Legal and regulatory framework

Government approach

How can the government’s attitude and approach to internet issues best be described?

The Japanese government deems internet issues to be highly significant in today’s society. The government formulated the concept of ‘e-Japan’ in 2000, when it decided to encourage the country to become more information technology (IT)-focused, and the IT Basic Act became effective in 2001.

The government’s positive attitude towards the internet can be seen by some of the measures that have been taken. One of them is evident in ‘internet-TV’, which was set up by the Japanese government in 2005. Through internet-TV, the government broadcasts a great deal of information relating to governmental measures, foreign policy, daily life and so on, directly to the Japanese people. In addition, some of the programmes on internet-TV are broadcast in English to provide people all over the world with information on Japan. Another example can be seen in the government’s positive attitude to ‘e-government’ or ‘e-application’, by which certain applications can be filed with the government through the internet.

Legislation

What legislation governs business on the internet?

Japan has many laws and regulations governing business on the internet.

First, the IT Basic Act is the principal legislative instrument governing internet-related issues. Second, the Civil Code, the Consumer Contract Act and the Act on Specified Commercial Transactions are the main legislative instruments for dealing with e-commerce. Third, some intellectual property laws can be applied to internet-related issues. The Act on the Protection of Personal Information, the Premiums and Representations Act and the Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers can also be applied.

The Ministry of Economy, Trade and Industry (METI) has published the Interpretative Guidelines on Electronic Commerce and Information Property Trading on its website.

These guidelines explain, with examples, how internet-related laws can be applied in certain situations.

Regulatory bodies

Which regulatory bodies are responsible for the regulation of e-commerce, data protection and internet access tariffs and charges?

The regulatory bodies are the Cabinet Office (CO), METI, the Ministry of Finance (MoF) and the Ministry of Internal Affairs and Communications (MIC). The CO is responsible for general regulation; the METI is responsible, mainly, for the regulation of e-commerce; the MoF is responsible for taxation; and the MIC is responsible, mainly, for general communication for networks forming the internet.

Jurisdiction

What tests or rules are applied by the courts to determine the jurisdiction for internet-related transactions or disputes in cases where the defendant is resident or provides goods or services from outside the jurisdiction?

In Japan, under the Code of Civil Procedure, the courts may generally exercise jurisdiction over defendants residing or located in Japan even if they provide goods or services from outside. This is the case even where the defendants are non-residents and located in foreign countries, if certain conditions are met; for example, if performance of the obligations under the agreement concluded between the parties is made in Japan, the courts can generally exercise jurisdiction. In addition, in a case where the agreement is concluded between a consumer and a business operator, if the address of the consumer at the time of filing a lawsuit is in Japan, the courts can generally exercise jurisdiction. The same can be said for internet-related transactions or disputes. However, where there is some extraordinary circumstance meaning that it would be unfair or against the principle of an expeditious trial, the courts may dismiss the action without prejudice in whole or in part.

Establishing a business

What regulatory and procedural requirements govern the establishment of digital businesses in your jurisdiction? To what extent do these requirements and procedures differ from those governing the establishment of brick-and-mortar businesses?

There are no special regulatory or procedural requirements for the establishment of digital businesses. However, certain businesses such as virtual (crypto) currency exchange services are regulated under the law. Establishing such a business requires notification, report, permission, registration, etc, in accordance with the law.

Contracting on the internet

Contract formation

Is it possible to form and conclude contracts electronically? If so, how are contracts formed on the internet? Explain whether ‘click wrap’ contracts are enforceable, and if so, what requirements need to be met?

It is possible to form and conclude contracts electronically. While a normal contract between persons at a distance shall be formed upon the dispatch of a notice of acceptance, an electronic contract shall be formed at the time of arrival of the notice of acceptance to the other party.

‘Click wrap’ contracts can be enforceable in Japan. Contracts can be formed by just clicking the ‘I agree’ or ‘I accept’ button, which signals acceptance of the vendor’s terms and conditions.

