Japan's Privacy Complaints Reveal Little

Privacy Laws & Business International Report, Vol. 109, February 2011

4 Pages Posted: 30 Dec 2012

See all articles by Fumio Shimpo

Fumio Shimpo

Keio University - Faculty of Policy Management

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: February 1, 2011


Japan’s Act on the Protection of Personal Information (the ‘PPI Act’) has been operational since 2005. What evidence is there of its effectiveness? One source of evidence in most jurisdictions is the reports by data protection authorities of the outcomes of complaints that have been investigated. Under the PPI Act, complaint about the handling of personal information by a business may be filed with one of four bodies. There are no specific provisions in the PPI Act allowing persons to make complaints to an authorized personal information protection organization (APIPO), local government department or (iv). The National Consumer Affairs Centre of Japan (NCACJ), or to the ‘competent minister’, nor to require that complaints are first made to the business concerned. The result is a complaint system characterised by vagueness and lack of concrete obligations on any parties. But complaints are made to these bodies, because complainants lack alternatives.

In financial year 2009, 8,559 complaints were lodged with either local governments or the NCACJ. The only examples of how complaints are resolved are found on the website of the National Consumer Affairs Centre of Japan. It gives summaries of 18 complaints from 2004-07 (of which 13 are relevant to the enforcement of the law), but none since then, which is of itself reason for concern. This paper concludes, based on translations of these summaries, that the NCACJ complaint summaries reveal little about whether this complaint system is effective. There is no indication that NCACJ ever investigates the factual issues necessary to come to a final conclusion about a complaint, so in many instances the reader is left with no idea whether there actually was a breach. When NCACJ does reach a conclusion in favour of a complainant, there is no indication whether the business concerned acted on that conclusion. In any other country, these summaries would be regarded with derision if presented by a complaint resolution body.

A study by Greenleaf published in 2010 by the European Commission, found that it was very difficult to assess the effectiveness of Japan’s data protection because the enforcement mechanisms were so vague, and because so little information was published about their outcomes. The system is comprehensively opaque. This study is consistent with that finding.

Keywords: privacy, Japan, data protection, complaints, consumers

Suggested Citation

Shimpo, Fumio and Greenleaf, Graham, Japan's Privacy Complaints Reveal Little (February 1, 2011). Privacy Laws & Business International Report, Vol. 109, February 2011, Available at SSRN: https://ssrn.com/abstract=2194890

Fumio Shimpo

Keio University - Faculty of Policy Management ( email )

Fujisawa Kanagawa, 252

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics