The Americas: Argentina | Brazil | Mexico
East Asia, South Asia and Pacific: Australia | China | India | Japan | South Korea | Taiwan
Europe and Central Asia: European Union | England | France | Iceland | Italy | Norway | Portugal | Russia | Spain | Turkey
Middle East and Africa: Iran | Israel | South Africa | United Arab Emirates
Privacy and private information are protected in Japan, including a person’s location information. The location of a person who communicates via a mobile device is treated as information relating to the secrecy of communication that the Constitution of Japan protects. Telecommunications carriers can collect such information only when a user has consented, when a judge has issued a warrant, or when there is a legally justifiable cause. Law enforcement cannot track a suspect by secretly attaching a GPS device to the suspect’s belongings without a warrant issued by a judge. When the government conducts an epidemiological investigation, a health center official tracks the past locations of the person. If the person refuses to cooperate with the investigation, the investigation cannot be conducted.
The government, in cooperation with information technology organizations, has tried to utilize an infection route tracking application software on mobile devices. The government expects to launch the system in June 2020.
As of May 22, 2020, according to the Ministry of Health, Labour and Welfare (MHLW), the number of confirmed COVID-19 cases is 16,513 in Japan, a rate of 131 per million. The number of deaths is 796. It is “among the lowest death rates in the world.”
Most people have smartphones in Japan. As of 2018, 95.7% of households owned mobile information and communication devices, according to a survey by the Ministry of Internal Affairs and Communications (MIC). Among them, the percentage of smartphones was 79.2%. A more recent survey by a private institution found that the percentage of smartphones among mobile phones reached 88.9% in January 2020. Especially among people who are younger than 50 years of age, almost everyone has a smartphone.
Regarding willingness to share personal information, it appears that the Japanese are reluctant to do so. According to an international study, the Japanese were the least willing overall to share information with organizations online among people in the studied countries.
II. Legal Framework
A. Privacy and Data Protection
There is a no legal provision that explicitly protects the right to privacy, however, the right to privacy has been recognized by the courts. Courts and scholars have found the legal basis of the right to privacy in the right to the pursuit of happiness that is guaranteed under the Constitution. Regarding personal information and privacy, in 2003, the Supreme Court decided that even basic information about a person, such as names, addresses, and telephone numbers, can be protected as private, depending on the circumstances. In that case, a university had disclosed such information about applicants for attendance at a foreign leader’s lecture to the police, without their prior consent. The Court decided the disclosure constituted a tort.
There are three laws regulating the handling of personal information. The Act on the Protection of Personal Information (APPI) applies to the private sector. The Act on the Protection of Personal Information Held by Administrative Organs (APPIHAO) applies to government agencies. The Act on the Protection of Personal Information Held by Independent Administrative Agencies, etc., (APPIHIAA) applies to independent administrative agencies. These laws aim to protect personal information while they set rules to properly utilize personal information for the development of relevant industries. These laws define personal information as follows:
Information about a living person that
- contains a name, date of birth, or other descriptions (any matters stated, recorded or otherwise expressed using voice, movement or other methods in a document, drawing or electromagnetic record) whereby a specific individual can be identified, including those which can be readily collated with other information and thereby identify a specific individual; and
- contains an individual identification code that can identify a specific person, user, purchaser, or recipient.
In general terms, anyone who handles personal information must disclose the purpose of the collection and must not disclose it to a third party without the consent of the individual unless disclosure is allowed by law. When personal information is processed so that it cannot identify a person (anonymously processed information), a person who handles personal information can provide the anonymously processed information to a third party without the consent of the subjects of the information if the person follows the measures set forth by the APPI, APPIHAO, and APPIHIAA.
B. Data Retention and Location Tracking
1. APPI, APPIHAO, and APPIHIAA
When the location information of a person can enable a third party to identify that person, the APPI, APPIHAO, and APPIHIAA treat it as personal information. If location information is anonymized, the information can be transferred and utilized under certain conditions.
2. Guidelines for Telecommunications Carriers
The Constitution states that the secrecy of any means of communication must not be violated. The Telecommunications Business Act also states that “[t]he secrecy of communications handled by a telecommunications carrier must not be violated.” Because the telecommunications business deals with this right to protection of the secrecy of communications, the handling of personal information by telecommunications carriers requires special consideration. The MIC has issued the Guidelines for Personal Information Protection in Telecommunications Business that telecommunications carriers must comply with regarding the proper handling of personal information. MIC updates the Guidelines every few years.