However, some requirements must be satisfied for click wrap contracts to be enforceable. For example, it is required that the vendor’s terms and conditions are clearly shown on the screen when engaged in online transactions and the user agrees with the vendor’s terms and conditions by clicking the ‘I agree’ or ‘I accept’ button as conditions to effect such transactions. When the vendor’s terms and conditions are only posted on the website, and are not easy to notice, and users are not required to click the ‘I agree’ or ‘I accept’ button to the vendor’s terms and conditions for the use of such website, the click-wrap contract is not enforceable.

Applicable laws

Are there any particular laws that govern contracting on the internet? Do these distinguish between business-to-consumer and business-to-business contracts?

The Civil Code, the Consumer Contract Act, the Act on Specified Commercial Transactions and the Electronic Contract Act can be said to be the main laws. The Consumer Contract Act, the Act on Specified Commercial Transactions and the Electronic Contract Act distinguish between business-to-consumer and business-to-business contracts.

They have provisions for protecting consumers in contracts between businesses and consumers.

Under provisions relating to internet transactions, treatment of consumers’ erroneous transactions is important. Under the Civil Code, if there is gross negligence on the part of the consumer, the business entity can assert a contract to be valid even when a consumer has operated erroneously. However, under article 3 of the Electronic Contract Act, the business entity can assert a contract to be valid only when it has taken measures to confirm the consumer’s intention (eg, by presenting an opportunity for the consumer to confirm the content of an offer before making his or her final acceptance, or if the consumer has expressly abandoned any need for confirmation).

Electronic signatures

How does the law recognise or define digital or e-signatures?

Under the Act on Electronic Signatures and Certification Business, the term ‘electronic signature’ is defined as a measure taken with respect to information that can be recorded as an electromagnetic record. A record that is made in order to express information is basically presumed to be established authentically if the electronic signature is performed by the principal with respect to information recorded in such electromagnetic record.

Data retention

Are there any data retention or software legacy requirements in relation to the formation of electronic contracts?

No. In Japan, no special form is generally required for the formation of contracts. The same applies to the formation of electronic contracts.

Breach

Are any special remedies available for the breach of electronic contracts?

No. Special treatment for electronic contracts are described in question 7.

Security

Security measures

What measures must be taken by companies or ISPs to guarantee the security of internet transactions? Is encryption mandatory?

Under the Act on the Protection of Personal Information and some other laws, persons handling information are obliged to take the necessary and proper measures for the prevention of leakage, loss or damage, as well as other security control measures for personal data. However, details of such measures are not provided in the Act on the Protection of Personal Information. Encryption is recommended in terms of the security of internet transactions, but is not mandatory.

It should be noted that companies or internet service providers (ISPs) without sufficient internet security may become liable under the Civil Code for any loss or damage suffered by the parties owing to the insufficiency of security.

Regarding the security system constructed by companies, the Interpretative Guidelines on Electronic Commerce and Information Property Trading, mentioned in question 2, explain internet banking practices as follows. In the bank practices, typical terms and conditions provide that if a customer agrees to a personal identification method and if the agreed identification method had been used, withdrawal by unauthorised person is valid. However, the validity of these clauses is judged by assessing the level of the security system of the bank. Based on existing technology, in the case that multiple passwords are used for personal identification, and data is transmitted after being encrypted using a secure sockets layer, a disclaimer in the banking clauses is considered valid.

Government intervention and certification authorities

As regards encrypted communications, can any authorities require private keys to be made available? Are certification authorities permitted? Are they regulated and are there any laws as to their liability?

There is no direct rule or regulation permitting authorities to require private keys to be made available. However, courts or prosecutors could require private keys to be made available.

A certification service is permitted in Japan. In addition, under the Act on Electronic Signatures and Certification Business, a person or company that intends to undertake a certification business may obtain accreditation from a competent minister. The certification authority may be liable under the Civil Code. Where a certification authority issues an electronic certificate without adequately verifying the identity of the person, the certification authority may be liable to the certificate recipient.

Electronic payments

Are there any rules, restrictions or other relevant considerations regarding the use of electronic payment systems in your jurisdiction?

Yes. If the payment method is deemed as defined prepaid payment instruments or fund transfers under the Payment Services Act, the Act applies and certain notification or registration is required.

Are there any rules or restrictions on the use of digital currencies?

There is no rules or restrictions on the payment by digital currency. However, virtual (crypto) currency exchange services are only provided by registered person or entity under the Payment Service Act.

Domain names

Registration procedures

What procedures are in place to regulate the licensing of domain names? Is it possible to register a country-specific domain name without being a resident in the country?

.jp domain names are registered and administered by the Japan Registry Service Co Ltd (JPRS), to which management and administration of .jp domain names were transferred from the Japan Network Information Centre (JPNIC). Applicants can apply for .jp domain names through parties designated by the JPRS. Domain names are granted without any examination on the principle of first to file, unless they are the same as already registered domain names. However, it should be noted that the illegal acquisition of a domain name is defined as unfair competition under the Unfair Competition Prevention Act: the act of acquiring or holding the right to use a domain name or using a domain name that is identical or similar to another party’s specific trademark, service mark or the like for the purpose of obtaining illegal profit or causing damage to a party is defined as unfair competition.

It is not possible for non-residents of Japan to register domain names with categorised JP domains (.co.jp, .ne.jp). Of course, by being resident in Japan, foreign nationals as well as Japanese nationals can register them. It is also possible for any foreign national to register a general .jp domain name if he or she has a local contact in Japan.

Rights

Do domain names confer any additional rights beyond the rights that naturally vest in the domain name?

Generally, no. However, if a domain name is deemed a well-known indication of goods or business, the owner may seek an injunction or compensation for damages against a person who has infringed or is likely to infringe business interests by using an indication that is sufficiently similar to the domain name and creates confusion with the domain name owner’s goods or business.

Trademark ownership

Will ownership of a trademark assist in challenging a ‘pirate’ registration of a similar domain name?

Yes. The owner of a trademark can challenge the registered ‘pirate’ domain name. As mentioned in question 15, domain names are granted without any examination on the principle of first to file, so it is unavoidable that domain names similar to registered trademarks are actually registered.

This can cover not only the .jp domain names but also other generic top-level domain names (gTLDs), such as .com and .net.

In addition to the litigation process, it is possible to seek dispute resolution through the Japan Intellectual Property Arbitration Centre (JIPAC), certified by the JPNIC, regarding .jp domain names under the JP-Dispute Resolution Policy (JP-DRP). With respect to other gTLD domain names, of course, the dispute resolution procedure is internationally available, and is operated by dispute resolution service providers such as the World Intellectual Property Organization Arbitration and Mediation Center, as certified by the Internet Corporation for Assigned Names and Numbers (ICANN) in accordance with the Uniform Domain Name Dispute Resolution Policy established by ICANN. The owner of the trademark can demand the cancellation of the registered domain name or its transfer to the owner in these dispute resolution procedures.

Dispute resolution

How are domain name disputes resolved in your jurisdiction?

As explained in questions 15 and 17, litigation under the Unfair Competition Prevention Act and JIPAC or ICANN dispute resolution procedures are available.

Advertising

Regulation

What rules govern advertising on the internet?

First, there is the possibility that business-to-consumer e-commerce may mislead consumers. Misleading representations are therefore prohibited under the Act against Unjustifiable Premiums and Misleading Representations as well as the Unfair Competition Prevention Act.

Regarding this point, the Fair Trade Commission has issued guidelines with respect to representations in business-to-consumer e-commerce entitled ‘Problems and Points of Concern under the Premiums and Representations Act Concerning Representations in Business-to-Consumer E-Commerce’, which set out points of concern regarding representations by businesses. The Consumer Affairs Agency has also issued more recent guidelines entitled ‘Problems and Points of Concern under the Premiums and Representations Act Concerning Advertising Representations in Internet Consumer Transactions’.

Second, under the Act on Specified Commercial Transactions, a business entity that sells products over the internet:

  • must present certain matters stipulated in the Act;
  • is prohibited from using false or misleading advertisements; and
  • is prohibited from providing advertisements by electronic means to any targets who have indicated they do not wish to receive such advertisements.

Furthermore, certain acts or regulations that regulate specific areas such as pharmaceuticals, health foods and money-lending businesses govern advertising on the internet.

Definition

How is online advertising defined? Could online editorial content be caught by the rules governing advertising?

No definition of online advertising is provided under the laws and other rules. Online editorial content could be caught by the rules governing advertising depending on its contents and style.

Misleading advertising

Are there rules against misleading online advertising?

Misleading representations are prohibited under the Act against Unjustifiable Premiums and Misleading Representations, which prohibits any representation:

  • where the quality, standard or any other content of goods or services is portrayed as being much better than the actual goods or services, or are where the goods or services are portrayed as being, contrary to fact, much better than those of competitors; or
  • by which the price or any other trade terms of goods or services could be misunderstood by general consumers to be much more favourable than the actual goods or services, or than those of competitors, if they are likely to induce customers unjustly and to interfere with general consumers’ voluntary and rational choice-making.

With regard to the first point above, advertisers should keep evidence to prove the quality, standard or other contents in question of the actual goods or services, such as the results of experiments or investigations, opinions of experts, or academic literature.

These rules apply to all consumer advertising in all industries.

Restrictions

Are there any products or services that may not be advertised on the internet?

From 2009, only a few medicines could be sold over the internet due to the amended Ordinance of the Ministry of Health, Labour and Welfare.

However, after the Supreme Court rendered a judgment in January 2013 stating that this Ordinance was illegal and void, the Pharmaceutical Affairs Act and the Pharmacists Act were amended in December 2013.

By this amendment, with regard to non-prescription medicines, only limited and specified high-risk medicines are now prohibited from being sold over the internet.

In addition, after the amendment to the Act on Welfare and Management of Animals in August 2012, when selling pets over the internet, it is necessary to show the pets and provide their relevant information to customers on a face-to-face basis.

Finally, goods or services that are generally in violation of rules or regulations are not permitted to be sold on the internet.

Hosting liability

What is the liability of content providers and parties that merely host the content, such as ISPs? Can any other parties be liable?

With regard to advertising, the party that makes the advertisement is liable. Therefore, usually ISPs are not liable if they only provide an internet connection environment. However, ISPs may be subject to liability in relation to the unlawful contents if they are inactive with a fault despite a victim’s warning to them following a notice and takedown type request to the ISP as provided by the Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers.

Under the Act against Unjustifiable Premiums and Misleading Representations, a party that makes misleading representations as explained in question 2 can be subject to an order for suspension and payment of a surcharge.

Financial services

Regulation

Is the advertising or selling of financial services products to consumers or to businesses via the internet regulated, and, if so, by whom and how?

There are some regulations that apply to financial services via the internet. First, under the Money Lending Business Act, money lenders are required to indicate their trade name, interest rate of loans and so on, when advertising the conditions of loans. Second, where a financial instruments firm - such as a securities company, investment fund, investment advisory and brokerage company or investment management company - advertises its transactions, such firm must indicate items such as trade name, registration number and so on. These regulations aim to prevent misunderstandings on the information needed for financial transactions.

Defamation

ISP liability

Are ISPs liable for content displayed on their sites? How can ISPs limit or exclude liability?

When ISPs fail to delete illegal information sent by users or other messages posted, they may be held liable under the Civil Code, provided that such information apparently infringes another person’s rights and it is easy to delete. However, in some cases, it is difficult for ISPs to decide whether the information infringes another person’s rights and whether it should be deleted. In addition, where the provider bears a contractual obligation to host the information, the provider may be held liable for mistakenly deleting such information, if the information was in fact lawful. So, under the Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers, the liability of ISPs is limited so as to avoid any civil liability for not deleting information except under certain circumstances by undertaking/effecting a quasi-‘notice and takedown’ under the Act.

Under the Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers, civil liability of a service provider is limited as follows:

  • A service provider shall bear civil liability for not deleting information only when at least one of the three following points is met:
    • if the deletion of information is technically possible and if the service provider knew that the dissemination of information would cause certain infringement of rights;
    • if the deletion of information is technically possible and not only is the service provider aware of the dissemination of the information, but the infringement of rights arising from such dissemination of information should have been reasonably known to such service provider; and
    • if the service provider transmitted the information itself.
  • A service provider shall not bear any civil liability for deleting information if at least one of the following is met:
    • if the service provider deleted the information to the extent necessary and there is good reason for it to believe that the dissemination of such information would unduly infringe another person’s rights; and
    • where the service provider deleted the information to the extent necessary, if a person claimed that his or her rights were infringed and the provider, for the purpose of determining whether to consent to deletion of the information, inquired as to the opinion of the sender of the information, who did not express any objection to deleting the information within seven days of the date of receipt of such inquiry.
Shutdown and takedown

Can an ISP shut down a web page containing defamatory material without court authorisation?

