By Fumio Shimpo
Private data protection is one of the biggest issues in the global IT sector, and Japan is not an exception. The government, industry as well as NGOs have been pondering over ways to protect private information.
Japan is a member of the OECD, and its data protection legislation is influenced by the OECD privacy guidelines.
After adopting the guidelines, there were deliberations on private sector legislation, but as no laws were enacted, Japan introduced protection measures based on the guidelines.
Guidelines for voluntary controls began to be formulated in the late 1980s. Currently, guidelines issued by administrative organs include the OECD guidelines and the Japanese Industry Standards (JIS). Industry groups also voluntarily prescribed these guidelines. In addition, there are certification systems presently implemented in the private sector ― the “Privacy Mark System” (PMS).
The accreditation of the PMS requires third-party organizations to objectively evaluate the compliance of private enterprises with all relevant laws and regulations, including “JIS Q 15001.” The PMS is an effective tool, allowing private enterprises to demonstrate that they are in compliance with the law and that they have voluntarily established a personal information protection management system with a high level of protection. Around 10,000 Japanese companies are using the PMS.
The Japanese data protection legislative structure is based on three main laws related to the protection of personal information, enacted on May 30, 2003. The Personal Information Protection Act is the key legislation setting out basic principles and applies to both the public and private sectors.
Currently, the Consumer Commission reviews the Data Protection Act for possible amendments of the Personal Information Protection Act. However, Japan does not have any national data protection authority to meet the accreditation standards of the International Conference of Data Protection Commissioners. With regard to the enforcement of the Act on the Protection of Personal Information, the competent minister in charge of each ministry has the authority to enforce laws concerning the proper handling and protection of personal information.
Hence, guidelines have been established under the Act on the Protection of Personal Information for each business field, to be executed by ministries and agencies with jurisdiction over these businesses. The guidelines total 42, in 24 fields.
Various issues, such as behavioral targeting marketing and cloud computing, are in talks recently.
The “Life-Log Study Committee” of the Ministry of Internal Affairs and Communications has engaged itself in a research review of the Japanese legal system concerning “life-logs.”
The committee considered various problems related to the offering of ICT services by telecommunications industries and other related companies. The committee dealt with the problems relating to “Street View” services by search engine providers, copyright infringement issues of music distribution over the Net, “life-log” services, the amendment of the guidelines concerning personal information protection in the field of telecommunication industries, CGM (Consumer Generated Media) and security measures for the protection of personal information.
Furthermore, an MIC investigation into Behavioral Targeting Advertising which makes use of not only “life-logs,” but also of “Deep Packet Inspection” (DPI) technology, has taken place. DPI technology is a new technology which is able to monitor user-behavior in detail by analyzing Internet packet information stored in Internet Service Providers’ (ISPs’) cache.
One of the main aims of this committee is to propose so-called “self-regulation principles” which apply to the utilization of all “life-log”-related services.
The Japanese government released the idea of a new “Number System for Social Security and Taxation” to complement a revision of the pension system, and the establishment of a “Number System Council for Social Security and Taxation.” The draft plan was released on 28 January 2011. The full council is now expected to endorse the proposal and the preparation of a detailed plan by June.