Employee Monitoring Laws in Japan: APPI, Labor Standards Act, and 2026 Compliance Guide

APPI and Employee Monitoring Data: What the Law Requires

The APPI (個人情報の保護に関する法律, Act on the Protection of Personal Information) is Japan's primary data protection statute. Enacted in 2003 and substantially amended in 2017, 2022, and most recently in January 2026, APPI classifies employee activity records generated by monitoring tools as personal information (個人情報) because they are directly linked to an identifiable individual employee.

This classification is not a matter of interpretation. A screenshot of an employee's screen, an application usage log showing which programs were active and for how long, a productivity score derived from keystroke and mouse activity intensity — all of these qualify as personal information under APPI Article 2(1). They describe a natural person who can be identified by employee ID, name, or their association with specific device records.

The Purpose Specification Requirement (利用目的の特定)

APPI Article 17 requires businesses collecting personal information to specify the purpose of use as precisely as possible (利用目的の特定). For workplace monitoring, this means employers must define in writing why each category of monitoring data is collected. "To assess employee performance" is too broad. "To verify that contracted working hours are being fulfilled and to identify productivity patterns for workload management" is an adequate specification.

Purpose specification is not just a policy-drafting exercise. Under APPI Article 18(1), employers may not use personal information beyond the scope of the stated purpose without re-notifying the employee. An employer who deploys monitoring for time-tracking purposes and then uses the same data for disciplinary investigation is operating outside the stated purpose, which constitutes an APPI violation.

Prior Notice (事前通知) as the Core Consent Mechanism

Japan's approach to employee monitoring consent differs fundamentally from the GDPR model. GDPR requires a documented lawful basis (typically legitimate interest, with a formal assessment). APPI requires prior notice (事前通知) rather than explicit, documented consent for most monitoring activities. Under APPI Article 21, businesses must notify individuals of the purpose of personal information use before or immediately after collection begins.

In practice, prior notice for employee monitoring is delivered through one or more of the following mechanisms:

• Employment contract (雇用契約書): A specific clause identifying the monitoring tools used, the data collected, and the purpose. This is legally binding and provides the clearest prior notice.
• Company rules (就業規則): Under the Labor Standards Act, companies with 10 or more employees must file company rules with the Labor Standards Inspection Office (労働基準監督署). Including monitoring terms in the company rules constitutes legal notice to all employees.
• Separate monitoring policy: A standalone document distributed to all employees, typically requiring a signed acknowledgment. This is best practice for employers deploying multiple monitoring tools.
• System login notice: A notice screen displayed when employees log into monitored systems. This supplements but does not replace the above contractual mechanisms.

The January 2026 APPI Revision and Cross-Border Data Transfers

The APPI revision effective January 2026 did not fundamentally change domestic monitoring rules. Its primary impact on workplace monitoring is on cross-border data transfers under revised Article 24. Employers using cloud-based monitoring software hosted on servers outside Japan must now verify that the overseas vendor provides a level of data protection equivalent to APPI standards, and must disclose this third-party transfer in the employee-facing privacy notice.

The Personal Information Protection Commission (PPC, 個人情報保護委員会) has published a list of countries deemed to meet APPI-equivalent standards. As of 2026, this list includes the European Economic Area (by mutual recognition), but does not include the United States on a blanket basis. Employers using US-based monitoring software vendors must assess the vendor's data handling on a case-by-case basis and document this assessment. Employers with regional operations should also review Singapore PDPA requirements, which impose parallel cross-border transfer obligations under similar adequacy frameworks.

Power Harassment (パワーハラスメント) and the Upper Limit on Monitoring Intensity

Japan's Individual Labor Disputes Resolution Act, as amended in 2020 (mandatory for large employers) and 2022 (extended to SMEs), established a legal prohibition on power harassment (パワーハラスメント) in the workplace. This law sets the practical upper limit on how intensively an employer may monitor employees before the monitoring itself becomes an actionable legal harm.

Power harassment is defined as conduct that: (1) uses a superior position, (2) exceeds what is necessary for work, and (3) harms the working environment of an employee. Workplace monitoring can constitute power harassment when it meets all three criteria. The MHLW's explanatory guidance on the power harassment law identifies "excessive supervision and surveillance" as a specific example of power harassment falling under the category of "invasion of personal rights" (精神的な攻撃 or 個の侵害).

