A Web of Rules

Back to Contents of Issue: November 2002

How the Internet is affecting Japanese content liability, privacy and consumer protection laws.

by J.Dax Hansen and Keiji Sugiyama

IDENTIFYING THE WEB of rules that govern the wired and wireless Internet in Japan is a time-consuming but essential task for businesses engaged in Japan-related activities. This article summarizes a number of Internet-related laws in Japan and includes several specific examples of the application of these laws to businesses operating in Japan. Included is a discussion of a recent governmental enactment to limit the liability of certain telecommunications service providers (TSPs) for content posted on their networks, efforts to regulate the transmission of spam, and proposed privacy measures and consumer protection laws.

Content Liability
Japanese legacy laws regulate various types of content, including pornography, gambling and advertising, although Article 21 of Japan's constitution also guarantees freedom of expression. Until recently, however, Japan has not had Internet-specific content liability laws. On November 30, 2001, the Diet passed a law that went into effect May 27, 2002, to regulate online infringement of third party rights, including defamation, copyright infringement and privacy violations. This law is known as the Provider Liability Law. In response to growing problems involving defamation and copyright infringement among Internet users in Japan, the Diet passed the law as an attempt to provide mechanisms for dealing with the online publication of infringing or malicious content.

Under the Provider Liability Law, a TSP's liability to a third party claiming infringement generally is limited, unless it knows or has reason to know that information on its network infringes on the rights of a third party. In the case that the TSP deletes information submitted by a sender, the TSP's liability to the sender generally is limited if it is reasonable to assume that third party rights have been infringed upon, or the TSP conveys to the sender a request from the third party that the information be deleted, and the TSP does not receive from the sender within seven days a response contesting the proposed deletion. A third party claiming infringement may request the TSP to remove the allegedly infringing or defamatory content from the TSP's network. However, within the parameters stated above, the TSP is given flexibility to take remedial action based on its own assessment of the alleged infringement. Although the Provider Liability Law does not create an affirmative duty on TSPs to police their networks, TSPs face liability if they intentionally ignore consumer complaints and fail to take action to address such complaints.

In addition to providing a mechanism for removing infringing content, the Provider Liability Law provides that the third party claiming infringement can demand that the TSP disclose identity information about the alleged offender. A victim is entitled to learn the name and address of the offender under certain conditions, such as for use in filing a lawsuit. However, the TSP may use its discretion in determining whether or not to disclose the sender's identity to the third party claiming infringement. Except in the case of intentional or gross negligence, the TSP will not be liable to the third party claiming infringement if the TSP fails to respond to the third party's demand for disclosure. However, TSPs refusing to disclose personal information can be taken to court. Such disclosure provisions raise questions of conflict with the Constitution, which guarantees personal privacy, secrecy of communication and freedom of expression.

The Provider Liability Law deals with subject matter similar to that of the US Communications Decency Act and the Digital Millennium Copyright Act. It is similar to these US laws in that it fosters development of the Internet by limiting the liability of the TSP. However, it is different in that it places different burdens on the TSP than those placed on the TSP under the US model. It is also different in that it applies the same standard of liability to all types of violations covered by the Provider Liability Law (copyright infringement, defamation, privacy infringement). Yet it does not broadly cover all cases where liability is concerned; it only stipulates certain rules and leaves other situations to be determined under general laws.

The Provider Liability Law is different from the Communications Decency Act in that the TSP is much more involved in the process under the Japan model. For example, under the Provider Liability Law, the TSP cannot rely on the limited liability safe harbor if it is technically able to filter the infringing content and knows or has reason to know of it but fails to act. No such requirement applies to TSPs under the US law. While the TSP is also protected from liability from blocking, such protection depends on the TSP's having evidence of the infringement or claim, or providing notice and an opportunity to respond to the allegedly infringing party. Under the Communications Decency Act, the TSP's protection is extended to choosing to leave the content in place even after notice of a claim. Arguably, the US service provider may even edit the content in question without losing the benefit of the limitation on liability.