The Guidelines state that telecommunications carriers may collect personal information relating to the right to secrecy of communication only when the subject person has agreed or when there is justifiable cause for noncompliance with the law. The location information of mobile telecommunication device users is private information. Among other things, information about a device user’s terminal base or wifi access point is information that relates to the secrecy of communications. The Guidelines state that telecommunications carriers can collect the location information of mobile communication devices when it is necessary for the telecommunications carrier’s business or when there is justifiable cause for noncompliance with the regulation. A telecommunications carrier can provide a third party with the location information of a holder of a mobile communication device in the following cases: The customer has consented to it in advance, a judge issued a warrant for it, or there are other justifiable causes for noncompliance with the law.
In addition, telecommunication carriers can provide a third party with the location information of a telecommunication device without customers’ consent when the life or body of the holder of the device is likely in danger.
3. Criminal Investigation
Law enforcement used Global Positioning System (GPS) devices to investigate suspects. The police believed tracking suspects with a GPS device during a criminal investigation could be allowed as a non-compulsory measure. However, the Supreme Court decided in 2017 that the police need a warrant issued by a judge to secretly track the location of a suspect’s car. The Court said it is a method of investigation that allows the police to encroach upon an individual’s private sphere against the person’s reasonably inferred desire, enabling an invasion of privacy.
4. Infectious Disease Prevention Act
Under the Infectious Disease Prevention Act, when a prefectural governor deems it necessary to prevent or monitor the outbreak of an infectious disease or investigate the cause of outbreaks, the governor may direct prefecture officials to question the patients, suspected disease carriers or asymptomatic carriers of certain diseases and to carry out necessary investigations. When the Minister of MHLW deems it urgently necessary for the purpose of preventing the outbreak or spread of an infectious disease, the Minister may direct relevant officials of the MHLW to do the same. Under these provisions, local health centers conduct an epidemiological investigation. Health centers ask patients where they visited, among other things. However, there is no provision in the Act to force the patients to answer the questions. In a recent news article, it was reported that those people who refused to answer questions made the investigation of transmission routes difficult.
III. Electronic Measures to Fight COVID-19 Spread
A. Infection Route Tracking Application Software
The government has formed the Anti-COVID-19 TECH Team (ACTT), which examines the utilization of information technology and various data to counter COVID-19 and adopt IT measures while receiving assistance from IT companies. ACTT had its first meeting on April 6, 2020. The government decided on April 7, 2020, to develop an infection route tracking application software, modeled on TraceTogether in Singapore, as a measure against the spread of COVID-19 infections. On May 8, 2020, the government decided to move jurisdiction over the software from ACTT to the MHLW in order to satisfy a policy of Apple and Google limiting application development to health authorities.
The summary of the tentative tracking system as of May 8, 2020, is as follows:
- The application software utilizes the application programming interface (API) provided by Apple and Google. The application, when installed in a device, will store the identifiers of other devices that have the application installed when these devices come within a certain distance for a certain duration of time, using Bluetooth. Identifiers are not connected to the individuals who have the devices, and they change periodically. Stored identifiers are deleted after a certain period.
- When a health care provider tests one of the device holders and the person is confirmed to be infected with COVID-19, the provider will notify a local health center. The health center inputs the information in the COVID-19 management system operated by the MHLW. The health center notifies the infected person of the result of the test.
- The notified person inputs the information that he or she received the positive test result from the health center on the application on his/her device. The application sends other device holders who have come in close contact with the person a warning. Persons who received the warning input the information on the application on their devices. The application program sends the information to the health center.
To protect privacy of the users, the software will not keep track their geolocation data. The system will not notify when and where they were in close proximity or the identity of the infected person.
The government planned to operate the system in early May, but it was delayed until June. According to a news article, the agreement with Apple and Google has not been completed yet.
B. Returnee Follow-Up
When residents of Japan come back from a certain area where the possibility of contacts with COVID-19 is heightened, health centers will track the health conditions of the returnees for 14 days. If returnees agree, they can communicate with the health center by using a smartphone application.
Prepared by Sayuri Umeda
Senior Foreign Law Specialist
 Hiromitsu Naito, モデル小説における表現の自由とプライバシーの権利[Freedom of Expression and Right to Privacy on Novels Based on Real Person], 専修法学論集 [107 Specialized Law Stud. Collection 1, 6-9 (2009)], https://perma.cc/JV6K-782W.
 個人情報の保護に関する法律 [Act on the Protection of Personal Information] (APPI), Act No. 57 of 2003 (May 30, 2003), amended by Act No. 16 of 2019 (Reiwa), https://perma.cc/548A-V32A (unofficial translation as amended by Act No. 65 of 2015).
