The increasing commercial value of personal data has led to a surge in privacy violations and data leaks. To ensure adequate protection of personal data, major countries recognize the necessity of enacting comprehensive data protection legislation and continually strengthening regulations surrounding data collection, usage, sharing, and international transfer. On the other hand, as personal data becomes an indispensable driver of today's digital economy, major countries are also emphasizing the importance of enhancing the utilization of personal data. Many have adopted the novel concept of "de-identification" through technical measures to strike a balance between data protection and utilization. In short, de-identification refers to the process of making data non-identifiable to any specific individual through technical means. Currently, this concept is categorized into "anonymization" and "pseudonymization." Anonymization requires that de-identified data cannot identify any specific individual and is "irreversible," while pseudonymization retains the potential for re-identification. This article provides a detailed comparison of de-identification regulations (anonymization and pseudonymization) in major countries, with a focus on Japan, where specific provisions on anonymization and pseudonymization have been enacted. Based on comparative law, it also examines the current regulatory framework in Taiwan. The author suggests that, initially, Taiwan should promote de-identification mechanisms, including anonymization and pseudonymization through guidelines. In the medium to long term, it would be advisable to assess practical developments and consider establishing dedicated regulations under Personal Data Protection Act.