The Provider Liability Law is also different from the Digital Millennium Copyright Act. For example, the notice and takedown rules differ and the Provider Liability Law's definition of a service provider is more general than it is under the US law.

The Niftyserve Case
Prior to the passage of the Provider Liability Law, the Tokyo High Court ruled on the issue of TSP liability for defamatory content posted on its Web site. The plaintiff participated in an online forum administered and monitored by Niftyserve where the plaintiff became involved in a heated discussion with another forum participant. The other participant posted defamatory comments about the plaintiff. These comments provided the basis for the plaintiff's complaint against the person who posted them, the system administrator in charge of monitoring the forum, and Niftyserve.

At the district court level, the plaintiff won damages from the three defendants in the amount of JPY100,000 (jointly and severally) and an additional JPY400,000 from the person who posted the comments. However, the Tokyo High Court overturned the lower court's decision, stating that the system administrator and Niftyserve are not liable for failing to promptly delete defamatory messages on its Web site. The Provider Liability Law attempts to clarify the liability that a TSP has in certain situations for content posted on its Web site. At the local level, the Okayama Municipal Government recently enacted an ordinance banning slanderous posts on its bulletin boards in order to combat an attack of vicious emails launched on its official Web site. The ordinance is the first of its type in Japan. It outlaws certain kinds of statements on bulletin boards maintained as part of the official municipal Web site, including: statements that infringe on an individual's privacy, defamatory statements, discriminatory statements and sexually arousing comments. The local government plans to have a team monitor the bulletin boards and punish offenders with an administrative penalty of up to JPY50,000.

Personal Data Privacy
Privacy is another topic that is receiving intense legal scrutiny. The country is bound to see new privacy legislation thrown into the mix of self-regulation and heightened enforcement of existing laws.
The Diet is considering comprehensive legislation regarding personal data protection in the private and public sectors. This legislation, known as the Privacy Bill, would impact the manner in which Japanese and foreign companies collect, handle and share personal information. The Cabinet approved the Privacy Bill on March 27, 2001, and submitted it to the Diet for deliberation. Regulators are moving away from a system of self-regulation and moving toward codified laws to protect personal privacy in the private sector.

The current draft of the Privacy Bill provides for comprehensive regulation of the handling of personal data by any person or entity in the private and public sectors. The bill focuses on five general principles: (1) the purposes for using personal data should be specified and the use should not go beyond the specified purposes; (2) personal data should be collected by legal and proper methods; (3) personal data possessed by an entity should be kept accurate and updated; (4) entities should provide security safeguards against divulgence, loss or damage to personal data in their possession; and (5) entities should allow proper involvement of the individual in the handling of that person's data.

These five principles would be enforced through a number of specific requirements. Included are requirements for consumer consent before sharing personal data with others, as well as provisions for consumer involvement (in the form of explaining to the consumer how the data will be used) when an entity obtains an individual's personal data.

To enforce compliance with these requirements, the Privacy Bill contains penalty provisions, calling for imprisonment with labor of up to six months or a fine of up to JPY300,000 for non-compliance with the competent minister's order regarding the handling of personal data. Voluntary adoption of privacy policies by businesses as well as online privacy seal initiatives will still be promoted.

The Privacy Bill has encountered opposition from some members of the Diet. The New Komeito Party and the Democratic Party of Japan have voiced concerns that the Privacy Bill will lead to unreasonable intervention by authorities and infringe upon the constitutional right of freedom of expression. Furthermore, there is concern that the Privacy Bill will restrict newsgathering, investigating and reporting activities.

Opposition to the bill notwithstanding, recent cases indicate that the Japanese government will likely adopt some form of privacy protection in the near future.

The Privacy Bill represents a break from the historical Japanese policy of self-regulation in the area of online privacy protections in the private sector. In the past, the Japanese government has mainly addressed concerns over personal data protection in the private sector by relying on firms to self-regulate, issuing advisory guidelines and promoting participation in online privacy seal initiatives sponsored by industry groups. (Privacy seals of approval are given after a trusted organization examines an enterprise's privacy practices on its Web site.)

