Data Privacy in Japan

2018 may be remembered as the year that data privacy and protection became a pivotal issue globally. Everyone grew wary with the increase of massive data breaches and tech giants came under fire for their lack of transparency and flawed systems of data collection and sharing processes. The news seemed to cover endless privacy scandals and the threat of leaked personal information, as businesses urged users to frequently change their passwords and protect their accounts through additional security measures. As a response, governments across the world have been paving the way to some fundamental changes in the way that personal data is collected, stored, and shared, which will hugely impact both individuals and businesses in 2019.

A great agent of change in the global view of individual privacy came around when Europe’s General Data Protection Regulation (GDPR) was approved in 2016 and enforced on May 15, 2018. The GDPR is an effort to protect and empower the data privacy of European citizens by giving more control to individuals over their personal data and uniting regulations for international business within the EU. Businesses must disclose any data collection and its lawful purpose, as well as how long the data is kept and if it’s being shared with third parties. People have the right to request a portable copy of their data and even erase their data under certain circumstances. Controllers of data must safeguard it and use the highest privacy settings so the data can’t be used to identify people. Businesses that systematically process personal data are now required to hire a data protection officer and must report data breaches within 72 hours, with fines for any violations. The proposal for the GDPR was widely discussed with immense controversy but has also been lauded by businesses as an opportunity to improve their data management systems.

Following the GDPR, other countries, such as Argentina, Australia, and Brazil have moved to implement similar rules, as the approach to data privacy has taken a global shift. Japan has also aligned to the EU standards, amending privacy regulations to put in place stricter guidelines and limitations. The US is facing its own challenges of implementing a national privacy law. The California Consumer Privacy Act (CCPA), due to be enforced on January 1, 2020, will give citizens of California the right to download a copy of their data, edit/delete their data, and make choices about their sharing preferences. This will likely have broader implications, greatly affecting business models throughout the digital sector.

In July 2018, two months after GDPR went into effect, Japan and the EU agreed to establish data transfer rules and promote a free flow of personal data. This reciprocal agreement will allow personal data to be shared between companies in Japan and the EU without additional safety checks. This decision was made due to the level of protection and adequate safeguards offered by Japan’s Act on the Protection of Personal Information, amended and effective since 2017. The Personal Information Protection Commission (PPC), a government commission established on January 1, 2016 and responsible for the protection of personal information and enforcement of privacy regulations introduced additional safeguards to protect EU citizen’s data and for personal data transferred from EU to Japan in compliance with EU standards. The new standards to be worked out in 2019 will ensure that companies and other organizations work to protect individual privacies, with penalties for those who do not comply. This agreement will also restrict the transfer of personal data to countries such as China that lack appropriate privacy regulations.

Data security and privacy is also becoming a hot topic due in Japan to security concerns during the ongoing preparations for the 2020 Tokyo Olympics and Paralympics.

In November of 2018, Yoshitaka Sakurada, Japan’s cybersecurity minister, who is also the minister in charge of the 2020 Tokyo Olympics and Paralympics, made headlines around the world when he admitted that he doesn’t use a computer and wasn’t too familiar with cybersecurity. Though his admittance didn't inspire much confidence, the Japanese government has been stepping up its initiatives for security ideas in preparation for the games, by introducing a project to hack 200 million IoT devices and to install facial recognition technology at the games.

According to the Ministry of Internal Affairs and Communications Cybersecurity Office, two-thirds of the cyber attacks in Japan in 2016 targeted IoT devices. A high-profile event like the Olympics and Paralympics made it urgent for Japan to prioritize its security systems. Japan’s government has decided to take action to ensure the security of its citizens and visitors and their IoT hacking project is one example. 

The National Institute of Information and Communications Technology reported that starting February 20, 2019, they, along with the Ministry of Internal Affairs and Communications and in cooperation with telecommunications carriers, aim to survey vulnerable IoT devices across the country to prevent future cyberattacks targeting vulnerable devices. The “NOTICE” (National Operations Towards IoT Clean Environment) project will continue the survey for 5 years, with the intention of identifying devices such as those with weak passwords and alerting the telecommunications carrier so that they would be able to identify the user of the device and help them secure their device. They will use a list of the most commonly used passwords and default passwords, focusing on hacking devices such as routers and webcams in both home and business networks.

In an effort to improve security, the 2020 Tokyo Olympics and Paralympics will also be the first games to use facial recognition. NEC Corp’s facial recognition technology will allow athletes, officials, and other members cleared for access to enter restricted areas by identifying their faces, with a reported accuracy rate of over 99%. It will not be used for spectators of the events. This system is believed to help speed up the lines in the summer heat and increase security levels to prevent unauthorized access to the venues.