An extract from The Technology, Media and Telecommunications Review, 12th Edition
Telecommunications and internet accessi Internet and internet protocol regulation
The MIC regulates internet and IP-based services (such as high-speed internet and voice over internet protocol), along with wired telephony and mobile phones, under the Telecommunications Business Act. The Act and the regulations thereunder emphasise protection of the secrecy of communications and the reliable and non-discriminatory provision of telecommunications services.
The Act not only regulates service providers that operate their own network facilities, but also service providers that facilitate telecommunications between users but do not operate their own network facilities (such as dedicated hosting services on which clients can operate an email server). Internet-based services that are not designed to facilitate telecommunication, such as internet banking and internet-based newsletter and media subscriptions, are not deemed to be telecommunications services, which would require a filing with the MIC. However, personal matching services, social network services (SNS) providers and other businesses not traditionally considered telecommunications services may nonetheless be regulated under the Act, necessitating a filing with the MIC before commencing business.ii Universal service
Under the Telecommunications Business Act and the NTT Act, the NTT group is required to provide wired telephony services (analogue or IP over optical fibre), pay phone services and emergency call services to all areas of Japan. NTT East and NTT West7 provide services to depopulated areas, and a telecommunications trade association comprised of each of the major telecommunications companies in Japan then reimburses NTT East and NTT West for any cost deficits incurred by an NTT group's provision of the service. National law requires each telecommunication service provider connecting its network with that of NTT East or NTT West to pay a small fee (approximately ¥2 to ¥8, varying from year to year) per landline and mobile phone number (customer), which costs are typically passed along to individual users in connection with their monthly telephone service bills. Notwithstanding such funding assistance, NTT East and NTT West have operated at a deficit in their landline businesses due to the burden of owning and maintaining all of the facilities necessary to provide services to the entirety of Japan, even to rapidly depopulating areas. To reduce this burden, the NTT Act was amended in May 2020 to permit NTT East and NTT West to use wireless telecommunication facilities owned by other telecommunications companies to fulfil their duties of providing universal service.
There is no similar law requiring universal broadband service currently, but the MIC's Information and Communications Council announced in December 2019 that it is considering extending universal service requirements to include broadband service. Notwithstanding the lack of a formal requirement for universal coverage, as of 2015, the broadband infrastructure (3.5G, satellite internet, 3.9G, digital subscriber line (DSL), optics fibre/fibre to the home (FTTH), etc.) penetration rate in Japan had already reached 100 per cent, and super-broadband infrastructure (optical fibre/FTTH, 3.9G and other infrastructure with a data transmission speed over 30Mb per second, including DSL, fixed wireless access, satellite, broadband wireless access) penetration rate had similarly reached 99.98 per cent. That said, rolling out optical fibre will be especially important to enable the proliferation of 5G. Optical fibre's nationwide penetration rate was 98.8 per cent as of March 2019, but it is below 95 per cent in a few prefectures. The MIC is planning to complete installing optical fibre in all cities, towns and villages, with a goal of finishing by March 2022.Rakuten Mobile: a new mobile network operator service provider
Rakuten KK, a major e-commerce platform, has long had the largest market share of all mobile virtual network operators (MVNOs) in Japan. Its recently established subsidiary, Rakuten Mobile, was approved to become Japan's fourth mobile network operator (MNO) in April 2018. Rakuten Mobile was allocated 1.7GHz 40MHz bandwidth in April 2019, and shortly thereafter announced the launch of its MNO services. To consolidate its service offerings, Rakuten KK also assigned its MVNO business to Rakuten Mobile in April 2019. Rakuten Mobile launched MNO services in April 2020.Public WiFi access
According to a 2017 survey of foreign visitors conducted by the Japan Tourism Agency, the lack of free public WiFi in Japan was ranked the third most inconvenient aspect of their visit to Japan.
The MIC has been implementing improvements to public WiFi services in an effort to increase the number of foreign visitors to Japan. In particular, the MIC has been managing the implementation of the SAQ28 JAPAN Project9 since June 2014. The goals of the SAQ2 JAPAN Project include:
- increasing the number of free WiFi hotspots and improving the accessibility of these hotspots to the public;
- facilitating the availability and installation of Japanese SIM cards for foreign mobile phone users in Japan;
- reducing international roaming fees applicable to foreign mobile phone users in Japan; and
- implementing multi-language interpretation systems (i.e., translation applications).
In November 2013, an NTT group affiliate began providing a smartphone application called Japan Connected-free Wi-Fi, which allows users to connect to approximately 190,000 public WiFi access points across Japan,10 including those at airports, train stations, convenience stores and tourist spots, with a one-time new user registration. The smartphone application is available in 16 languages, including English, French, German, Spanish, Italian, Chinese, Korean, Thai and Bahasa Indonesia. This NTT group affiliate also continues to install additional WiFi access points.
In preparation for hosting the 2020 Olympic Games in Tokyo (which were moved to 2021), in February 2016 the MIC issued a policy statement encouraging the adoption of a simplified and unified authentication protocol with the goal of increasing foreign visitors' access to free public WiFi services. On behalf of the MIC, Gateway App Japan, a non-profit organisation, publishes a smartphone application, called the Omotenashi app,11 with the cooperation of KDDI and SoftBank, the primary competitors of the NTT group. These two smartphone applications (Japan Connected-free Wi-Fi and the Omotenashi app) remain compatible. Recently, a handful of private companies, such as Accenture and SoftBank, have launched first-party applications enabling foreign visitors to access thousands of WiFi access points across Japan. With users' consent, some of these private companies gather anonymised data from the use of their applications, including data user attributes and location history, which they then analyse and sell to third parties as reports.
Tokyo Metro, a railway company owned by the Japanese national and local Tokyo governments that operates many of the subway lines in Tokyo, provides public WiFi access points at nearly all of its stations. In 2017, Tokyo Metro announced that it would equip all of the subway trains it operates with WiFi by 2020. Both Japan Connected-free Wi-Fi and Travel Japan Wi-Fi are available on these trains.
In January 2019, the government began imposing a ¥1,000 departure tax, informally known as the international tourist tax, on all foreign visitors to improve Japan's tourism infrastructure, including through the proliferation and enhancement of public WiFi.
Separately from the above improvements to free WiFi services, major Japanese mobile phone service providers have established an emergency disaster service set identifier (SSID): 00000JAPAN. This SSID enables each WiFi user to use all Japanese mobile service providers' WiFi networks during natural disasters regardless of the provider to which they are subscribed.12 This SSID was made available for the first time during a two-week period following an earthquake in the Kumamoto area in April 2016. More recently, this SSID was activated following flood disasters in the Hiroshima and Osaka areas in July 2018 and September 2018, respectively, as well as following a large earthquake in Hokkaido in September 2018, and severe typhoons during the autumn of 2019. During the 2018 Hokkaido earthquake, however, the WiFi access points were rendered unusable due to widespread electrical outages. In light of growing security and privacy concerns, the MIC recently warned that communications sent through this SSID are intentionally unencrypted to prioritise accessibility, and therefore subject to interception by third parties.Use of foreign mobile devices
As a general rule, it is prohibited to use mobile devices in Japan that do not meet Japanese radio wave emission standards, and with respect to which the manufacturer has not obtained authentication from the government. Therefore, until relatively recently, many foreign visitors' use of their personal mobile devices in Japan was technically illegal, although there are no known cases of any foreign visitor being charged with Radio Act violations for personal mobile device use. In August 2016, an amendment to the Radio Act took effect, permitting foreign visitors to Japan to use their personal mobile devices (even if not authenticated in Japan) for up to 90 days, so long as the devices have either been certified by the Federal Communications Commission in the United States or received CE certification in the European Economic Area using standards equivalent to those imposed upon Japanese technology. This Radio Act amendment was implemented to encourage foreign tourists to visit Japan in anticipation of the Olympic Games originally scheduled to take place in 2020. While there had previously been concerns that devices not authenticated in Japan could adversely affect the radio use environment, the MIC eventually concluded that the likelihood of any adverse effect was minimal. The MIC further loosened the restrictions to allow Japanese residents to use foreign mobile phones for R&D purposes via an amendment to the Radio Act. Under the amended Radio Act, which came into force in force in November 2019, Japanese residents are permitted to use foreign mobile phones for R&D purposes for up to 180 days, although the user is required to file prior notification with the MIC and this exception only allows users to connect devices that have received certain foreign certifications to WiFi or Bluetooth.
In addition to government-imposed restrictions, private companies in Japan have in certain cases voluntarily adopted policies prohibiting the sale of certain foreign mobile devices. In May 2019, for example, NTT DOCOMO, KDDI and Softbank voluntarily ceased distribution of mobile devices manufactured by Huawei after sanctions were imposed upon it by the United States. These carriers eventually resumed sales of Huawei devices after the US government announced it was extending the pre-'ban' grace period.Proliferation of the internet of things
To address the rapid increase in the number of internet of things (IoT) devices, which could exhaust the number of available mobile phone numbers, the MIC in January 2017 amended its regulations on the assignment of phone numbers to assign the designation '020' to machine-to-machine (M2M) data connection devices, keeping them separated from standard mobile numbers designated with '090', '080' and '070'. It is expected that M2M data connections conducted through mobile networks will initially be used primarily for telemeters (e.g., remote management of water and gas meters, vending machines and elevators) and telematics (e.g., GPS and other information services equipped in vehicles) and will eventually cover connected cars and other IoT devices. NTT DOCOMO, KDDI and several MVNOs commercially launched M2M data connection services in October 2017.
New regulations have recently been adopted to address IoT devices' vulnerability to cybercrime (see the 'Cybercrime' section below).IP network
In November 2015, NTT announced a plan to switch from the use of fixed-line public switched telephone network (PSTN) to IP telephony. According to NTT's updated implementation plan, NTT will commence work on the switch to IP telephony in January 2024 with completion planned for January 2025. As the existing PSTN is a fundamental telecommunications infrastructure, the MIC is paying close attention to what kind of IP telephony will emerge as well as the process through which NTT will transition away from PSTN. In light of the importance of PSTN to the existing infrastructure, in February 2016 the MIC asked the Telecommunication Council to identify potential issues that could arise from the switch to IP telephony. To mitigate certain concerns identified by the Council (such as consumers' ability to retain existing telephone numbers), the MIC presented a proposed amendment to the Telecommunications Business Act to the Diet in March 2018, which was subsequently enacted in May 2018. Under the proposed amendment, each telecommunication company must obtain the MIC's approval of its plans regarding the use of telephone numbers, and must thereafter comply with the approved plans. Additionally, when telecommunication companies cease to provide services during the shift to IP telephony, those companies must file notice of such cessation with the MIC so that the MIC may make a public announcement of the terminating services to customers.iii Restrictions on the provision of service
The telecommunications industry in Japan has traditionally been dominated by NTT East and NTT West and by three major private telecommunication companies: NTT DOCOMO, KDDI and SoftBank. A fourth major service provider, Rakuten Mobile, was granted an MNO business licence in April 2018 and launched commercial MNO services in April 2020. Because existing providers can become dominant to the exclusion of new entrants once their network or technology standard has been adopted by a critical mass of users, the MIC and the Japan Fair Trade Commission (JFTC) have jointly adopted guidelines to regulate anticompetitive practices by service providers with high market shares. For example, the guidelines state that the JFTC could take corrective action, such as issuing a cease and desist order, if a telecommunications service provider with a high market share, such as a mobile phone carrier, were to contractually restrict its customers from switching to another service provider or to charge an excessive cancellation fee for doing so.Pricing restrictions
Under the Telecommunications Business Act, prices charged to end-users by NTT East and NTT West for wired telephony and payphone services are subject to caps to be determined by the MIC. These caps are intended to prevent these companies from abusing their near-monopoly over these fundamental services and to encourage them to improve efficiency. Prices to be charged by NTT East and NTT West for optical data services, and prices to be charged by KDDI, NTT DOCOMO and SoftBank for mobile services, must all be submitted to the MIC for review before implementation. If the MIC finds a pricing scheme inappropriate, either because it is anticompetitive or otherwise significantly unreasonable, the MIC may require the carrier to change its pricing scheme. Otherwise, prices charged to end-users and the other terms of service are not regulated. This may change, however, as the government has recently started applying pressure on the major telecommunications companies to reduce prices for mobile phone services.
As a general rule, all telecommunication business licence holders must provide access to any other carrier that seeks to interconnect with their network. However, the prices charged for, and the methods of, interconnection have been areas of both public controversy and regulatory scrutiny. Telecommunications companies have pressed for greater access to NTT's infrastructure, including its optical fibre network. NTT only provided access to its fibre optic network on a bulk basis until 1 February 2015, after which NTT East and NTT West respectively began to offer single-line fibre optic wholesale to other carriers, including to non-traditional telecommunication companies such as Sohgo Security Services (ALSOK) and Tsutaya, a rental video company. These fibre optic wholesale programmes are designed to facilitate fibre optic use by reducing fees for fibre optic services at the end-user level. As of December 2018, approximately 751 operators had commenced use of these fibre optic wholesale services.
Prior to the commencement of NTT's fibre optic wholesale programme, there were competition-related concerns stemming from the confidential nature of NTT East's and NTT West's contracts with the secondary retailers to whom they provided fibre optic wholesale services. At the time, other major telecom service providers, such as KDDI and Softbank, expressed concerns that NTT East and NTT West were providing their fibre optic wholesale services to NTT group companies at lower prices than to unaffiliated companies, which in turn enabled NTT group companies to provide fibre optic services to end-users at lower prices. In response to these concerns, the MIC issued guidelines relating to the provision of fibre optic wholesale that prohibit the disparate treatment of select service providers and also provide the MIC with potential enforcement mechanisms. A survey conducted by the MIC showed that NTT DOCOMO and NTT Communications (a data communication company within the NTT group) obtained approximately 60 per cent of the fibre optic wholesale service market by offering large fee discounts on their respective mobile services to end-users. Given the prominence of this market share, and due to their relationship to NTT East and NTT West, other fibre optic service providers have argued that the discounted fees charged by NTT DOCOMO and NTT Communications are anticompetitive in nature. To address these concerns, the MIC decided in May 2016 to launch investigations into NTT DOCOMO's business practices. In its investigation report, which was issued in August 2018, the MIC concluded that the discounted fees charged by NTT DOCOMO and NTT Communications did not constitute anticompetitive practices. However, the MIC did determine during its investigation that NTT DOCOMO's online description of the terms and conditions applicable to its pricing discount was misleading to customers. NTT DOCOMO voluntarily modified this description, but in June 2018 the MIC nonetheless issued an administrative direction to NTT DOCOMO to prevent future occurrences of misleading marketing.MVNOs
Along with the introduction of fibre optic wholesale services, the availability of mobile line wholesale services (MVNOs) in Japan has also begun to expand. While MVNOs have existed in Japan since 2001, until recently the number of service providers and subscribers had been few in number. In 2007, the MIC's guidelines regarding MVNOs were amended to clarify the relative rights and obligations between MVNOs and MNOs, and a formalised dispute settlement procedure was established. After this amendment, the number of MVNO service providers using MNOs' mobile lines or worldwide interoperability for microwave access (WiMAX) lines significantly increased. In 2014, the guidelines for the operation of Type II designated telecommunication facilities were amended, which included a change in the calculations for mobile line wholesale pricing. These calculation changes have reduced mobile line wholesale prices to the benefit of MVNOs. More recently, in 2017 the guidelines regarding MVNOs were amended twice to, among other things, clarify that the MIC is authorised to issue business improvement orders to MNOs who discriminate against MVNOs with respect to providing access to its network.13
The aforementioned guideline amendments have spawned a recent increase in MVNO activity. In FY2013, only 22 MVNOs provided data communication services or voice communication services in Japan. However, as of March 2021 the number of active MVNOs has increased to 1,516. Correspondingly, there were 26.12 million MVNO subscribers by March 2020, up from 7.17 million in December 2013. However, despite this recent increase in MVNO activity, MVNO service subscribers still only constituted 13.4 per cent of all mobile service subscribers as of March 2021.Anticompetitive business practices
One of the reasons MVNO penetration remains low stems from MNOs' common practice of permitting subscribers to purchase new mobile devices on monthly instalment plans – often simultaneously offering discounts on monthly subscription fees equal to or greater than the amount of such monthly instalment payments. MNOs advertise that this instalment and discount programme renders subscribers' new devices 'effectively free'. In contrast, the vast majority of MVNOs do not have the financial resources to permit subscribers to pay for new mobile devices in instalments. Instead, MVNO subscribers seeking a new mobile device must often pay its entire purchase price upfront. This resource disparity has made it difficult for MVNOs to compete with MNOs for new subscribers.
Recognising the high barriers to entry created by these effectively free mobile device programmes, in March 2016 the MIC issued guidelines compelling MNOs to decrease the size of their mobile device discounts so that subscribers are required to make reasonable payments toward their new devices. The intended result of these guidelines is to bolster competition and, eventually, reduce mobile service subscription fees. In October 2016, the MIC issued official warnings to NTT DOCOMO, KDDI and SoftBank for attempting to subvert the March 2016 amended guidelines by distributing coupons to subscribers and potential subscribers in lieu of discounts.
The MIC has also made efforts to address the issues of SIM locking and mandatory two-year service contracts with automatic contract renewal, in each case to facilitate competition between MNOs and MVNOs and reduce consumers' mobile expenses.
Since the MIC's initial adoption of guidelines in 2010, it has encouraged mobile service providers to provide SIM unlock options for customers' mobile devices, as it believes that the practice of SIM locking prevents consumers from freely choosing mobile service carriers and causes competition stagnation. Following an August 2018 amendment to the guidelines, mobile service providers will be required to honour SIM unlock requests for all mobile devices effective as of 1 September 2019, including devices purchased on second-hand markets, other than mobile devices for which the purchase price is being paid in instalments (in which case, SIM unlock requests must still be honoured starting 100 days after the purchase). In August 2021, the MIC drastically revised the guidelines such that, as a general rule, SIM locking is prohibited. SIM locking will only be permitted with the MIC's prior approval.
Until recently, there had been little progress toward the abolishment of automatically renewing two-year service contracts. For years MNOs frequently required customers enjoying the benefits of their effectively free mobile device programmes to enter into two-year contracts under which customers were required to pay approximately ¥10,000 for early termination, plus an accelerated payment of the purchase price of a smartphone that would otherwise be paid by instalments during the two-year term. The two-year contract system, in conjunction with the effectively free mobile device practice, has long been identified as reducing customers' freedom of choice in mobile service carriers. Although the MIC issued guidelines on numerous occasions over the years to address these contracting practices, which it viewed as raising anticompetitive concerns, the guidelines were largely ineffective in addressing the fundamental issue of automatically renewing two-year contracts.
However, the government finally took the next step in May 2019 by legislatively imposing restrictions on the use of automatically renewing two-year contracts through an amendment to the Telecommunication Business Act – a significantly more affirmative step than its prior non-binding guidelines. As a general principle, the newly amended Telecommunication Business Act prohibits the use of any contract provisions that would restrict consumers' ability to terminate their mobile service contracts if the restrictions rise to a level that would be deemed to have anticompetitive effects. Given the generality, the MIC has been delegated the task of adopting specific regulations to carry out this mandate. The MIC's regulations clarify the types of anticompetitive behaviour that are prohibited under the amended Telecommunication Business Act. The MIC's regulations list, among others, the following as examples of prohibited provisions in consumers' mobile service contracts:
- any termination penalty (regardless of amount) in conjunction with a contract term longer than two years;
- regardless of contract length, any early termination penalty in excess of ¥1,000; and
- automatic renewal clauses coupled with an early termination fee, regardless of the initial contract term, unless the following conditions are met:
- the contract must be terminable without a fee during a minimum three-month window extending from one month prior to expiry of the original contract term through the first two months of the renewal period;
- consumers must be given the choice, upon execution of the original contract, not to have any termination penalty apply to renewal periods;
- consumers must be given the choice, at the time of automatic renewal, not to have any termination penalty apply to that renewal period; and
- the service provider cannot change pricing or terms to incentivise customers to consent to a longer termination penalty period.
The MIC has also recently begun analysing the state of competition between MVNOs. In particular, the MIC has expressed concerns that MNOs might favour affiliated MVNOs and, in turn, discriminate against unaffiliated MVNOs by providing them slower data traffic speeds. The MIC did not mention any MNOs by name, but many commentators believe that the MIC was referring specifically to KDDI (with respect to UQ Communications, an MVNO that is 32 per cent-owned by KDDI) and SoftBank (with respect to Y!Mobile, a low-cost mobile service affiliated with SoftBank). In October 2018, the MIC established new regulations prohibiting MNOs from discriminating between MVNOs with respect to data traffic speeds. In connection with the foregoing, in May 2020, the MIC revised the MVNO guidelines to, among other things, clarify that an MNO is permitted to operate an MVNO business by relying on a network provided by another MNO, but if such operation of the MVNO business substantially harms competition, the MIC may restrict that business through an administrative order.
Similar to the primary mobile service providers described above, the MIC has also recently expressed concerns that the market shares of UQ Communications and Wireless City Planning (WCP) could permit them to stifle competition by rejecting competitor MVNOs' requests to connect to their telecommunication facilities. In response, the MIC designated UQ Communications and WCP as Type II designated telecommunication companies effective as of December 2019. This designation requires UQ Communications and WCP to each file with the MIC their respective terms and conditions regarding competitor MVNOs' access to their telecommunication facilities.
In light of increasing customer complaints, effective as of October 2018, the amended regulations implementing the Telecommunication Business Act added MVNO voice communication services to the list of services for which customers have an eight-day cooling-off period after signing a new service contract, during which period the agreement can be terminated without penalty.
The MIC also seeks to address another competition issue – the cost to comply with the Telecommunication Business Act may differ between Japanese and foreign enterprises. The cost difference is primarily due to the difficulty of extraterritorial enforcement of the Act, resulting in uneven enforcement between domestic and foreign enterprises. Before the Telecommunication Business Act was amended, a foreign company was not subject to extraterritorial enforcement unless the company had an establishment or a facility in Japan, even if it provided services to Japanese consumers. To address this gap, the MIC amended the Telecommunication Business Act in May 2020 to extend its extraterritorial enforcement to foreign enterprises that provide to Japanese customers services equivalent to those of the domestic enterprises that are regulated by the Telecommunications Business Act. These amendments came into full force and effect in April 2021. The amended Telecommunication Business Act requires such foreign telecommunication companies to register with the MIC and to designate a local representative in Japan to ensure that the MIC can realistically enforce sanctions. This amendment also aims to enhance the protection of Japanese consumers' privacy rights. As a consequence of extraterritorial application, even foreign telecommunication companies must comply with the obligation to protect consumers' right to secrecy of communication, which is protected even more stringently than personal data under Privacy Act (e.g., even the collection of secret communication requires the consent of data subjects). However, foreign telecommunication companies may face difficulty in complying with these secrecy of communication requirements. The first difficulty is to correctly delineate what categories of data fall within those requirements in the context of digital communication (which may include header data, IP addresses, location data, etc.). The MIC has provided guidance that any component of communication (such as date, place, identification code, frequency of communication) is deemed to constitute a secret communication. However, such a broad definition may be difficult to apply in practice in the course of business. Foreign telecommunication companies should monitor how discussions develop with respect to understanding these requirements.Unsolicited communications
Separate regulations exist in Japan restricting unsolicited texts and emails and unsolicited phone calls. With respect to unsolicited texts and emails, the Act on Regulation of Transmission of Specified Electronic Mail prohibits:
- the transmission of emails using false sender information as a means of advertisement for the sender's own or another person's sales activities;
- the transmission of emails to persons who have not opted in to receive such specified emails; and
- even where the recipient has opted in to receive emails from the sender, the transmission of an unreasonably large number of emails for the purpose of corroborating or promoting the sender's own or another person's sales activities.
Violators of these prohibitions on unsolicited texts and emails may face penalties of up to one year's imprisonment or a fine of up to ¥1 million. Regulations pertaining to unsolicited phone calls are handled at the local prefectural level. Accordingly, each local prefectural government has established a local ordinance prohibiting the making of unsolicited phone calls. For example, in July 2018 the metropolitan government of Tokyo increased penalties under an anti-nuisance ordinance prohibiting continued unsolicited phone calls, facsimiles, emails and SNS messages, with offenders now being penalised with up to one year's imprisonment or a fine of up to ¥1 million.
As a result of a study conducted by the Working Group on Consumer Protection Rules based on the MIC's collection and analysis of consumers' complaints trends, the MIC has recognised that there are widespread consumer complaints about solicitations made by telecommunication business providers that intentionally mislead consumers as to the identity of such provider or omit the purpose of communication (e.g., to solicit customers to enter into subscription contracts they may not desire). Some consumers were induced to enter into agreements with small-sized enterprises that misleadingly portrayed themselves as larger, more well-known enterprises, while others switched service providers under the mistaken belief that they were just switching to a different subscription plan provided by their existing service provider. To address these issues, the MIC amended the Telecommunication Act to require telecommunication service providers and distributers to clearly state their identity and the purpose of a communication prior to each communication for solicitation. The amendment came into full force and effect in October 2019.iv Privacy and data securityProtection of personal information
In keeping with Japan's constitutional protection of freedom of speech and secrecy of communication, the Telecommunications Business Act prohibits ISPs from censoring or infringing on the privacy of communications passing through their networks.
As a general matter, the Law Concerning the Protection of Personal Information (Privacy Act) protects personal information or data that can be used to identify specific living persons. Under the Privacy Act, the entities handling such information are required to publish a 'purpose of utilisation' regarding its use. Personal information incorporated into a database must be kept accurately, and necessary and proper measures to maintain its security must be instituted. Any person whose personal data is kept in a database for more than six months has a right to request access to the data, and add to, modify or delete it. In August 2015, the Privacy Act was amended to strengthen the protection of personal information, including through expanded protection of sensitive personal information, restrictions on the transfer of personal information outside Japan and the establishment of protocols for the use of anonymised data to facilitate big data analysis.
Further, the MIC and the Personal Information Protection Committee (PPC) have jointly issued Privacy Act guidelines that are specific to telecommunications businesses. As these guidelines are structured to reflect the requirements under both the Privacy Act, which generally applies to all businesses handling personal information, and the Telecommunications Business Act, which provides protections relating to the secrecy of communication (a constitutional right), they are considered even more stringent and robust than the general guidelines issued by the PPC, which solely reflects Privacy Act regulations. Such additional restrictions require, among other things, telecommunications business operators to:
- publish privacy policies regarding their collection and use of private information and, in particular, the collection of information through smartphone applications, on a reasonable effort basis;
- establish internal regulations regarding the length of time they may retain communication log records; and
- delete this information after the expiry of such period.
Telecommunications business operators are particularly likely to transfer personal data across borders, which is subject to certain restrictions under the Privacy Act when a business operator processing personal data in Japan transfers the data to third parties located in foreign countries. Even foreign businesses (not directly processing personal data in Japan) should pay attention to the extraterritoriality of Japan's data privacy rules, which is triggered when the foreign business collects personal data from a data subject located in Japan when supplying goods or rendering services to him or her. In an effort to facilitate the international exchange of information, in July 2018 the PPC and the Commissioner for Justice, Consumers and Gender Equality of the European Commission mutually recognised each other's personal data protection regimes as equivalent. Beginning in January 2019, the restrictions on the cross-border transfer of personal data between Japan and the EU have been exempted. Following Brexit, such mutual recognition was extended to the United Kingdom.
Further amendments to the Privacy Act were passed in June 2020, which will come into full force and effect in April 2022. The amendments pertain to various matters, including the enhancement of data subject rights, narrowing the scope of permissible opt-out transfer of personal data, creating a new category of pseudonymised data with, inter alia, less cumbersome requirements and heightened filing duties upon a data breach. Particularly, foreign companies should take note that extraterritorial enforcement will be strengthened. Under the amended Privacy Act, the PPC will have the authority to directly issue compulsory orders to foreign companies and impose criminal penalties for failure to comply with such orders. Having said that, there are substantial limits on the government's ability to enforce such regulations outside Japan. To address this issue, the PPC is permitted to collaborate with regulators in foreign countries for the purpose of enforcing Privacy Act regulations. Foreign companies should be on the lookout for how the practice will develop with respect to extraterritorial enforcement. Additionally, in August 2021, the PPC issued a draft of regulations implementing the new amendments and guidelines to clarify how to manage day-to-day data operations in compliance with the amendments. They include various new rules, including, among other things, more stringent transparency requirements in the case of cross-border transfers of personal data; under such requirements, the data provider will be required to provide the data subject with explanations of the data privacy framework of the country in which the data recipient is placed, and data security measures that the data recipient will maintain. The draft will be subject to an ongoing public comment process until September 2021.
The Japan Fair Trade Committee (JFTC) has also approached personal data protection from the perspective of competition law. In December 2019, the JFTC issued guidelines on abuse of market dominance in the context of digital platforms collecting personal data from platform users. This suggests that in the JFTC's view, abuse of market dominance could occur in the business-to-consumer context, rather than solely in the business-to-business context. Whether a digital platform provider has market dominance is a fact-intensive inquiry. The JFTC guidelines list types of behaviour constituting abuse, which mainly consist of violations of the Privacy Act. However, it should be noted that the guidelines are non-exhaustive: other behaviour may constitute abuse even if it does not violate the Privacy Act. In addition, certain abusive behaviour covers collection of information that is related to a person but not identifiable. Such unidentifiable information is not protected by the Privacy Act, but the JFTC may still seek to protect it.
At the same time, in the furtherance of the Society 5.0 initiative, which will be facilitated by easier data circulation, the government has sought to establish systems by which data subjects can provide personal data in exchange for services, while being protected against the illegitimate use of such data. As a result, the personal information bank (PIB) regime has been adopted. Under this regime, a PIB enters into a contract with a data subject under which the PIB is authorised to manage the data subject's personal data and, when necessary, to collect personal data that the data subject already provides to other companies (e-commerce platform, SNS, etc.). When a company desires to use personal data managed by a PIB, the PIB is authorised to determine whether to give the consent to such usage on behalf of the data subject following the general policy specified by the data subject. The data subject also has the right to opt-out of usage. There are no constraints on the kinds of benefits that may be offered to data subjects in exchange for access to their personal data. Accordingly, the PIB may offer benefits to incentivise the data subjects to participate in its service.
A PIB is not legally required to obtain any governmental licence to operate its data business, but a PIB may obtain certification from the Information Technology Federation of Japan (ITFJ) if desired, primarily to demonstrate the PIB is reputable. The MIC and METI issued the latest guidelines setting forth the criteria that an applicant must satisfy to obtain such certification in October 2019. As of April 2021, seven PIBs have obtained the ITFJ certification, and two PIBs have launched data services.
Protection of digital platform users
As illustrated by the JFTC's approach to digital platform operators' collection and processing of personal data, Japanese regulators have taken a great interest in protecting users (both marketplace participants and customers). For this purpose, the Ministry of Economy, Trade and Industry (METI), JFTC and MIC pushed for the Act For Transparency of Digital Platformer Transaction (Platformer Act). The Platformer Act was enacted in June 2020, and came into effect in February 2021.
METI has specified the digital platform businesses that will be subject to the Platformer Act (specified platformer): Amazon Japan GK, Rakuten Group, Inc, Yahoo Japan Corporation, Apple Inc, iTunes Kabushiki Kaisha, and Google LLC. specified platformers are subject to three types of obligations:
- disclosure requirements;
- requirements to establish procedures and structures to effectively communicate with marketplace participants and to handle inquiries and complaints from marketplace participants; and
- requirements to submit annual reports to METI on the compliance status and self-assessment thereof with respect to compliance with the requirements of (a) and (b).
Furthermore, the Diet passed the Act for the Protection of Consumers who use Digital Platforms (APCDP) on 28 April 2021. The APCDP will come into full force and effect by May 2022. Online mall businesses and internet auction businesses will be subject to the APCDP, so a greater number of companies are expected to be subject to the APCDP as compared to the Platformer Act. Under the APCDP, among other things, the Prime Minister is authorised to request digital platform providers to remove unsafe products that are offered in the online market by a seller that cannot be identified. Additionally, consumers will have the right to compel digital platform providers to disclose the information of sellers that is necessary to file a court case to make a claim for damages. To the extent that digital platform providers remove such products or disclose the applicable seller's information in accordance with a request, the digital platform providers will not be liable for any damage incurred by the seller as a result of such removal or disclosure.Treatment of infringing content
ISPs are not currently required to proactively delete content that infringes upon the intellectual property rights or privacy of others. However, the Internet Provider Liability Limitation Act, enacted in 2001, provides a safe harbour for ISPs that delete such content. Under this safe harbour, no ISP may be held liable for the deletion of content on its network if the ISP reasonably believes that the content infringes the intellectual property rights or privacy of others, or if a third party alleges infringement and the content sender does not respond to the ISP's inquiry within seven days. The Internet Provider Liability Limitation Act further shields ISPs from tortious liability for failing to delete infringing content. In reliance on this statutory defence to liability, ISPs generally do not take steps to monitor the content passing through their networks. The Act does, however, authorise persons whose rights are infringed by content delivered over the internet to demand information regarding the sender of the content from ISPs so that legal action may be taken against the sender. However, as a practical matter, it is often not possible to identify the original sender of such infringing content where content passes through multiple networks. In recent years, the government has paid close attention to piracy issues affecting Japanese businesses, in particular those piracy activities that target the types of media relevant to its Cool Japan policy (e.g., manga and animation).
In April 2018, the Intellectual Property Strategy Headquarters of the Cabinet Office (IPSHQ) took what many viewed to be an aggressive step by issuing a policy called Urgent Countermeasures against Piracy Sites directed at piracy issues. Under this policy, the IPSHQ declared that it is appropriate for private ISPs to voluntarily block access to three major piracy websites: Manga-mura, Anitube and Miomio. The policy does not legally oblige ISPs to block access to these sites, but the IPSHQ nonetheless expects ISPs to voluntarily comply. Notably, there has been a strong backlash against the policy from the Japan Internet Providers Association, which has argued that blocking access to these sites violates laws protecting the secrecy of communications. According to the IPSHQ, the policy is simply a temporary measure intended to bridge the gap until the government passes more permanent legislation concerning piracy websites. The IPSHQ established a council of experts for the purpose of drafting such legislation, and initially targeted the issuance of an interim report in September 2018. However, there has been strong disagreement among the council's members concerning the legitimacy of blocking access to online content, which led to a failure to meet the intended report timing. The final meeting of the council in October 2018 ended without a subsequent meeting being scheduled. According to reports, the council may discontinue further discussions.
Although the IPSHQ did not reach a consensus, the Agency for Cultural Affairs (ACA) approached this issue from the perspective of the Copyright Act and successfully pushed for an amendment thereto, whereby an operator of piracy sites is subject to a criminal penalty of imprisonment of up to five years or fines of up to ¥5 million, or both; and a person posting a hyperlink to infringing content on a piracy site is subject to imprisonment of up to three years or fines of up to¥3 million, or both. In addition to the ban on piracy sites, the ACA addressed illegal downloads of infringing content. Before the amendment, the statutory ban on illegal downloads pertained only to a limited category of infringing contents: music and films. The amended Copyright Act will ban downloads of all the categories of infringing contents, including books, theses and computer programs. The ban on piracy sites came into full force and effect on 1 October 2020. The extension of infringing content categories came into full force and effect on 1 January 2021.Protection of minors
A statute for the protection of minors from harmful internet content, known as the Youth Internet Environment Act, became effective in April 2009. The statute directs government bodies to improve internet safety for juveniles (under the age of 18) by encouraging ISPs to use technologies that limit juvenile access to harmful content. The statute targets content glorifying crime or suicide, obscene sexual content, and other depictions of extreme violence or cruelty. The statute further exhorts parents to monitor their children's internet use, and to limit access to inappropriate content by using filtering software and other measures.
The statute requires mobile network service providers to filter internet content for customers that are juveniles, except where a parent has expressly requested that filtering not be used. Under the Act, commencing in April 2010, manufacturers of devices with internet connectivity (other than mobile phones) became required to pre-install filtering software or otherwise facilitate the use of third-party filtering software or services. Initially, the Act did not impose any filtering-related requirement on mobile phone use outside the mobile network (e.g., on WiFi) partly because only 1.5 per cent of juveniles owned smartphones in 2010. However, as of 2017, 63.2 per cent of juveniles owned smartphones, and only 44 per cent of those juvenile smartphone users utilised filtering software. This means that a large population of juveniles could have been exposed, or at least had access, to inappropriate content in an unfiltered manner. In June 2017, the Act was amended to include smartphones within the scope of mobile network service providers' obligations to filter internet content and manufacturers' obligations to pre-install filtering software. The amended Act also requires mobile network service providers (i.e., MNOs and MVNOs) to confirm whether each new subscriber is a juvenile and, if so, to explain filtering to such juvenile and activate filtering. The amended Act became effective in February 2018.Cybercrime
In Japan, cybercrime has long been an area of public concern. In recent years, law enforcement has focused its efforts on combating cybercrime related to computer hacking through the unauthorised use of IDs and passwords, and other attacks on security holes; the distribution of computer viruses, and the input of data and unauthorised commands that can cause damage to computers and data; and other types of crimes facilitated through the internet, such as drug trafficking, prostitution, fraudulent internet auctions and child pornography.
Combating the distribution of child pornography has been an area of particular scrutiny and public interest. The Act on Punishment of Activities Relating to Child Prostitution and Child Pornography and the Protection of Children, originally passed in 1999, prohibits the distribution of child pornography. This Act was amended in 2004 to outlaw the uploading and distribution of child pornography over the internet, and was further amended in 2014 to criminalise the simple possession of pornographic images featuring minors and to require ISPs to block such pornographic material.
To combat increasing cybersecurity threats, the Basic Act on Cybersecurity was enacted in November 2014. The Act prescribes the concept of cybersecurity and defines the roles and responsibilities of the government. In January 2015, the Cybersecurity Strategic Headquarters (Headquarters) and National Center of Incident Readiness and Strategy for Cybersecurity were established to facilitate programme planning, policy formulation and overall coordination for cross-cutting cybersecurity measures.
With respect to government authorities' ability to monitor the content of telecommunications, law enforcement authorities were previously only permitted to utilise wiretapping during criminal investigations of organised crime for murder, drug-related crimes, arms possession or stowaway smuggling by obtaining a wiretap warrant pursuant to the Act for Wiretapping for Criminal Investigation (Wiretapping Law). However, in April 2016, the Wiretapping Law was amended to permit wiretapping to be used in criminal investigations underlying a broader scope of organised crimes, including those involving the use of explosive materials, kidnapping, fraud, theft and child pornography.
The MIC has expressed particular concerns that IoT devices are vulnerable to malware that could render them 'zombies' subject to manipulation by a cyber-attacker. The MIC has stressed that, to implement countermeasures against cyberattacks, it is essential to have specific information relating to the servers used for cyberattacks and infected networks. However, it was difficult for telecommunications business operators to share such information with one another in light of legal obligations to protect the secrecy of communications under the Telecommunications Business Act. In May 2018, the Telecommunications Business Act was amended with the goal of establishing a legal framework to permit the sharing of information among telecommunications business operators for cybersecurity purposes. Under the amended Telecommunications Business Act, a third-party organisation designated by the MIC will act as a hub through which the relevant information will be shared among telecommunications business operators without violating the secrecy of communications. In January 2019, the MIC designated ICT-ISAC Japan, a cybersecurity research organisation, to act as the third-party for these purposes.
In addition, the Act on National Institute of Information and Communications Technology has been amended to authorise the National Institute of Information and Communications Technology to assess networks and identify those lacking appropriate password configurations. The National Institute of Information and Communications Technology will identify the specific networks and convey the particular network-specific information to telecommunications business operators via a designated third-party organisation so that they can warn network owners of any password configuration deficiencies. The National Institute of Information and Communications Technology began operating in February 2019 under the project name 'NOTICE' (i.e., the National Operation Towards IoT Clean Environment). Following these cybersecurity developments, the Telecommunication Business Act was correspondingly amended in April 2019 to add new data security requirements to the technological specification requirement for IoT terminal equipment.