Computers, Privacy & the Constitution

Protection of Privacy in Japan

-- By AyaNakamura - 01 Mar 2013

Section I Provisions of the Constitution and Act

Subsection A Constitution

The right to privacy is not clearly stipulated in the Constitution of Japan, but many courts of Japan have admitted it as a constitutional right based on Section 13 of Chapter I of the Constitution since 1964. Section 13 stipulates “All people’s right to life, liberty, and the pursuit of happiness shall, to the extent that it does not interfere with the public welfare, be the supreme consideration in legislation and in other governmental affairs.” In 1964, in one of the most famous cases, “Utagenoato”, the trial court stated at the first time that the right to privacy is essential for maintaining individual dignity and pursuing happiness, and thus is based on Section 13.

However, since the courts admitted the right to privacy, there was no act realizing the right including the right to control (ex. disclose, delete, and modify) personal information for a long period of time. Therefore, only when the right to privacy was violated or was about to be violated, people were able to claim the right based on the Constitution.

Subsection B Act

In 2005, responding to the development of information society which allowed companies to treat an enormous amount of personal information, the Act on the Protection of Personal Information was enacted. The purpose of this Act is to regulate business entity handling personal information in terms of protection of such personal information, and to give people the right to control their personal information. The main provisions of this Act are as follows: This Act applies only to business entity which has 5000 or more personal information at any time for recent six months.; Such entity shall specify the purpose of utilization of personal information as much as possible and shall not handle personal information about a person, without obtaining the prior consent of the person, beyond the scope necessary for the achievement of such purpose. ; In principle, the entity shall not provide personal information to a third party without obtaining the prior consent of the person. ; When the entity is requested by a person to disclose personal information, it shall disclose the information without delay. ; When the entity is requested by a person to correct, add, or delete personal information on the ground that the retained personal data is contrary to the fact, it shall make a necessary investigation without delay within the scope necessary for the achievement of the purpose of utilization and, on the basis of the results, correct, add, or delete the information. ; When the entity is requested by a person to discontinue using or to erase personal information on the ground that the information is used for reasons other than specified purpose of utilization, it shall discontinue using or erase the information without delay in principle.

Section II Problems of the Act on the Protection of Personal Information

However, the effectiveness of this Act is doubtful at some points. First, as stated above, though the entity must obtain the consent of the person when it discloses his/her information to the third party, people are likely to provide consent unconsciously in a real world. By way of example, some applications that ask us to provide consent for sharing personal information with a third party on when we download them into our smartphone for free, but such notice is accompanied with other many notices and is too small to read on the smartphone screen. As a result, we just skip the notice and give them consent unconsciously. Consequently, especially on Internet, requiring the business entity to obtain the consent of its customers is often meaningless. Secondly, the penalty for breaching of the obligation of the business entity itself does not exist. Furthermore, though the penalty for violating orders requiring the business entity to take necessary measures to correct violation of its obligation exists, the amount of the penalty is not more than 300,000 yen, which is too low to work as a deterrent. In practice, the number of direct mail sent by a third party that uses personal information of another companies’ customers without the customers’ consent has not been decreasing after the effective date of the Act. Also, as mentioned above, though a person has the right to request the entity to discontinue using personal information, this provision does not apply to cases in which it costs large amount, and thus does not work well in some cases. For example, a certain on-line sales company does not delete personal information even after that person deleted the registration at the company and request to delete the information, claiming the huge costs.

As a whole, the Act is not effective in terms of protecting personal information especially on Internet.

Section III Other Act and private efforts for protecting privacy on Internet

As stated above, the Act on the Protection of Personal Information only applies to business entities. Therefore, when a private person discloses other’s personal information on Internet, people cannot claim the right to delete their personal information to that person based on this Act. Instead, people can ask a provider running the relevant website to delete the information based on the Act on the Protection of Personal Information.

Also, private entities are attempting to make up for protecting privacy on Internet. For instance, Internet Association Japan was established in 2001. The aim of this association is to disperse rule/manner for people using Internet and to develop privacy protection system. Its supporting members are Internet providers and telecommunication companies, which enables the association to accomplish its purpose.

Depends on whether its purpose would interfere with the business advantage of those businesses. From my point of view, it enables the association to accomplish the opposite of the purpose.

Section Ⅳ Necessary changes in future

Still, since these acts and private efforts are not enough to protect privacy on Internet, Japanese legislature should establish the act which focuses on protecting privacy on Internet. Especially nowadays, children use Internet more often than adults and pay attention to their privacy much less than adults, and thus they are likely to be at risk of being violated their privacy. Consequently, establishing the act protecting children privacy like CPPOA in the U.S., including to stipulate the provision that requires the consent of parents when children's personal date is gathered, is urgent need.

I wrote in response to draft one:

You say that things need to happen that you know aren't going to happen. This is not a very effective form of essay: the reader can only conclude that you aren't serious.

Your response was to remove from the above paragraph the parenthetical in which you acknowledged that what you are talking about isn't going to happen. As though my objection could be met not by further rethinking your argument, but by removing the evidence that you know what's wrong with it. That's not improvement: that's radical disimprovement in the direction of reduced intellectual integrity.

I also wrote:

You are aware that a conversation about privacy based on "my personal data," doesn't really capture what is changing or how data science will actually affect our environment, as the machines begin to train us.

Here you did nothing. Which is too bad, because that was the best road to actual intellectual improvement: concentrating not on the issues of bilateral choice, but on environmental regulation of privacy rather than inappropriate models of transactional consent.


Webs Webs

r5 - 14 Jan 2015 - 22:44:39 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM