[Home] [Databases] [WorldLII] [Search] [Feedback] EPIC --- Privacy and Human Rights Report

EPIC --- Privacy and Human Rights Report 2006

Japan

Constitutional Privacy Framework

Article 13 of the Constitution provides that "the right to life, liberty, and the pursuit of happiness shall . . . be the supreme consideration in legislation and in other governmental affairs." In 1963, the Supreme Court first recognized the substantial right to privacy under Article 13 of the Constitution. Since then, the right of privacy has been established under Article 13 by the courts' precedents and has been applied to specific cases through the general provisions of tort law in the Civil Code. However, until recently, Japan had no statute with respect to the processing of personal data in the private sector, for which the Japanese government followed a policy of self-regulation, especially regarding electronic commerce.[3080]

The Basic Law on Personal Information Protection

On May 30, 2003, the Act Concerning the Protection of Personal Information (the Act) was eventually enacted after a long controversy in the Diet (the Japanese Parliament).[3081] The Act is divided into two parts: 1) "Basic ideals and principles" that will serve for future legislation on the protection of privacy, both in the public and private sectors (Chapter 1 to 3), and 2) "General Provisions" on personal information protection in the private sector (Chapter 4 to 6).[3082] The Act defines that "personal information" as the information that relates to "living individuals," which can be used to identify specific individuals by name, date of birth, or other description (Article 2, Section 1). The "General Provisions" part details how businesses have to handle personal information,[3083] duties that are derived from the data protection principles of the OECD Privacy Guidelines.[3084] To promote the self-regulatory system and complaint handling of personal information in the private sector, the Act allows a Minister in charge to approve a "Certified Personal Information Protection Organization," which handles complaint settlement concerning personal information (Articles 37 to 49). Each Minister implements the Act for the area he is in charge of and is authorized to issue recommendations or orders to businesses dealing with personal information.[3085] Those who refuse to follow ministers' orders could face up to six months in prison or a fine of not more than JPY 300,000 (~USD 2,683). The Act also provides that ministers in charge must not exercise their authority to issue orders to those who provide information to the media. The Act came into full force on April 1, 2005.[3086]

Four Laws Related to the Protection of Personal Information

On May 23, 2003, the Diet passed, in addition to the Act itself, another package of four personal information protection bills that include two laws that cover private businesses, government organizations and independent administrative agencies.[3087] Four laws related to the protection of personal information were promulgated on May 30, 2003 as well: 1) The Act concerning the Protection of Personal Information Held by Administrative Organs, which originally governed the use of personal information in computerized files, was completely amended to govern paper-based data as well as computerized data.[3088] The 2003 Act sets new criminal provisions for government officials who leak personal information without proper justification;[3089] 2) the Information Disclosure and Personal Information Protection Review Board Establishment Act; 3) the Act concerning the Protection of Personal Information Held by an Independent Administrative Agency; and 4) The Act concerning the Preparation of Related Laws for the Enforcement of the Act concerning the Protection of Personal Information Held by Administrative Organs.

Guidelines for Industry

The Cabinet Office announced that each Ministry is drawing up guidelines for protecting personal information, corresponding to industrial classifications by the fall of 2004. By March 31, 2005, each Ministry had published 35 individual guidelines in 22 industry areas in order to prompt personal information protection in the private sector.[3090]

The Ministry of Finance, Wealth and Labor, and the Ministry of Internal Affairs and Communications (MIC) planned to introduce legislation to protect personal information, including individual credit data, medical data, and data in the field of broadcast by the end of 2004.[3091] On January 27, 2005, the Cabinet Office announced that the government had enacted new legislation in the medical, financial and telecommunications sectors.[3092]

Privacy Mark System

In February 1998, the Ministry of International Trade and Industry (MITI) established a Supervisory Authority for the Protection of Personal Data to monitor a new system for the granting of "privacy marks" to businesses committing to the handling of the personal data in accordance with the MITI guidelines, and to promote awareness of privacy protection for consumers. The "privacy mark" system is administered by the Japan Information Processing Development Center (JIPDEC) – a joint public/private agency　promoting e-commerce and designing regulatory guidelines on the information technology industry.[3093]

Companies that do not comply with the industry guidelines will be excluded from relevant industry bodies and not granted the privacy protection mark. It is assumed that market forces will then penalize them. However, in addition, the new Supervisory Authority will investigate violations and make suggestions as necessary to the relevant administrative authorities.[3094] An analysis of the marks done for the European Union by four academic privacy experts found that there were serious shortcomings in the system.[3095] In the first two years of the JIDPEC program, companies seeking certification were dominated by businesses that handle personal information, such as marriage bureaus; in total, the JIPDEC awarded about 140 licenses.[3096] In May 2000, the JIPDEC agreed with BBBOnline, a division of the US-based Better Business Bureau, to mutually recognize each other's privacy protection marks. Because of growing concerns for privacy among the public, the number of companies holding "privacy marks" has increased. By June 15 2007, 7,707 companies had been awarded privacy marks by JIPDEC, up from 1,562 companies in 2005.[3097]

Constitutional Scheme for Free Speech

Article 21 of the 1946 Constitution states, "1) Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. 2) No censorship shall be maintained, nor shall the secrecy of any means of communication be violated." Article 35 states, "1) The right of all persons to be secure in their homes, papers and effects against entries, searches and seizures shall not be impaired except upon warrant issued for adequate cause and particularly describing the place to be searched and things to be seized. . . . 2) Each search or seizure shall be made upon separate warrant issued by a competent judicial officer."[3098]

Regulation on the Internet

In response to the Internet Provider Responsibility Law of 2001 (IPRL), which restricts the liability of Specified Electronic Telecommunications Service Providers when they disclose customers' information,[3099] Japanese Internet Service Providers (ISPs) issued in 2002 the Guidelines for protecting privacy and honor under the IPRL (The Guidelines).[3100] The guidelines limit dissemination of private information without specific consent, allow ISPs to delete user information, and require them to maintain information posted by users about public figures.[3101] The first test case involved Yahoo Japan. On March 31, 2003, the district court of Tokyo ordered Yahoo to identify and disclose information on one of its users, who had posted a defamatory comment about the plaintiff on Yahoo's bulletin board.[3102] In 2007 Japanese ISPs issued new Guidelines for the disclosure of user identity information.[3103] According to the Guidelines, ISPs generally disclose to law enforcement in cases of defamation, privacy infringement, copyright infringement, trademark infringement, etc. However, in almost all cases, responses to disclosure demands are so difficult and onerous that ISPs require a court order before engaging in the exercise of identification and disclosure.[3104]

Japan has two anti-spam laws. The laws allow Internet users and text-enabled mobile phones to opt out of spammers' contact lists, and require that all unsolicited commercial e-mail be clearly identified. MIC enforces the law, imposing fines of up to JPY 500,000 (~USD 4,170) for failure to comply. Another law enforced by MITI is intended to protect consumers. Repeat or egregious offenders can be fined up to JPY 3 million (~USD 25,000) or two years in prison.[3105] Corporate offenders can face up to JPY 300 million (~USD 2.5 million) in fines.

Wiretapping

Wiretapping traditionally has been considered a violation of the Constitution's right of privacy and has been authorized only a few times. However, in August 1999, the Diet passed the controversial Communications Interception Law authorizing wiretapping of phone or faxes, and monitoring e-mail, when investigating cases involving narcotics, gun offenses, gang-related murders and large-scale smuggling of foreigners.[3106] Under the new law, which went into effect in August 2000, the use of wiretaps is restricted to prosecutors and police officers at the rank of superintendent and above, and requires police officers to obtain warrants from district court judges in order to use wiretaps. The warrants are good for 10 days and can only be extended for a total of 30 days. Further, the presence of a third, independent party, such as an employee of Nippon Telegraph and Telephone Company, is required during monitoring. Finally, police and prosecutors must in principle notify individuals who have been monitored within 30 days after the investigation. Strict penalties are possible for those who abuse the wiretap policy.[3107] The National Police Agency (NPA) and Ministry of Justice (MOJ) recently requested about JPY 170 million (~ USD 1.6 million) in 2001 for the development of a "temporary mailbox" technology for intercepting e-mail.[3108]

The Federation of Bar Associations, journalists and trade unions opposed the wiretap law.[3109] Opponents argue that Diet proponents of wiretapping forced a vote on the bill before the legislatures could host a full airing of the potential privacy problems it would create.[3110] Professor Toshimaru Ogura, of the Japanese Net Workers against Surveillance Taskforce (NaST) and Toyama University, asserts the law does not restrict the storage and use of information gathered, possibly providing the government with a mandate to maintain databases on citizens that can be shared by other domestic—and possibly foreign—agencies.[3111] Further, Professor Ogura argues that the MOJ officials have a free hand to broadly intercept communications from innocent people in the process of targeting criminals; for example, the MOJ proposed in a Diet session that it could tap all of the in/outcoming phone calls of a shipping company in an effort to capture drug smugglers.[3112]

Many have protested the wiretapping law as too large a grant of power, including one lawmaker who sued alleging the police had illegally tapped his phone.[3113] Over 180,000 people have signed a petition for the repeal of the wiretapping law. The signature-collecting Committee for the Repeal of the Wiretapping Law submitted the petition to the Diet on May 24, 2000.[3114] In August, NTT asked that its employees not be required to be present when taps are installed, saying it would likely have a detrimental effect on company performance.[3115] Wiretapping is also prohibited under Article 104 of the Telecommunications Business Law and Article 14 of the Wire Telecommunications Law.[3116]

