{"id":61921,"date":"2024-03-21T21:17:41","date_gmt":"2024-03-21T12:17:41","guid":{"rendered":"https:\/\/monolith.law\/en\/?p=61921"},"modified":"2024-04-17T22:39:29","modified_gmt":"2024-04-17T13:39:29","slug":"gdpr-extraterritorial-application","status":"publish","type":"post","link":"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application","title":{"rendered":"GDPR: What Happens When It's Applied Extraterritorially? Explaining How to Respond"},"content":{"rendered":"\n<p>The General Data Protection Regulation (GDPR) is a set of rules established by the EU to protect personal information and regulate its handling. If you are offering goods or services within the EU, there is a possibility that the GDPR may apply to your business. However, some may not know whether their company falls under the scope of the GDPR or what to do if it does.<\/p>\n\n\n\n<p>This article will explain the scope of the GDPR, what actions to take if it applies to you, and the required responses. There is also a Q&amp;A section on GDPR compliance, so please use it as a reference.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Scope_of_Application_of_the_GDPR\" title=\"Scope of Application of the GDPR\">Scope of Application of the GDPR<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#What_Must_Companies_Do_to_Comply_with_the_GDPR\" title=\"What Must Companies Do to Comply with the GDPR?\">What Must Companies Do to Comply with the GDPR?<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Appointing_a_Representative_in_the_EUUK\" title=\"Appointing a Representative in the EU\/UK\">Appointing a Representative in the EU\/UK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Specifying_in_the_Privacy_Policy\" title=\"Specifying in the Privacy Policy\">Specifying in the Privacy Policy<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Penalties_for_Not_Appointing_a_Representative\" title=\"Penalties for Not Appointing a Representative\">Penalties for Not Appointing a Representative<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Duties_Required_of_a_Representative\" title=\"Duties Required of a Representative\">Duties Required of a Representative<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Article_30_Record_Processing\" title=\"Article 30 Record Processing\">Article 30 Record Processing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Handling_Inquiries_from_Data_Subjects_or_Supervisory_Authorities\" title=\"Handling Inquiries from Data Subjects or Supervisory Authorities\">Handling Inquiries from Data Subjects or Supervisory Authorities<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Q_A_on_the_Application_of_the_GDPR\" title=\"Q&amp;A on the Application of the GDPR\">Q&amp;A on the Application of the GDPR<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Is_GDPR_Compliance_Necessary_If_There_Are_No_Plans_for_International_Expansion\" title=\"Is GDPR Compliance Necessary If There Are No Plans for International Expansion?\">Is GDPR Compliance Necessary If There Are No Plans for International Expansion?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#What_Measures_Are_Necessary_When_Launching_a_Cross-Border_E-Commerce_Site_Targeting_the_EU_Region\" title=\"What Measures Are Necessary When Launching a Cross-Border E-Commerce Site Targeting the EU Region?\">What Measures Are Necessary When Launching a Cross-Border E-Commerce Site Targeting the EU Region?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#What_are_the_differences_between_the_GDPR_and_the_UK_GDPR\" title=\"What are the differences between the GDPR and the UK GDPR?\">What are the differences between the GDPR and the UK GDPR?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Summary_Consult_an_Expert_When_in_Doubt_About_the_Scope_of_GDPR\" title=\"Summary: Consult an Expert When in Doubt About the Scope of GDPR\">Summary: Consult an Expert When in Doubt About the Scope of GDPR<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/monolith.law\/en\/general-corporate\/gdpr-extraterritorial-application\/#Guidance_on_Measures_by_Our_Firm\" title=\"Guidance on Measures by Our Firm\">Guidance on Measures by Our Firm<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Scope_of_Application_of_the_GDPR\"><\/span>Scope of Application of the GDPR<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/jyosei.jpg\" alt=\"Woman\" class=\"wp-image-63700\" \/><\/figure>\n\n\n\n<p>The conditions under which the GDPR applies are stipulated in Article 3 &#8216;Territorial Scope&#8217; of the GDPR. The scope of application of the GDPR is divided into two cases: when there is an establishment within the EU and when there is not.<\/p>\n\n\n\n<p>The provisions for cases where there is an establishment within the EU are as follows:<\/p>\n\n\n\n<p>&#8220;It applies to the processing of personal data in the context of the activities of an establishment of a controller or processor in the Union, regardless of whether the processing takes place in the Union or not.