Article 21 of the 1946 Constitution states, "Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. 2) No censorship shall be maintained, nor shall the secrecy of any means of communication be violated." Article 35 states, "The right of all persons to be secure in their homes, papers and effects against entries, searches and seizures shall not be impaired except upon warrant issued for adequate cause and particularly describing the place to be searched and things to be seized...2) Each search or seizure shall be made upon separate warrant issued by a competent judicial officer."[1631]
The 1988 Act for the Protection of Computer Processed Personal Data Held by Administrative Organs (the "1988 Act") governs the use of personal information in computerized files held by government agencies.[1632] Additionally, some local governments have similar laws: the Prefecture of Kanagawa has legislation that protects privacy in both the public and private sectors.[1633] The Act is based on the OECD Privacy Guidelines and imposes duties of security, access, and correction. Agencies must limit their collection to relevant information and publish a public notice listing their file systems. Information collected for one purpose cannot be used for a purpose "other than the file holding purpose." The 1988 Act is overseen by the Government Information Systems Planning Division of the Management and Coordination Agency. The agency reports that there have been 1,979notices filed.[1634] The agency does not have any powers to investigate complaints. The 1988 Act was totally amendedand enacted as the Act for Protection of Personal Data Held by Administrative Organs. The new act governs paper-based data as well as computerized data, and sets new criminal provisions for government officials who leak personal informationwithout proper justification.[1635]
Some privacy advocates point out that the law specifically does not include the paper-based "koseki" family record-keeping system, which tracks birth, death, marriage, divorce, amongst other family events. This information was traditionally available to any public requestor, and was frequently used by prospective employers or in-laws to check for illegitimacy, impure ethnic background, or other scandals. Since the 1980s, the information has not been publicly available, but the records still exist and are relatively unprotected as the Act does not directly regulate these paper records.[1636]
Until recently, the Japanese government has followed a policy of self-regulation for the private sector, especially relating to electronic commerce. However, since the summer of 1999, lawmakers have been working on the Personal Data Protection Bill, which would provide a framework for both governmental and commercial usage of personal information. The proposed legislation requires that such private and public entities abide by "five basic principles":[1637] 1) to explicitly specify the purpose for data collection and hold to the scope of that purpose; 2) to gather personal information "by lawful and appropriate means"; 3) to maintain accuracy and currency of data; 4) to protect the security of personal information; 5) to infuse transparency into the collection and use of data. Further, the bill specifically requires private businesses to disclose to individuals any personal information collected from them and the purposes of such collection; it also prohibits companies from sharing personal information with third parties.[1638]
Journalists and opposition party members opposed the five basic principles of the bill. Although the bill does exempt the press and academic institutions from the restrictions placed on private companies, opponents assert that the five principlesare so abstract that they would violate free speech protections under Article 21 of the Constitution by restricting the media from collecting and reporting certain information.[1639] Journalists fear that, because government officials will be the ultimate arbiters as to what constitutes exempted "reporting," they will exclude pieces that pry too deeply into their own misdeeds.[1640]
In March 2000[1641] and again in 2001, the Prime Minister's Cabinet approved the bill and submitted it to the Diet (the Japanese Parliament).[1642] However, deliberations on the bill have once again been delayed due to continued criticism by media groups and opposition parties.[1643] After a long controversy in the Diet, the bill was repealed in December 2002. Soon, the ruling parties revised the bill, responding to public criticism that it would, among other concerns, violate freedom of the press. In response to criticism from opposition parties and the media, the ruling coalition dropped the contentious "five basic principles" from the bill and provided exemption clauses for the press. Broadcasters, newspapers, news agencies and other reporting organs, including individuals and writers are exempted from the application of the clauses.[1644] The revised bill was approved in the Cabinet meeting in March 2003. On May 23, 2003, the Diet passed and enacted the bill (The Personal Data Protection Act) with another package of four information protection bills that comprise two laws that cover private businesses, government organizations and independent administrative agencies.