Japan - Data Protection
History of Data Protection in JAPAN
The Privacy Issues Study Working Group produced 'Guidelines concerning Protection of Personal Data in Electronic Commerce' in March,1998. Another Study Group on Personal Data Protection produced an Interim Report in January 2000 that led the governemnt to establish the Personal Data Protection Legislation Special Committe. They formulated a legal framework and the Personal Information Protection Law was enacted in May 2003, although its obligations of businesses did not take effect April 1, 2005.
Summary of Data Protection in the Japan
| Title of Data Protection Legislation | Personal Information Protection Law |
| Name of supervisory authority | There are 'Competent Ministries' designated by law that are responsible for supervision and enforcement. These include: |
| General Powers of supervisory authority | |
| Who has standing to notify the supervisory authority of breaches? | There are approved Personal Information Protection Organizations that respond to individual complaints. Additionally, businesses are required to establish their own complaints system. If neither of these can resolve the complaint then local public entities will mediate. |
| What are the penalties for data controllers if they breach the law? | There are Ministerial Guidelines that are expected to be followed rather than the specific laws and noncompliance may result in civil liability |
| Have any provisions been made for the processing of a national identification number or a general identifier, as per Article 8(7)? | |
| Is it necessary to obtain consent before processing personal data, or are alternatives available even when obtaining consent would not be impracticable or inappropriate? | Consent must always be obtained |
| Does the Data Protection Legislation cover the deceased? | |
| Who is able to indirectly identify the data subject? |