The Protection of Private Data in Japan under Duress

Japan’s data protection framework faces significant challenges emerging from corporate structures as well as inadequate defences against human actors within the chain of data custody. Indian regulators can study and learn from the Japanese experience on the creation of a legal framework that takes due consideration of the norms of free enterprise while ensuring the safety and sanctity of personal data.

Personal data is the next great key resource shaping the future of human evolution, as epitomised by the phrase ‘data is the new oil’.1 This understanding has driven countries and societies to begin thinking deeply about the implications of handing over private data to a corporation, government or other entity. Japan’s status as a key United States ally as well as a developed economy makes it a strong player in the digital economy.

Recent string of incidents in the corporate domain have highlighted that Japan does not necessarily possess the strong safeguards seen elsewhere in the world to prevent data leakage from taking place. The Brief examines Japan’s existing legal and policy frameworks and assesses the implications for the future of data security and private data protection in the country. It will be argued that Japan’s data protection framework faces significant challenges emerging from corporate structures as well as inadequate defences against human actors within the chain of data custody.

On 5 March 2024, the Ministry of Internal Affairs and Telecommunications issued administrative guidance (gyōsei shidō) to social media entity LINE Yahoo! Corporation after it discovered a breach in the cloud services it had been subcontracting from Korean social media entity NAVER Korea.2 NAVER’s servers, containing LINE’s data on Japanese consumers, were found to be inadequately protected against unauthorised access, and a malware infection in one of NAVER’s subcontractors’ servers allowed external actors to access Japanese consumers’ data. The investigation found that ‘external actors’ had been able to access NAVER Cloud’s servers, which in turn gave them access to LINE’s data.

It is pertinent to observe here that LINE Yahoo! has been involved in a string of unauthorised data leakages in the past as well. In 2021, a Chinese subcontractor of the company was able to access user data in Japan and in August 2023, the company was found to be sharing user location information to NAVER, which in turn was giving its subcontractors access to its data. As a result, the Minister for Internal Affairs in a press conference reported that the ministry has placed LINE! Yahoo under a year-long watch list, after which further actions would be considered if no improvements were observed.3

Nippon Telegraph and Telephone (NTT) Corporation West, the branch of the semi-private national carrier handling operations in Western Japan, also came under the scanner after a former temporary worker at the company was arrested in January 2024. The staffer had........

© IDSA