[1645] Cabinet ministers are in charge of implementing the Personal Data Protection Act, and authorized to issue recommendations or orders to businesses dealing with personal information. Those who refuse to follow ministers' orders could face up to six months in prison or a fine of not more than 300,000 yen. The legislation provides that ministers in charge must not exercise their authority to issue orders to those who provide information to the media. Provisions for the basic principles of personal information protection and national and local governments' obligations came into force on May 30, 2003. Provisions for obligations of private businesses dealing with personal information, as well as criminal provisions, are to take effect within two years from May 30, 2003.[1646]
The Ministry of Finance and Ministry of International Trade and Industry (MITI) announced plans to introduce legislation to protect individual credit data in 2000 after a task force issues proposals.[1647] Japan's Ministry of Posts and Telecommunications (MPT) announced plans in June 1998 to study privacy in telecommunications services, establishing a study group to look into the matter.[1648] An October 1999 survey by the MPT found that 92 percent of respondents believed that their personal information had been disclosed without their consent. Eighty-three percent believed that organizations and individuals who hold personal information should be regulated.[1649]
Japanese ISPs issued draft guidelines for protecting users' online privacy in 2002 in response to the Internet Provider Responsibility Law of 2001 (IPRL). The guidelines limit dissemination of private information without specific consent, allow the ISPs to delete user information, and require them to maintain information posted by users about public figures.[1650] The first test case involved Yahoo! Japan. On March 31, 2003, the district court of Tokyo ordered Yahoo! to identify and disclose information on one of its users, who had posted a defamatory comment about the plaintiff on Yahoo!'s bulletin board.[1651] This case is the first one that tests how the IPRL is interpreted.
In February 1998, MITI established a Supervisory Authority for the Protection of Personal Data to monitor a new system for the granting of "privacy marks" to businesses committing to the handling of the personal data in accordance with the MITI guidelines, and to promote awareness of privacy protection for consumers. The "privacy mark" system is administered by the Japan Information Processing Development Center (JIPDEC) - a joint public/private agency.[1652] Companies that do not comply with the industry guidelines will be excluded from relevant industry bodies and not granted the privacy protection mark. It is assumed that market forces will then penalize them. However, in addition, the new Supervisory Authority will investigate violations and make suggestions as necessary to the relevant administrative authorities.[1653] An analysis of the marks done for the European Union by four academic privacy experts found that there were serious shortcomings in the system.[1654] In the first two years of the JIDPEC program, companies seeking certification were dominated by businesses that handle personal information like marriage bureaus; in total, the JIPDEC awarded about 140 licenses.[1655] In May 2000, the JIPDEC agreed with BBBOnline, a division of the US-based Better Business Bureau, to mutually recognize each other's privacy protection marks. Because of growing concerns for privacy among the public, the number of companies holding "privacy marks" has increased. By May 2003, 499 companies have been awarded with privacy marks by JIPDEC.[1656]
Wiretapping traditionally has been considered a violation of the Constitution's right of privacy and has been authorized only a few times. However, in August 1999, the Diet passed the controversial Communications Interception Law authorizing wiretapping phone or faxes, and monitoring e-mail, when investigating cases involving narcotics, gun offenses, gang-related murders and large-scale smuggling of foreigners.[1657] Under the new law, which went into effect in August 2000, the use of wiretaps is restricted to prosecutors and police officers at the rank of superintendent and above, and requires police officers to obtain warrants from district court judges in order to use wiretaps. The warrants are good for 10 days and can only be extended for a total of 30 days. Further, the presence of a third, independent party, such as an employee of Nippon Telegraph and Telephone Company, is required during monitoring. Finally, police and prosecutors must in principle notify individuals who have been monitored within 30 days after the investigation. Strict penalties are possible for those who abuse the wiretap policy.[1658] The National Police Agency (NPA) and Ministry of Justice (MOJ) recently requested about 170 million yen (USD 1.4 million) in 2001 for the development of a "temporary mailbox" technology for intercepting e-mail.[1659]
