- 6p: Fostering PSI (Public Sector Information) open data: PSI should be published in machine-readable format
- 7p: Enhancing big data utilization and privacy protection: Advancing international harmonization and establishing the new independent privacy commissioner (see also my recent blog post on the MIC's proposal)
The KANTEI is the coordinator of the Japanese overall IT policy, so tasks described here will be advanced by the all other government agencies. With regard to PSI open data, ministries and local governments has been distributing PSIs in disjointed formats and schemes. Privacy protection law and policy is in the almost same situation. I'm expecting this paper can harmonize and integrate them.
2) The Japanese METI (Ministry of Economy, Trade and Industry) published a new report on "personal data" protection and its industrial utilization. The word METI's "Personal Data" is very very hard to explain in english (this is different from the concept of the EU Data Protection Directive's one), so please understand it as a general concept referring to the information that can be linkable to an individual person.
- Establishing new entity that reviews and certificates privacy protection activities of companies (It seems like different from the "independent privacy commissioner")
Yesterday, the National Information Security Center (NISC) at the Japanese Cabinet Secretariat officially published a proposal document that recommends next strategies for Japanese cybersecurity law and policy.
This document contains topics as below;
- Enabling to scan and block e-mails that is suspected to contain malware or other message with harmful intent
- Legislating new law that requires ISPs of long term retention and preservation of all communication datas (Japanese version of the EU's Data Retention Directive, 2006/24/EC)
- Establishing a new cyber defense force under the Self-Defense Force
As a matter of course, the most important agenda is balancing privacy (secrecy of communication) and scanning/retaining communications. Under the Japanese Constitutional Law that became effective in 1947 and the other related privacy protection laws, the meaning of “secrecy of communication” is very broad. The latter article 21(2) of the Constitutional Law says that “No censorship shall be maintained, nor shall the secrecy of any means of communication be violated”.
The meaning of the word “communication” is interpreted as containing not only communication content itself, but also communication data by court and government (e.g.; government’s official commentary of Telecommunication Law of 1984 article 4). Even if the purpose is cyber security, government or ISP can’t scan or brock them without strongly clear and comprehensive consent of customers or other legitimate reason. How to amend or change the interpretation of secrecy of communication is very important topic in Japanese legal scholars in these years, in the context of blocking unlawful information including copyright infringement, child porn, and other harmful content.
In the 2011 amendment of the Japanese Criminal Procedure Law (article 197) that has made for the purpose of ratifying the Convention on Cybercrime, limited preservation of communication data by request from relevant authority has been newly approved. The provision accredits the government authority to request ISPs to keep their customer’s communications data in at most 30 days in case of specific criminal activities is detected without the court’s warrant. Some Japanese legal scholars criticize it from the viewpoint of privacy and secrecy of communication. The NISC's new strategy goes beyond it.
I will make a presentation that deals with this topic, especially how to solve the cybersecurity trade-off problems at the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Workshop on Systems Resilience (Budapest/Hungary) in next month.
Yesterday, the Japanese MIC (Ministry of Internal Affairs and Communications) officially published a proposal document that recommends to establish a new independent privacy commission (Japanese version of CNIL).
This document contains topics as below;
- Establishing a new independent privacy commission
- Multi-stakeholder rule making process of self or co-reguratory rules
- Mesures to deal with "potentially PII" data adequately, especially anonymized Big Data
- Strengthening enforcement of self or co-regulatory rules
- International harmonization and cooperation
As broadly known, Japanese privacy protection structure is not approved to have the "adequate level of protection" by the European Commission, mainly because of the absence of independent privacy commission. And Japan has not been able to make international safe harbor agreement such like the EU-U.S. agreement.
This is an important step for the future of the Japanese privacy law and policy.
(Sorry for Japanese only, I'm translating this article into English.)