Japan Update: Outline of the Amended Telecommunications Business Act

Telecommunications

– Outline of the Amendment to Telecommunications Business Act

1.Overview

On June 16, 2023, amendments (the “Amendments”) to the Telecommunications Business Act (the “Act”) have entered into force. Historically, the Act had mainly focused on business regulation of traditional telecommunications carriers. However, with the global spread of the internet and the explosion of related businesses, the importance and scope of the Act has grown exponentially. Thus, the Amendments are expected to have a significant impact on not only business operators in the traditional telecommunications business sector, but also on online service providers.

The Amendments introduce, among others, the following new regulations;

(I) regulations on the provision of user information to third parties; and

(ii) regulations on the proper handling of Specified User Information (as defined below).

These regulations aim to achieve the same policy objectives as the cookie regulations in the EU and US, and the EU digital platform regulations, but are distinct in many aspects including the broad rule making power held by the Ministry of Internal Affairs and Communications (“MIC”). We briefly provide an outline below.

2.Regulation on the Provision of User Information to Third Parties

Under the Amendments, a telecommunications carrier seeking to transmit user information by way of an information transmission command communication (joho-soushin shirei-tsushin) to the user’s telecommunication devices (such as a PC or smartphone) during the course of provision of its telecommunication service, must notify the user of (or disclose in advance) certain items related to the third party transmission. The new regulation, which is called the “External Transmission Regulation (gaibu-soushin kiritsu)”, regulates the sending of commands triggering third party transmission by telecommunication carriers. Typical situations where this new regulation applies are, for example, where a telecommunications carrier places cookies on a website and, as a result, user information stored on a users’ device is transmitted to a third party such as a web advertisement service provider.

(i) Services Covered. Under the Amendments, the External Transmission Regulation applies to a telecommunications carrier or a business operator who provides services designated by the Enforcement Regulations by MIC, such as SNS, electronic bulletin boards, video sharing services, online shopping malls, online search engines, live streaming services, or information providing services (such as news distribution services or weather information distribution services).

(ii) Information Required to be Notified or Disclosed. A business operator subject to the External Transmission Regulation is required to notify or disclose the following items to the user: (a) the user information being transmitted; (b) the purpose of use of such information by the transferor of the information; and (c) the third party recipient of the information.

According to the draft of the Guidelines on the Protection of Personal Information in Telecommunications Business (the “GL”), the said notification or disclosure must be provided without any actions that require user intervention: (1) in Japanese; (2) in plain terms avoiding technical terminology; and (3) displayed in appropriately sized characters. This explicit Japanese language requirement is quite distinct in comparison to general legislative practices in Japan. Thus, if an applicable business fails to provide the relevant information in Japanese, it will automatically be in violation and face possible sanctions. Also, the commentaries published in the GL provide a detailed description of the expected specifications. Displaying by a pop-up format on the screen of the website or application is listed as an example of an appropriate method of notice or disclosure.

3.Regulation on Proper Handling of Specified User Information

The Amendments also introduce regulations requiring telecommunication business operators, which provide business exceeding a certain size threshold and have been designated, to properly handle “Specified User Information” by establishing certain information handling rules or policies, including assessment of the status of handling of information, among others (“Specified User Information Regulation”).

The outline of the regulation is as follows:

(I) Target Business Operators – The Specified User Information Regulation applies to a telecommunications carrier having a significant impact on the interests of users in consideration of the content, scope of users, and status of use. Specifically, the Specific User Information Regulation applies to a telecommunication carrier which provides services meeting the following criteria and has been designated:

(a) for telecommunication services which do not require payment, the average number of users per month in the previous fiscal year is 10 million or more; and

(b) for telecommunication services which require payment, the average number of users per month in the previous fiscal year is 5 million or more.

(ii) Specified User Information – Under the Amendments, the following information is classified as Specified User Information:

(a) information which is protected under the secrecy of communication (such as conversations held during phone calls, or the contents of emails); and

(b) information that can identify a living individual, which is compiled into searchable data base form.

The Amendments requires target business operators to: (1) establish information handling internal rules, and file such rules with the Minister of Internal Affairs and Communications; (2) establish an information handling policy and make such policy public; (3) conduct an assessment of the status of the handling of Specified User Information every fiscal year; (4) appoint a general manager of Specified User Information; and (5) report to the Minister of Internal Affairs and Communications of (i) any leakage incidents of more than 1,000 users’ Specified User Information, or (ii) access to Specified User Information by foreign governments that may affect negatively the secure handling of Specified User Information.

By Anderson Mori Tomotsune, Japan, a Transatlantic Law International Affiliated Firm.

For further information or for any assistance please contact japan@transatlanticlaw.com

Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. Transatlantic Law International Limited, based at 42 Brook Street, London W1K 5DB, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.