As mentioned in question 25, when ISPs fail to delete illegal information sent by users other messages posted thereon, they may be held liable.

To prevent exposure to such tort liability, ISPs may be able to shut down a web page containing defamatory material without any third party’s authorisation if it is the only way of deleting illegal information, provided that they follow the requirements under the Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers as mentioned in question 25.

Intellectual property

Third-party links, content and licences

Can a website owner link to third-party websites without permission?

Links to third-party websites are generally possible without permission.

However, a website owner has to take care of any liability as described in question 30.

Can a website owner use third-party content on its website without permission from the third-party content provider? Could the potential consequences be civil in nature as well as criminal or regulatory?

In cases where third-party content is copyright-protected, a website owner cannot use it without permission from the third party because this may constitute an infringement of public transmission rights stipulated under the Copyright Act. In addition, where the third-party content is widely known and is used so that users are misled into confusing the business of the website owner with the business of the third party, the website owner may be liable under the Unfair Competition Prevention Act. Potential consequences are injunction, compensation for damage and criminal penalty.

Can a website owner exploit the software used for a website by licensing the software to third parties?

Software is copyright-protected under the Copyright Act. When permitted by the copyright holder of the software, it is possible for a website owner to license the software to third parties.

Are any liabilities incurred by links to third-party websites?

A website owner that links to third-party websites may be liable for tort in such cases where the use of information in the linked website aims to make illegal personal profits or to cause damage to the linked website.

In addition, in cases where the product identification of the owner of the linked page is configured so that users are misled into confusing the business shown on the linking page with the business on the linked page, the owner of the linking page may be liable under the Unfair Competition Act. Further, with regard to a link to a website containing contents that infringe a copyright, such link may be deemed illegal if the link is made with the knowledge that the other website’s contents were uploaded illegally and the link is not deleted even after a warning by the copyright holder was issued.

Video content

Is video content online regulated in the same way as TV content or is there a separate regime?

In terms of use of third-party content and intellectual property (IP) infringement, video content online and television content are regulated in the same way.

IP rights enforcement and remedies

Do authorities have the power to carry out dawn raids and issue freezing injunctions in connection with IP infringement?

Dawn raids by police are possible if the case is under criminal investigation.

Although an injunction that prevents the infringer from using the intellectual property is possible, freezing injunctions as to the infringer’s assets are not provided in relation to IP infringement. Provisional attachment under the Civil Preservation Act and attachment under the Civil Execution Act are available for monetary claims including a claim for compensation for damage based on IP infringement, both of which may be similar to freezing injunctions.

What civil remedies are available to IP owners? Do they include search orders and freezing injunctions?

Injunctions and compensation for damage are available. Civil remedies designed for intellectual property do not include search orders and freezing injunctions (for reference, see question 32).

Data protection and privacy

Definition of ‘personal data’

How does the law in your jurisdiction define ‘personal data’?

Regarding personal data, the Act on the Protection of Personal Information defines ‘personal information’ as information about a living individual that can identify the specific individual by name, date of birth or other description (including such information as will allow easy reference to other information, thereby enabling the identification of the specific individual). Under the Act on the Protection of Personal Information, a business entity handling personal information shall specify as much as possible the purpose for which such information is used, and expressly inform such person of such purpose when it is obtained directly from the person in writing, including electronically, and, where such personal information has been obtained in some other way, disclose or notify such person of the purpose.

There is a category of sensitive personal information. Sensitive personal information includes information relating to race, creed, social status, medical history, criminal record, fact of being a victim of crime and other descriptions which require special consideration in handling to avoid unjustifiable discrimination, prejudice and other disadvantages. Obtaining sensitive personal information without the consent of the person is not permitted. Also, the opt-out method mentioned in question 37 is not available for sensitive personal information.