Most of the guidelines previously issued by government ministries and industry organizations are based on the "Guidelines for the Protection of Computer-Processed Personal Data in the Private Sector," drawn up in 1997 by the Ministry of International Trade and Industry. These are based on principles promulgated by the European Union and the Organization for Economic Cooperation and Development. Broadly speaking, the guidelines have addressed collection of data, access of subjects to their individual data, handling of personal data and mechanisms for subjects to prevent further use of their data.

Privacy seal initiatives have also played a part in the system of self-regulation with respect to personal data privacy. Provided a firm's practices are consistent with the examining organization's established guidelines, the enterprise would be granted a seal of approval, which can be displayed on the Web site. This accreditation would, theoretically, provide visitors with the assurance that their private data is safe.

Privacy Concerns
Several incidents involving the sale of personal data pushed the privacy issue to the forefront in Japan. For example, Osaka police confiscated a list of information on 14,000 housewives, which included data on their expected date of childbirth, address, telephone number and names of family members living in the vicinity. Police believed this list had been compiled by a mail-order company and later sold to a list maker. In another incident, the telephone giant KDDI was sued by nine people for its mishandling of personal data. KDDI gave its marketing agent the names, addresses, phone numbers and additional personal data of 203,000 telephone service users so the agent could promote KDDI's products. The data on 32,000 of those users was stolen or leaked to a crime ring, resulting in several of the people on the list being robbed. Concern over personal data privacy has also arisen in connection with customer lists offered as collateral for loans. In one case, Toppan Printing, a creditor, seized the customer list of a debtor and sold that list to collect on the debt. While this practice is legal, it raised further concerns that personal data is not protected adequately under existing laws.

Amazon Japan's Launch
In connection with the launch of Amazon.co.jp in November 2000, Amazon Japan implemented the same privacy policy that is in place on the Amazon.com site. Amazon Japan concluded that the Amazon.com privacy policy addressed Japanese privacy requirements. With a worldwide customer base, Amazon prefers to maintain consistency among its various international operations by using standard privacy policies, terms of use and other business practices, but the company modifies these policies to the extent necessary to comply with differences in local laws, customs and practices.

In fact, prior to the launch of Amazon.co.jp, Amazon Japan conducted broad-scale due diligence of privacy, consumer protection, copyright and trademark, commercial, import/export, employment and other Japanese laws. Amazon Japan hired locally and established relationships with local Japanese service providers, vendors and legal counsel familiar with Japanese legal requirements and business practices. Amazon Japan then decided how, if at all, the privacy policy, terms and conditions of use, and other standard aspects of the business practices used by Amazon in its operations in the US, the UK, France and Germany should be modified to satisfy Japanese legal requirements, Japanese customs and practice and Japanese consumer preferences. Local employees continue to monitor legal developments that impact Amazon Japan's business (including the Amazon.co.jp site and Amazon Anywhere, offered through mobile services i-mode and EZweb).

Online Consumer Protection
Another area of emphasis is ensuring protections for online consumers. These protections extend to sales practices, advertising, product quality and other aspects of consumer transactions.

Currently, several laws provide protection to online consumers in Japan. Primarily, the Specific Commercial Transaction Act, formerly the Door-to-Door Sales Act, regulates the online sale of goods and services. The Electronic Consumers Contract Act, the Consumers Contract Act, the Premiums and Misrepresentations Law, the Installment Sales Law and the Used Goods Business Act provide consumers with additional protections.

Anti-Spam Rules
A recent increase in spamming activity has caught the attention of Japanese regulators. On January 10, 2002, the Ministry of Economy, Trade and Industry (METI) issued a ministerial ordinance pursuant to the Specific Commercial Transaction Act, which regulates the transmission of spam to personal computers and mobile telephones. METI's ordinance, effective as of February 1, 2002, requires a company sending unsolicited email advertisements to indicate its email address, telephone number and the procedure for halting the transmission of additional spam within the email message. If a person so requests, a company must stop spamming that individual. Furthermore, the company must write "advertisement" in the subject line and within the body of the email message.

