University of New South Wales Law Journal
|
|
Home
| Databases
| WorldLII
| Search
| Feedback
University of New South Wales Law Journal |
|
CAROL LAWSON[*]
‘[I]n a global information economy…the most valuable electronic asset will be aggregations of information on individuals’.[1]
On 23 July 1999, a man forced his way into the cockpit of a commercial Japanese flight, ANA61, and stabbed Captain Naoyuki Nagashima to death.[2] By the time the plane had landed television reporters had already obtained Nagashima’s residential address and ambushed his wife with the news of his death, disregarding her ‘right to be let alone’.[3]
This incident illustrates the risk that misuse of seemingly inconsequential information will lead to devastating consequences for an individual. This paper explores the response that Japanese law has made to this risk through a suite of new privacy laws. The paper situates the new Japanese privacy regime conceptually within Japanese social, legal, political and bureaucratic traditions in order to shed light on the Japanese polity and the global convergence debate. These conclusions will then be applied to the Japanese polity in an attempt to evaluate the new regime and predict its success.
There are various conceptual models of the Japanese state, all of which seek to answer the question of who, or what, controls Japan. Each model is a lens through which to interpret Japanese trends. Further, the interpretative relationship between trends and models is reciprocal: Japanese trends themselves are a valuable source of information about who, or what, is in control at a given time. Since the notion of privacy is a radically new idea in Japan – and the subject of intense debate worldwide – it provides a valuable means of testing these various models of the Japanese state. The uptake of privacy concepts in Japan illustrates both the real sources of authority within Japan in the new millennium and Japan’s contemporary interaction with the global regulatory environment.
Models of the Japanese polity include that of a culturalist state, where distinctive social mores dominate decision making;[4] a structuralist state where a weak legislature is dominated by entrenched interest groups intertwined in collusive relationships and bound by inflexible institutions;[5] a centrally planned developmental state dominated by the bureaucracy;[6] a rational economic ‘marketplace’ dominated by the legislature;[7] and a pluralist and participatory political economy.[8] Most models are not mutually exclusive; identifying different primary explanations for how decisions are made. An explanation of whaling, immigration or criminal justice in Japan that identifies structural forces as the key determinants will probably incorporate developmental state theory, while also calling on culture. Staunch culturalist explanations may admit that economic rationalism, or structural factors, also play a role. In contrast, commentators who view Japan as a pluralist and participatory political economy see the Japanese polity as inherently balanced, with neither culture nor institutions nor the bureaucracy nor the legislature in the ascendancy. The economic rationalism model too is conspicuous, but for a polemic methodology that categorically excludes culturalist explanations of Japanese decision-making.[9]
This paper concludes that the new privacy regime is evidence that Japan is in transition from a developmental state to a pluralist and participatory system; and a potent combination of public demand and political will underlies the transition. Firstly, the right to privacy resonates deeply in Japanese society. Unlike other legal transplants such as sexual harassment[10] – which, despite attracting considerable press and even legislation, might still be viewed by mainstream Japanese as an incongruous and alien legal veneer[11] – privacy is an idea that has already come into its own.[12] Secondly, privacy is already more than an individual civil right enforced only on an ad hoc basis in the courts. The allure of e - commerce as a means towards economic revitalisation means it is recognised by the political establishment as an overarching societal value, which is indispensable for economic recovery,[13] and worthy of legislative protection. Public faith in privacy protection is key to vibrant consumer participation in the new economy.[14]
This paper observes that privacy protection is now firmly part of the mainstream political agenda in Japan and predicts that it is likely to succeed in much the same manner as environmental protection has, utilising informal regulatory mechanisms.[15] In addition to ‘soft’ moral merits, both have ‘hard’ connections to Japan’s future prosperity. This makes privacy a new, but integral, Japanese societal value, irrespective of the vague or hortatory aspects of the regime. The formidable Japanese bureaucracy has been appointed as a Cerberean privacy watchdog and will act effectively or face the wrath of the nation. This forceful political agenda, responsive to popular demand, speaks of an increasingly empowered Japanese citizen, even if for economic reasons rather than lofty ideals concerning human rights and civil liberties. Increasingly empowered citizens mean the developmental state model of the Japanese polity is an increasingly uneasy fit and the pluralist and participatory democracy model is gradually becoming more apt.
