Privacy and personal data in Japan

Privacy is a big thing for us Europeans. As soon as a possible infringement is perceived, we collectively climb the barricades to fight for all that’s just and holy. As a cultural concept, it’s proven very powerful and very successful. But the notion of privacy is not that old, being a typical result of the 18^th century Enlightenment period in European history. It was during this period that the idea of the human individual as the fundamental element of society was developed. Thus, as privacy is more or less a European “invention”, it should be no surprise that other cultures place a different value on privacy. Or maybe attach a different meaning to it than we do.

So too in Japan. Traditionally, culture in Japan has focused more on the group than on the individual person. It is the functioning within the group that primarily defines the Japanese individual. This is closely linked to perhaps one of the most concepts in Japanese culture: the preservation of harmony, known as wa.

This may be changing as Japanese youngsters readily adopt a more Western lifestyle, but it still goes a long way in defining the Japanese cultural identity. The emphasis on harmony and groupism that we find in Japanese culture has their reflection in the Japanese legal system. Preservation of harmony is not served well by attributing guilt. That makes Japan less of a lawyer-oriented culture than we may be used to in Europe and North America.

 

After World War II, Japan was guided by the strong hand of the Allies into a rigorously reforming their constitution and legal system. Especially the Japanese constitution seems the spitting image to the one of the United States of America, with the same famous rights to “life, liberty and the pursuit of happiness”. In practice, the similarities often disappear. Where the judicial system in the Western hemisphere places much importance on precedence, in Japan legal technicalities are not as important as the pursuit of harmony and two decision may well be inconsistent.

Legal protection of personal data in Japan is quite a new phenomenon. For most of history, people in Japan had quite willingly informed the Government of what they wished to know, but with the rise of computerization and aggressive use by direct-mail companies gradually raised the issue that privacy needed to be protected. When the OECD urgently recommended legal protection of personal information in 1980, Japan started a process towards the development of a personal data protection law, albeit reluctant to protect data at the risk of hampering administrative efficiency. This resulted in the Act for Protection of Computer Processed Personal Data held by Administrative Organs, which was promulgated in December 1988. “This law was drafted not so much because of public opinion as because of pressures of international society”, writes Tsuyoshi Hiramatsu in a juridical journal in 1990. As a law, it lacked a bit in clarity. Language was vague and no limitations to gathering data were set. Also, there was no responsibility placed on the agencies holding the data.

A new law made up for a lot of the shortcomings, though. Four years ago, in 2003, the Personal Information Protection Law has come into effect in Japan, which markedly improves on the existing legislation. In summary, this law regulates the handling of information by the private sector. It requires firms to notify the individuals concerned of the purpose for which the data will be used, maintain accuracy of the data and keep the data secure. Individuals are always to be allowed access to their personal information.

The law is quite clear though, that only personal data are protected. That is, data specifically attributable to an individual. So, RFID related databases will often go uncovered. Imagine this, for example: you wear a pacemaker that has an RFID chip that records the functioning of your pacemaker so your doctor can see if all goes well. This chip does not necessarily contain personal data, but one can nevertheless associate the chip with you, for you’ll wear it all the time. How to deal with these kind of data then?

For this purpose, the Japanese Ministry of Economy, Trade and Industry (METI) together with the Ministry of Internal Affairs and Communications (MIC) have jointly created guidelines for privacy protection on electronic tags, which were published in 2004. The legal status of these guidelines is unclear to me. Their purpose is more to help businesses by giving them an idea of the issues raised by RFID and the inform them of opinions of the ministries regarding these issues. These guidelines mostly address the obligation of firms to notify consumers of the use of tags and the obligation to allow for consumers to deactivate tags. With regard to the databases on information gathered by the tags, these guidelines refer to the aforementioned law for the protection of personal information.

So our pacemaker scenario is not yet solved! I’ll keep you informed as I learn more about this.

 

Explore posts in the same categories: General