Anonymisation in accordance with the law can be used to avoid some regulation. Customer consent is not required to provide the anonymised information (called Anonymously Processed Information) to a third party, provided that the items of the information included in the anonymised information and how to provide it to a third party are made public.

Registration requirements

Do parties involved in the processing of personal data, such as website owners, have to register with any regulator to process personal data?

No registration with any regulator or governmental organisation is generally needed for a website owner to process personal data. The law does not prescribe the appointment of an in-house data protection officer.

Cross-border issues

Could data protection laws and regulatory powers apply to organisations or individuals resident outside of the jurisdiction?

The Act on the Protection of Personal Information could apply to organisations outside Japan if the organisation has provided a good or service to a person in Japan has acquired personal information relating to the person handles in a foreign country the personal information or anonymised information produced by the said personal information.

Individuals residing outside Japan can be protected by the Act if other requirements for protection are fulfilled.

Customer consent

Is personal data processed on the basis of customer consent or other grounds? What is the commonly adopted mechanism for obtaining customer consent or establishing the other grounds for processing?

When a business operator obtains personal information from a customer, the information can only be provided to a third party on the basis of customer consent except where:

  • the provision of personal data is based on laws and regulations;
  • the provision of personal data is necessary for the protection of the life, body, or property of an individual and it is difficult to obtain the consent of the person involved;
  • the provision of personal data is especially necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the consent of the person involved; and
  • the provision of personal data is necessary to cooperate with a state organ, a local government, or an individual or business operator entrusted by one in executing affairs prescribed by laws and regulations and in which obtaining the consent of the person involved is likely to impede execution of the affairs.

There is also an opt-out method (available except sensitive personal information) provided in the Act on the Protection of Personal Information, which can be used in practice but requires a report to the Personal Information Protection Commission.

As mentioned in question 34, the Anonymously Processed Information does not require the consent.

Sale of data to third parties

May a party involved in the processing of personal data, such as a website provider, sell personal data to third parties, such as personal data about website users?

Such sale is supposed to be possible if the consent of the website users to that effect has been obtained. Alternatively, the Anonymously Processed Information as defined in the Act on the Protection of Personal Information may be used although some obligations under the law are still imposed when making and using the Anonymously Processed Information.

Although no particular liability specially designed for such sale is provided under the laws, general civil liability should apply to the seller and buyer in the case of divulgation of personal data, for example.

Customer profiling

If a website owner is intending to profile its customer base to carry out targeted advertising on its website or other websites visited by its customers, is this regulated in your jurisdiction?

Yes. A business operator handling personal information shall not handle personal information about a person without obtaining the prior consent of such person, beyond the scope necessary to achieve the purpose of utilisation. So, if the scope of utilisation in a certain business purpose, which is shown in advance to the person, does not include profiling to target advertising on its website, a business operator cannot do so without obtaining the prior consent of the person involved. No particular law or judgment on profiling to carry out targeted advertising exists so far.

Data breach and cybersecurity

Does your jurisdiction have data breach notification or other cybersecurity laws specific to e-commerce?

There is no data breach notification law in Japan. However, under the Act on the Protection of Personal Information, the government is obliged to establish a basic policy on the protection of personal information to ensure the comprehensive and integrated promotion of measures for the protection of personal information. The Japanese government has established such a policy, in which it states that it is important for a business entity to disclose to the public the fact of any data breach as soon as possible so as to prevent secondary damage being caused by such data breach.

There is no cybersecurity law specific to e-commerce. Although there is a Basic Act on Cybersecurity, it is not particular to e-commerce.

What precautionary measures should be taken to avoid data breaches and ensure cybersecurity?

Nothing specific to this jurisdiction. Usual measures should be taken such as:

  • updates of the operating system and other software;
  • use of anti-virus software;
  • regular backups;
  • use of passwords;
  • access limitation;
  • limitation of device to be used; and
  • restriction of unsafe website viewing.
Insurance

Is cybersecurity insurance available and commonly purchased?

Such insurance is available and used.