What Monitoring Crosses into Power Harassment Territory

Japanese labor lawyers and the MHLW guidance distinguish between legitimate monitoring (which serves a documented business purpose and is proportionate) and excessive monitoring (which creates psychological distress without commensurate business justification). The following monitoring practices carry significant power harassment risk in Japan:

• Continuous live screen viewing with real-time confrontation: Monitoring a remote employee's screen at all times and immediately challenging them whenever the screen shows non-work content — rather than reviewing data periodically for management purposes — can constitute harassment through constant intimidation.
• Keystroke recording used to time bathroom breaks: Using activity monitoring data to penalize employees for short offline periods in ways that deny basic human needs is a recognized example in MHLW guidance on monitoring proportionality.
• Monitoring personal communications on work devices without specific notice: Accessing personal messaging app data or personal email on work devices without specific prior notice that personal communications are subject to monitoring crosses the boundary into personal sphere invasion.
• Using monitoring data as the exclusive basis for disciplinary action without independent investigation: Japanese courts have generally held that monitoring data can support an investigation but does not on its own justify immediate disciplinary action without hearing the employee's explanation.

How Proportionate Monitoring Avoids Harassment Risk

Proportionate monitoring in Japan shares three characteristics. First, it is oriented toward aggregated patterns rather than continuous individual surveillance — reviewing weekly productivity trends rather than watching an individual employee minute by minute. Second, the data collected is limited to what is genuinely necessary for the stated business purpose. Third, employees know what data exists about them and have access to their own records, which reduces the power asymmetry that makes monitoring feel threatening.

eMonitor's design reflects these principles. Monitoring runs during declared work hours only. Employees have access to their own productivity records and time data through personal dashboards. Screenshot frequency is configurable rather than continuous. These design choices serve the practical function of keeping monitoring within the bounds Japan's power harassment framework allows.

MHLW 2021 Telework Guidelines and Remote Worker Monitoring Rules

The Ministry of Health, Labour and Welfare issued updated Telework Guidelines (テレワークの適切な導入及び実施の推進のためのガイドライン) in March 2021 in direct response to Japan's accelerating remote work adoption during the COVID-19 period. These guidelines carry significant practical weight: while not themselves statutes, they represent the government's authoritative interpretation of how existing law applies to remote work, and Labor Standards Inspection Offices (労働基準監督署) reference them in enforcement actions.

The MHLW 2021 Telework Guidelines address monitoring in three specific contexts: working hours management, communication and supervision, and protection of the home environment.

Working Hours Management for Remote Workers

The guidelines confirm that employers bear the same working hours management obligations for teleworkers as for office workers. The MHLW explicitly permits — and implicitly encourages — the use of objective electronic records, including PC login/logout timestamps and monitoring software activity records, as the primary method of verifying remote worker hours. The guidelines state that employers may use automated tools to track working hours, provided employees are informed in advance.

Critically, the guidelines also address discretionary work arrangements (裁量労働制) and flex-time systems (フレックスタイム制), both common in Japanese knowledge work. Even under these flexible arrangements, employers must track total hours worked to ensure compliance with the Work Style Reform overtime caps. An employee on a discretionary work arrangement does not exempt the employer from the obligation to know how many hours that employee worked in a given month.

Communication and Supervision Rules

The MHLW guidelines address a practical concern many Japanese managers raise: how to supervise remote workers without being physically present. The guidelines explicitly state that employers may use communication tools, activity monitoring software, and scheduled check-ins for supervision purposes, but must avoid creating a situation where employees feel under continuous oppressive observation. The phrase used is "appropriate supervision without excessive monitoring" (適正な管理であって過度な監視でないこと).

This standard is functionally similar to the GDPR framework as a global benchmark for proportionality but is articulated differently in Japanese law. The test is not whether a lawful basis exists for the monitoring — prior notice satisfies that — but whether the monitoring intensity is appropriate to the supervision purpose. Checking activity dashboards once or twice per day is appropriate. Demanding real-time screen access and interrogating employees about every offline period is not.

