Information Society and Co-regulation このページをアンテナに追加 RSSフィード

2013-06-03

[][]Two information policy papers by KANTEI, METI

 

 めずらしく一日二本目のポストプライバシーのシンポ聞きにきてるんですが、外国人先生方がメインゲストなので英語最近の日本のプライバシー政策についてアップデート情報

 

In last month, the Japanese government published the two important information policy papers, besides the MIC's one I mentioned here (http://d.hatena.ne.jp/ikegai/20130521/p1).

 

1) The Japanese KANTEI (Prime Minister of Japan and His Cabinet) officially published a new national IT strategy paper.

http://www.kantei.go.jp/jp/singi/it2/info/h250524-public.pdf

This is very comprehensive (and a little bit too general) strategy, but there are two interesting topics for us.

  • 6p: Fostering PSI (Public Sector Information) open data: PSI should be published in machine-readable format
  • 7p: Enhancing big data utilization and privacy protection: Advancing international harmonization and establishing the new independent privacy commissioner (see also my recent blog post on the MIC's proposal)

 

The KANTEI is the coordinator of the Japanese overall IT policy, so tasks described here will be advanced by the all other government agencies. With regard to PSI open data, ministries and local governments has been distributing PSIs in disjointed formats and schemes. Privacy protection law and policy is in the almost same situation. I'm expecting this paper can harmonize and integrate them.

 

2) The Japanese METI (Ministry of Economy, Trade and Industry) published a new report on "personal data" protection and its industrial utilization. The word METI's "Personal Data" is very very hard to explain in english (this is different from the concept of the EU Data Protection Directive's one), so please understand it as a general concept referring to the information that can be linkable to an individual person.

http://www.meti.go.jp/press/2013/05/20130510002/20130510002.html

This report is mainly focusing on the issues related to privacy policy (or privacy notice). As broadly known, privacy policy of web services/smartphone applications are very hard (or impossible) to read for the most of the average users. To solve this problem, the METI is proposing the new measures;

 

  • Standardizing the privacy policy format: developing the common "Label" and "Icon" for the purpose of providing understandable information on usage of personal data
  • Establishing new entity that reviews and certificates privacy protection activities of companies (It seems like different from the "independent privacy commissioner")

 

In the EU, recently the CNIL and the other national privacy commissioners ordered the Google to change their privacy policy into "multi-layerd" and user-friendly description. The METI's "Label" proposal seems to be similar one.

http://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/files/2012/20121016_letter_to_google_en.pdf

2013-05-22

[][]NISC proposed new data retention law

Yesterday, the National Information Security Center (NISC) at the Japanese Cabinet Secretariat officially published a proposal document that recommends next strategies for Japanese cybersecurity law and policy.

http://www.nisc.go.jp/conference/seisaku/

http://www.nisc.go.jp/conference/seisaku/dai34/pdf/34shiryou0101.pdf

 

This document contains topics as below;

 

  • Enabling to scan and block e-mails that is suspected to contain malware or other message with harmful intent
  • Legislating new law that requires ISPs of long term retention and preservation of all communication datas (Japanese version of the EU's Data Retention Directive, 2006/24/EC)
  • Establishing a new cyber defense force under the Self-Defense Force

 

As a matter of course, the most important agenda is balancing privacy (secrecy of communication) and scanning/retaining communications. Under the Japanese Constitutional Law that became effective in 1947 and the other related privacy protection laws, the meaning of “secrecy of communication” is very broad. The latter article 21(2) of the Constitutional Law says that “No censorship shall be maintained, nor shall the secrecy of any means of communication be violated”.

 

The meaning of the word “communication” is interpreted as containing not only communication content itself, but also communication data by court and government (e.g.; government’s official commentary of Telecommunication Law of 1984 article 4). Even if the purpose is cyber security, government or ISP can’t scan or brock them without strongly clear and comprehensive consent of customers or other legitimate reason. How to amend or change the interpretation of secrecy of communication is very important topic in Japanese legal scholars in these years, in the context of blocking unlawful information including copyright infringement, child porn, and other harmful content.

 

In the 2011 amendment of the Japanese Criminal Procedure Law (article 197) that has made for the purpose of ratifying the Convention on Cybercrime, limited preservation of communication data by request from relevant authority has been newly approved. The provision accredits the government authority to request ISPs to keep their customer’s communications data in at most 30 days in case of specific criminal activities is detected without the court’s warrant. Some Japanese legal scholars criticize it from the viewpoint of privacy and secrecy of communication. The NISC's new strategy goes beyond it.

