Spotlight: telecoms and internet access in Japan

An extract from The Technology, Media and Telecommunications Review, 11th Edition

Telecommunications & internet access

i Internet and internet protocol regulation

The MIC regulates internet and IP-based services (such as high-speed internet and VoIP), along with wired telephony and mobile phones, under the Telecommunications Business Act. The Act and the regulations thereunder emphasise protection of the secrecy of communications and the reliable and non-discriminatory provision of telecommunications services.

The Act not only regulates service providers that operate their own network facilities, but also service providers that facilitate telecommunications between users but do not operate their own network facilities (such as dedicated hosting services on which clients can operate an email server). Internet-based services that are not designed to facilitate telecommunication, such as internet banking and internet-based newsletter and media subscriptions, are not deemed to be telecommunications services and therefore are not regulated under the Act. However, personal matching services, SNS providers and other businesses not traditionally considered 'telecommunications' services may nonetheless be regulated under the Act, necessitating a filing with the MIC before commencing business.

ii Universal service

Under the Telecommunications Business Act and the NTT Act, the NTT group is required to provide wired telephony services (analogue or IP over optical fibre), pay phone services and emergency call services to all areas of Japan. NTT East and NTT West⁵ provide services to depopulated areas, and a telecommunications trade association comprised of each of the major telecommunications companies in Japan, then reimburses NTT East and NTT West for any cost deficits incurred by the NTT group's provision of the service. National law requires each telecommunication service provider connecting its network with that of NTT East or NTT West to pay a small fee (approximately ¥2 to ¥8, varying from year to year) per landline and mobile phone number (customer), which costs are typically passed along to individual users in connection with their monthly telephone service bills. Notwithstanding such funding assistance, NTT East and NTT West have operated at a deficit in their landline businesses due to the burden of owning and maintaining all of the facilities necessary to provide services to the entirety of Japan, even to rapidly depopulating areas. To reduce this burden, the NTT Act was amended in May 2020 to permit NTT East and NTT West to use wireless telecommunication facilities owned by other telecommunications companies to fulfil their duties of providing universal service.

Currently, there is no similar law requiring universal broadband service, but the MIC's Information and Communications Council announced in December 2019 that it is considering extending universal service requirements to include broadband service. Notwithstanding the lack of a formal requirement for universal coverage, as of 2015, the broadband infrastructure (3.5G, satellite internet, 3.9G, DSL, optics fibre/FTTH, etc.) penetration rate in Japan has already reached 100 per cent, and super-broadband infrastructure (optical fibre/FTTH, 3.9G and other infrastructure with data transmission speed over 30Mb per second, including DSL, FWA, satellite, BWA, etc.) penetration rate has similarly reached 99.98 per cent. That said, rolling out optical fibre will be especially important to enable the proliferation of 5G. Optical fibre's nationwide penetration rate is 98.8 per cent as of March 2019 but it is below 95 per cent in a few prefectures. The MIC is planning to complete installing optical fibre in all cities, towns and villages that desire it by March 2022.

Rakuten Mobile: a new mobile network operator service provider

Rakuten KK, a major e-commerce platform operator, has long had the largest market share of all mobile virtual network operators (MVNOs) in Japan. Its recently established subsidiary, Rakuten Mobile, was approved to become Japan's fourth mobile network operator (MNO) in April 2018. Rakuten Mobile was allocated 1.7GHz 40MHz bandwidth in April 2019, and shortly thereafter announced the launch of its MNO services. To consolidate its service offerings, Rakuten K.K. also assigned its MVNO business to Rakuten Mobile in April 2019.

Rakuten Mobile planned to launch MNO services by October 2019, but the launch was delayed because of delays in installing base stations. In the interim, Rakuten Mobile offered free service to around 5,000 customers in limited areas like Tokyo and Osaka while its full network service was being rolled out. Rakuten Mobile launched MNO services in April 2020, and seeks to attract customers by offering a competitively priced unlimited data plan – Rakuten reported that it has received over 1 million applications for the service as of 30 June 2020. However, data usage is capped at 5GB when roaming in areas where Rakuten has not yet built out its own network and relies instead on KDDI's network (i.e., areas outside certain major metropolitan areas like Tokyo, Nagoya and Osaka). Furthermore, Rakuten has only launched its 5G network in around 20 locales, which is limited compared to the other MNO providers.

Public Wi-Fi access

According to a 2017 survey of foreign visitors conducted by the Japan Tourism Agency, the lack of free public Wi-Fi in Japan was ranked the third most inconvenient aspect of their visit to Japan.

The MIC has been planning and implementing improvements to public Wi-Fi services in an effort to increase the number of foreign visitors to Japan. In particular, the MIC has been managing the implementation of the SAQ2 JAPAN Project⁶ since June 2014. The goals of the SAQ2 JAPAN Project include:

1. increasing the number of free Wi-Fi hotspots and improving the accessibility of these hotspots to the public;
2. facilitating the availability and installation of Japanese SIM cards for foreign mobile phone users in Japan;
3. reducing international roaming fees applicable to foreign mobile phone users in Japan; and
4. implementing multi-language interpretation systems (i.e., translation applications).

