|OVERVIEW||Japan has become much more active in the privacy arena over the last decade.|
|GENERAL PRIVACY LAWS||
Article 13 of the Japanese Constitution provides that “the right to life, liberty, and the pursuit of happiness shall . . . be the supreme consideration in legislation and in other government affairs.”
In 1963, the Japanese Supreme Court first recognized a substantial right to privacy based on Article 13. Court precedent has established a general right to privacy.
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||
On May 30, 2003, the Act Concerning the Protection of Personal Information (also called the Personal Information Protection Act) (‘PIPA’) was enacted after almost five years of debate in the Diet (the Japanese Parliament). The Act has an important exemption from its coverage: companies that hold personal data relating to 5,000 people or less and ordinary private use of personal information are exempt from the requirements of the law.
PIPA has two main parts:
PIPA adopts a self-regulatory approach to managing privacy in the public sector and allows agency ministers to mediate complain settlement regarding personal data usage disputes. Failure to abide by a minister’s decision could result in prison terms or fines. Ministers’ authority does not extend to information provided by the media.
Four personal information protection bills were enacted along with PIPA and cover: private business, government organizations and independent administrative agencies.
The Cabinet Office directed each Ministry to create its own guidelines concerning personal information protection. Each Ministry has published individual guidelines aimed at regulating use of personal information in the private sector.
Various Japanese ministries have issued guidelines on the use of personal information pursuant to the Law on the Protection of Personal Information. In the last three years since the Act went into effect, Japanese ministries have developed new guidelines and amended existing guidelines regarding the protection of personal information. The activities of a majority of businesses are covered by the guidelines promulgated by one of the following agencies: the Ministry of Economy, Trade and Industry (METI); the Ministry of Health, Labor and Welfare, the Financial Services Agency, the Ministry of Internal Affairs and communications and the Ministry of Land. As of September 1, 2007, these ministries have established 35 sets of guidelines, covering 22 business areas.
There is no specific legislation related to registration of data processing.
|TYPE OF DATA PROTECTED||Personal Information.|
|WORKPLACE PRIVACY LAWS||
There are currently no laws or regulations regarding workplace monitoring in Japan.
Culturally, workplace monitoring has not been as prevalent in Japan as in the United States, Britain and other trading partners.
Private surveillance in the workplace is on the rise in Japan. The Japanese Institute of Labor reports that 35% of Japanese companies are monitoring their employees’ email and Web use, citing fear of viruses, sexual harassment and other concerns.
According to a 2006 survey of 139 companies conducted by the Institute of Labor Administration, 17.4% of employers monitor their employees’ incoming and outgoing emails, and 42% keep a record of the emails.
On September 13, 2004, the Tokyo District court decided a case on the investigation of computer use of employees by employers. The court stated: “(1) whether or not the employers’ act is an invasion of privacy rights of employees that goes against public policy depends on whether, balanced against the drawbacks suffered by the employees, the purpose or manner of the investigation goes beyond the bounds of socially acceptable limits.” (2) If there are acts that violate the corporate order, employers may investigate the factual relationships regarding the content, manner and degree of the violating acts, and employees must cooperate with the employer pursuant to their employment contract, but it is sufficient for such cooperation to be within the range necessary and rational in order for the employer to smoothly conduct operations.”
|TRANSBORDER TRANSFERS||Although there is a general restriction on transfers to third parties, there is no separate restriction on the transborder transfers of personal data from Japan to a third country.|
|FINES AND SANCTIONS||
The sanctions for breaches of privacy law in Japan are contained in Chapter 6 of the Act on the Protection of Personal Information 2003. Pursuant to Article 34, where a data user is in contravention of certain provisions of the Act, the competent Minister may issue a recommendation that the contravention be ceased and take necessary measures to correct the violation. If the Minister considers that the infringement is imminent or considers it necessary to take measures urgently, the Minister may order that the contravention be ceased. Article 56 contains the sanction for non-compliance with these orders:
An entity that violates orders issued under Paragraph 2 or 3 of Article 34 shall be sentenced to imprisonment of not more than six months or to a fine of not more than 300,000 yen (USD 2,500).
|OTHER PRIVACY LAWS AND REGULATIONS||Japan has a number of sector-specific privacy, secrecy and confidentiality laws.|