The Democratic Party and the Liberal Democratic Party have also introduced legislation to address spam and to impose hefty fines for violations.
As the Diet debates the legal future of spam, NTT DoCoMo, the largest mobile Internet provider, has gained considerable ground in its combat against spam. After winning an injunction in Yokohama District Court against a firm that spammed DoCoMo customers in June 2001, NTT DoCoMo obtained approval from the Ministry of Public Management, Home Affairs, Posts and Telecommunications to block email messages it classifies as spam. In June 2001, a Japanese firm sent over 1 million commercial advertisements to randomly generated eight-digit numbers attached to the suffix @docomo.ne.jp, creating technical problems for NTT and disruptions in service. After the firm refused to heed warnings about sending so many messages at once, NTT filed suit in court. Shortly after winning the injunction, the ministry announced that NTT DoCoMo would be permitted to block email destined for a large number of invalid email addresses because such invalid addresses tend to indicate that the message was spam. The ministry likely considered the costs that consumers incurred as a result of paying for unwanted data uploaded onto their telephones.

The Specific Commercial Transaction Act
Internet commerce constitutes direct marketing under the Specific Commercial Transaction Act. Online retailers are required to provide the following in their advertisements for goods or services or state that a document containing the following will be furnished to the consumer upon request:

* sales price of goods or service (including shipping fees, etc.)
* payment date and method
* time of delivery or time for completion of service
* return policy
* name, address and phone number of vendor
* name of company representative, or individual in charge of company's e-commerce operation, if electronic advertising is used
* deadlines, if any
* explanation of charges in addition to the sales price
* explanation of vendor's responsibility for product defects, and
* explanation of limitations on quality or special sales conditions

Furthermore, if prepayment is required before shipment of the goods, a seller must provide the consumer with written notice that the seller accepts the consumer's offer to buy the goods. Such notice may be provided by email, if the consumer agrees in advance. The act also prohibits exaggerated or misleading advertising of products or services. An amendment to the act effective as of June 1, 2001, addresses issues that arise when consumers mistakenly submit incorrect information and become unintentionally bound to a contract. The amendment requires online businesses to provide an offer page that is easily understood so as to avoid the input of incorrect information by consumers.

A violator of the act will be instructed to modify his or her conduct. Failure to modify that conduct can subject a party to a fine of up to JPY500,000 and/or a suspension of its business.

Electronic Consumer Contracts
The Special Law on Electronic Consumer Contracts and Electronic Acceptance Notice, which was passed by the Diet on June 22, 2001, addresses the timing of the formation of an electronic contract and the invalidation of the contract in instances of PC or cellphone user error. Under the law, an electronic contract between distant parties is formed only after an email acceptance sent by the consumer reaches the entity making the offer. This contrasts with general contract law in Japan, whereby the contract is formed when the notice of acceptance is sent. This law harmonizes Japan's online commerce rules with those rules adopted in a commercial context by most major civil law and common law countries.The law also addresses concerns over consumer error in the use of personal computers or cellphones. The law provides that online businesses must take appropriate steps, including a confirmation click screen, for example, to reduce the likelihood of inadvertent user error. Failure to include such steps will cause the contract to be null and void.

Contracts and Misrepresentations
The Consumer Contract Act, passed May 12, 2000, protects consumers from entering into unfair contracts with businesses. Consumers can nullify or avoid or assert the invalidity of the contract under certain conditions, including instances where:
* In the acceptance of an offer or in making an offer to purchase, a consumer relies on material misrepresentations of fact made by the business or affirmative statements made by the business regarding future prices or other uncertain matters

* the business, when introducing itself, states that certain material facts are beneficial to consumers and intentionally fails to disclose negative material facts, thus the consumer is led to believe that such negative facts do not exist and relies on that belief when making an offer or acceptance

* the contract calls for higher than average liquidated damages

* the contract calls for a complete limitation of the business' liability for any damages arising out of the business' nonperformance under the contract

The Premiums and Misrepresentations Law prohibits representations by sellers that may lead consumers to believe that a product is substantially better in quality or substantially more competitive in price and/or other contractual terms than those of competitors.