In June 1997, the Tokyo High Court upheld a lower court's finding that the Kanagawa Prefectural Police had illegally wiretapped the home telephone of a senior member of the Japanese Communist Party. The court awarded damages of JPY 4 million (~USD 36,600).[3117] Several NTT employees have also been caught selling information about customers.[3118] Several companies that provide for pre-paid cellular phone service announced in May 2000 that, in order to prevent crime, they would start requiring users to provide identification before using the service.[3119]

Surveillance Technology

The Ministry of Transportation announced in June 1999 a plan to issue "Smart Plates" license plates with embedded IC chips. These new licenses will contain driver and vehicle information and be used for road tolls and traffic control.[3120] The Ministry secured $ 170,000 US in 2006 for conducting pilot tests. The pilot tests began on taxi cabs in the city of Chiba.[3121] Since 1986, the National Police Agency has also operated a comprehensive video surveillance system called the "N-system" in at least 540 locations on expressways and major highways throughout the country; it automatically records the license plate number of every passing car.[3122] Whenever a "wanted" car is detected, the system immediately issues a notice to police.[3123] Eleven motorists filed a lawsuit challenging the system in 1997. The latest model of N-system can also photograph the faces of drivers.[3124]

In response to rising crime rates, Tokyo police have been operating surveillance cameras on utility poles and buildings to monitor pedestrians in the several densely populated districts of the city.[3125] Lawyers opposing the move assert that this surveillance is unconstitutional, pointing to a 1969 Supreme Court decision against a police officer who secretly photographed a student activist in Kyoto.[3126] Other areas of the country are following Tokyo's lead, but many privacy groups, such as NaST[3127] and the Consumers Union of Japan[3128] are reporting on video surveillance and publicizing all new camera installations. Suginami ward, one of Tokyo's largest wards, enacted an ordinance to limit the rapid increase in the number of security cameras being set up in public areas following heightened concerns about privacy in the community.[3129]

Radio Frequency Identification (RFID) Technology

Major RFID manufacturers in Japan include NEC, which recently became the first Japanese firm to join the EPC Global standards body[3130] and Hitachi, which manufactures the 0.3 millimeter square Mu chip.[3131] RFID applications are fairly widespread in Japan. On March 22, 2004, after several months of testing, the East Japan Railway Co. Ltd. began formally offering an RFID-enabled "e-money" system to customers using its "Suica" card, allowing customers to shop at 196 convenience stores and restaurants located in 64 stations.[3132] During the last two years, RFID tags have quickly become widespread. The Ministry of Economy, Trade and Industry (METI) formed an industry consortium aimed at reducing the cost of RFID tags to JPY 5 (~USD 0.05) each within two years, in order to encourage use.[3133] While IC tags have some value for retailers, giving detailed information on goods, including not only prices but production places and distribution channels, there are fears that personal information, such as purchase history and location data, may be disclosed to third parties.[3134] Joint guidelines released by MIC and METI on June 8, 2004 call for consumers to be given options on how they might interfere with the reading of tags but appear to say nothing about rights to have the tag removed or destroyed.[3135] The guidelines provide that: 1) consumers must be notified of the presence of RFID tags; 2) consumers have the right to choose whether they want to use the tags; 3) RFID tag users must provide information about the public benefits of RFID tags; 4) the Personal Information Protection Act applies when there is matching between RFID tag-related data and databases; 5) tag users must restrict their use of personal information gathered through RFID tags; 6) tag users must ensure the accuracy of the personal information recorded through RFID tags; 7) appointment of information administrators; and 8) accountability and provision of information to consumers.[3136]

In February 2005, NTT Data Corp. announced that it had developed a security system using integrated circuit tags designed to signal the whereabouts of children as a means of protecting them against a growing trend of kidnapping among schoolchildren.[3137] Some municipal and private schools have started testing this IC-tag tracking system.[3138]

Medical Privacy

In March 2000, it was discovered that a research company had secretly conducted genetic tests on 1,000 blood samples obtained from people who had donated blood to the Japanese Red Cross Society. The Health and Welfare Ministry launched an investigation in November 1999 into reports that a dealer was selling private information on people receiving medical treatment, including their clinical histories. Several months later, Tohoku University in Sendai and the National Cardiovascular Center in the Osaka Prefecture city of Suita also disclosed that they had studied the genes of blood donors without obtaining their consent. A poll conducted by the Mainichi newspaper suggests that this is standard practice, finding that 70 percent of medicine faculties in 64 universities around Japan are conducting gene tests.[3139] Health and Welfare Minister Yuya Niwa said that the ministry is investigating the case and will consider setting up laws regulating such leakage of patients' medical data.