The Federation of Bar Associations, journalists and trade unions opposed the wiretap law.[1660] Opponents argue that Diet proponents of wiretapping forced a vote on the bill before the legislatures could host a full airing of the potential privacy problems it would create.[1661] Professor Toshimaru Ogura, of the Japanese Net Workers against Surveillance Taskforce (NaST) and Toyama University, asserts the law does not restrict the storage and use of information gathered, possibly providing the government with a mandate to maintain databases on citizens that can be shared by other domestic - and possibly foreign - agencies.[1662] Further, Professor Ogura argues that the MOJ officials have a free hand to broadly intercept communications from innocent people in the process of targeting criminals; for example, the MOJ proposed in a Diet session that it could tap all of the in/outcoming phone calls of a shipping company in an effort to capture drug smugglers.[1663]
The new law was applied for the first time in May 2002 to break up a Tokyo drug ring. Police monitored cell phones and e-mail based on a warrant, and arrested nine suspects.[1664]
Many have protested the wiretapping law as too large a grant of power, including one lawmaker who sued alleging the police had illegally tapped his phone.[1665] Over 180,000 people have signed a petition for the repeal of the wiretapping law. The signature-collecting Committee for the Repeal of the Wiretapping Law submitted the petition to the Diet on May 24, 2000.[1666] In August, NTT asked that its employees not be required to be present when taps are installed, saying it would likely have a detrimental effect on company performance.[1667] Wiretapping is also prohibited under article 104 of the Telecommunications Business Law and article 14 of the Wire Telecommunications Law.[1668]
In June 1997, the Tokyo High Court upheld a lower court's finding that the Kanagawa Prefectural Police had illegally wiretapped the telephone at the home of a senior member of the Japanese Communist Party. The court awarded damages of four million yen.[1669] Several NTT employees have also been caught recently selling information about customers.[1670] Several companies that provide for pre-paid cellular phone service announced in May 2000 that, in order to prevent crime, they would start requiring users to provide identification before using the service. [1671]
In the same anti-crime package of bills under which the wiretapping law was passed, the Diet also provisionally approved the Basic Resident Registers Law, granting Tokyo the authority to issue a 11-digit number to every Japanese citizen and resident alien, and requiring all citizens and resident aliens to provide basic information - name, date of birth, sex, and address. The registered data is computerized and connected to the nationwide Resident Registry Network System (RRNS, also called "Juki-Net") created by the law. The government planned to expand the use of the registry code to offer administrative services 'more efficiently' via this network.[1672] The RRNS was launched on August 5, 2002. However, some local governments, such as the city of Yokohama, the nation's largest municipality, have decided not to participate in the network, and some local assemblies decided to postpone the launch of the system.[1673] The six local governments refused to log on to RRNS because of concerns for personal information security.[1674] On July 26, 2002, a group of academics, journalists and Tokyo citizens filed a suit against the state over the network, alleging that the network system invades the right of privacy and is unconstitutional.[1675] The Ministry of Economy, Trade, and Industry (METI) said it would introduce an electronic information security audit system by year-end to address public concerns. On August 22, 2002 METI officials set complete audit guidelines that conform to international rules and entrust independent auditing companies to inspect whether computer network systems of municipalities and businesses are
sufficiently secure in protecting private information.[1676]
The Ministry of Transportation announced in June 1999 a plan to issue "Smart Plates" license plates with embedded IC chips. These new licenses could be issued as early as 2004,[1677] and will contain driver and vehicle information and be used for road tolls and traffic control.[1678] Since 1986, the National Police Agency has also operated a comprehensive video surveillance system called the "N-system" in at least 540 locations on expressways and major highways throughout the country, which automatically records the license plate number of every passing car.[1679] Whenever a "wanted" car is detected, the system immediately issues a notice to police.[1680] Eleven motorists filed a lawsuit challenging the system in 1997. The latest model of N-system can also photograph the faces of drivers.[1681]
The year 2002 also saw the implementation of two new anti-spam laws. The laws allow users of the Internet and text-enabled mobile phones to opt-out of spammers' contact lists, and require that all unsolicited commercial e-mail be clearly identified. The Public Management Ministry enforces the law, imposing fines of up to 500,000 yen (about USD 4,170) for failure to comply. Another law is enforced by MITI whose task is to protect consumers Repeat or egregious offenders can be fined up to 3 million yen (about USD25,000) or 2 years in prison.[1682] Corporate violators can face up to 300 million yen (USD2.5 million) fines.
