What is anonymously processed information?

Irreversible
Anonymization standard
No re-identific
Legal requirement
Not personal in
APPI status
5+ items
Common anonymization techniques
The Short Answer

Anonymously processed information is personal data that has been irreversibly anonymized so that individuals cannot be identified, and it is no longer regulated as personal information under Japan’s APPI.

What the Law Says

Under Japan’s Act on the Protection of Personal Information (APPI), anonymously processed information is defined as information derived from personal information that has undergone prescribed anonymization measures — making re-identification impossible — and is therefore excluded from the scope of 'personal information' and 'pseudonymized information'.

The APPI distinguishes between personal information, pseudonymized information, and anonymously processed information. Only the first two remain subject to APPI obligations; anonymously processed information is expressly excluded from regulation because it poses no risk of identifying individuals.

To qualify, anonymization must be irreversible: technical and organizational measures must ensure that neither the processor nor any third party can identify the individual — even with reasonable effort — using the processed data alone or in combination with other information reasonably available.

The law requires that anonymization be performed according to standards set by the Personal Information Protection Commission (PPC), including removal or alteration of identifiers (e.g., names, IDs, addresses) and application of techniques like generalization, suppression, noise addition, or k-anonymity.

Statutory Text

‘Anonymously processed information’ means information that has been processed, in accordance with standards prescribed by the Personal Information Protection Commission, from personal information in such a manner that the specific individual cannot be identified and that it is not possible to restore the information to personal information.

Act on the Protection of Personal Information, s. 2(9) — Definition of anonymously processed information
Statutory Text

Anonymously processed information is not included in the definition of ‘personal information’ or ‘pseudonymized information’ under this Act.

Act on the Protection of Personal Information, s. 2(10) — Exclusion from definitions

What to Do

1

Confirm your data processing meets PPC-prescribed anonymization standards (e.g., removal of direct/indirect identifiers, k-anonymity ≥5, suppression of rare values).

2

Document all anonymization methods, parameters, and validation steps taken.

3

Ensure no internal or external data source — alone or combined — can reasonably re-identify individuals from the processed data.

4

Do not retain original personal information or mapping keys after anonymization.

5

Review anonymization periodically, especially if new auxiliary data becomes publicly available.

Sources

statuteAct on the Protection of Personal Information, s. 2(9) — Definition of anonymously processed informationstatuteAct on the Protection of Personal Information, s. 2(10) — Exclusion from definitions

Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.