On December 17, 2004, METI released Guidelines for the Protection of Personal Information in Businesses That Use Human Genetic Information. The Guidelines require businesses using genetic information to give prior notification of the purpose of use of the genetic data, as well as get written consent from data subjects.[3140]

The National Police Agency (NPA) revealed that the police are creating a system to collect DNA samples from criminal suspects upon obtaining court permission to do so, and to enter them into a database. The NPA had already started running a database on DNA collected from crime scenes. But the agency had been carefully discussing whether to create a database of DNA taken from crime suspects as such information is considered private information.[3141]

The Resident Registry Network System

In the same anti-crime package of bills under which the wiretapping law was passed, the Diet also provisionally approved the Basic Resident Registers Law, granting Tokyo the authority to issue an 11-digit number to every Japanese citizen and resident alien, and requiring all citizens and resident aliens to provide basic information – name, date of birth, sex, and address. The registered data is computerized and connected to the nationwide Resident Registry Network System (RRNS, also called "Juki-Net") created by the law. The government planned to expand the use of the registry code to offer administrative services "more efficiently" via this network.[3142] The RRNS was partly launched on August 5, 2002. Yokohama, the nation's largest municipality, had originally given residents the choice to opt out of RRNS, but the municipality revoked this option in 2006.[3143] As of June 2007, three municipalities refuse to participate in Juki Net.[3144]

The Nagano Prefecture carried out hacking, using a computer from outside the local body offices with a LAN connection and through the Internet, to verify the vulnerability of the RRNS system between September and November 2003.[3145] Their results found that access to private information on residents was accessible with local area network (LAN) connections, both from within and outside local body offices. Part of the tests also reportedly showed that it was possible to falsify personal data in the network and send it to servers nationwide.[3146] The Saga Prefectural Police arrested a 46-year-old man on suspicion of illegally obtaining a resident registry card of another man in September 2003. It is alleged that he used the card to borrow several hundred thousand yen from many consumer finance firms. This is the first arrest made over illegal use of RRNS.[3147]

On May 31, 2005, the Kanazawa District Court ordered the government to delete personal information from the RRNS about 28 plaintiff-residents of the Ishikawa Prefecture.[3148] The court explicitly stated that the government violated the right to privacy considered in the Constitution as the right to control one's own information, and held that all residents' information was subject to privacy rights, and, therefore, that individuals' consent was required when it forcibly placed the plaintiffs' personal information on the RRNS.[3149] The Court, however, dismissed the plaintiffs' demand for compensation from the government.[3150] A day after this decision, the Nagoya District Court ruled that the RRNS does not violate privacy rights under the Constitution.[3151] The Nagoya District Court held that residents' names, addresses, birth dates and genders, plus 11-digit resident codes stored in the network that people can access over the network, "do not need to be highly protected." It held that the plaintiff's rights and legal interests had not been infringed upon.[3152] In both Nagoya and Kanazawa, the plaintiffs who comprised members of the Tokai and Ishikawa branches of a nationwide association against RRNS, insisted that their rights to privacy, guaranteed under Article 13 of the Constitution, were in jeopardy as the network shared basic personal information with the central and local governments.[3153]

In November 2006, the Osaka Appeal Court (Osaka Koto Saibansho) permitted four residents of three cities in Osaka Prefecture to have their personal data removed from the RRNS. The Court rules that the entry of personal data into the national Juki Net database without residents' consent is unconstitutional.[3154] The mayor of one city has accepted the ruling, while the mayors of the other two municipalities said they will appeal the decision to the Supreme Court.[3155] In December 2006, the Nagoya Appeal Court came to the opposite conclusion and rejected a demand to delete plaintiffs' personal data.

As of July 2007, there are 14 decisions on the district court level, and two lawsuits remain. 13 decisions are for the defendant municipalities, and only one decision ruled in favor of the plaintiff. At the appeal court level, ten lawsuits are pending. There are two decisions, one for plaintiff, and the other for the defendant. The Supreme Court has two lawsuits still pending.[3156]

Personal Data Leaks

In June 2002, the Defense Agency revealed that it had been collecting names of people requesting information via the new law and cross-referencing the list with private information, such as the political affiliations of the requestor.[3157] While it is as yet unclear whether the list constitutes a clear violation of the law, it has sparked a huge outcry by the public, including calls for the resignation of defense officials.[3158] On February 12, 2004, the Tokyo District Court ruled that a list compiled by the Defense Agency on people who sought information from it violated their privacy, and ordered the government to pay JPY 100,000 (~USD 915,600) in compensation to a writer who was on the list.[3159]