In November 2013, an NTT group affiliate began providing a smartphone application called Japan Connected-free Wi-Fi, which allows users to connect to approximately 190,000 public Wi-Fi access points across Japan,⁷ including those at airports, train stations, convenience stores and tourist spots, with a one-time new user registration. The smartphone application is available in 16 languages, including English, French, German, Spanish, Italian, Chinese, Korean, Thai and Bahasa Indonesia.⁸ This NTT group affiliate also continues to install additional Wi-Fi access points.

In preparation for hosting the Olympic Games in Tokyo that were originally scheduled to take place in 2020, in February 2016 the MIC issued a policy statement encouraging the adoption of a simplified and unified authentication protocol with the goal of increasing foreign visitors' access to free public Wi-Fi services. In furtherance of this goal, the MIC is conducting field tests to prove the workability of a unified authentication protocol using smartphone applications and is disseminating this protocol to local municipalities to aid in the revitalisation of local economies through increased tourism. On behalf of the MIC, Gateway App Japan, a non-profit organisation, publishes a smartphone application called the Omotenashi app⁹ with the cooperation of KDDI and SoftBank, the primary competitors of the NTT group. It has yet to be decided whether the two smartphone applications (Japan Connected-free Wi-Fi and the Omotenashi app) will be consolidated or made compatible. Recently, a handful of private companies, such as Accenture and SoftBank, have launched first-party applications enabling foreign visitors to access thousands of Wi-Fi access points across Japan. With users' consent, some of these private companies gather anonymised data from the use of their applications, including data user attributes and location history, which they then analyse and sell to third parties as reports.

Tokyo Metro, a railway company owned by the Japanese national and local Tokyo governments that operates many of the subway lines in Tokyo, provides public Wi-Fi access points at nearly all stations. In 2017, Tokyo Metro announced that it would equip all of the subway trains it operates with Wi-Fi by 2020. Both Japan Connected-free Wi-Fi and Travel Japan Wi-Fi will be available on these trains.

In January 2019, the government began imposing a ¥1,000 departure tax, informally known as the 'international tourist tax', on all foreign visitors to improve Japan's tourism infrastructure, including through the proliferation and enhancement of public Wi-Fi.

Separately from the above improvements to free Wi-Fi services, major Japanese mobile phone service providers have established an emergency disaster service set identifier (SSID): 00000JAPAN. This SSID enables each Wi-Fi user to use all Japanese mobile service providers' Wi-Fi networks during natural disasters regardless of the provider to which they are subscribed.¹⁰ This SSID was made available for the first time during a two-week period following an earthquake in the Kumamoto area in April 2016. More recently, this SSID was activated following flood disasters in the Hiroshima and Osaka areas in July 2018 and September 2018, respectively, as well as following a large earthquake in Hokkaido in September 2018, and severe typhoons during the fall of 2019. During the 2018 Hokkaido earthquake, however, the Wi-Fi access points were rendered unusable due to widespread electrical outages. In light of growing security and privacy concerns, the MIC recently warned that communications sent through this SSID are intentionally unencrypted to prioritise accessibility, and therefore subject to interception by third parties.

Use of foreign mobile devices

As a general rule, it is prohibited to use mobile devices in Japan that do not meet Japanese radio wave emission standards, and with respect to which the manufacturer has not obtained authentication from the government. Therefore, until relatively recently, many foreign visitors' use of their personal mobile devices in Japan was technically illegal, although there are no known cases of any foreign visitor being charged with Radio Act violations for personal mobile device use. In August 2016, an amendment to the Radio Act took effect, permitting foreign visitors to Japan to use their personal mobile devices (even if not authenticated in Japan) for up to 90 days, so long as the devices have either been certified by the Federal Communications Commission in the United States or received CE certification in the European Economic Area using standards equivalent to those imposed upon Japanese technology. This Radio Act amendment was implemented to encourage foreign tourists to visit Japan in anticipation of the Olympic Games originally scheduled to take place in 2020. While there had previously been concerns that devices not authenticated in Japan could adversely affect the radio use environment, the MIC eventually concluded that the likelihood of any adverse effect was minimal. The MIC further loosened the restrictions to allow Japanese residents to use foreign mobile phones for R&D purposes via an amendment to the Radio Act. Under the amended Radio Act, which came into force in force in November 2019, Japanese residents are permitted to use foreign mobile phones for R&D purposes for up to 180 days, though the user is required to file a prior notification with the MIC and this exception only allows users to connect devices that have received certain foreign certifications to Wi-Fi or Bluetooth.

In addition to government-imposed restrictions, private companies in Japan have in certain cases voluntarily adopted policies prohibiting the sale of certain foreign mobile devices. In May 2019, for example, NTT DOCOMO, KDDI and Softbank voluntarily ceased distribution of mobile devices manufactured by Huawai after sanctions were imposed upon it by the United States. These carriers eventually resumed sales of Huawei devices after the US government announced it was extending the pre-'ban' grace period.

Proliferation of the IoT

To address the rapid increase in the number of IoT devices, which could exhaust the number of available mobile phone numbers, the MIC in January 2017 amended its regulations on the assignment of phone numbers to assign the designation '020' to M2M data connection devices, keeping them separated from standard mobile numbers designated with '090', '080' and '070'. It is expected that M2M data connections conducted through mobile networks will initially be used primarily for telemeters (e.g., remote management of water and gas meters, vending machines and elevators) and telematics (e.g., GPS and other information services equipped in vehicles) and will eventually cover connected cars and other IoT devices. NTT DOCOMO, KDDI and several MVNOs commercially launched M2M data connection services in October 2017.

New regulations have recently been adopted to address IoT devices' vulnerability to cybercrime (see the 'Cybercrime' section below).

IP network

In November 2015, NTT announced a plan to switch from the use of fixed-line PSTN to IP telephony. According to NTT's updated implementation plan, NTT will commence work on the switch to IP telephony in January 2024 with planned completion in January 2025. As the existing PSTN is a fundamental telecommunications infrastructure, the MIC is paying close attention to what kind of IP telephony will emerge as well as the process through which NTT will transition away from PSTN. In light of the importance of PSTN to the existing infrastructure, in February 2016 the MIC asked the Telecommunication Council to identify potential issues that could arise from the switch to IP telephony. To mitigate certain concerns identified by the Council (such as consumers' ability to retain existing telephone numbers), the MIC presented a proposed amendment to the Telecommunications Business Act to the Diet in March 2018, which was subsequently enacted in May 2018. Under the proposed amendment, each telecommunication company must obtain the MIC's approval of its plans regarding the use of telephone numbers, and must thereafter comply with the approved plans. Additionally, when telecommunication companies cease to provide services during the shift to IP telephony, those companies must file notice of such cessation with the MIC so that the MIC may make a public announcement of the terminating services to customers.

iii Restrictions on the provision of service

The telecommunications industry in Japan has traditionally been dominated by NTT East and NTT West and by three major private telecommunication companies: NTT DOCOMO, KDDI and SoftBank. A fourth major service provider, Rakuten Mobile, was granted an MNO business licence in April 2018 and launched commercial MNO services in April 2020. Because existing providers can become dominant to the exclusion of new entrants once their network or technology standard has been adopted by a critical mass of users, the MIC and the Japan Fair Trade Commission (JFTC) have jointly adopted guidelines to regulate anticompetitive practices by service providers with high market shares. For example, the guidelines state that the JFTC could take corrective action, such as issuing a cease and desist order, if a telecommunications service provider with a high market share, such as a mobile phone carrier, were to contractually restrict its customers from switching to another service provider or to charge an excessive cancellation fee for doing so.

Pricing restrictions

Under the Telecommunications Business Act, prices charged to end users by NTT East and NTT West for wired telephony and payphone services are subject to caps to be determined by the MIC. These caps are intended to prevent these companies from abusing their near-monopoly over these fundamental services and to encourage them to improve efficiency. Prices to be charged by NTT East and NTT West for optical data services, and prices to be charged by KDDI, NTT DOCOMO and SoftBank for mobile services, must all be submitted to the MIC for review before implementation. If the MIC finds a pricing scheme inappropriate, either because it is anticompetitive or otherwise significantly unreasonable, the MIC may require the carrier to change its pricing scheme. Otherwise, prices charged to end users and the other terms of service are not regulated. This may change, however, as the government has recently started applying pressure on the major telecommunications companies to reduce prices for mobile phone services.

As a general rule, all telecommunication business licence holders must provide access to any other carrier that seeks to interconnect with their network. However, the prices charged for, and the methods of, interconnection have been areas of both public controversy and regulatory scrutiny. Telecommunications companies have pressed for greater access to NTT's infrastructure, including its optical fibre network. NTT only provided access to its fibre optic network on a bulk basis until 1 February 2015, after which NTT East and NTT West respectively began to offer single-line fibre optic wholesale to other carriers, including to non-traditional telecommunication companies such as Sohgo Security Services (ALSOK) and Tsutaya, a rental video company. These fibre optic wholesale programmes are designed to facilitate fibre optic use by reducing fees for fibre optic services at the end user level. As of December 2018, approximately 751 operators had commenced use of these fibre optic wholesale services.

Prior to the commencement of NTT's fibre optic wholesale programme, there were competition-related concerns stemming from the confidential nature of NTT East's and NTT West's contracts with the secondary retailers to whom they provided fibre optic wholesale services. At the time, other major telecom service providers, such as KDDI and Softbank, expressed concerns that NTT East and NTT West were providing their fibre optic wholesale services to NTT group companies at lower prices than to unaffiliated companies, which in turn enabled NTT group companies to provide fibre optic services to end users at lower prices. In response to these concerns, the MIC issued guidelines relating to the provision of fibre optic wholesale that prohibit the disparate treatment of select service providers and also provide the MIC with potential enforcement mechanisms. A survey conducted by the MIC showed that NTT DOCOMO and NTT Communications (a data communication company within the NTT group) obtained approximately 60 per cent of the fibre optic wholesale service market by offering large fee discounts on their respective mobile services to end users. Given the prominence of this market share, and due to their relationship to NTT East and NTT West, other fibre optic service providers have argued that the discounted fees charged by NTT DOCOMO and NTT Communications are anticompetitive in nature. To address these concerns, the MIC decided in May 2016 to launch investigations into NTT DOCOMO's business practices. In its investigation report, which was issued in August 2018, the MIC concluded that the discounted fees charged by NTT DOCOMO and NTT Communications did not constitute anticompetitive practices. However, the MIC did determine during its investigation that NTT DOCOMO's online description of the terms and conditions applicable to its pricing discount was misleading to customers. NTT DOCOMO voluntarily modified this description, but in June 2018 the MIC nonetheless issued an administrative direction to NTT DOCOMO to prevent future occurrences of misleading marketing.

