Next Anticipated Amendment: Regulation of Secrecy of Communication - - PowerPoint PPT Presentation

next anticipated amendment
SMART_READER_LITE
LIVE PREVIEW

Next Anticipated Amendment: Regulation of Secrecy of Communication - - PowerPoint PPT Presentation

Mar 02, 2023 381 likes •674 views

Next Anticipated Amendment: Regulation of Secrecy of Communication for Foreign Platformers? 2:30 p.m. 3:30 p.m., 2019-04-04 (Thu.) Intl Privacy + Security Forum 2019 Session: Japanese Privacy+Security Law Hideyuki (Yuki) MATSUMI

slide-1
SLIDE 1

Next Anticipated Amendment:

Regulation of Secrecy of Communication for Foreign Platformers?

2:30 p.m. – 3:30 p.m., 2019-04-04 (Thu.) Int’l Privacy + Security Forum 2019 Session: Japanese Privacy+Security Law Hideyuki (“Yuki”) MATSUMI hmatsumi at law.gwu.edu; matsumi at boaltalum.berkeley.edu

slide-2
SLIDE 2

Today’s Summary

  • 1. It is said that there would be a new regulation on

“foreign platformers” doing business in Japan.

  • 2. Multiple regulations are anticipated, but one of which

concerns “secrecy of communication.”

  • 3. In Japan, secrecy of communication is

governed/regulated by the Constitution of Japan and the Telecommunications Business Act.

  • 4. Currently, only JP telecommunication businesses are

subject to regulation re secrecy of communication; however, in the near future, foreign businesses are likely to be subject to the same regulation.

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 2

slide-3
SLIDE 3

Today’s Goal

  • We aim to gain/deepen/widen our

understanding on:

  • 1. Relationship and difference between

“privacy” and data protection in Japan.

  • 2. Regulation of Secrecy of communication in

Japan

  • 3. Anticipated regulation on foreign platformers

– by reading interim report published recently which is written in JP (no EN translation…!)

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 3

slide-4
SLIDE 4

Today’s Contents

  • 1. Today’s Summary and Goal
  • 2. Chapter 1: Background and Basics of Secrecy
  • f Communication
  • 3. Chapter 2: Secrecy of Communication in

Japan

  • 4. Chapter 3: The Interim Report

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 4

slide-5
SLIDE 5

CHAPTER 1: BACKGROUND AND BASICS OF SECRECY OF COMMUNICATION

1. Data Protection? Privacy? or . . . プライバシー? 2. “Privacy” and Personal Information Protection in Japan

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 5

slide-6
SLIDE 6

Data Protection? Privacy?

  • r . . . プライバシー?

In US/EU, . . .? (little too oversimplified)

In Japan, . . .

Data protection

(Personal info. protection)

“Privacy”

(プライバシー)

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 6

US: privacy EU: data protection

slide-7
SLIDE 7

“Privacy” and Personal Information Protection in Japan

“Privacy”(プライバシー)

  • The Constitution of Japan

– Article 21 – Article 35: The right of all persons to be secure in their homes, papers and effects against entries, searches and seizures shall not be impaired . . . .

  • Many case laws

– Tokyo Dist. Ct. 1965.9.28 (ruling on conflict between freedom of expression) – Supreme Ct. 2005.11.10 (ruling on likeness) –

  • Sup. Ct. 2017.1.31 (ruling on so-called

“right to be forgotten”)

  • In EU: injunction under data protection

law

  • Sup. Ct. 2017.3.15 (ruling on warrantless

investigation using GPS)

PI protection(個人情報保護)

  • Act on the Protection of

Personal Information (“APPI”)

  • 2003: Passed (became law)
  • 2005: Full enforcement
  • 2017: Revised
  • 2018 - 2019: Adequacy

determination

  • Follows FIPPs model (e.g.,

purpose, notice, consent, data quality, participation, etc)

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 7

slide-8
SLIDE 8

CHAPTER 2: SECRECY OF COMMUNICATION IN JAPAN

1. Secrecy of Communication 2. Article 21 of the Constitution 3. Telecommunications Business Act (“TBA”) 4. More detail on Secrecy of Communication:

1. Scope, What constitutes “violation,” and Defense

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 8

slide-9
SLIDE 9

Secrecy of Communication

  • Sources of law

– The Constitution of Japan (November 3, 1946) – Telecommunications Business Act (Act No. 86 of December 25, 1984)

  • In Japan, it is considered to be a law

concerning privacy as well as security.

  • Administrative authority with jurisdiction: the

Ministry of Internal Affairs and Communications (“MIC”)

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 9

slide-10
SLIDE 10

Article 21 of the Constitution

Original Japanese English Translation 第二十一条 集会、結社及び言論、 出版その他一切の表現の自由は、こ れを保障する。 Article 21. Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. 検閲は、これをしてはならない。通信 の秘密は、これを侵してはならない。 No censorship shall be maintained, nor shall the secrecy of any means of communication be violated.