According to the Cabinet Office's 2006 survey on the protection of personal information, 71.1 percent of people in Japan are worried that their personal information may be leaked from public entities and private firms, up drastically from 39.8 percent in a previous survey in 1989, and up slightly from 2002.[3160] The year 2004 saw many massive data leaks cases. It came to light that personal data of about 4.6 million subscribers to Yahoo BB (Broad Band Phone Service) Internet access service was leaked by its employees. The case is unprecedented in Japan in terms of volume.[3161] The Metropolitan Police Department arrested four persons for allegedly blackmailing Softbank Corp. – the company that operates Yahoo BB – as well as an affiliate, including the company employees, by threatening to leak confidential customer data they had illegally obtained from those companies. Softbank Corp. allowed several people to share the same ID and password to access its database. Stolen information included each subscriber's name, address, phone number, subscription starting date and e-mail address, but did not include credit card details.[3162] Three of Yahoo BB's customers launched a damages suit against the service operator Softbank Corp. before the Osaka District Court over the massive leak of customer information. The three plaintiffs, Yahoo BB's customers, are demanding JPY 100,000 each in compensation.[3163]

There were other similar cases that resulted from failures in proper management of personal data involving such companies as Sanyo Shinpan Finance Co., one of the major consumer finance firms (up to two million customers' personal data),[3164] consumer credit company Nihon Shinpan (up to 100,000 customers),[3165] Suntry (75,000),[3166] major travel agent Hankyu Express (620,000),[3167] DSL service provider ACCA Networks (about one million),[3168] teleshop service JAPANET TAKATA (660,000),[3169] and Cosomo Oil (920,000).[3170] According to the Ministry of Internal Affairs and Communication, 52 cases involving major leaks of personal information were reported during the past three years.[3171]

On May 12, 2004, METI’s Information Security Subcommittee resolved to call on the Government to amend the Criminal Code to include a criminal offense of "information theft." The Subcommittee called for the theft of information to attract the same penalties as the theft of any tangible object. Japanese law does not currently penalize the unauthorized electronic transfer of information, and the Personal Information Protection Act does not penalize individuals. METI will work with the Ministry of Justice and the Cabinet Office on the proposal to amend the law.[3172]

Voting Privacy

Voting in Japan is voluntary for those 20 years of age or older.[3173] In 2001, the law governing elections in cities, towns, and villages was changed to allow electronic voting. Electronic voting was conducted at the municipal level for the first time in 2002, when the city of Niimi in the Prefecture of Okayama allowed their use in a mayoral and local assembly election.[3174] More than 15,000 voters at 43 polling locations in Niimi cast votes on touch-screen voting machines. The Public Management Ministry plans to revise the Public Office Election Law to allow the use of electronic voting for national elections.[3175] Before the use of electronic voting, all ballot selections were handwritten by voters and counted by hand.[3176]

Freedom of Information

The Law Concerning Access to Information Held by Administrative Organs (also called Freedom of Information Law) was approved by the Diet in May 1999 and went into effect in April 2001.[3177] The law allows any individual or company to request government information in electronic or printed form. The Information Disclosure and Personal Information Protection Review Board Establishment Act, established in 2005, consists of 15 members, and a 5-member subcommittee. Government officials still have broad discretion to refuse requests but requestors are able to appeal decisions to withhold documents to one of eight different district courts. According to the MIC, 2,333 of 2,418 municipalities, and all 47 prefectural governments, enacted a Freedom of Information Ordinance by April 1, 2006.[3178]

International Obligations

Japan is a member of the Organization for Economic Cooperation and Development (OECD) and a signatory to the OECD Guidelines on Privacy and Transborder Data Flows. Japan participated as a non-member observer country in the negotiations on the Council of Europe Convention on Cybercrime and signed the Convention in November 2001.[3179] In April 2004, the Congress ratified the Convention on Cybercrime. In order to implement the Convention, the government started to amend related acts, including the Criminal Code and the Code of Criminal Procedure. The Japanese Federation of Bar Associations opposes the proposed amendments.[3180]

[3080] <http://www.kantei.go.jp/foreign/constitution_and_government/the_constitution_of_japan.html.>.