MVNOs

Along with the introduction of fibre optic wholesale services, the availability of mobile line wholesale services MVNOs in Japan has also begun to expand. While MVNOs have existed in Japan since 2001, until recently the number of service providers and subscribers had been few in number. In 2007, the MIC's guidelines regarding MVNOs were amended to clarify the relative rights and obligations between MVNOs and MNOs, and a formalised dispute settlement procedure was established. After this amendment, the number of MVNO service providers using MNOs' mobile lines or WiMAX lines significantly increased. In 2014, the guidelines for the operation of Type II designated telecommunication facilities were amended, which included a change in the calculations for mobile line wholesale pricing. These calculation changes have reduced mobile line wholesale prices to the benefit of MVNOs. More recently, in 2017 the guidelines regarding MVNOs were amended twice to, among other things, clarify that the MIC is authorised to issue business improvement orders to MNOs who discriminate against MVNOs with respect to providing access to its network.¹¹

The aforementioned guideline amendments have spawned a recent increase in MVNO activity. In FY 2013, only 22 MVNOs provided data communication services or voice communication services in Japan. However, as of March 2020 the number of active MVNOs has increased to 1,128. Correspondingly, there were 24.65 million MVNO subscribers by March 2020, up from 7.17 million in December 2013. However, despite this recent increase in MVNO activity, MVNO service subscribers still only constituted 13.2 per cent of all mobile service subscribers as of March 2020.

Anticompetitive business practices

One of the reasons MVNO penetration remains low stems from MNOs' common practice of permitting subscribers to purchase new mobile devices on monthly instalment plans – often simultaneously offering discounts on monthly subscription fees equal to or greater than the amount of such monthly instalment payments. MNOs advertise that this instalment and discount programme renders subscribers' new devices 'effectively free'. In contrast, the vast majority of MVNOs do not have the financial resources to permit subscribers to pay for new mobile devices in instalments. Instead, MVNO subscribers seeking a new mobile device must often pay its entire purchase price upfront. This resource disparity has made it difficult for MVNOs to compete with MNOs for new subscribers.

Recognising the high barriers to entry created by these 'effectively free' mobile device programmes, in March 2016 the MIC issued guidelines compelling MNOs to decrease the size of their mobile device discounts so that subscribers are required to make reasonable payments toward their new devices. The intended result of these guidelines is to bolster competition and, eventually, reduce mobile service subscription fees. In October 2016, the MIC issued official warnings to NTT DOCOMO, KDDI and SoftBank for attempting to subvert the March 2016 amended guidelines by distributing coupons to subscribers and potential subscribers in lieu of discounts.

The MIC has also made efforts to address the issues of SIM locking and mandatory two-year service contracts with automatic contract renewal, in each case to facilitate competition between MNOs and MVNOs and reduce consumers' mobile expenses.

Since the MIC's initial adoption of guidelines in 2010, it has encouraged mobile service providers to provide SIM unlock options for customers' mobile devices, as it believes that the practice of SIM locking prevents consumers from freely choosing mobile service carriers and causes competition stagnation. Following an August 2018 amendment to the guidelines, mobile service providers will be required to honour SIM unlock requests for all mobile devices effective as of 1 September 2019, including devices purchased on second-hand markets, other than mobile devices for which the purchase price is being paid in instalments (in which case, SIM unlock requests must still be honoured starting 100 days after the purchase).

Until recently, there had been little progress toward the abolishment of automatically renewing two-year service contracts. For years MNOs frequently required customers enjoying the benefits of their 'effectively free' mobile device programmes to enter into two-year contracts under which customers were required to pay approximately ¥10,000 for early termination, plus an accelerated payment of the purchase price of a smartphone that would otherwise be paid by instalments during the two-year term. The two-year contract system, in conjunction with the effectively free mobile device practice, has long been identified as reducing customers' freedom of choice in mobile service carriers. Though the MIC issued guidelines on numerous occasions over the years to address these contracting practices, which it viewed as raising anticompetitive concerns, the guidelines were largely ineffective at addressing the fundamental issue of automatically renewing two-year contracts.

However, the Japanese government finally took the next step in May 2019 by legislatively imposing restrictions on the use of automatically renewing two-year contracts through an amendment to the Telecommunication Business Act – a significantly more affirmative step than its prior non-binding guidelines. As a general principle, the newly amended Telecommunication Business Act prohibits the use of any contract provisions that would restrict consumers' ability to terminate their mobile service contracts if the restrictions rise to a level that would be deemed to have anticompetitive effects. Given the generality, the MIC has been delegated the task of adopting specific regulations to carry out this mandate. The MIC has drafted proposed regulations to clarify the types of anticompetitive behaviour that are prohibited under the amended Telecommunication Business Act, which have been reviewed by the Information & Communication Council and are in the process of being revised. The latest draft of the MIC's proposed regulations lists, among others, the following as examples of prohibited provisions in consumers' mobile service contracts:

1. any termination penalty (regardless of amount) in conjunction with a contract term longer than two years;
2. regardless of contract length, any early termination penalty in excess of ¥1,000; and
3. automatic renewal clauses coupled with an early termination fee, regardless of the initial contract term, unless the following conditions are met:
   • the contract must be terminable without a fee during a minimum three-month window – extending from one month prior to expiry of the original contract term through the first two months of the renewal period;
   • consumers must be given the choice, upon execution of the original contract, not to have any termination penalty apply to renewal periods;
   • consumers must be given the choice, at the time of automatic renewal, not to have any termination penalty apply to that renewal period; and
   • the service provider cannot change pricing or terms to incentivise customers to consent to a longer termination penalty period.

The MIC has also recently begun analysing the state of competition between MVNOs. In particular, the MIC has expressed concerns that MNOs might favour affiliated MVNOs and, in turn, discriminate against unaffiliated MVNOs by providing them slower data traffic speeds. The MIC did not mention any MNOs by name, but many commentators believe that the MIC was referring specifically to KDDI (with respect to UQ Communications, an MVNO that is 32 per cent-owned by KDDI) and SoftBank (with respect to Y!Mobile, a low-cost mobile service affiliated with SoftBank). In October 2018, the MIC established new regulations prohibiting MNOs from discriminating between MVNOs with respect to data traffic speeds.

Similar to the primary mobile service providers described above, the MIC has also recently expressed concerns that the market shares of UQ Communications and Wireless City Planning (WCP) could permit them to stifle competition by rejecting competitor MVNOs' requests to connect to their telecommunication facilities. In response, the MIC designated UQ Communications and WCP as 'Type II designated telecommunication' companies effective as of December 2019. This designation requires UQ Communications and WCP to each file with the MIC its respective terms and conditions regarding competitor MVNOs' access to its telecommunication facilities.

In light of increasing customer complaints, effective as of October 2018, the amended regulations implementing the Telecommunication Business Act added MVNO voice communication services to the list of services for which customers have an eight-day 'cooling-off period' after signing a new service contract, during which the agreement can be terminated without penalty.

The MIC also seeks to address another competition issue – the cost of complying with the Telecommunication Business Act may differ between Japanese enterprises and foreign ones. The cost difference is primarily owing to the difficulty of extraterritorial enforcement of the act, resulting in uneven enforcement between domestic and foreign enterprises. Under the current Telecommunication Business Act, a foreign company is not subject to extraterritorial enforcement unless the company has an establishment or a facility in Japan, even if it provides services to Japanese consumers. To address this gap, the MIC amended the Telecommunication Business Act in May 2020 to extend its extraterritorial enforcement to foreign enterprises that provide services to Japanese customers that are equivalent to those provided by domestic enterprises that are regulated by the Telecommunications Business Act. These amendments are expected to be in full force by May 2021. The amended Telecommunication Business Act requires such foreign telecommunication companies to register with the MIC and to designate a local representative in Japan to ensure that the MIC can realistically enforce sanctions. This Amendment also aims to enhance the protection of Japanese consumer's privacy rights. As a consequence of extraterritorial application, even foreign telecommunication companies must comply with the obligation to protect the consumer's right to 'secrecy of communication', which is protected even more stringently than personal data under Privacy Act. However, foreign telecommunication companies may face difficulty in complying with these 'secrecy of communication' requirements because the regulations do not always clearly identify what categories of data fall within those requirements in the context of digital communication (which may include header-data, IP addresses, location data, etc.), despite the MIC's issuing guidelines that provide some (incomplete) clarity as to this issue. Foreign telecommunication companies should monitor how discussions develop with respect to understanding these requirements and the MIC will hopefully issue further guidelines as recommended by Information and Communications Council.

Unsolicited communications

Separate regulations exist in Japan restricting unsolicited texts and emails and unsolicited phone calls. With respect to unsolicited texts and emails, the Act on Regulation of Transmission of Specified Electronic Mail prohibits:

1. the transmission of emails using false sender information as a means of advertisement for the sender's own or another person's sales activities;
2. the transmission of emails to persons who have not opted in to receive such specified emails; and
3. even where the recipient has opted in to receive emails from the sender, the transmission of an unreasonably large number of emails for the purpose of corroborating or promoting the sender's own or another person's sales activities.

Violators of these prohibitions on unsolicited texts and emails may face penalties of up to one year's imprisonment or a fine of up to ¥1 million. Regulations pertaining to unsolicited phone calls are handled at the local prefectural level. Accordingly, each local prefectural government has established a local ordinance prohibiting the making of unsolicited phone calls. For example, in July 2018 the Metropolitan Government of Tokyo increased penalties under an anti-nuisance ordinance prohibiting continued unsolicited phone calls, facsimiles, emails, and SNS messages, with offenders now being penalised with up to one year's imprisonment or a fine of up to ¥1 million.

As a result of a study conducted by the Working Group on Consumer Protection Rules based on the MIC's collection and analysis of consumers' complaints trends the MIC has recognised that there are widespread consumer complaints about solicitations made by telecommunication business providers that intentionally mislead consumers as to the identity of such provider or omit the purpose of communication (e.g., to solicit customers to enter into subscription contracts they may not desire). Some consumers were induced to enter into agreements with small-sized enterprises that misleadingly portrayed themselves as larger, more well-known enterprises, while others switched service providers under the mistaken belief that they were just switching to a different subscription plan provided by their existing service provider. To address these issues, the MIC amended the Telecommunication Act to require telecommunication service providers and distributers to clearly state their identity and the purpose of a communication prior to each communication for solicitation. The amendment came into full force and effect in October 2019.

iv SecurityProtection of personal information

In keeping with Japan's constitutional protection of freedom of speech and secrecy of communication, the Telecommunications Business Act prohibits ISPs from censoring or infringing on the privacy of communications passing through their networks.

As a general matter, the Law Concerning the Protection of Personal Information (the Privacy Act) protects personal information or data that can be used to identify specific living persons. Under the Privacy Act, the entities handling such information are required to publish a 'purpose of utilisation' regarding its use. Personal information incorporated into a database must be kept accurately, and necessary and proper measures to maintain its security must be instituted. Any person whose personal data is kept in a database for more than six months has a right to request access to the data, and add to, modify or delete it. In August 2015, the Privacy Act was amended to strengthen the protection of personal information, including through expanded protection of sensitive personal information, restrictions on the transfer of personal information outside Japan and the establishment of protocols for the use of anonymised data to facilitate big data analysis.

Further, the MIC has issued Privacy Act guidelines that are specific to telecommunications businesses. As these guidelines are structured to reflect the requirements under both the Privacy Act, which generally applies to all businesses handling personal information, and the Telecommunications Business Act, which provides protections relating to the secrecy of communication (a constitutional right), they are considered even more stringent and robust than the Ministry of Economy, Trade and Industry guidelines, which solely reflect Privacy Act regulations. Under the MIC's Privacy Act guidelines, information related to persons making or receiving communications, such as their usage history, identity and user location, may only be disclosed to third parties in very limited circumstances, such as pursuant to a search warrant. In addition, the MIC's Privacy Act guidelines were amended on 2 November 2011, allowing telecommunications business providers to provide a user's locational information to third parties only if they have the user's consent, a search warrant or other valid justification; and to obtain a user's locational information pursuant to law enforcement agencies' requests only if a warrant is issued. The MIC's Privacy Act guidelines also require telecommunications businesses to establish internal regulations regarding the length of time they may retain communication log records, and to delete this information after the expiry of such period. In June 2015, the MIC amended the guidelines again to set out a suggested length of time during which communication log records may be retained (six months to a year, depending on the business reasons for retaining such information).

In response to amendments to the Privacy Act, the MIC, in April 2017, amended the guidelines to, among other things, require telecommunications business operators to publish privacy policies regarding their collection and use of private information and, in particular, the collection of information through smartphone applications. Telecommunications business operators are particularly likely to transfer personal data across borders, which is subject to certain restrictions under the Privacy Act when a business operator processing personal data in Japan transfers the data to third parties located in foreign countries. Even foreign businesses (not directly processing personal data in Japan) should pay attention to the extraterritoriality of Japan's data privacy rules, which is triggered when the foreign business collects personal data from a data subject located in Japan when supplying goods or rendering services to him or her. In an effort to facilitate the international exchange of information, in July 2018 the Personal Information Protection Committee and the Commissioner for Justice, Consumers and Gender Equality of the European Commission mutually recognised each other's personal data protection regimes as equivalent. Beginning in January 2019, the restrictions on the cross-border transfer of personal data between Japan and the EU have been exempted.

Further amendments to the Privacy Act were passed in June 2020. The amendments pertain to various matters, including the enhancement of data subject rights, narrowing the scope of permissible opt-out transfer of personal data, creating a new category of 'pseudonymised data' with less cumbersome requirements, heightening filing duties upon data breach, strengthening extraterritorial enforcement, etc. Regulations implementing the new amendments and guidelines are expected to clarify how to manage day-to-day data operation in compliance with the amendment by around June 2022, at which time the amendment is likely to come into full force and effect.

The Japan Fair Trade Committee (JFTC) has also approached personal data protection from the perspective of competition law. In December 2019, the JFTC issued guidelines on abuse of market dominance in the context of digital platforms collecting personal data from platform users. This suggests that in the JFTC's view, abuse of market dominance could occur in the business-to-consumer context, rather than solely in the business-to-business context. Whether a digital platform provider has 'market dominance' is a fact-intensive inquiry. The JFTC guidelines list types of behaviour constituting 'abuse,' which mainly consist of violations of the Privacy Act. However, it should be noted that the guidelines are non-exhaustive – other behaviour may constitute 'abuse' even if it does not violate the Privacy Act. Also, certain 'abusive' behaviour covers collection of information which is related to a person but not identifiable. Such unidentifiable information is not protected by the Privacy Act, but the JFTC may still seek to protect it.

At the same time, in the furtherance of the Society 5.0 initiative, which will be facilitated by easier data circulation, the government has sought to establish systems by which data subjects can provide personal data in exchange for services, while being protected against illegitimate use of such data. As a result, the personal information bank (PIB) regime has been adopted. Under this regime, a PIB enters into a contract with a data subject under which the PIB is authorised to manage the data subject's personal data, and when necessary, to collect personal data which the data subject already provides to other companies (such as e-commerce platform, SNS, etc.). When a company desires to use the personal data managed by the PIB, the PIB is authorised to determine whether to give the consent to such usage on behalf of the data subject following the general policy specified by the data subject. The data subject also has the right to opt-out of usage. There are no constraints on the kinds of benefits that may be offered to data subjects in exchange for access to their personal data. Accordingly, the PIB may offer benefits to incentivise the data subjects to participate in its service.

A PIB is not legally required to obtain any governmental licence to operate its data business, but a PIB may obtain certification from the Information Technology Federation of Japan (ITFJ) if desired, primarily to demonstrate the PIB is reputable. The MIC and METI issued the latest guidelines setting forth the criteria that an applicant must satisfy to obtain such certification in October 2019. As of April 2020, five PIBs have obtained the ITFJ certification and one PIB has launched data services.

Protection of digital platform users

As illustrated by the JFTC's approach to digital platform operators' collection and processing of personal data, Japanese regulators have taken great interest in protecting users (both of marketplace participants and customers). For this purpose, the Ministry of Economy, Trade and Industry (METI), JFTC and MIC pushed for the Act For Transparency of Digital Platformer Transaction (the Platformer Act). The Platformer Act was enacted in June 2020, and is expected to be in full force around June 2021.

METI is expected to specify the digital platform businesses that will be subject to the Platformer Act (specified platformer). The list of specified platformers has not been released, but foreign digital platform businesses operating in Japan are likely to be treated similarly to Japanese digital platform businesses because officers of METI explicitly announced that Platformer Act will apply to both foreign and domestic digital platform businesses. Specified platformers will be subject to three types of obligations: (1) disclosure requirements; (2) requirements to establish procedures and structures to effectively communicate with marketplace participants and to handle inquires and complaints from marketplace participants; and (3) requirements to submit annual reports to METI on the compliance status and self-assessment thereof with respect to compliance with the requirements of (1) and (2). In order to comply with the disclosure requirements, a specified platformer may need to disclose items that are not included in typical terms of use, including the criteria used to determine the ranking of products, and the criteria for banning participation in a marketplace.

Treatment of infringing content

ISPs are not currently required to proactively delete content that infringes upon the intellectual property rights or privacy of others. However, the Internet Provider Liability Limitation Act, enacted in 2001, provides a safe harbour for ISPs that delete such content. Under this safe harbour, no ISP may be held liable for the deletion of content on its network if the ISP reasonably believes that the content infringes the intellectual property rights or privacy of others, or if a third party alleges infringement and the content sender does not respond to the ISP's inquiry within seven days. The Internet Provider Liability Limitation Act further shields ISPs from tortious liability for failing to delete infringing content. In reliance on this statutory defence to liability, ISPs generally do not take steps to monitor the content passing through their networks. The Act does, however, authorise persons whose rights are infringed by content delivered over the internet to demand information regarding the sender of the content from ISPs so that legal action may be taken against the sender. However, as a practical matter, it is often not possible to identify the original sender of such infringing content where content passes through multiple networks. In recent years, the government has paid close attention to piracy issues affecting Japanese businesses, in particular those piracy activities that target the types of media relevant to its Cool Japan policy (e.g., manga and animation).

In April 2018, the IPSHQ took what many viewed to be an aggressive step by issuing a policy called Urgent Countermeasures against Piracy Sites directed at piracy issues. Under this policy, the IPSHQ declared that it is appropriate for private ISPs to voluntarily block access to three major piracy websites: Manga-mura, Anitube and Miomio. The policy does not legally oblige ISPs to block access to these sites, but the IPSHQ nonetheless expects ISPs to voluntarily comply. Notably, there has been strong backlash against the policy from the Japan Internet Providers Association, which has argued that blocking access to these sites violates laws protecting the secrecy of communications. According to the IPSHQ, the policy is simply a temporary measure intended to bridge the gap until the government passes more permanent legislation concerning piracy websites. The IPSHQ established a council of experts for the purpose of drafting such legislation, and initially targeted the issuance of an interim report in September 2018. However, there has been strong disagreement among the council's members concerning the legitimacy of blocking access to online content, which led to a failure to meet the intended report timing. The final meeting of the council in October 2018 ended without a subsequent meeting being scheduled. According to reports, the council may discontinue further discussions.

Although the IPSHQ did not reach a consensus, the ACA approached this issue from the perspective of the Copyright Act and successfully pushed for an amendment thereto, whereby an operator of piracy sites is subject to a criminal penalty of imprisonment up to five years or fines of up to ¥5 million or both, and a person posting a hyperlink to infringing content on a piracy site is subject to imprisonment up to three years or fines of up to ¥3 million. In addition to the ban on piracy sites, the ACA addressed illegal downloads of infringing content. Before the amendment, the statutory ban on illegal downloads pertained only to a limited category of infringing contents: music and movies. The amended Copyright Act will ban downloads of all the categories of infringing contents, including books, theses and computer programs. The ban on piracy sites will come into full force and effect on 1 October 2020. The extension of infringing content categories come into full force and effect on 1 January 2021.

Protection of minors

A statute for the protection of minors from harmful internet content, known as the Youth Internet Environment Act, became effective in April 2009. The statute directs government bodies to improve internet safety for juveniles (under the age of 18) by encouraging ISPs to use technologies that limit juvenile access to harmful content. The statute targets content glorifying crime or suicide, obscene sexual content, and other depictions of extreme violence or cruelty. The statute further exhorts parents to monitor their children's internet use, and to limit access to inappropriate content by using filtering software and other measures.

The statute requires mobile network service providers to filter internet content for customers that are juveniles, except where a parent has expressly requested that filtering not be used. Under the Act, commencing in April 2010, manufacturers of devices with internet connectivity (other than mobile phones) became required to pre-install filtering software or otherwise facilitate the use of third-party filtering software or services. Initially, the Act did not impose any filtering-related requirement on mobile phone use outside the mobile network (e.g., on Wi-Fi) partly because only 1.5 per cent of juveniles owned smartphones in 2010. However, as of 2017, 63.2 per cent of juveniles owned smartphones, and only 44 per cent of those juvenile smartphone users utilised filtering software. This means that a large population of juveniles could have been exposed, or at least had access, to inappropriate content in an unfiltered manner. In June 2017, the Act was amended to include smartphones within the scope of mobile network service providers' obligations to filter internet content and manufacturers' obligations to pre-install filtering software. The amended Act also requires mobile network service providers (i.e., MNOs and MVNOs) to confirm whether each new subscriber is a juvenile, and if so, to explain filtering to such juvenile and activate filtering. The amended Act became effective in February 2018.

Cybercrime

In Japan, cybercrime has long been an area of public concern. In recent years, law enforcement has focused its efforts on combating cybercrime related to computer hacking through the unauthorised use of IDs and passwords, and other attacks on security holes; the distribution of computer viruses, and the input of data and unauthorised commands that can cause damage to computers and data; and other types of crimes facilitated through the internet, such as drug trafficking, prostitution, fraudulent internet auctions and child pornography.

Combating the distribution of child pornography has been an area of particular scrutiny and public interest. The Act on Punishment of Activities Relating to Child Prostitution and Child Pornography and the Protection of Children, originally passed in 1999, prohibits the distribution of child pornography. This Act was amended in 2004 to outlaw the uploading and distribution of child pornography over the internet, and was further amended in 2014 to criminalise the simple possession of pornographic images featuring minors and to require ISPs to block such pornographic material.

To combat increasing cybersecurity threats, the Basic Act on Cybersecurity was enacted in November 2014. The Act prescribes the concept of cybersecurity and defines the roles and responsibilities of the government. In January 2015, the Cybersecurity Strategic Headquarters (Headquarters) and National Center of Incident Readiness and Strategy for Cybersecurity were established to facilitate programme planning, policy formulation and overall coordination for cross-cutting cybersecurity measures.

With respect to government authorities' ability to monitor the content of telecommunications, law enforcement authorities were previously only permitted to utilise wiretapping during criminal investigations of organised crime for murder, drug-related crimes, arms possession or stowaway smuggling by obtaining a wiretap warrant pursuant to the Act for Wiretapping for Criminal Investigation (Wiretapping Law). However, in April 2016, the Wiretapping Law was amended to permit wiretapping to be used in criminal investigations underlying a broader scope of organised crimes, including those involving the use of explosive materials, kidnapping, fraud, theft and child pornography.

The MIC has expressed particular concerns that IoT devices are vulnerable to malware that could render them 'zombies' subject to manipulation by a cyber-attacker. The MIC has stressed that, to implement countermeasures against cyberattacks, it is essential to have specific information relating to the servers used for cyberattacks and infected networks. However, it was difficult for telecommunications business operators to share such information with one another in light of legal obligations to protect the secrecy of communications under the Telecommunications Business Act. In May 2018, the Telecommunications Business Act was amended with the goal of establishing a legal framework to permit the sharing of information among telecommunications business operators for cybersecurity purposes. Under the amended Telecommunications Business Act, a third-party organisation designated by the MIC will act as a hub through which the relevant information will be shared among telecommunications business operators without violating the secrecy of communications. In January 2019, the MIC designated ICT-ISAC Japan, a cybersecurity research organisation, to act as the third-party for these purposes. In addition, the Act on National Institute of Information and Communications Technology (NICT) has been amended to authorise the NICT to assess networks and identify those lacking appropriate password configurations. The NICT will identify the specific networks and convey the particular network-specific information to telecommunications business operators via a designated third-party organisation so that they can warn network owners of any password configuration deficiencies. The NICT began operating in February 2019 under the project name 'NOTICE' (i.e., the National Operation Towards IoT Clean Environment). Following these cybersecurity developments, the Telecommunication Business Act was correspondingly amended in April 2019 to add new data security requirements to the technological specification requirement for IoT terminal equipment.