This alert summarizes several legislative updates that have potentially far-reaching privacy implications for tech companies doing business in Japan. These updates relate to the handling of personal information in the so-called “digital market.”
In Japan, this term means the market of online services such as search providers, social networking services, and electronic commerce, or other value provided to customers through data or digital technology.
Japan’s Cabinet established the Headquarters for Digital Market Competition to discuss new laws and guidelines affecting the digital market, including:
Below are descriptions of these important updates, as well as practical considerations that will be of particular interest to tech companies’ privacy officers and departments.
The PIPA was amended to provide greater protections to individuals whose data is collected by companies and/or transferred to third parties.  The PIPA amendment includes the following key changes:
The current PIPA already allows the transfer of personal data with individual consent. Under the PIPA amendment, companies will need to update their consent procedures to provide certain information about the overseas party before obtaining such individual consent. This includes: (a) information regarding the personal information protection system of the foreign country where the personal data will be sent; (b) the measures that the overseas party will take to protect the personal information; and (c) other information helpful to the individual. The Personal Information Protection Commission (“PPC”) will provide further details at a later date.
If a company transfers personal data to an overseas party and relies on that party’s security measures, the company must be ready to explain, upon individual request, how it ensures that the overseas party will implement those security measures.
There is no direct penalty for failing to provide these notifications. However, if this notification requirement is not met, the PPC may issue a recommendation (i.e., a request to take remedial measures) or an order (i.e., a demand to take remedial measures if the business fails to follow a recommendation or there is an urgent need).
The PIPA amendment was enacted on June 5, 2020, and published on June 12, 2020. Some provisions of the amendment will come into effect in December 2020, but most will come into effect by June 2022. Further details on the PIPA amendment will be provided by ordinance and in the PPC’s rules, which will likely be open to public comment in early 2021.
A digital platform operator’s interactions with consumers may now give rise to “abuse of superior bargaining position,” which is an existing claim under Japanese antitrust law.
Published and made effective in December 2019, the Guidelines Concerning Abuse of Superior Bargaining Position in Transactions between Digital Platform Operators and Consumers that Provide Personal Information (“JFTC Guidelines”) clarified that such an abuse could occur if a digital platform operator (“Operator”) uses its superior bargaining position over consumers (who are counterparties to a transaction) to cause those consumers to be unjustifiably disadvantaged, in light of normal business practices.
The JFTC Guidelines explain that an Operator has a superior bargaining position over consumers when the consumers suffer detrimental treatment from the Operator but are compelled to accept this treatment in order to use the Operator’s services. An Operator is normally in a superior bargaining position when:
The JFTC Guidelines explain that the issue of whether consumers are unjustifiably disadvantaged “in light of normal business practices” will be determined on a case-by-case basis. The JFTC Guidelines further explain that conduct will not necessarily be justified simply because the conduct is consistent with existing business practices; it must also be consistent with the maintenance and promotion of fair competition.
The JFTC Guidelines identify examples of conduct likely to constitute an abuse of superior bargaining position:
The JFTC has established the Abuse of Superior Bargaining Position Task Force to handle potential abuse cases. The Task Force will investigate and warn relevant businesses of potential abuses, to facilitate their cooperation in improving their practices and preventing future issues. The Task Force may also handle potential cases under the JFTC Guidelines.
The JFTC may enforce these Guidelines by issuing cease-and-desist orders and surcharge payment orders. Any surcharge will equal one percent of the sales or purchasing amount of the transaction with the affected counterparty. It is unclear what will happen when personal information is collected and used by an Operator who provides a service free of charge.
Though an abuse of superior bargaining position covers a relatively narrow set of circumstances, it is important to remember that the handling of personal information can be subject to enforcement in Japan under both the PIPA and antitrust law.
The DPTTA is intended to improve the transparency and fairness of digital platforms and provides requirements for “Specified Digital Platformers” who will be designated by the Minister of Economy, Trade and Industry (“METI”). We anticipate that, at least initially, only large-scale online mall providers and app store providers will be designated as Specified Digital Platformers.
Under the DPTTA, Specified Digital Platformers must (1) disclose certain terms and conditions to both general users of the digital platform and those who use the digital platform to sell goods and services; (2) establish procedures and systems conforming to METI guidance; and (3) submit an annual report with a self-evaluation.
With respect to (1), Specified Digital Platformers will be required to disclose the following terms and conditions to general users:
Specified Digital Platformers will also be required to disclose the following information to users who sell goods and services via the platform:
If a Specified Digital Platformer fails to disclose these terms described in (1), it may be subject to METI recommendations and orders. The penalty for breach of a METI order is a fine of up to one million yen. METI may issue a recommendation for failure to establish the procedures described in (2) above, but orders and criminality penalties are not available remedies. Failure to file an annual report as described in (3) above may result in a fine of up to 0.5 million yen.
The DPTTA was enacted on May 27, 2020, was published on June 3, 2020, and will come into effect by June 2021.