&#8221;<\/p>\n\n\n\n<p>Reference: Personal Information Protection Commission | &#8216;<a href=\"https:\/\/www.ppc.go.jp\/files\/pdf\/gdpr-provisions-ja.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">General Data Protection Regulation (GDPR) Provisional Japanese Translation[ja]<\/a>&#8216;<\/p>\n\n\n\n<p>In other words, this indicates that the GDPR applies when there is an establishment of a controller or processor within the EU.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Controller<\/td><td>Entity that determines the purposes and means of processing personal data<\/td><\/tr><tr><td>Processor<\/td><td>Entity that processes personal data on behalf of the controller<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>For cases without an establishment within the EU, the scope of application includes the following two situations:<\/p>\n\n\n\n<ol>\n<li>When offering goods or services to individuals in the EU<\/li>\n\n\n\n<li>When monitoring the behavior of individuals in the EU<\/li>\n<\/ol>\n\n\n\n<p>The GDPR imposes strict restrictions on non-EU countries, and to freely transfer data, an &#8216;adequacy decision&#8217; is required. An adequacy decision is a certification determined through discussions by the European Commission, granted to countries or regions that ensure an adequate level of protection for personal data.<\/p>\n\n\n\n<p>Countries or regions without an adequacy decision must follow procedures such as SCCs or BCRs for data transfers outside the EU.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>SCC (Standard Contractual Clauses)<\/td><td>Mandatory provisions that must be included in data transfer agreements<\/td><\/tr><tr><td>BCR (Binding Corporate Rules)<\/td><td>Policies and rules for protecting personal data obtained from the European Economic Area (EEA) and sharing it with affiliated companies outside the EEA<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The difference with an adequacy decision is that there is no need to go through procedures such as SCCs or BCRs.<\/p>\n\n\n\n<p>An adequacy decision for Japan was announced in July 2018 during the regular Japan-EU summit, where efforts to operationalize the framework for the transfer of personal data were discussed. Subsequently, on January 23, 2019, Japan received an adequacy decision, and it was announced that &#8220;the EU and Japan have adopted a decision recognizing each other as providing an equivalent level of protection for personal data.&#8221;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Must_Companies_Do_to_Comply_with_the_GDPR\"><\/span>What Must Companies Do to Comply with the GDPR?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/thinki.jpg\" alt=\"What Must Companies Do to Comply with the GDPR?\" class=\"wp-image-63702\" \/><\/figure>\n\n\n\n<p>Companies subject to the GDPR must undertake the following two key actions:<\/p>\n\n\n\n<ul>\n<li>Appoint a representative in the EU\/UK<\/li>\n\n\n\n<li>Include specific information in their Privacy Policy<\/li>\n<\/ul>\n\n\n\n<p>Let&#8217;s delve into the details of each requirement.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Appointing_a_Representative_in_the_EUUK\"><\/span>Appointing a Representative in the EU\/UK<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Article 27 of the GDPR mandates that companies subject to the regulation&#8217;s extraterritorial application must designate a representative within the EU or UK.<\/p>\n\n\n\n<p>The term &#8216;representative&#8217; refers to a person appointed in writing by the controller or processor to act on behalf of the controller or processor with respect to their obligations under the GDPR.<\/p>\n\n\n\n<p>Not all companies operating within the EU are required to appoint a representative. The obligation to appoint a representative does not apply to companies in the following situations (Article 27 of the GDPR):<\/p>\n\n\n\n<ul>\n<li>Processing that is not occasional, and does not include processing of special categories of data or personal data relating to criminal convictions and offences on a large scale, and considering the nature, context, scope, and purposes of the processing, is unlikely to result in a risk to the rights and freedoms of natural persons<\/li>\n\n\n\n<li>When the entity is not a public authority or body<\/li>\n<\/ul>\n\n\n\n<p>Reference: Personal Information Protection Commission | &#8216;<a href=\"https:\/\/www.ppc.go.jp\/files\/pdf\/gdpr-provisions-ja.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">General Data Protection Regulation (GDPR) Provisional Japanese Translation[ja]<\/a>&#8216;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Specifying_in_the_Privacy_Policy\"><\/span>Specifying in the Privacy Policy<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Companies subject to the GDPR are required to specify in their Privacy Policy that they have appointed a representative.