Installment Sales, Used Goods
The Installment Sales Law regulates sales where payment is received in installments over two or more months and is divided into three or more payments. The law requires a cooling off period, during which consumers may cancel or withdraw their order.

The Used Goods Business Act provides that if a party intends to trade used goods online as a business, that party must obtain permission or a license from a local police agency. "Used goods" are defined broadly, including not only goods that are used but also new goods that are traded by a business for use by the consumer. The National Police Agency is currently discussing amendments to the act to impose an obligation on sellers to post their license numbers when trading online. In addition, consumer-to-consumer transactions, not regulated by the Used Goods Business Act, may require some sort of regulation in the future.

Amazon Japan Revisited
Consumer protection ranked high on Amazon Japan's priority list of issues to consider with respect to the launch of Amazon.co.jp. Amazon Japan reviewed statutory rights of warranty, return rights, enforceability of online agreements, advertising, content and complexity of consumer notices and terms of use, and other related issues. The company continues to monitor developments in Japanese consumer protection laws to determine the extent to which they may impact its business.

Government, Industry Guidelines
In addition to consumer protection and other laws regulating electronic commercial transactions, several sets of nonbinding government and industry guidelines address online business practices.

In March 2002, METI published lengthy guidelines on electronic commerce. The guidelines address online transactions, consumer protection, licensing, intellectual property and related matters. Although the guidelines are nonbinding and must still be polished and refined, they are helpful because they show METI's interpretation of these legal issues.

Organizations such as the Japan Direct Marketing Association and the Telecom Services Association have issued consumer protection guidelines to govern the activities of their members. These industry guidelines are largely based on the OECD Guidelines for Consumer Protection in the Context of Electronic Commerce.

Internet-related businesses should consult these government and industry guidelines to bring their business activities into compliance with recommended practices.

Similarly, Internet-related businesses should educate themselves regarding deep-rooted Japanese business practices that impact how such businesses will be able to operate in Japan. For instance, US-based online book and music retailers, which are accustomed to discounting books and music in the regular course of business, will encounter a Japanese publishing industry opposed to discounting books and music. Exceptions under Japanese antitrust laws allow publishers and distributors of Japanese books and music to maintain price fixing. Online book and music retailers will be unable to discount Japanese books and music in connection with their Japanese operations, although they can discount English-language titles.

This article covers some of the major Japanese Internet laws, but others impact Internet activities by businesses. Several of these additional laws include laws governing contracting capacity, digital signatures and unauthorized computer access.

Contracts with Minors
Online retailers should be aware that Japan has special rules for contracts with minors. The age of legal capacity to enter into contracts is 20. Any consumer under 20 must obtain the consent of a statutory agent (a parent in most circumstances) to conclude a contract. A contract entered into without proper consent can be voided by the minor. Exceptions to this rule include purchases made where the minor uses fraud to induce a seller into believing he or she is of legal age to conclude a contract.

Digital Signatures
Japan has a digital signature law. Enacted on May 24, 2000, the Law Concerning Electronic Signatures and Certification Services has paved the way for growth of online commerce in Japan. The law grants electronic signatures the same legal effect as handwritten signatures or an affixed seal and also provides for accreditation of organizations performing certification services. Seen as a necessary legal step to enable the expansion of online commerce, this law is evidence that Japanese regulators are willing to create a legal environment in which online commerce can flourish. @

The authors are lawyers at Perkins Cole L.L.P and South Toranomon Law Offices, respectively. Additional contributors to this article are Thomas C. Bell, Esq. and Yoko Miyashita, Esq. of Perkins Cole L.L.P., and Taro Akao Esq. of Akao Law Office. The publisher has omitted the footnotes to this article. To obtain a copy of this article that includes the footnotes, please contact the authors by email at DHansen@perkinscole.com. Copyright © 2002, J. Dax Hansen, Keiji Sugiyama, and Perkins Cole L.L.P.

Note: The function "email this page" is currently not supported for this page.