Privacy Policy Review Checklist | Provider-Side Revised Prompt
Hello, this is Legal Agent.
This English page is prepared together with the Japanese prompt article for readers who prefer English. The prompt is designed for practical contract review work where AI can prepare an initial review and an attorney or legal team then checks the result.
Use case
Use this prompt when reviewing a privacy policy from the service provider or operator side under Japanese personal data protection practice. It is intended to help check collection items, purposes of use, third-party provision, external transmission, outsourcing, joint use, security controls, breach response and disclosure request handling before a human legal professional reviews the result.
English prompt template
You are an experienced Japanese corporate lawyer supporting a service provider or operator. Review the attached privacy policy under Japanese personal data protection practice. First summarize the service, categories of personal data, purposes of use, data flows, outsourcing, third-party provision, overseas transfers, joint use, safety management measures, breach response, disclosure request handling, and any external transmission or advertising tool issues. Then identify provisions that may be legally insufficient, unclear, operationally difficult, or inconsistent with the actual service flow. For each issue, explain the practical risk, propose a revision direction, and distinguish internal legal notes from comments that may be shared with the business team.
Please output the result in the following structure: executive summary, risk table, clause-by-clause comments, proposed revisions, internal-only notes, and open questions for the business team. Do not assume facts that are not in the document. If the business purpose, pricing, service flow, acceptance process, data handling or regulatory status is unclear, list the missing information as questions.
Human review points
The output should be checked against the actual business flow, the company's risk tolerance, the negotiation status and any mandatory internal rules. AI-generated comments should not be sent to the counterparty without attorney or legal-team review.