Home Environment Privacy Protections

The MHLW guidelines include an important protection specific to the home office context. Employers monitoring remote workers must not collect data about the employee's home environment — family members visible in video calls, household sounds, the physical layout of the home workspace — beyond what is strictly necessary for work purposes. This aligns with Article 13 of Japan's Constitution, which protects the right to privacy as part of individual dignity.

For monitoring software, this principle means that tools configured to capture screenshots should exclude or blur content unrelated to work applications, and audio monitoring should never be deployed in the home office environment without explicit, specific consent in the employment contract.

Employee Rights Under the APPI Regarding Monitoring Data

Japan's employee monitoring laws give workers specific rights over the personal data generated about them. These rights are enforced by the Personal Information Protection Commission (個人情報保護委員会, PPC), the independent agency responsible for APPI implementation.

Post the 2022 APPI amendment, the four core employee rights regarding monitoring data are as follows.

Right to Disclosure (開示請求権)

Employees may request disclosure of the personal information held about them, including monitoring records. APPI Article 33 requires employers to disclose this information "without delay" upon a valid request. Employers may charge a reasonable fee for processing disclosure requests. Disclosure may be refused only on narrow grounds, including when disclosure would reveal third-party information or when disclosure is prohibited by another law.

Right to Correction and Deletion (訂正・削除請求権)

Under APPI Articles 34 and 35, employees may request correction of inaccurate personal information and deletion of data that is no longer necessary for the stated purpose. An employee who believes their productivity score was calculated incorrectly based on erroneous data may request correction. An employee who has left the company may request deletion of monitoring records beyond the legally required retention period.

Right to Opt Out of Third-Party Transfer (第三者提供拒否権)

APPI Article 27 gives employees the right to opt out of third-party transfers of their personal data in certain cases. This is particularly relevant when employers use monitoring platforms that aggregate anonymized data for benchmarking. If an employee objects to their data being included in such aggregation, APPI provides a basis for that objection.

Right to Stop Use (利用停止・消去請求権)

APPI Article 35 allows employees to request that employers stop using their personal information when the use falls outside the stated purpose or when the collection itself was unlawful. This right effectively gives employees a mechanism to challenge monitoring that exceeds the scope described in the original privacy notice.

How eMonitor Supports Japan APPI and Labor Law Compliance

eMonitor's architecture directly addresses the compliance requirements Japanese law imposes on monitoring software. Each design choice corresponds to a specific legal obligation in the APPI and Labor Standards Act framework.

Work-hours-only monitoring: eMonitor activates only after employee clock-in and stops at clock-out. This configuration directly satisfies MHLW Telework Guideline requirements for boundaries on home environment monitoring, and supports prior notice by ensuring that actual data collection matches what the employer's privacy notice promises.

Employee-visible dashboards: APPI gives employees the right to request disclosure of their personal data. eMonitor's employee-facing dashboard provides real-time access to the employee's own productivity records, time data, and activity summaries without requiring a formal DSAR process. This design reduces power asymmetry and demonstrates the transparency that Japan's power harassment framework requires.

Configurable screenshot frequency: MHLW guidance and the power harassment prohibition both point toward proportionate rather than continuous monitoring. eMonitor allows administrators to configure screenshot frequency — from several times per hour down to disabled — enabling employers to match the actual collection scope to what is described in their privacy notice and what is proportionate to their stated purpose.

Role-based access controls: APPI requires that personal data be accessible only to those with a legitimate need. eMonitor restricts monitoring data to authorized managers and HR personnel, with configurable role-based access. Individual employees see their own data; managers see their teams; HR and executive dashboards aggregate across the organization. This data access structure is documentable for DSAR compliance and cross-border transfer assessments.

Encrypted, timestamped audit logs: Japanese courts have found monitoring records admissible as evidence when they are unaltered, timestamped, and stored with documented chain of custody. eMonitor stores all records in encrypted logs with immutable timestamps, supporting both internal compliance documentation and legal proceedings when needed.

Automated overtime alerts: Labor Standards Act Article 36 overtime caps create legal liability for employers whose employees exceed monthly limits. eMonitor's configurable overtime alert system notifies managers when employees approach overtime thresholds, enabling proactive workload management before a violation occurs.

Frequently Asked Questions: Employee Monitoring Laws in Japan