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 10

slide-11
SLIDE 11

Telecommunications Business Act (“TBA”)

Original Japanese English Translation (検閲の禁止) 第三条 電気通信事業者の取扱中に係る通 信は、検閲してはならない。 (Prohibition on Censorship) Article 3 No communications being handled by a telecommunications carrier shall be censored. (秘密の保護) 第四条 電気通信事業者の取扱中に係る通 信の秘密は、侵してはならない。 (Protection of Secrecy) Article 4 (1) The secrecy of communications being handled by a telecommunications carrier shall not be violated. 2 電気通信事業に従事する者は、在職中電 気通信事業者の取扱中に係る通信に関して 知り得た他人の秘密を守らなければならない。 その職を退いた後においても、同様とする。 (2) Any person who is engaged in a telecommunications business shall not disclose secrets obtained, while in office, with respect to communications being handled by a telecommunications carrier. The same shall apply even after he/she has left the office.

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 11

slide-12
SLIDE 12

Telecommunications Business Act (“TBA”)

Original Japanese English Translation 第百七十九条 電気通信事業者の取扱中に 係る通信(第百六十四条第三項に規定する通 信を含む。)の秘密を侵した者は、二年以下の 懲役又は百万円以下の罰金に処する。 Article 179 (1) Any person who has violated the secrecy of communications being handled by a telecommunications carrier (including communications set forth in Article 164 paragraph (3)) shall be punished by imprisonment with work of not more than two years or a fine of not more than one million yen. 2 電気通信事業に従事する者が前項の行為 をしたときは、三年以下の懲役又は二百万円 以下の罰金に処する。 (2) Any person engaging in a telecommunications business who has committed the act set forth in the preceding paragraph shall be punished by imprisonment with work of not more than three years or a fine of not more than two million yen. 3 前二項の未遂罪は、罰する。 (3) An attempt at the offenses set forth in the preceding two paragraphs shall be punished.

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 12 1 million JPY = 9,097 USD

slide-13
SLIDE 13

Scope of Secrecy of Communication

  • Very broad, according to Tokyo district court’s ruling

(2002.04.30).

  • Not only: (1) content of each communication;
  • But also: (2)

– date and time (when the communication took place); – place (where the communication took place); – name, address, identification code such as telephone number of parties concerned in the communication; – frequency (number of times) of communication; and – any other type of information that would enable to:

  • guess whether or not communication has occurred; or
  • guess semantic content of the communication.

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 13

slide-14
SLIDE 14

What constitutes “violation” of Secrecy of Communication?

  • Generally, three types of acts constitute violation of

secrecy of communication:

  • (1) 知得 = comprehension (≒ access)

– Placing the communication in a condition in which one can access, with an intent to gain knowledge about the communication

  • (2) 窃用 = using without permission (≒ appropriation)

– Using the communication against the will of parties concerned

  • (3) 漏えい = reveal, disclosure

– Leaving the communication in a condition in which others can access

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 14

slide-15
SLIDE 15

Defense

(Justifiable cause: 違法性阻却事由)

  • Valid consent obtained from parties concerned in the

communication

– E.g., filtering service – [Food for thought] All parties or one party? Comprehensive consent

  • r “individual, specific, and unambiguous” consent?
  • Still legal if one of three is met even in absence of valid consent

– (1) Acts in accordance with other laws

  • E.g., Search and seizure of communication history pursuant to court issued

warrant

– (2) Acts committed in the pursuit of lawful business (Penal Code Article 35, Justifiable Acts)

  • E.g., using telephone history for billing purpose.

– (3) Self‐defense or “averting present danger” (necessity) in criminal law (Penal Code Article 36 & 37)

  • E.g., Reading emails/messages to prevent suicide

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 15

slide-16
SLIDE 16

Extra Territorial Application

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 16

In Short, TBA does not apply to foreign businesses with no servers in JP

宍戸 常寿, 個人情報・プライバシー・通信の秘密-憲法から見た, https://www.dekyo.or.jp/kenkyukai/data/8th/190217_doc01.pdf

slide-17
SLIDE 17

CHAPTER 3: THE INTERIM REPORT

1. How might the Regulation Look Like? 2. Issues:

1. Applicability to Foreign Platformers; Profiling and Behavioral targeting; Consent; and Enforcement

3. Other keywords

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 17

slide-18
SLIDE 18

How might the Regulation Look Like? According to the Interim Report:

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 18

  • Interim Report

published on March 22.

