This article can be read in about 2 minute 56 seconds
The most difficult thing when doing cross-border e-commerce is the laws of each country, not increasing access or making a profit.
Of course, the cooperation of experts should be sought for actual operation, but at the stage where a single business operator plans to expand sales overseas, the contents of this book should be known without fail. .
You can't just say "I didn't know" about rules that are different from Japan, such as the CCPA in California in the United States and the GDPR in this book.
At our company, we actively cooperate with our clients in their cross-border EC plans, but at that time, we should be able to give advice quickly and appropriately to the extent that the client's ideas have risks. I believe.
If the description is written in Japanese and the transaction is made in Japanese yen, it can be understood that the transaction is conducted within Japan, so it is considered that the GDPR does not apply (paragraph 23 of the preamble).Even if a person in the EU participates in the transaction, it is clear that they are participating in the transaction after understanding that it is a transaction in Japan, so it is only necessary to consider the application of Japanese law.If you are doing a transaction as an individual, if you have English notation, if you accept euro-denominated payments, if it is clear that you can receive orders from within the EU as overseas shipping is possible, GDPR compliance There are applications.
Many readers may be wondering why GDPR is such a strict regulation.This seems to be due to the fact that in Europe, based on the history of discrimination based on personal information, data protection is strongly guaranteed as a basis of human rights.Nazi Germany used personal information (personal data) to persecute Jews, and the technology of private companies was used to collect personal information of Nazi Germany.Because of this "negative history," Europeans have strong resistance to the collection and storage of personal information without their knowledge.Data protection is indeed a major human rights issue in Europe.
Considering all reasonably possible means, if there is a possibility that a natural person can be identified directly or indirectly, it becomes personal data, and the scope is wider than personal information under the Personal Information Protection Law. can do.However, in the case of the GDPR as well, whether or not it is “related to an identified or identifiable natural person (“data subject”)” is determined after considering various contexts.For example, under the Act on the Protection of Personal Information, telephone numbers are considered to be non-personal information as they do not have personal identification. Under the GDPR, it is considered personal data.