Takashi Nakazaki
Office:
Otemachi Park Building
1-1-1 Otemachi, Chiyoda-ku
100-8136
City:
Tokyo
Country:
Japan
Tel:
+81 3 6775 1086

Questions and Answers:

Who's Who Legal Thought Leaders - Data

Takashi Nakazaki has been consistently ranked as one of the top lawyers in the fields of data protection and information security over the past several years. He published a bestselling publication about GDPR in April 2018. In addition, he regularly assists the Japanese government in the areas of data protection and cyber law including in respect of the AI and Data Contracts Guidelines. Takashi leads both the IAPP Tokyo as co-chair and the technology and information practice group of Anderson Mōri & Tomotsune.

YOU MAINTAIN A BROAD TMT AND IT PRACTICE. WHAT ATTRACTED YOU TO SPECIALISE IN THESE AREAS?

Technology continues to advance rapidly in both the TMT and IT fields, constantly creating new possibilities for business. It generally takes a substantial period of time to establish laws in Japan and an even longer period of time to establish new or amend current laws to address and keep pace with the rapid changes that are brought about through the implementation of new technologies. This has created a need within the TMT and IT sectors for practical legal advice and is the type of challenging and exciting work which attracted me to this practice.

WHAT IS THE PROUDEST ACHIEVEMENT OF YOUR CAREER TO DATE?

In the beginning of the IoT era, I supported a global IoT project which used healthcare data to develop financial service products. The project was subject to complex regulations including healthcare data protection and financial regulatory issues as well as cultural barriers and it took a substantial period of time to negotiate the project with the relevant authorities.

I also advised one of the largest online service providers in Japan on a significant data leak caused by a cyberattack. The leaked data included personal data and I advised the provider on how to notify the relevant authorities and compensate victims for the breach. I also worked closely with the provider, with the cooperation of forensic experts, to advise on identifying the cause of the leak and implementing technological and organisational countermeasures.

HOW HAS INCREASED REGULATORY ACTIVITY AROUND THE WORLD IMPACTED YOUR PRACTICE?

Over the past several years many regions and countries have adopted regulations on the cross-border transfer of personal data and data localisation policies to protect important data. Global service providers and online service providers are subject to such regulations, including in particular the GDPR and the Cybersecurity Law of China. We have supported many international and domestic clients with respect to issues arising under these various regulatory regimes in conjunction with many partner law firms all over the world.

AMENDMENTS TO THE JAPANESE ACT ON THE PROTECTION OF PERSONAL INFORMATION (APPI) CAME INTO EFFECT IN MAY 2017. WHAT IMPACT, IF ANY, HAVE THESE CHANGES HAD ON THE MARKET?

Under the amended APPI, new restrictions on cross-border transfers were introduced. These restrictions apply not only to the provision of information to third parties but also to the outsourcing of data processing and the sharing of personal data among group companies. As a result of the amendments many Japanese companies were required to amend the terms of use of their websites or products or obtain prior consent from the data subjects. Also, in order to ensure the traceability of the flow of personal data, the APPI imposes obligations on entities to maintain a record of disclosures. This record-keeping obligation is unique to Japan and was introduced in light of a significant data breach by an educational service provider that occurred several years ago in Japan. In this particular case, the authorities could not sufficiently trace the flow of personal data. The parties on which such traceability obligations are imposed differ depending on whether the data transfer is domestic or cross border. For disclosure within Japan, such obligations are imposed on both the disclosing party and the receiving party while for cross-border transfers, such obligations are only imposed only on the disclosing party in Japan and not on the receiving party in the foreign country. Practically, the traceability requirement would impose a high burden on Japanese companies, especially where they handle a large amount of personal data.

WHAT ARE THE GREATEST CHALLENGES CURRENTLY FACING JAPANESE AND INTERNATIONAL COMPANIES IN YOUR AREAS OF PRACTICE?

The greatest challenges currently facing Japanese and international companies are issues involving the GDPR. Many Japanese companies have not analysed the GPDR and are unaware of the extra-territorial nature of the regime even after its implementation.  Other Japanese companies, while aware of the GDPR’s applicability to them, remain unprepared for the regime. In particular, many online service providers understand that they have to appoint a representative but experience difficulty in finding a qualified person in the EU to act in this role.

HOW DOES ANDERSON MŌRI & TOMOTSUNE HELP CLIENTS OVERCOME THESE CHALLENGES?

Our technology and information practice group has a wealth of experience in this area including with respect to the GDPR. We usually provide our clients with a basic summary of the GDPR and discuss with them to determine their compliance policies for the GDPR. We further advise our clients, with our European partner firms, on the requirements for special categories of data, the requirements around consent and explicit consent and review policies and procedures.

TO WHAT EXTENT HAVE CLIENTS BECOME MORE PROACTIVE RECENTLY IN ADDRESSING CYBER SECURITY THREATS?

The Japanese government has repeatedly issued warning messages and guidelines on cyber security risks and an increasing number of Japanese clients are recognising the importance of taking cyberthreats seriously and are accordingly increasing their budgets for cyber security countermeasures. This change is significant among operators in the critical information infrastructure industry sector such as providers of information and communication services, financial services and electric power supply services.

Many Japanese companies have also adopted IR disclosure on their cyber security countermeasures. Some of our Japanese clients have focused on data-sharing activities via ISAC and cyberattack drills and have also considered cyber security risk insurance.

HOW DO YOU SEE THE AREA DEVELOPING OVER THE NEXT FIVE YEARS?

An increased amount of data protection and data localisation regulations are anticipated over the next five years which may likely create a heavy burden on the business sector. The Japanese government is, however, very enthusiastic about developing big data and AI businesses and has enacted new legislation enabling patient data transfer under an opt-out method and established new preferential treatments including a tax break. I would expect there to be an increase in the legal consideration paid to the AI and data business in Japan over the coming years.

