in Japan you will have a very similar challenge.
But through the months of intense talks between the EU and Japan we have learnt that the European Union and Japan share similar values with respect to human rights and personal data protection.
The landmark trade agreement that the EU and Japan concluded last year, the Economic Partnership Agreement, is also a testimony of our renewed strategic partnership that promotes our interests and values.
As we are preparing for the trade deal to enter into force and bring benefits for our businesses and consumers, it is extremely important to conclude our talks on simultaneous adequacy findings to ensure free flow of personal data.
I think an ambitious modern trade relationship is impossible without free flow of data.
As our most ambitious tool to enable international data flows, our mutual adequacy finding would allow the transfer of personal data between the EU and Japan without the need to fulfil any further requirements, and would therefore ensure the free flow of data in the same way as between two EU Member States.
This would give Japanese businesses privileged access to the EU market and provide a competitive advantage compared to business operators in other parts of the world.
That's why the EU's commitment to the objective of reaching simultaneous adequacy findings between our two economies as soon as possible is clear. But of course the quality is more important than speed.
I believe we are making good progress. We for instance found a solution to bridging relevant differences between the two systems such as the Supplementary Rules that will be adopted by Personal Information Protection Commission (PPC), following the public consultations that ended last week.
I believe we have the end line in sight, but there is still some work to do ahead of us. So both sides need to remain extremely determined, focused and show good will in finding solutions.
In the end, both the EU and Japan value data protection as a fundamental right. That is why we have both put in place a comprehensive data protection law with strong principles and obligations for data processing, individual rights and independent oversight at its core.
This is the gold standard for data protection. And it is bound to be the global standard for the future.
In fact, when we look around, we see a clear trend towards global convergence. This is true for Europe’s Neighbourhood, but also for Latin America and parts of Africa. In the US, a resolution was introduced in Senate last week that encourages companies to apply GDPR protections to US citizens.
Last but not least, it is increasingly true for the Asia-Pacific region, especially for Japan.
Let me also recall an important recent development at international level: two weeks ago, 51 State Parties agreed to modernise Convention 108, the only binding international treaty in the area of data protection.
This includes countries from around the world, from South and Central America to Africa, the South Pacific and Europe.
Japan is an observer to this Convention and, we hope, one day will become a full Party, thereby confirming its commitment to the privacy in the Asian region.
Joining this Convention would be another step towards convergence of our data protection systems, which share many similarities and are based on the same core principles.
Let me conclude by stressing again that EU and Japan are strategic partners on this more and more volatile and unpredictable geopolitical scene.
What we are working on here with Japan goes beyond adequacy.
I believe that by working together, we can shape the global standards for data protection and show common leadership in this important field, to the benefit of both our citizens and business.