[3081] <http://www5.cao.go.jp/seikatsu/kojin/foreign/act.pdf>.
[3082] The privacy legislation preceding the new 2003 Act was the 1988 Act for the Protection of Computer Processed Personal Data Held by Administrative Organs (the "1988 Act"). It was the first act on privacy protection and governed the use of personal information in computerized files held by government agencies. (The Act for the Protection of Computer Processed Personal Data Held by Administrative Organs, Act No. 95, December 16, 1988 (Kampoo, December 16, 1988)). Additionally, some local governments had enacted similar laws: the Prefecture of Kanagawa had legislation that protects privacy in both the public and private sectors. (Kanagawa Prefecture Ordinance on the Protection of Personal Data, Ordinance No. 6, March 30, 1990.) The 1988 Act was based on the OECD Privacy Guidelines and imposed duties of security, access, and correction. Agencies had to limit their collection to relevant information and publish a public notice listing their file systems. Information collected for one purpose could not be used for a purpose "other than the file holding purpose."
[3083] "Businesses Handling Personal Information" refers to a business that uses personal information databases, etc., for business operations, but excludes "organs of the national government." "Local public entities," "independent administrative corporations, etc." and Persons designated by government ordinance (Article 2).
[3084] The Cabinet Office, Commentary on Personal Information Protection Act, available at <http://www5.cao.go.jp/seikatsu/kojin/kaisetsu/index.html>; general provisions include "Specification of Purpose of Use," "Limitations on the Purpose of Use," "Appropriate Acquisition," "Notification of Purpose of Use in Acquisition," "Securing Accuracy of Data Content," "Security Control Measures," "Supervision of Employees," "Supervision of Delegates," and "Restrictions on Providing Information to Third Parties."
[3085] The enforcement status of the Act Concerning the Protection of Personal Information - 2005 fiscal year is published at <http://www5.cao.go.jp/seikatsu/kojin/foreign/enforcement-status2005.pdf>.
[3086] Provisions for the basic principles of personal information protection and national and local governments' obligations and some provisions such as the "Basic Ideals" and the "Duties of the Government and Local Public Entities" came into force on May 30, 2003, whereas other provisions such as the "Duties of an Enterprise that Handles Private Personal Information," the "Competent Minister," the "Promotion of the Protection of Personal Information by a Private Body," "Exemptions," and "Penal Provisions" came into force on April 1, 2005. The subcommittee on privacy protection, the Quality of Life Policy Council reviewed the implementation of the Act Concerning the Protection of Personal since November, 2004, to discuss whether revisions to the Act and its operation are necessary. The subcommittee published its opinion on June 29, 2007, in which it concludes that revisions are not necessary at this time. See “Govt urged to monitor 'overreaction' to info law,” Daily Yomiuri, July 1, 2007.

[3087] "Japan Passes Personal Information Protection Bills," Mainichi Daily News, May 23, 2003.
[3088] <http://www.soumu.go.jp/english/gyoukan/060516_02.html>.
[3089] The Act for Protection of Personal Data Held by Administrative Organs of 2003, Articles 53-55.

[3090] Email from Yukiko Miki, Information Clearinghouse, Japan, to Allison Knight, Research Director, Electronic Privacy Information Center, July 10, 2007 (on file with EPIC).

[3091] "Industry Guidelines on Personal Information Is Being Established," Nihon Keizai Shimbun, June 11, 2003.
[3092] "Individual Personal Information Laws Were Passed on," Nihon Keizai Shimbun, January 28, 2005.

[3093] Homepage <http://www.jipdec.or.jp/security/privacy/index-e.html>.

[3094] Nigel Waters, "Reviewing the Adequacy of Privacy Protection in the Asia Pacific Region," IIR Conference Information Privacy - Data Protection, June 15, 1998, Sydney; see also, Ministry of International Trade and Industry, "Japan's Views on the Protection of Personal Data" (April 1998).
[3095] Raab, Bennett, Gellman & Waters, European Commission Tender No. XV/97/18/D, Application of a Methodology Designed to Assess the Adequacy of the Level of Protection of Individuals with Regard to Processing Personal Data: Test of the Method on Several Categories of Transfer, September 1998.
[3096] "Japan, US Bodies Ink Deal on Data-privacy Certification," The Yomiuri Shimbun, May 19, 2000.
[3097] Japan Information Processing Development Corporation <http://privacymark.jp/>. See also email from Masao Horibe, Hitotshubashi University, Japan, to Allison Knight, Research Director, Electronic Privacy Information Center, June 24, 2007 (on file with EPIC).

[3098] Constitution of Japan, November 3, 1946, available at <http://www.solon.org/Constitutions/Japan/English/english-Constitution.html#CHAPTER_III>.

[3099] Law No. 137, 2001 was promulgated on November 30, 2001.
[3100] <http://www.telesa.or.jp/guideline/pdf/provider_041006_2.pdf>.
[3101] "Japanese ISPs, Carriers, Users Release Guideline for ISP Privacy Protection Duties," Bureau of National Affairs Privacy Law Watch, April 17, 2002.
[3102] "The Court First Ruled that ISP Disclose Name of its User," Mainichi Shimbun, March 31, 2003.
[3103] <http://www.telesa.or.jp/consortium/pdf/provider_070226_guideline.pdf> (in Japanese).
[3104] Email from Yasutaka Machimura, Hokkaido University School of Law, Japan, to Allison Knight, Research Director, Electronic Privacy Information Center, July 7, 2007 (on file with EPIC).

