April 2021 to March 2022

Yusuke Koizumi (Chief Fellow, Institute for International Socio-Economic Studies)

In this research, we conducted a literature review and analysis of the following two themes, resulting in information and recommendations that we disseminated both internally and externally. 

(1) Research on advanced cases using facial recognition technology, and regulatory trends
Facial recognition is a useful non-contact technology for the post-COVID era because it does not require in-person interaction, and its use is becoming increasingly widespread both in Japan and overseas. In addition to services such as facial authentication that identify specific individuals, progress is also being made in the development of technologies such as emotion recognition (or affect recognition) that use facial images to infer an individual’s emotions, intentions or personality without necessarily identifying her/him, and it is hoped that these technologies can be put to practical use. However, there have been many criticisms and concerns about aspects such as privacy in services using facial recognition technology, especially in Europe, where remote biometric identification (automatic facial recognition, etc.) has been listed as a regulatory target in the draft AI regulation published by the European Commission, and in the United States, where state laws and ordinances are being enacted to address these concerns. In this study, we surveyed and analyzed regulatory trends along with advanced examples of services using facial recognition technology in Japan and overseas, and we examined appropriate measures for the deployment of facial recognition services. 

(2) Research on DFFT policy trends in each country
The Japanese government has been promoting DFFT (Data Free Flow with Trust) together with Europe and the United States, and has agreed with the EU on mutual adequacy decision for personal data transfer, and with the US in promoting the spread of APEC’s cross-border privacy rules (CBPR). However, a number of developments have hindered the implementation of DFFT, such as the invalidation of the EU-US Privacy Shield (the Schrems II judgment) by the Court of Justice of the European Union in 2020, and laws and policies allowing data localization and government access in Asian countries such as China, India, and Vietnam. In 2021, further problems arose when it was found that personal information held by a Japanese app company could be accessed by a Chinese outsourcing company. In addition to surveying these policy trends in various countries, we examined the measures that Japanese companies should take to ensure the smooth cross-border transfer of personal data and the expansion of businesses that use data.