 行政機関の保有する個人情報の保護に関する法律 [Act on the Protection of Personal Information Held by Administrative Organs] (APPIHAO), Act No. 58 of 2003 (May 30, 2003), last amended by Act No. 37 of 2019 (Reiwa), https://perma.cc/3QTP-QHQ4 (unofficial translation as amended by Act No. 51 of 2016).
 独立行政法人等の保有する個人情報の保護に関する法律 [Act on the Protection of Personal Information Held by Independent Administrative Agencies] (APPIHIAA), Act No. 59 of 2003 (May 30, 2003), amended by Act No. 37 of 2019 (Reiwa), https://perma.cc/E773-EY7M (unofficial translation as amended by Act No. 51 of 2016).
 APPI art. 1, APPIHAO art. 1, and APPIHIAA art. 1.
 APPI art. 2, para. 1 & 2; APPIHAO art. 2, para. 2 & 3; APPIHIAA art. 2, para. 2 & 3.
 APPI arts 36 & 37, APPIHAO art. 44-2, and APPIHIAA art. 44-2.
 Komukai, supra note 14.
 Const. art. 21, para. 2.
 電気通信事業法 [Telecommunications Business Act], Act No. 86 of 1984, amended by Act No. 5 of 2019 (Reiwa), art. 4, https://perma.cc/LL3T-AAYM (unofficial translation, as amended by Act No. 26 of 2015).
 電気通信事業における個人情報保護に関するガイドライン [Guidelines for Personal Information Protection in Telecommunications Business], MIC Notification No. 152 (Apr. 18, 2017), amended by MIC Notification No. 297 (Sept. 14, 2017), art. 7, para. 3, https://perma.cc/Q9J5-ZZ84.
 Id. art. 35, para. 1.
 Id. art. 35, para. 2.
 Id. art. 35, para. 5.
 2016 (A) 442, Keishu 71-3 (S. Ct. Mar. 15, 2017). A summary of the case is available on the Courts in Japan website.
 Id. See also Const. art. 35.
 感染症の予防及び感染症の患者に対する医療に関する法律 [Act on the Prevention of Infectious Diseases and Medical Care for Patients with Infectious Diseases](Infectious Disease Prevention Act), Act No. 114 of 1998, amended by Act No. 115 of 2014, art. 15, para. 1, https://perma.cc/H2HA-BGEW (unofficial translation).
 Id. art. 15, para. 2.
 国立感染症研究所 感染症疫学センター [Infectious Diseases Surveillance Center, National Institute of Infectious Diseases], 新型コロナウイルス感染症患者に対する積極的疫学調査実施要領 [Guidelines for Active Epidemiological Surveys on New Coronavirus Infections 1] (Apr. 20, 2020), https://perma.cc/MH3V-6WMS.
 「調査の電話に出てくれない」感染拡大の若年層、追跡拒否のケースも [‘They do not answer phone calls’: Infection Expanded Among Young, Some Refuse Tracking of Transmission Routes], Yomiuri (Apr. 5, 2020), https://www.yomiuri.co.jp/medical/20200405-OYT1T50044/.
 新型コロナウイルス感染症の拡大防止対策に資するIT活用について [Regarding Utilization of IT that Contributes to Measures Against Spread of Novel Corona Virus Disease Material No. 1 for ACTT Kick-off Meeting] (Apr. 6, 2020), Gov’t Chief Info. Off., https://perma.cc/M8EW-HQH5.
 接触確認アプリ、所管を厚労省に アップル・グーグルの方針受け [Contact Tracing App, Jurisdiction to MHLW, Due to Policy by Apple and Google], Nikkei (May 8, 2020), https://www.nikkei.com/article/DGXMZO58875030Y0A 500C2EA3000/. See also ACTT Secretariat, 接触確認アプリの導入に向けた取組について（案）[Efforts to Introduce Contact Tracking App (Draft)), Material 1-1 for ACTT Meeting 8] (May 8, 2020), https://perma.cc/FPX6-ADBU.
 ACTT Secretariat, supra note 34, at 3-6. See also Press Release, Code For Japan, コンタクト・トレーシング・アプリの開発に関して [Regarding Development of Contact Tracing App], PR Times (Apr. 15, 2020), https://perma.cc/K8ZH-AV9J.
 ＜新型コロナ＞接触通知アプリ 来月導入の方針 [<Novel Corona Virus> Contact Notification App, Introduced Next Month], Tokyo Shimbun (May 18, 2020), https://www.tokyo-np.co.jp/article/economics/list/202005/ CK2020051802000104.html.
Last Updated: 12/30/2020