Right to be forgotten

Does your jurisdiction recognise or regulate the ‘right to be forgotten’?

There are no statutes concerning the ‘right to be forgotten’.

Japanese courts do not seem to recognise the right to be forgotten independently. In 2016, in an appeal of a case in which the district court granted the right to be forgotten for a claim to delete search results on Google that revealed information about the past criminal activity of the petitioner, the Tokyo High Court held that it is not necessary to judge whether an injunction based on the right to be forgotten exists separately from whether an injunction based on the right to reputation or the right to privacy exists. The Supreme Court affirmed the ruling of the Tokyo High Court. Although the Supreme Court did not directly mention whether it recognises the right to be forgotten, judging from this result, Japanese courts do not seem to recognise the right.

Email marketing

What regulations and guidance are there for email and other distance marketing?

Under the Act on Regulation of Transmission of Specified Electronic Mail and the Act on Specified Commercial Transactions, an opt-in approach is being adopted. In principle, under these Acts, advertisements shall not be provided by electronic means to any target unless he or she has demonstrated his or her wish to receive such advertisements.

Consumer rights

What rights and remedies do individuals have in relation to the processing of their personal data? Are these rights limited to citizens or do they extend to foreign individuals?

Under the Act on the Protection of Personal Information, an individual is entitled to the following rights against a business operator handling personal information:

  • to demand disclosure of his or her personal data;
  • to demand correction of his or her personal data if such data is incorrect; and
  • to demand cessation of utilisation or deletion of his or her personal data if the personal data is used beyond the scope necessary to achieve the purpose of utilisation or was obtained unjustifiably.

Additionally, a general civil remedy is available in the case of divulgation of personal data, for example.

Taxation

Online sales

Is the sale of online products subject to taxation?

Online products transmitted domestically are subject to consumption tax, and as such they are treated the same as non-online products traded domestically. On the other hand, online products transmitted from foreign countries are not subject to consumption tax, while non-online products imported from foreign countries are.

Regarding tariffs, the Japanese government has maintained a policy of not imposing them on the sale of online products, and, as such, online products are treated differently from non-online products imported from foreign countries.

Server placement

What tax liabilities ensue from placing servers outside operators’ home jurisdictions? Does the placing of servers within a jurisdiction by a company incorporated outside the jurisdiction expose that company to local taxes?

Tax liabilities generally arise at the source where income is obtained.

So, even if operators incorporated in Japan place their servers outside Japan, this does not generally have any effect on tax liabilities; they will generally be subject to tax liabilities in Japan. On the other hand, if operators incorporated outside Japan place their servers in Japan, they will not generally be subject to tax liabilities in Japan as long as the source of the income remains outside Japan.

Company registration

When and where should companies register for VAT or other sales taxes? How are domestic internet sales taxed?

A company incorporated in Japan will usually be taxed in Japan. After incorporation, every company shall submit a notification of incorporation to the competent district director of the tax office, which makes it possible for domestic internet sales companies to be taxed; on the other hand, a foreign company with a permanent establishment in Japan is liable for some taxation. Such company is obliged to nominate an administrator for tax payments. Every company is obliged to submit a tax return certificate to the competent district director of the tax office.

Returns

If an offshore company is used to supply goods over the internet, how will returns be treated for tax purposes? What transfer-pricing problems might arise from customers returning goods to an onshore retail outlet of an offshore company set up to supply the goods?

This is not a common practice in Japan. However, transfer-pricing problems may arise from customers returning goods to an onshore retail outlet of an offshore company, if the transfer price from the offshore company to the onshore retail outlet is higher than the arm’s length price.

Gambling

Legality

Is it permissible to operate an online betting or gaming business from the jurisdiction?

Horse racing and participating in national lotteries and so on are permitted for certain entities. There is no prohibition or penalty against the purchase of betting tickets on horse racing through online means. After the amendment to the Lottery Ticket Act in April 2012, lottery tickets can be purchased through the internet.

Online gaming businesses are not prohibited and, in reality, many online gaming companies conduct business in Japan.

Are residents permitted to use online casinos and betting websites? Is any regulatory consent or age, credit or other verification required?