 

I will make a presentation that deals with this topic, especially how to solve the cybersecurity trade-off problems at the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Workshop on Systems Resilience (Budapest/Hungary) in next month.

http://systemsresilience.org/wsr2013/wsr2013.html

And I'm preparing an article that forcuses on scanning and blocking communications in case of emergency, with analyzing 2,000 samples questionnaire data. That will be written in English.

2013-05-21

[][]MIC proposed to establish Japanese CNIL

 

Yesterday, the Japanese MIC (Ministry of Internal Affairs and Communications) officially published a proposal document that recommends to establish a new independent privacy commission (Japanese version of CNIL).

http://www.soumu.go.jp/menu_news/s-news/02ryutsu02_03000118.html

 

This document contains topics as below;

 

  • Establishing a new independent privacy commission
  • Multi-stakeholder rule making process of self or co-reguratory rules
  • Mesures to deal with "potentially PII" data adequately, especially anonymized Big Data
  • Strengthening enforcement of self or co-regulatory rules
  • International harmonization and cooperation

 

As broadly known, Japanese privacy protection structure is not approved to have the "adequate level of protection" by the European Commission, mainly because of the absence of independent privacy commission. And Japan has not been able to make international safe harbor agreement such like the EU-U.S. agreement.

 

This is an important step for the future of the Japanese privacy law and policy.

Below is one of my articles witch deals with this problem, especially focusing on the issue of co-regulatory safe harbor approach. To realize it, Japanese CNIL is the necessary and central element.

(Sorry for Japanese only, I'm translating this article into English.)

 

http://ikegai.jp/Innovation_and_coregulation.pdf

2009-08-23

[]海外主要政府機関のtwitterアカウント一覧

 継続的にアップデートしていきます。

 特殊法人や政党なども入ります。折角なのでそのうち各機関の簡単な解説など付けたいです。

 

アメリカ

USA.gov http://twitter.com/USAgov
AmeriCorps http://twitter.com/americorps
Clerk of the U.S. House of Representatives http://twitter.com/HouseFloor
U.S. Customs and Border Protection http://twitter.com/customsborder
Disability.gov http://twitter.com/Disabilitygov
US Dept of Education http://twitter.com/usedgov
US Environmental Protection Agency http://twitter.com/EPAgov
Federal Communications Commission (FCC) http://twitter.com/fccdotgov
Dept. of Homeland Security http://twitter.com/HomelandSecurit
US Agency for International Development http://twitter.com/USAID_gov
Dept. of Labor http://twitter.com/USDOL
Library of Congress http://twitter.com/librarycongress
NASA http://twitter.com/NASA
National Institutes of Health (NIH) http://twitter.com/NIHforHealth
National Science Foundation (NSF) http://twitter.com/NSF
U.S. Senate http://twitter.com/SenateFloor
Social Security Online http://twitter.com/1SocialSecurity
Open Government Initiative http://twitter.com/OpenGov
Peace Corps http://twitter.com/peacecorps
Dept. of State http://twitter.com/dipnote
The White House http://twitter.com/whitehouse

イギリス

Dept. for Business, Innovation and Skills http://twitter.com/bisgovuk
Cabinet Office http://twitter.com/CabinetOffice
Central Office of Information (COI) http://twitter.com/COIgovuk
COI DigiGov http://twitter.com/digigov
Dept. for Children, Schools and Families http://twitter.com/DcsfGovUk
Office of Communications (Ofcom) http://twitter.com/ofcom
Conservative party http://twitter.com/Conservatives
DCMS Digital Britain team http://twitter.com/digitalbritain
Ministry of Defence http://twitter.com/defencehq
Directgov http://twitter.com/Directgov
Directgov | innovate http://twitter.com/Directgov_i
Foreign Office (FCO) http://twitter.com/foreignoffice
HM Treasury http://twitter.com/hmtreasury
Dept. for International Development http://twitter.com/dfid_uk
Mayor of London http://twitter.com/MayorOfLondon
UK Parliament http://twitter.com/UKParliament
Commission for Rural Communities http://twitter.com/CRC_UK
UK Trade&Investment http://twitter.com/UKTI

オーストラリア

eGov Resource Centre http://twitter.com/egovrc
Victorian Government http://www.premier.vic.gov.au/