International Credibility at Risk: Australian Privacy Foundation Submission on Japan's Proposed Changes to its Data Privacy Law

Abstract

This is a submission from the Australian Privacy Foundation (AFP) to the Government of Japan, following its June 2014 request for submissions on proposed changes to Japan's 2003 data privacy law (Strategic Headquarters for the promotion of an Advanced Information and Telecommunications Network Society (TI Strategic Headquarters) 'Outline of the System Reform Concerning the Utilization of Personal Data', 24 June, 2014). The APF's submission argues that Japan's Personal Information Protection Act (PIPA) has the weakest privacy principles of any Asia-Pacific country that has a data privacy law. These proposals will, overall, weaken the principles in Japan's law, although they do have some positive aspects. To obtain international credibility for its privacy laws, Japan needs to move its law more in line with the 103 other countries with data privacy laws, rather than aligning itself with the isolated United States position of no comprehensive privacy law. The principle danger to privacy in the current proposals is the proposal to remove most privacy protections from supposed 'reduced indentifiability' data. No standards for de-identification are proposed, and it will be essentially a self-regulatory system. No penalties are proposed against any party if data is in fact re-identified. It is a 'best efforts' approach with no consequences for 'failure' to de-identify. This will depart from current international standards for 'personal data' and put Japan out-of step with other countries, rather than in advance of them. The submission argues that the proposed changes will provide little benefit to most Japanese businesses, and will primarily benefit US business interest.The APF suggests improvement to both the privacy principles in the PIPA, and the enforcement of those principles.