Protection of Privacy in Japan Provisions of the Constitution and Act The right to privacy is not clearly stipulated in the Constitution of Japan, but many courts of Japan have admitted it as a constitutional right based on Section 13 of Chapter I of the Constitution since 1964. Section 13 stipulates “All people’s right to life, liberty, and the pursuit of happiness shall, to the extent that it does not interfere with the public welfare, be the supreme consideration in legislation and in other governmental affairs.” In 1964, in one of the most famous cases, “Utagenoato”, the trial court stated at the first time that the right to privacy is essential for maintaining individual dignity and pursuing happiness, and thus is based on Section 13. However, since the courts admitted the right to privacy, there was no act realizing the right including the right to control (ex. disclose, delete, and modify) personal information for a long period of time. Therefore, only when the right to privacy was violated or was about to be violated, people were able to claim the right based on the Constitution. In 2005, responding to the development of information society which allowed companies to treat an enormous amount of personal information, the Act on the Protection of Personal Information was enacted. The purpose of this Act is to regulate business entity handling personal information in terms of protection of such personal information, and to give people the right to control their personal information. The main provisions of this Act are as follows: This Act applies only to business entity which has 5000 or more personal information at any time for recent six months.; Such entity shall specify the purpose of utilization of personal information as much as possible and shall not handle personal information about a person, without obtaining the prior consent of the person, beyond the scope necessary for the achievement of such purpose. ; In principle, the entity shall not provide personal information to a third party without obtaining the prior consent of the person. ; When the entity is requested by a person to disclose personal information, it shall disclose the information without delay. ; When the entity is requested by a person to correct, add, or delete personal information on the ground that the retained personal data is contrary to the fact, it shall make a necessary investigation without delay within the scope necessary for the achievement of the purpose of utilization and, on the basis of the results, correct, add, or delete the information. ; When the entity is requested by a person to discontinue using or to erase personal information on the ground that the information is used for reasons other than specified purpose of utilization, it shall discontinue using or erase the information without delay in principle. Problems of the Act on the Protection of Personal Information However, the effectiveness of this Act is doubtful at some points. First, as stated above, though the entity must obtain the consent of the person when it discloses his/her information to the third party, people are likely to provide consent unconsciously in a real world. By way of example, some applications that ask us to provide consent for sharing personal information with a third party on when we download them into our smartphone for free, but such notice is accompanied with other many notices and is too small to read on the smartphone screen. As a result, we just skip the notice and give them consent unconsciously. Consequently, especially on Internet, requiring the business entity to obtain the consent of its customers is often meaningless. Secondly, the penalty for breaching of the obligation of the business entity itself does not exist. Furthermore, though the penalty for violating orders requiring the business entity to take necessary measures to correct violation of its obligation exists, the amount of the penalty is not more than 300,000 yen, which is too low to work as a deterrent. In practice, the number of direct mail sent by a third party that uses personal information of another companies’ customers without the customers’ consent has not been decreasing after the effective date of the Act. Also, as mentioned above, though a person has the right to request the entity to discontinue using personal information, this provision does not apply to cases in which it costs large amount, and thus does not work well in some cases. For example, a certain on-line sales company does not delete personal information even after that person deleted the registration at the company and request to delete the information, claiming the huge costs. As a whole, the Act is not effective in terms of protecting personal information especially on Internet. Other Act and private efforts for protecting privacy on Internet As stated above, the Act on the Protection of Personal Information only applies to business entities. Therefore, when a private person discloses other’s personal information on Internet, people cannot claim the right to delete their personal information to that person based on this Act. Instead, people can ask a provider running the relevant website to delete the information based on the Act on the Protection of Personal Information. Also, private entities are attempting to make up for protecting privacy on Internet. For instance, Internet Association Japan was established in 2001. The aim of this association is to disperse rule/manner for people using Internet and to develop privacy protection system. Its supporting members are Internet providers and telecommunication companies, which enables the association to accomplish its purpose. Necessary changes in future Still, since these acts and private efforts are not enough to protect privacy on Internet, Japanese legislature should establish the act which focuses on protecting privacy on Internet (though Japanese legislature is unlikely to make such act at this stage.) Especially nowadays, children use Internet more often than adults and pay attention to their privacy much less than adults, and thus they are likely to be at risk of being violated their privacy. Consequently, establishing the act protecting children privacy like CPPOA in the U.S. is urgent need.

-- AyaNakamura - 01 Mar 2013

-- AyaNakamura - 01 Mar 2013