In response to rising crime rates, Tokyo police have begun operating surveillance cameras on utility poles and buildings to monitor pedestrians in the densely populated Kabukicho district of the city.[1683] Lawyers opposing the move assert that this surveillance is unconstitutional, pointing to a 1969 Supreme Court decision against a police officer who secretly photographed a student activist in Kyoto.[1684] In response to the criticism, Tokyo police will place signs near cameras to give pedestrians notice they are being filmed.[1685] Other areas of the country are following Tokyo's lead, but many privacy groups, such as NaST[1686] and the Consumers Union of Japan[1687] are reporting on video surveillance and publicizing all new camera installations.
Private surveillance is also on the rise. The Japan Institute of Labor reported that 35% of Japanese companies are monitoring their employees' e-mail and Web use.[1688] Companies cited fear of viruses, sexual harassment, and other concerns as the reasons for surveillance.
In March 2000, it was discovered that a research company had secretly conducted genetic tests on 1,000 blood samples obtained from people who had donated blood to the Japanese Red Cross Society. The Health and Welfare Ministry launched an investigation in November 1999 into reports that a dealer was selling private information on people receiving medical treatment, including their clinical histories. Several months later, Tohoku University in Sendai and the National Cardiovascular Center in the Osaka Prefecture city of Suita also disclosed that they had studied the genes of blood donors without obtaining their consent. A poll conducted by the Mainichi newspaper suggests that this is standard practice, finding that 70 percent of medicine faculties in 64 universities around Japan are conducting gene tests.[1689] Health and Welfare Minister Yuya Niwa said that the ministry is investigating the case and will consider setting up laws regulating such leakage of patients' medical data.
The Law Concerning Access to Information Held by Administrative Organs was approved by the Diet in May 1999 after 20 years of debate.[1690] The law allows any individual or company to request government information in electronic or printed form. A nine-person committee in the Office of the Prime Minster will receive complaints about information that the government refuses to make public and will examine whether the decisions made by the ministries and agencies were appropriate. Government officials will still have broad discretion to refuse requests but requestors will be able to appeal decisions to withhold documents to one of eight different district courts. The law went into effect in April 2001. A survey by Kyodo News in May 1999 found that 31 city and prefectural governments are in the process of adopting legislation consistent with the new law. Sixteen of them are including a principle of "right to know."[1691]
In June 2002, the Defense Agency revealed that it had been collecting names of people requesting information via the new law and cross-referencing the list with private information, such as the political affiliations of the requestor.[1692] While it is as yet unclear whether the list constitutes a clear violation of the law, it has sparked a huge outcry by the public, including calls for the resignation of defense officials.[1693]
In May 2002, the Defense Agency revealed that more than 550 municipalities across the nation had provided the Agency with registered personal data on teenagers that should not have been divulged.[1694] The Defense Agency received information from those municipalities, such as the occupation and health condition of teenagers' parents which does not appear in the registration cards that anyone can access pursuant to the Basic Resident Register Law. Such cards only contain residents' names, addresses, dates of birth and gender. The agency has used information to assist the Self-Defense Forces' (SDF) recruitment activities.[1695] The Defense Agency also revealed the collection activity for SDF had been conducted since 1966.[1696]
In a controversial international development during the summer of 2001, a New Zealand researcher testified before the European Union that New Zealand was intercepting electronic transmission from Japanese embassies as part of the Echelon spy network.[1697] He claimed that the US was primarily interested in information on Japan's economic influence in the South Pacific.[1698] A group of Japanese civic groups have requested that their government lodge a complaint against the United States and the four other suspected member nations of Echelon: New Zealand, Australia, the United Kingdom, and Canada.[1699]
Japan is a member of the Organization for Economic Cooperation and Development and a signatory to the OECD Guidelines on Privacy and Transborder Data Flows. Japan participated as a non-member observer country in the negotiations on the Council of Europe Convention on Cybercrime and signed the Convention in November 2001.[1700]
According to the Ministry of Public Management, 52 cases involving major leaks of personal information were reported during the past three years.[1701] In June 2002, The National Police Agency and the Metropolitan Police Department reported in May 2002 that names, addresses and other personal information of some 50,000 visitors of the Kommy Corp. (a beauty-treatment service firm)-operated web site, had been leaked. There were other similar cases involving such entities as YKK Architectural Products Inc., All Nippon Airways World Tours Co. and Nihon University. Police authorities also warned that the massive leaks of personal information resulted from simple errors in Web site design.[1702]