A study trip to Japan sheds light on how different approaches to informational privacy protection may be around the world. In Japan, a major regulatory step was taken through the introduction of the Act on the Protection of Personal Information in 2003 which came into force 2005.
Professor Cecilia Magnusson Sjöberg & Professor Dan Svantesson
There are certain things that in particular strike a foreigner as worth noting when finding out more about data protection in Japan. For instance, the comparatively restricted approach to sanctions as such relying as it seems on the cultural emphasis being placed on reputation and avoiding loss of face in public. At the same time it was brought forward by several experts at the University of Tokyo and Kyushu University that the introduction of data protection legislation in the country has led to a kind of over-reaction resulting in ”hyper compliance” of the legal framework. Even in emergency situations as in the aftermath of earthquakes and tsunamis hospitals have not been willing to give out the most fundamental information about whether a certain patient was at the institution being taken care of. Indeed, it was emphasised that many organisations simply avoid handling personal data out of fear of being accused of misusing it. Such far reaching negative effects of the Act are saidto have changed the public opinion to being more open minded when it comes to sharing personal data.
Adding to the picture of comparatively limited sanctions attached to the Protection of Personal Information Act is the absence of a national supervisory authority. This may be explained by the organisational infrastructure of the public sector not quite allowing for a comprehensive approach to responsibility but rather keeping it sectoral. Furthermore, it became quite clear to us that the business model for large scale personal data processing, aimed both towards the public and the private sector, is to keep it domestic. In practice though, needs for back up may require storage outside of the country, this being based on commercial agreements with foreign companies. And, Japanese people use Facebook and other social media as in any other modern information society, which has well-known legal implications with regard to jurisdiction, applicable law etc.
Among many other current initiatives it should be mentioned that the Japanese Parliament (the Diet) is discussing the so call “My number” bill which is expected to pass in a few months. There is another bill coming up addressing personal health records specifically. The My number approach appears to be a combination of a national register comprising a new identification number of all citizens combined with an electronic ID card enabling storage of personal information. An article in the Japan Times Mar 25, 2013 highlights the risks of My number claiming that “The government’s plan to introduce an identification numbering system covering all citizens carries serious potential risks. It could end up benefiting only the information technology (IT) industry, whose members regard the plan as a big business opportunity.” The tension between efficiency enhancement and privacy protection is in focus too.