All questions

Intellectual property and data protection

i Intellectual property

In principle, the ideas themselves that pertain to business models are not protected by intellectual property rights such as patent or copyright. However, inventions in which such ideas are realised using information and communication technology may enjoy patent protection in certain cases. In regard to software, the Patent Act defines 'products' as a concept that includes 'programs, etc.', which means that software is subject to patent protection and can be copyrighted. In addition, information that companies manage as trade secrets will be protected under the Unfair Competition Prevention Act.

There have also been patent-related disputes that have attracted attention such as a patent infringement suit in which two leading venture companies in the fintech industry battled over an accounting software algorithm that automatically determines the category of accounting items (Tokyo District Court case of 27 July 2017).

For inventions created by employees, the right to obtain a patent may be assigned to or originally acquired by the employer in accordance with its internal rules. Such employers shall compensate their employees in accordance with such rules; provided, however, that if the rules are found to be unreasonable, the court may decide the compensation in light of the profits arising from the exclusive rights and employer's contribution to an invention.

The right to file patent applications on inventions made by independent contractors is held by the contractor, unless otherwise agreed between the parties.

ii Data protection

As in other industries, compliance relating to data protection and security is an important issue for fintech businesses. In regard to data protection, the Act on the Protection of Personal Information (APPI) imposes certain obligations on private businesses that use personal information to, for instance: undertake necessary and appropriate measures to safeguard personal information; not use personal information except to the extent necessary for the purposes disclosed to the subject individuals; not disclose personal information data to any third party (subject to certain exemptions); and conduct necessary and appropriate supervision over employees and contractors.

The first significant amendment to the APPI came into force on 30 May 2017 to eliminate ambiguity in the scope of personal information and facilitate the proper use of anonymised data. The fintech industry is also subject to the application of the 'Guidelines for Personal Information Protection in the Financial Field'.

In regard to security, the FSA supervisory guidelines governing financial institutions emphasise the importance of matters such as being aware of system risks and enhancing cybersecurity, and operators are required to appropriately follow the PDCA cycle of 'Plan, Do, Check and Act'.