Information Society and Co-regulation このページをアンテナに追加 RSSフィード


[][]Two information policy papers by KANTEI, METI




In last month, the Japanese government published the two important information policy papers, besides the MIC's one I mentioned here (


1) The Japanese KANTEI (Prime Minister of Japan and His Cabinet) officially published a new national IT strategy paper.

This is very comprehensive (and a little bit too general) strategy, but there are two interesting topics for us.

  • 6p: Fostering PSI (Public Sector Information) open data: PSI should be published in machine-readable format
  • 7p: Enhancing big data utilization and privacy protection: Advancing international harmonization and establishing the new independent privacy commissioner (see also my recent blog post on the MIC's proposal)


The KANTEI is the coordinator of the Japanese overall IT policy, so tasks described here will be advanced by the all other government agencies. With regard to PSI open data, ministries and local governments has been distributing PSIs in disjointed formats and schemes. Privacy protection law and policy is in the almost same situation. I'm expecting this paper can harmonize and integrate them.


2) The Japanese METI (Ministry of Economy, Trade and Industry) published a new report on "personal data" protection and its industrial utilization. The word METI's "Personal Data" is very very hard to explain in english (this is different from the concept of the EU Data Protection Directive's one), so please understand it as a general concept referring to the information that can be linkable to an individual person.

This report is mainly focusing on the issues related to privacy policy (or privacy notice). As broadly known, privacy policy of web services/smartphone applications are very hard (or impossible) to read for the most of the average users. To solve this problem, the METI is proposing the new measures;


  • Standardizing the privacy policy format: developing the common "Label" and "Icon" for the purpose of providing understandable information on usage of personal data
  • Establishing new entity that reviews and certificates privacy protection activities of companies (It seems like different from the "independent privacy commissioner")


In the EU, recently the CNIL and the other national privacy commissioners ordered the Google to change their privacy policy into "multi-layerd" and user-friendly description. The METI's "Label" proposal seems to be similar one.


[][]NISC proposed new data retention law

Yesterday, the National Information Security Center (NISC) at the Japanese Cabinet Secretariat officially published a proposal document that recommends next strategies for Japanese cybersecurity law and policy.


This document contains topics as below;


  • Enabling to scan and block e-mails that is suspected to contain malware or other message with harmful intent
  • Legislating new law that requires ISPs of long term retention and preservation of all communication datas (Japanese version of the EU's Data Retention Directive, 2006/24/EC)
  • Establishing a new cyber defense force under the Self-Defense Force


As a matter of course, the most important agenda is balancing privacy (secrecy of communication) and scanning/retaining communications. Under the Japanese Constitutional Law that became effective in 1947 and the other related privacy protection laws, the meaning of “secrecy of communication” is very broad. The latter article 21(2) of the Constitutional Law says that “No censorship shall be maintained, nor shall the secrecy of any means of communication be violated”.


The meaning of the word “communication” is interpreted as containing not only communication content itself, but also communication data by court and government (e.g.; government’s official commentary of Telecommunication Law of 1984 article 4). Even if the purpose is cyber security, government or ISP can’t scan or brock them without strongly clear and comprehensive consent of customers or other legitimate reason. How to amend or change the interpretation of secrecy of communication is very important topic in Japanese legal scholars in these years, in the context of blocking unlawful information including copyright infringement, child porn, and other harmful content.


In the 2011 amendment of the Japanese Criminal Procedure Law (article 197) that has made for the purpose of ratifying the Convention on Cybercrime, limited preservation of communication data by request from relevant authority has been newly approved. The provision accredits the government authority to request ISPs to keep their customer’s communications data in at most 30 days in case of specific criminal activities is detected without the court’s warrant. Some Japanese legal scholars criticize it from the viewpoint of privacy and secrecy of communication. The NISC's new strategy goes beyond it.


I will make a presentation that deals with this topic, especially how to solve the cybersecurity trade-off problems at the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Workshop on Systems Resilience (Budapest/Hungary) in next month.

And I'm preparing an article that forcuses on scanning and blocking communications in case of emergency, with analyzing 2,000 samples questionnaire data. That will be written in English.


[][]MIC proposed to establish Japanese CNIL


Yesterday, the Japanese MIC (Ministry of Internal Affairs and Communications) officially published a proposal document that recommends to establish a new independent privacy commission (Japanese version of CNIL).


This document contains topics as below;


  • Establishing a new independent privacy commission
  • Multi-stakeholder rule making process of self or co-reguratory rules
  • Mesures to deal with "potentially PII" data adequately, especially anonymized Big Data
  • Strengthening enforcement of self or co-regulatory rules
  • International harmonization and cooperation


As broadly known, Japanese privacy protection structure is not approved to have the "adequate level of protection" by the European Commission, mainly because of the absence of independent privacy commission. And Japan has not been able to make international safe harbor agreement such like the EU-U.S. agreement.


This is an important step for the future of the Japanese privacy law and policy.

Below is one of my articles witch deals with this problem, especially focusing on the issue of co-regulatory safe harbor approach. To realize it, Japanese CNIL is the necessary and central element.

(Sorry for Japanese only, I'm translating this article into English.)






Clerk of the U.S. House of Representatives
U.S. Customs and Border Protection
US Dept of Education
US Environmental Protection Agency
Federal Communications Commission (FCC)
Dept. of Homeland Security
US Agency for International Development
Dept. of Labor
Library of Congress
National Institutes of Health (NIH)
National Science Foundation (NSF)
U.S. Senate
Social Security Online
Open Government Initiative
Peace Corps
Dept. of State
The White House


Dept. for Business, Innovation and Skills
Cabinet Office
Central Office of Information (COI)
COI DigiGov
Dept. for Children, Schools and Families
Office of Communications (Ofcom)
Conservative party
DCMS Digital Britain team
Ministry of Defence
Directgov | innovate
Foreign Office (FCO)
HM Treasury
Dept. for International Development
Mayor of London
UK Parliament
Commission for Rural Communities
UK Trade&Investment


eGov Resource Centre
Victorian Government