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Penalties_for_Not_Appointing_a_Representative\"><\/span>Penalties for Not Appointing a Representative<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/penalty.jpg\" alt=\"Penalty Provisions\" class=\"wp-image-63703\" \/><\/figure>\n\n\n\n<p>It is important to note that failing to appoint a representative, despite being within the scope of the GDPR, subjects an entity to penalties. The fines can amount to either a maximum of 1,000 euros or up to 2% of the entity&#8217;s total worldwide annual turnover, whichever is higher (GDPR Article 84, Paragraph 4).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Duties_Required_of_a_Representative\"><\/span>Duties Required of a Representative<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/jyosei2.jpg\" alt=\"Female representative\" class=\"wp-image-63704\" \/><\/figure>\n\n\n\n<p>When falling within the scope of the GDPR, it is generally required to appoint a representative. But what exactly are the duties expected of a representative? Here, we will explain in detail the responsibilities of a representative.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Article_30_Record_Processing\"><\/span>Article 30 Record Processing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Administrators or processors who place representatives in EU countries must share their processing records with their representatives. Furthermore, representatives are required to maintain these records in the same manner as the administrators or processors (GDPR Article 30).<\/p>\n\n\n\n<p>The following are examples of the information that must be recorded:<\/p>\n\n\n\n<ul>\n<li>Names and contact details of the administrator, DPO (Data Protection Officer), and others<\/li>\n\n\n\n<li>Purposes of processing<\/li>\n\n\n\n<li>Categories of data subjects and types of data processed<\/li>\n\n\n\n<li>Retention periods<\/li>\n\n\n\n<li>Deletion schedules<\/li>\n<\/ul>\n\n\n\n<p>A data subject is an identified or identifiable natural person to whom the personal data relates.<\/p>\n\n\n\n<p>In the event of a request from a supervisory authority, these processing records must be made available for use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Handling_Inquiries_from_Data_Subjects_or_Supervisory_Authorities\"><\/span>Handling Inquiries from Data Subjects or Supervisory Authorities<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>When inquiries are received from data subjects or supervisory authorities, the representative must respond on behalf of the administrator or processor (GDPR Article 27(3)). For example, if a data subject makes a request, the administrator must provide the information within one month (GDPR Article 12(3)). Additionally, representatives are required to cooperate with supervisory authorities and respond to their requests (GDPR Article 31).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Q_A_on_the_Application_of_the_GDPR\"><\/span>Q&amp;A on the Application of the GDPR<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/faq.jpg\" alt=\"FAQ\" class=\"wp-image-63705\" \/><\/figure>\n\n\n\n<p>We will answer some of the most common questions regarding the application of the GDPR below.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Is_GDPR_Compliance_Necessary_If_There_Are_No_Plans_for_International_Expansion\"><\/span>Is GDPR Compliance Necessary If There Are No Plans for International Expansion?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Generally, if there are no plans to expand internationally, compliance with the GDPR (General Data Protection Regulation) is not necessary. However, caution is required if there is a possibility of acquiring data from individuals within the EU, even without international expansion.<\/p>\n\n\n\n<p>Consider the following scenarios:<\/p>\n\n\n\n<ul>\n<li>Operating an e-commerce site and receiving inquiries or orders from individuals within the EU<\/li>\n\n\n\n<li>Acquiring online identifiers (such as IP addresses or cookies) of individuals within the EU through site visits<\/li>\n\n\n\n<li>Obtaining email addresses when responding to inquiries from individuals within the EU<\/li>\n<\/ul>\n\n\n\n<p>Even if you inadvertently acquire personal data from individuals within the EU, it does not necessarily mean you fall within the geographical scope of the GDPR, so there is no issue with non-compliance.<\/p>\n\n\n\n<p>Remember, GDPR compliance is necessary only if you have a base within the EU, or even without a base, if either of the following two conditions applies:<\/p>\n\n\n\n<ol>\n<li>You are offering goods or services to individuals within the EU<\/li>\n\n\n\n<li>You are monitoring the behavior of individuals within the EU<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Measures_Are_Necessary_When_Launching_a_Cross-Border_E-Commerce_Site_Targeting_the_EU_Region\"><\/span>What Measures Are Necessary When Launching a Cross-Border E-Commerce Site Targeting the EU Region?