The Puzzle of Japanese Data Privacy Enforcement

Abstract

Japan’s data privacy laws have been in force since 2003, sufficient time for evidence of their enforcement to become apparent and be assessed. This article first explains the legislative and administrative structure of Japanese data privacy law, and then examines each aspect of enforcement of the law, and such evidence of the effectiveness of enforcement as is available. The public sector, and the private sector, and the co-regulatory systems are considered. This examination shows that the enforcement mechanisms in the Japanese system are not used to any significant extent. it also shows that the ways in which thy work are not transparent enough. We reject claims made by government bodies and academics that Japanese businesses comply with the legislation without being required to do so. The extent of compliance is a separate enquiry outside the scope of this article. The result is that the Japanese system asks observers to take it on trust that it is effective. The absence of evidence is in itself a deficiency, a failure to provide transparency of the enforcement system. Put politely, the effectiveness of Japanese data privacy law remains a puzzle. Major reforms are proposed by the government which may provide much more effective means of enforcement, but are only likely to succeed if they also make that enforcement more transparent.