[3105] Toru Takahashi, "2 New Laws Aimed at Cutting Spam," Daily Yomiuri, July 2, 2002.

[3106] Reuters, June 1, 1999; see also, <http://web.archive.org/web/20010406074226/http://www.jca.ax.apc.org/~toshi/cen/wiretap.intr.html>.
[3107] "Diet Passes Wiretap, ID Bills," Asia Intelligence Wire, August 13, 1999.
[3108] Toshimaru Ogura, "Toward Global Communication Rights: Movements against Wiretapping and Monitoring in Japan," October 30, 2000.

[3109] "Diet Eyes Allowing Police to Bug Phones," Mainichi Daily News, June 16, 1998.
[3110] Ogura, supra; "Police Gain Right to Tap Phone Email," The Standard, August 15, 2000.
[3111] Ogura, supra.
[3112] Id.

[3113] "Prosecutors Drop Bug Case by Lawmaker, TV Asahi," Yomiuri Shinbun, December 29, 2000.
[3114] See NaST <http://www.jca.apc.org/privacy/>.
[3115] "DoCoMo Rrges NPA not to Seek Tapping Aid," Yomiuri Shimbun, August 16, 2000.
[3116] Telecommunications Business Law, LAW No. 86 of 25 December 1984), as amended last by Law No. 97 of 20 June 1997.

[3117] "Police Wiretapping," Mainichi Daily News, June 29, 1997.
[3118] "NTT Staffers Leaking Customer Information," Newsbytes, July 2, 1999.
[3119] "Prepaid Cell Phone Companies to Require," Kyodo News Service, May 12, 2000.

[3120] "License Plates to Bear IC Chips with Driver, Auto Info," Comline, June 09, 1999.
[3121] “Japan to introduce Smart License Plates,” RFID Gazette, January 14, 2006 <http://www.rfidgazette.org/2006/01/japan_to_introd.html>.
[3122] "Cameras to Give Police in Kabukicho 'Peep' Show," Japan Times, June 5, 2001.
[3123] Christian Science Monitor, April 8, 1997.
[3124] Ogura, supra.

[3125] "Big Brother's Cameras Silently Go on the Beat in Tokyo," The Nikkei Weekly, April 26, 2004.
[3126] Japan Times, June 5, 2001.
[3127] <http://www.jca.ax.apc.org/privacy/>.
[3128] <http://www1.jca.apc.org/nishoren/>.
[3129] Yomiuri Shimbun, March 18, 2004.

[3130] "NEC to Join EPCglobal," JCN Network, May 21, 2004, available at <http://www.japancorp.net/Article.Asp?Art_ID=7368>.
[3131] "Hitachi Unveils Smallest RFID Chip," RFIDJournal.com, May 14, 2003, available at <http://www.rfidjournal.com/article/articleview/337/1/1/>.
[3132] "JR East to Extend E-Money Service with 'Suica' Smartcard," NE Asia News, February 19, 2004.
[3133] "METI to Form Consortium to Cut IC Tag Price to 5 Yen," Japan Today, March 25, 2004.
[3134] "Japan Moves to Protect Privacy to Promote Radio Tags," Jiji Press Ticker Service, February 23, 2004.
[3135] "Japanese RFID Privacy Guideline Released," June 8, 2004, RFIDBuzz.com, available at <http://www.rfidbuzz.com/news/2004/japanese_rfid_privacy_guideline_released.html>; see also Nikkei BP, June 8, available at <http://nikkeibp.jp/wcs/leaf/CID/onair/jp/flash/312386> (in Japanese).
[3136] The RFID Guidelines contain the following headings: "1. Purpose; 2. Scope; 3. Notification of the presence of RFID tags; 4. Ultimate right of consumer to choose to deactivate RFID tags; 5. Obligation to provide information on benefits of RFID tags; 6. Presumption for application of the Personal Information Protection Act to information stored on RFID tags; 7. Restriction on usage of personal data gathered from RFID tags; 8. Ensuring accuracy of personal information stored on RFID tags; 9. Assignment of Information Administrators for RFID-related issues; 10. Accountability to consumers; see also, Nihon Keizai Shimbun, June 8, 2004.

[3137] "NTT Data to Electronically Tag Kids," The Daily Yomiuri (Tokyo), February 22, 2005.
[3138] Id.

[3139] Manabu Yoshikawa and Yasuyoshi Tanaka Mainichi Shimbun, "Ethicists OK Gene-sample Research," Mainichi Daily News, May 8, 2000.