  • 46 pages in JP (In EN,

approximately 90 pp, IMO)

  • No EN translation! (yet?)
slide-19
SLIDE 19

(1) Issue: Applicability to Foreign Platformers w/o servers in JP

. . . 従来、電気通信設備を国外のみに 設置する者であって、日本国内に拠点を 置かない者に対しては、同規定による規 律は及ばないものとして運用されてきた ところ、上記の状況の変化に対応する観 点から、国外に拠点を置き、国内に電気 通信設備を有さずにサービスを提供す る国外のプラットフォーム事業者に対す る同規律の適用の在り方が論点として 挙げられる。 . . . 提供主体が国内か国外かを問わず 国民の通信の秘密を保護することこそ が上記憲法上の要請に適う . . . . . . 電気通信事業法に定める通信の秘 密の保護規定が適用されるよう、法整備 を視野に入れた検討を行うとともに、併 せてガイドラインの適用の在り方につい ても整理することが適当 . . . Issue:

  • Applicability to Foreign Platformers

w/o servers in JP Basic direction:

  • . . . It aligns with the requirement of

the Constitution only if the regulation applies equally to entities regardless

  • f whether they are in or outside of
  • Japan. . . .
  • . . . It is appropriate to amend the

relevant laws as well as relevant guidelines so that the regulation re secrecy of communication under the TBA applies equally to foreign platformers . . . .

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 19

slide-20
SLIDE 20

(2) Issue: Device ID, Cookies, Profiling, and Behavioral Targeting

. . . ウェブ上の行動履歴や位置情報、と りわけ、スマートフォンやタブレット端末 などのユーザ端末から発せられ又は ユーザ端末に蓄積される端末 ID やクッ キーなど端末を識別する情報等 . . . は、 プロファイリングや行動ターゲティングな ど多様なサービス・ビジネスにおいて活 用されることが考えられるが、例えば、こ れを行動ターゲティングのために取得・ 活用する行為が通信の秘密・プライバ シー保護との関係で如何に整理される かが論点 . . . . . . . e プライバシー規則(案)の議論も参 考にしつつ、今後引き続き検討が必 要 . . . . . . . M2M 通信への通信の秘密に係る規 律の適用の在り方についても検討する ことが適当 . . . . Issue:

  • Whether or not identifiers such as

device ID and cookies that would enable profiling or behavioral targeting should be subject to secrecy of communication regulation. Basic direction:

  • We will continue to examine and

discuss while referencing the arguments re ePrivacy Regulation in the EU.

  • We will also discuss whether or not

secrecy of communication regulation should apply to M2M communication.

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 20

slide-21
SLIDE 21

(3) Issue: Consent

. . . 通信の秘密に係る情報の活用に当 たっては、従来原則として利用者の「個 別具体的かつ明確な同意」の取得が求 められるとの整理がなされているところ、 利用者から取得される利用者情報が増 えるにつれて、累次の同意取得手続き が繰り返され、かつ、その活用の方法が 複雑になり多岐にわたるにつれて、同意 取得時の説明も複雑で分かりにくくなる 結果、かえって利用者が十分に理解し ないままに同意をしてしまう、いわゆる 「同意疲れ」が課題となっていることから、 同意取得の在り方についても見直しが 必要との意見も. . . . . . . 市場動向、さらには規律のグローバ ルスタンダード化の観点を勘案し、諸外 国のプライバシー保護に係る制度の動 向も参考にしながら、今後引き続き検討 していくことが適当 . . . . Issue:

  • Generally, consent was necessary to

use information protected under the secrecy of communication regulation. Consent must be individual, specific, and unambiguous.

  • However, we hear so-called “consent

fatigue,” i.e., users get tired of notice- consent procedures and would start to “consent” without fully understanding . . . . Basic direction:

  • We’ll continue to examine and

discuss while looking: trend in industry, “global standard,” and privacy laws in foreign countries.

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 21

slide-22
SLIDE 22

(4) Issue: Enforcement

国際的な執行協力や GDPR に見 られるように域内に代理人を設 置する方法などが考えられるとこ ろ、まずは法律の執行を確実に 担保するためにどのような方策 が望ましいかが論点となる。 . . . e プライバシー規則(案)の議 論の動向等も踏まえつつ検討を 深めていくことが適当 . . . . Issue:

  • How do we ensure

enforcement of the regulation

  • n secrecy of communication?
  • Options: International

cooperation for enforcement

  • r representatives

requirement under the GDPR Basic direction:

  • We’ll continue to examine and

discuss.

  • We’ll pay attention and will

consider arguments re ePrivacy Regulation in the EU.

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 22

slide-23
SLIDE 23

(5) Other keywords

  • “voluntary approach” and “co-regulation”
  • “International harmonization”
  • Final report will be published until December

2019.

– Bill/law likely to be in 2020

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 23

slide-24
SLIDE 24

結言

1. 若干の考察 2. 質疑応答/議論 3. 参考文献

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 24

slide-25
SLIDE 25

若干の考察

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 25

slide-26
SLIDE 26

質疑応答/議論 (Time: ~16:15)

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 26

slide-27
SLIDE 27

“A-Hour” (Time: 16:15~16:30)

2019-04-04 IPSF 2019: Japanese Privacy+Security Law [Internal Use Only] 27

slide-28
SLIDE 28

参考文献

2019-04-04 IPSF 2019: Japanese Privacy+Security Law 28 参考 参考