Japan's Proposed Changes: Weaken Privacy to Foster 'Big Data'
(2014) 130 Privacy Laws & Business International Report, 23-25
5 Pages Posted: 1 Nov 2014 Last revised: 7 Nov 2014
Date Written: August 30, 2014
Abstract
Japan is proposed the first significant changes to its data privacy law of 2003, the Personal Information Protection Act (PIPA), set out in an 'Outline of the System Reform' published by the government’s 'IT Strategic Headquarters' in June 2014. They are intended to be enacted in 2015.
This article explains and critiques the Japanese government proposals from a consumer and data subject perspective. The underlying purpose of the reforms is primarily to facilitate businesses and government being able to take advantage of ‘Big Data’ analysis techniques, supposedly ‘to significantly contribute to the ongoing creation of innovation in Japan through the emergence of new industries and services’. The core of the proposed reforms is the creation of a category of 'reduced identifiability' information about individuals, to which at least some normal rules concerning personal information will not apply, particularly requirements of consent in relation to use and disclosure. From a consumer perspective, the proposal to remove most privacy protections from supposed 'reduced identifiability' data will depart from current international standards, and (the article argues) have many deficiencies.
Japan’s Personal Information Protection Act (PIPA) has the weakest privacy principles of any Asia-Pacific country that has a data privacy law. The rest of the government’s proposals will, overall, weaken the principles in Japan’s law, although they do have some positive aspects. The principles concerning change of use, deletion, access, correction and stopping use, sensitive information, 'small business' exemptions, are considered.
It is clear is that stronger protection of privacy plays a lesser role in the policies behind these reforms, but at least on the enforcement side it is not being ignored. The proposed data protection authority, and the likely significant limitations to its scope and powers, is discussed.
Japan’s data privacy law would be more internationally credible if it became more consistent with standards adopted internationally, rather than by overly aligning it with the positions and interests of US-based global businesses with business models based on invasion of privacy, including those so prominent in e-commerce in Japan.
Keywords: privacy, data protection, big data, Japan, Asia
Suggested Citation: Suggested Citation