Online casinos and betting websites are currently not allowed.

Outsourcing

Key legal and tax issues

What are the key legal and tax issues relevant in considering the provision of services on an outsourced basis?

One of the key legal issues relevant in outsourcing is the actual enforceability of the outsourcing agreement. In cases where Japanese companies outsource the provision of services, it is often common for companies to insert provisions into the outsourcing agreement limiting their liabilities and reserving their rights as much as possible.

However, in cases, for example, where defects in products or leakage of information caused by the outsourced companies leads to damage or injury to consumers in Japan, the outsourcing company cannot be totally exempt from liability under the Civil Code or Product Liability Act even if its liabilities are limited in the agreement. In addition, it cannot be entirely precluded that the outsourced companies outside the jurisdiction may file an application in their countries for IP rights that are almost the same as those licensed by the outsourcing companies or generated by the outsourced companies on the basis of the activities provided in such agreement.

Employee rights

What are the rights of employees who previously carried out services that have been outsourced? Is there any right to consultation or compensation, and do the rules apply to all employees within the jurisdiction?

There is no direct rule or regulation regarding employees who previously carried out services that have been outsourced. However, under the Japanese Labour Contract Act, dismissal is strictly restricted for a company during normal economic conditions, and so usually cannot be justified on the grounds that services were outsourced. In such cases, the company may have to maintain employment by giving employees other jobs by transferring them to a different position or location of work.

Online publishing

Content liability

When would a website provider be liable for mistakes in information that it provides online? Can it avoid liability? Is it required or advised to post any notices in this regard?

A website provider that mistakenly provides information leading to a third party’s loss or damage may actually be liable just for providing the information. A website provider that provides information owing to a third-party’s contribution, may be liable only when the transmission of such information apparently infringes another person’s rights and it is easy to delete, which is basically the same as the liability of ISPs mentioned in question 25.

Notices in this regard may be effective if it comprises an agreement between the website provider and viewers.

Databases

If a website provider includes databases on its site, can it stop other people from using or reproducing data from those databases?

In Japan, some databases are copyright-protected. So, if people use copyright-protected databases, a website provider can stop them from using or reproducing data for commercial purposes.

A website provider sometimes uses technological restriction measures for those databases to prevent other people from using or reproducing data. Making such technological restriction measures ineffective without permission may be prohibited under the Unfair Competition Prevention Act as well as the Copyright Act.

Dispute resolution

Venues

Are there any specialist courts or other venues in your jurisdiction that deal with online/digital issues and disputes?

No. There is the Intellectual Property High Court which specialises in IP disputes such as patent and copyright and therefore deals with online digital patent and copyright disputes, but this court is not necessarily a specialist court of online/digital disputes.

ADR

What alternative dispute resolution (ADR) methods are available for online/digital disputes? How common is ADR for online/digital disputes in your jurisdiction?

Arbitration or mediation may be used to solve online/digital disputes. Courts may handle mediation proceeding for such disputes, too. Software Information Centre also provides ADR for software-related disputes. Most of those cases are related to system development transaction.

Update and trends

Key developments of the past year

Are there any emerging trends or hot topics in e-Commerce regulation in the jurisdiction? Is there any pending legislation that is likely to have consequences for e-Commerce and internet-related business?(EU JURISDICTIONS ONLY: How do you anticipate the General Data Protection Regulation and the e-Privacy Regulation will impact e-commerce?)

Key developments of the past year58 Are there any emerging trends or hot topics in e-commerce regulation in the jurisdiction? Is there any pending legislation that is likely to have consequences for e-commerce and internet-related business?

The Japan Fair Trade Commission (JFTC) investigated Amazon Japan in February 2019 under suspicion of violating the Anti-Monopoly Act, specifically, the abuse of a dominant bargaining position which is one of the prohibited acts under the Act. The alleged facts were that Amazon Japan determined to refund Amazon points equivalent to 1 per cent of the purchase price on all items at Amazon to purchasers, and required sellers to pay money as a source of such point refunds. This investigation ended in April 2019 because Amazon Japan gave up such practice. At such time, the JFTC did not present its opinion as to whether or not Amazon’s behaviour was in violation of the Act.