Balancing Surveillance and Privacy: A Critical Analysis of Japan’s Act on the Protection of Personal Information (APPI) in the Age of Facial Recognition Technology

Japan's Act on the Protection of Personal Information (APPI), as comprehensively amended in 2022, represents the centrepiece of Japan's data protection architecture. Yet the rapid proliferation of facial recognition technology (FRT) in both public and private spaces has exposed critical lacunae in the existing statutory framework. This article undertakes a doctrinal and comparative analysis of the APPI's capacity to regulate FRT, benchmarking it against the European Union's General Data Protection Regulation (GDPR) and the proposed EU Artificial Intelligence Act. Drawing on Supreme Court jurisprudence interpreting Article 13 of the Japanese Constitution, the article argues that Japan's current legal framework is structurally deficient in four respects: the absence of a dedicated biometric data protection regime, insufficient restrictions on law enforcement use of real-time facial recognition, an inadequate regulatory enforcement architecture, and the lack of a meaningful proportionality framework. The article proposes a three-tiered legislative reform agenda that harmonises constitutional privacy imperatives with Japan's international obligations and its adequacy recognition agreement with the European Union. Our analysis contributes to comparative data protection scholarship and to the emerging literature on AI governance in East Asia.

Keywords: Act on the Protection of Personal Information; Facial Recognition Technology; Biometric Data; Japan; GDPR; Artificial Intelligence; Constitutional Privacy; Surveillance