[3140] Guidelines for the Protection of Personal Information in Businesses That Use Human Genetic Information, available at <http://www.meti.go.jp/feedback/downloadfiles/i41227dj.pdf>.

[3141] "Japan's Police Have Decided to Keep a DNA Database on Crime Suspects, Officials Said," Mainichi Shimbun, April 28, 2005.

[3142] "Diet Passes Wiretap, ID Bills," Asia Intelligence Wire, August 13, 1999.
[3143] ”Yokohama Gov’t to Submit Citizens’ Data to Juki Net,” TheDaily Yomiuri, May 11, 2006.
[3144] Id.

[3145] "Nagano Gov't Hackers Easily Infiltrate 'Big Brother' Network," Mainichi Daily News, December 16, 2003.
[3146] Id.
[3147] "1st Arrest Made over Illegal Juki Net Use," The Daily Yomiuri, February 8, 2004.

[3148] "Court Orders Government to Delete Residents' Personal Information from Registry Network," Mainichi Daily News, May 30, 2005.
[3149] "Juki Net Clouds Privacy Rights," The Daily Yomiuri, June 2, 2005,
[3150] Id; "The Defendant Ishikawa Prefecture Appealed to the Higher Court afterward," Mainichi Shimbun, June 7, 2005.
[3151] "Court Rules Juki Net not a Violation of Privacy," The Daily Yomiuri, June 1, 2005.
[3152] Id.
[3153] Id.

[3154] “Osaka court lets 4 remove information from Juki Net,” Daily Yomiuri, December 1, 2006.
[3155] “Cities split on obeying court ruling on Juki Net,” Japan Times, December 8, 2006.

[3156] Email from Yashuko Machimura, supra.

[3157] "MSDF Officer Compiled Personal Data on People Seeking Defense Agency Info," Japan Times, May 29, 2002.
[3158] "Private Data Kept by All SDF Arms," Japan Times, June 4, 2002.
[3159] "Court Rules Defense Agency's Info List Illegal, Violates Privacy," Japan Economic Newswire, February 12, 2004.

[3160] CAO 2006 survey, <http://www8.cao.go.jp/survey/h18/h18-hogo/index.html> (in Japanese). See also "69% Worried about Personal Information Leaking: Survey," Japan Economic Newswire, December 6, 2003.
[3161] "Yahoo! BB subscriber info leaked," The Daily Yomiuri, February 25, 2004, at 1.
[3162] Id. As an apology to its customers, Softbank sent them JPY 500 gift certificates, a measure that could have cost the company about JPY four billion. Taiga Uranaka, "Softbank Offers 500 to Yahoo! BB Users, Confirms Data Leak on Millions," The Japan Times, February 28, 2004.
[3163] "Internet Customers Sue Yahoo! BB Operator over Info Leak," Mainichi Daily News, May 17, 2004.

[3164] Nihon Keizai Shimbun, May 11, 2004.
[3165] Id. April 26, 2004.
[3166] Id. March 30, 2004.
[3167] Id. June 2, 2004.
[3168] Id. May 25, 2004.
[3169] Id. May 9, 2004.
[3170] Id. June 8, 2004.
[3171] "Bills on Personal Data Seek Balance," The Daily Yomiuri, May 8, 2003.

[3172] "METI To Seek Law against Information Theft," Nihon Keizai Shimbun, May 15, 2004.

[3173] CIA, The Country Fact Book, Japan, available at <http://www.cia.gov/cia/publications/factbook/geos/ja.html#Govt>.
[3174] "Electronic Voting Opens New Doors," Mainichi Daily News, June 24, 2002.
[3175] "Electronic Vote Eyed for '04 Poll," The Daily Yomiuri, January 4, 2002.
[3176] Id.

[3177] The Law Concerning Access to Information Held by Administrative Organs, available at <http://www.somucho.go.jp/gyoukan/kanri/translation.htm>.
[3178] The ratio of enactment is 96.6%. See <http://www.soumu.go.jp/s-news/2006/060816_1.html>.

[3179] Convention on Cybercrime, Chart of signatures and ratifications, available at <http://conventions.coe.int/>.
[3180] Mainichi Shimbun, June 28, 2004. The Japanese Federation of Bar Associations especially opposes the following suggested amendments: 1) the enhancement of the penal clause for data security in the Criminal Code; 2) the expansion of punishable conducts in the Child Pornography Act; 3) the procedural provision which allows investigating authorities to preventive seizures without writ from the court; and 4) the expedited preservation of stored computer data. See Japan Federation of Bar Associations, Opinion concerning Ratification of Cyber Crime Treaty, available at <http://www.nichibenren.or.jp/jp/katsudo/sytyou/iken/data/2004_23.pdf>.