Japan

Article 13 of the Japanese Constitution provides that “the right to life, liberty, and the pursuit of happiness shall . . . be the supreme consideration in legislation and in other government affairs.”

In 1963, the Japanese Supreme Court first recognized a substantial right to privacy based on Article 13. Court precedent has established a general right to privacy.

On May 30, 2003, the Act Concerning the Protection of Personal Information (also called the Personal Information Protection Act) (‘PIPA’) was enacted after almost five years of debate in the Diet (the Japanese Parliament). The Act has an important exemption from its coverage: companies that hold personal data relating to 5,000 people or less and ordinary private use of personal information are exempt from the requirements of the law.

PIPA has two main parts:

• Basic Ideals and Principles: This part covers both the public and private sector and was created as a guideline for the framework for future privacy protections.
• General Provisions: Sets up guidelines for the protection of personal information in the private sector, outlining how companies must handle personal data.

PIPA adopts a self-regulatory approach to managing privacy in the public sector and allows agency ministers to mediate complain settlement regarding personal data usage disputes. Failure to abide by a minister’s decision could result in prison terms or fines. Ministers’ authority does not extend to information provided by the media.

Four personal information protection bills were enacted along with PIPA and cover: private business, government organizations and independent administrative agencies.

The Cabinet Office directed each Ministry to create its own guidelines concerning personal information protection. Each Ministry has published individual guidelines aimed at regulating use of personal information in the private sector.

Various Japanese ministries have issued guidelines on the use of personal information pursuant to the Law on the Protection of Personal Information. In the last three years since the Act went into effect, Japanese ministries have developed new guidelines and amended existing guidelines regarding the protection of personal information. The activities of a majority of businesses are covered by the guidelines promulgated by one of the following agencies: the Ministry of Economy, Trade and Industry (METI); the Ministry of Health, Labor and Welfare, the Financial Services Agency, the Ministry of Internal Affairs and communications and the Ministry of Land. As of September 1, 2007, these ministries have established 35 sets of guidelines, covering 22 business areas.

There is no specific legislation related to registration of data processing.

There are currently no laws or regulations regarding workplace monitoring in Japan.

Companies wishing to monitor in Japan should look at the METI Guidelines. The guidelines provide that an employer should: (1) specify the purposes of monitoring; (2) create a privacy policy that incorporates specifics relating to monitoring; (3) Designate a person responsible for monitoring; and (4) Perform audits and confirm that monitoring is being conducted fairly.

Culturally, workplace monitoring has not been as prevalent in Japan as in the United States, Britain and other trading partners.

Private surveillance in the workplace is on the rise in Japan. The Japanese Institute of Labor reports that 35% of Japanese companies are monitoring their employees’ email and Web use, citing fear of viruses, sexual harassment and other concerns.

According to a 2006 survey of 139 companies conducted by the Institute of Labor Administration, 17.4% of employers monitor their employees’ incoming and outgoing emails, and 42% keep a record of the emails.

On September 13, 2004, the Tokyo District court decided a case on the investigation of computer use of employees by employers. The court stated: “(1) whether or not the employers’ act is an invasion of privacy rights of employees that goes against public policy depends on whether, balanced against the drawbacks suffered by the employees, the purpose or manner of the investigation goes beyond the bounds of socially acceptable limits.” (2) If there are acts that violate the corporate order, employers may investigate the factual relationships regarding the content, manner and degree of the violating acts, and employees must cooperate with the employer pursuant to their employment contract, but it is sufficient for such cooperation to be within the range necessary and rational in order for the employer to smoothly conduct operations.”

The sanctions for breaches of privacy law in Japan are contained in Chapter 6 of the Act on the Protection of Personal Information 2003. Pursuant to Article 34, where a data user is in contravention of certain provisions of the Act, the competent Minister may issue a recommendation that the contravention be ceased and take necessary measures to correct the violation. If the Minister considers that the infringement is imminent or considers it necessary to take measures urgently, the Minister may order that the contravention be ceased. Article 56 contains the sanction for non-compliance with these orders:

An entity that violates orders issued under Paragraph 2 or 3 of Article 34 shall be sentenced to imprisonment of not more than six months or to a fine of not more than 300,000 yen (USD 2,500).