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>When launching a cross-border e-commerce site that includes the EU region as a target, there is a possibility of acquiring personal information from within the EU. The types of information that may be collected include:<\/p>\n\n\n\n<ul>\n<li>Name<\/li>\n\n\n\n<li>Email address<\/li>\n\n\n\n<li>Address<\/li>\n\n\n\n<li>Credit card information<\/li>\n\n\n\n<li>Purchase history<\/li>\n\n\n\n<li>Location data<\/li>\n\n\n\n<li>IP address &amp; Cookie ID<\/li>\n<\/ul>\n\n\n\n<p>If you collect this information, it is considered personal data under the General Data Protection Regulation (GDPR), and therefore, you must handle it in accordance with GDPR rules.<\/p>\n\n\n\n<p>First, it is advisable to review and revise your privacy policy to ensure GDPR compliance and to publish a privacy notice.<br>Related article: <a href=\"https:\/\/monolith.law\/corporate\/gdpr-privacy-policy\" target=\"_blank\" rel=\"noreferrer noopener\">Explaining Key Points for Creating a GDPR-Compliant Privacy Policy![ja]<\/a><\/p>\n\n\n\n<p>Then, follow these steps:<\/p>\n\n\n\n<ol>\n<li>Establish a cookie policy and obtain consent for the use of cookies from first-time visitors to your e-commerce site<\/li>\n\n\n\n<li>When collecting personal information, obtain consent for the &#8216;handling of personal data&#8217;<\/li>\n\n\n\n<li>Implement security measures to protect personal data and prevent data breaches<\/li>\n\n\n\n<li>Appoint a representative<\/li>\n<\/ol>\n\n\n\n<p>Additionally, as needed, review internal rules and create manuals for GDPR compliance, and revise contracts with outsourced service providers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_are_the_differences_between_the_GDPR_and_the_UK_GDPR\"><\/span>What are the differences between the GDPR and the UK GDPR?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The UK GDPR refers to the United Kingdom&#8217;s General Data Protection Regulation. The UK GDPR was enacted on January 1, 2021 (2021), following the UK&#8217;s departure from the EU. The GDPR is an EU regulation and does not apply within the UK.<\/p>\n\n\n\n<p>The UK GDPR applies in the following cases:<\/p>\n\n\n\n<ol>\n<li>When offering goods or services to individuals within the UK<\/li>\n\n\n\n<li>When monitoring the behavior of individuals within the UK<\/li>\n<\/ol>\n\n\n\n<p>If you are conducting business within the UK and the EU, it is necessary to comply with both the GDPR and the UK GDPR.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Summary_Consult_an_Expert_When_in_Doubt_About_the_Scope_of_GDPR\"><\/span>Summary: Consult an Expert When in Doubt About the Scope of GDPR<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/senmonka.jpg\" alt=\"Expert Male Professional\" class=\"wp-image-63706\" \/><\/figure>\n\n\n\n<p>If your company has a base within the EU, or even if it does not but provides goods or services to individuals in the EU or monitors their behavior, you fall within the scope of the GDPR. Companies subject to GDPR must designate a representative within the EU and clearly state this in their privacy policy.<\/p>\n\n\n\n<p>Failing to appoint a representative can result in substantial fines. Companies that are operating or considering expanding into the EU should comply with GDPR by designating a representative.<\/p>\n\n\n\n<p>If you are unsure whether your company falls under the scope of GDPR, we recommend consulting with an expert knowledgeable in international legal affairs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Guidance_on_Measures_by_Our_Firm\"><\/span>Guidance on Measures by Our Firm<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Monolith Law Office is a legal practice with extensive experience in IT, particularly in both the internet and legal fields. In recent years, global business has been expanding increasingly, and the need for legal checks by specialists is growing more than ever. Our firm provides solutions related to international legal affairs.<\/p>\n\n\n\n<p>Areas of practice at Monolith Law Office: <a href=\"https:\/\/monolith.law\/global-jpn2fgn\" target=\"_blank\" rel=\"noreferrer noopener\">International Legal Affairs &amp; Overseas Business[ja]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The General Data Protection Regulation (GDPR) is a set of rules established by the EU to protect personal information and regulate its handling. If you are offering goods or services within the EU, th [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":62127,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[24,29],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/61921"}],"collection":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/comments?post=61921"}],"version-history":[{"count":2,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/61921\/revisions"}],"predecessor-version":[{"id":62128,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/61921\/revisions\/62128"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/media\/62127"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/media?parent=61921"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/categories?post=61921"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/tags?post=61921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}