Biographies:

Who's Who Legal Data: Information Technology

Takashi Nakazaki is special counsel at Anderson Mori & Tomotsune with broad experience in the areas of data protection and privacy (including big data and IoT), information security, intellectual property including copyright and trademarks, licensing (including software licences and patent licences), and payment services (including credit cards and pre-paid cards). Further, he has experience working on matters relating to cyber law issues such as cloud computing, domain names, e-commerce, and social media and other technology related areas (including computer forensics, digital copyright, software development and open source code), telecommunications, labour and general corporate law.

In the area of cyber law, he frequently advises various international and domestic online service companies including operators of online games, social games, online gambling, SNS and live streaming. In addition, he regularly assists the Japanese government in data protection and cyber law areas including the national Omote-nashi (Hospitality) project and continuously leads IAPP Tokyo as a co-chair.

Recently, he has focused on artificial intelligence, casino, e-sport, gambling, social media and robot issues, and also contributes to the IBA technology committee and AIPPI Japan as an editorial board member.

Mr Nakazaki has been ranked as one of the top lawyers in the data protection and information security field for the last several years. He leads the technology and information practice group of Anderson Mori & Tomotsune.

Mr Nakazaki received his LLB from the University of Tokyo (1998), and holds an LLM from Columbia Law School (2008). He worked for Arnold & Porter LLP (September 2008–June 2009) before resuming his position at Anderson Mori & Tomotsune.

WWL says: Takashi Nakazaki has strong experience across the IT sector and draws high praise for his standout work on IP, licensing and e-commerce matters.

This biography is an extract from Who's Who Legal: Data which can be purchased from our Shop.

Who's Who Legal Data: Telecoms & Media

Takashi Nakazaki is special counsel at Anderson Mori & Tomotsune with broad experience in the areas of data protection and privacy (including big data and IoT), information security, intellectual property including copyright and trademarks, licensing (including software licences and patent licences), and payment services (including credit cards and pre-paid cards). Further, he has experience working on matters relating to cyber law issues such as cloud computing, domain names, e-commerce, and social media and other technology-related areas (including computer forensics, digital copyright, software development and open source code), telecommunications, labour and general corporate law.

In the area of cyber law, he frequently advises various international and domestic online service companies including operators of online games, social games, online gambling, SNS and live streaming. In addition, he regularly assists the Japanese government in data protection and cyber law areas including the national Omote-nashi (Hospitality) project and continuously leads IAPP Tokyo as a co-chair.

Recently, he has focused on artificial intelligence, casino, e-sport, gambling, social media and robot issues, and also contributes to the IBA technology committee and AIPPI Japan as an editorial board member.

Mr Nakazaki has been ranked as one of the top lawyers in the data protection and information security field for the last several years. He leads the technology and information practice group of Anderson Mori & Tomotsune.

Mr Nakazaki received his LLB from the University of Tokyo (1998), and holds an LLM from Columbia Law School (2008). He worked for Arnold & Porter LLP (September 2008–June 2009) before resuming his position at Anderson Mori & Tomotsune.

WWL says: Takashi Nakazaki is well known for his first-rate work across the TMT sector as well as his expert handling of both regulatory and transactional matters.

This biography is an extract from Who's Who Legal: Data which can be purchased from our Shop.

Who's Who Legal Japan - Data

Takashi Nakazaki is special counsel at Anderson Mori & Tomotsune with broad experience in the areas of data protection and privacy (including big data and IoT), information security, intellectual property including copyright and trademarks, licensing (including software licences and patent licences) and payment services (including credit cards and pre-paid cards). Further, he has experience working on matters relating to cyber law issues such as cloud computing, domain names, e-commerce, and social media and other technology related areas (including computer forensics, digital copyright, software development and open source code), telecommunications, labour and general corporate law.

In the area of cyber law, he frequently advises various international and domestic online service companies including operators of online games, social games, online gambling, SNS and live streaming. In addition, he regularly assists the Japanese government in data protection and cyber law areas including Contract Guidance on Utilization of AI and Data and continuously leads IAPP Tokyo as a co-chair. He also published a best-selling publication on GDPR in April 2018.

Recently, he has focused on artificial intelligence, casinos, e-sports, gambling, social media and robot issues, and also contributes to the IBA technology committee and AIPPI Japan as an editorial board member.

Mr Nakazaki has been ranked as one of the top lawyers in the data protection and information security field for the last several years. He leads the technology and information practice group of Anderson Mori & Tomotsune.

Mr. Nakazaki received his LLB from the University of Tokyo (1998), and holds an LLM from Columbia Law School (2008). He worked for Arnold & Porter LLP (September 2008 – June 2009) before resuming his position at Anderson Mori & Tomotsune.

WWL says: Takashi Nakazaki is a highly regarded IT lawyer with first-rate expertise in cyber, e-commerce and technology matters.

This biography is an extract from Who's Who Legal: Japan which can be purchased from our Shop.

Follow us on LinkedIn

Practice Areas

Firms

Browse Firms

Search Firms

The Who's Who Legal 100

Awards

News & Features

Special Reports

Events

Shop

About Us

It is not possible to buy entry into any Who's Who Legal publication

Nominees have been selected based upon comprehensive, independent survey work with both general counsel and private practice lawyers worldwide. Only specialists who have met independent international research criteria are listed.

Copyright © 2019 Law Business Research Ltd. All rights reserved. | http://www.lbresearch.com

87 Lancaster Road, London, W11 1QQ, UK | Tel: +44 20 7908 1180 / Fax: +44 207 229 6910

http://www.whoswholegal.com | editorial@whoswholegal.com

Law Business Research Ltd

87 Lancaster Road, London
W11 1QQ, UK