Part II of the paper connects ancient concerns about privacy with the modern privacy dilemma and underscores the importance of avoiding determinism. Part III examines the transplantation of privacy law into Japan and the enactment of the new Personal Information Protection Act 2003 (‘Privacy Act’),[16] before exploring the scheme of the legislation. Part IV considers the evidence the new regime provides for the proposition that Japan is in transition from a developmental state to a pluralist and participatory system. Part V traces the emergence of a new Japan through the lens of privacy regulation; touches on the implications of the new Japanese privacy regime for the global convergence debate; and offers a sanguine view of the prospects for regulatory success.
Traditionally, the intrusion into personal privacy was the province of authoritarian regimes. An expectant mother journeyed to Bethlehem some 2 000 years ago to satisfy the desire of the Roman Empire for information on its subjects.[17] Equally, the antecedents of privacy protection are found in ancient constitutional regimes, as is clear from the Hippocratic Oath of the 5th century BC:
All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and will never reveal.
Alan Westin identifies the central contemporary privacy issue to be how constitutional democracies achieve the minimal surveillance and disclosure required for security, whilst ensuring privacy retains its politically prescribed priority in a rapidly changing technological context.[18] Nehf resorts to a fairytale: in Hansel and Gretel innocents partake in a feast designed for their own exploitation.[19] The modern dilemma is not malicious intrusion, but seduction. Our appetite for the utility and gratification of the information age induces us into relinquishing control of our personal information to ostensibly benign collectors. This precipitates three primary contemporary sources of leakage and harm: hackers, rogue employees and administrative incompetence.[20] The risk of harm seems immeasurable, inextinguishable and escalating.[21] Fear of both abstract and material losses have mobilised mass protest.[22] In the US, anxiety about breaches of privacy, and perceptions that such breaches are already pervasive, government regulation is ineffective and the situation will only worsen, have led to the outbreak of ‘privacy revolts’, where large numbers of consumers lodge complaints, boycott products or threaten litigation in response to data leaks.[23]
The intensity of privacy concerns in Japan is dealt with below. In Europe, where the EU Data Protection Directive[24] (‘EU Directive’), a regime offering greater protection than the new Japanese legislation, has been in effect since 1998, concerns remain high. The first report on the implementation of the EU Directive affirmed ‘increasing social anxiety with regard to the abuse and misuse of personal data’.[25] Another report indicated that 60% of all European Union citizens remained concerned about the protection of their personal privacy.[26]
‘[T]here is a fine line between self-critical awareness in exploring new areas of legal knowledge and a neo-Orientalist adventure’[27]
When an outside observer attempts to understand foreign law there is an inherent risk that hubris will tempt the outsider to resort to explaining the ‘Other’ system solely by reference to culture. However, the outside observer’s detachment can instead provide freedom from this cultural determinism[28] if he or she will acknowledge the temptation and resist. This paper takes the view that useful comparison is achieved when the observer consciously detaches from both the observer’s normative home system and the ‘Other’ foreign system.
Penelope Nicholson argues that a core task in understanding a foreign legal system is for ‘the comparativist to perceive…herself as a translator…rather than authoritative’.[29] Nathaniel Berman, on the other hand, prefers to think of the comparativist as ‘interpreting’ a culture that is fragmented, diverse and politicised, resisting both exoticisation and normalisation.[30] Interpreting foreign law requires the comparativist to access ‘insider’ knowledge, predicating comparison on an informed understanding of which comparisons are valid. Studying only the external appearance of a system may lead form to be confused with substance. Insider knowledge means accessing what Beer refers to as the ‘subliminal consensus’[31] within each constitutional democracy about whether rights should live or die. The astute comparativist treats the ‘Other’ system as neither entirely the same as, nor entirely different to, the home culture. Rather than lamenting the lack of Western structures, he or she asks how the ‘Other’ law actually works in the ‘Other’ society, which is complex and changing. This requires empathy rather than cultural determinism, and is aided if the comparativist admits that the home system is not normative, but flawed with ‘illogicality, arbitrariness or politicised decision-making’.[32] The inquiry goes beyond whether the Japanese regime looks like the European or the American regimes, or is enforced in the same style, and asks if it is effective law in Japan.
This part canvasses the development of Japanese privacy law from 1961 to 2003, during which time foreign law has been appropriated to take an indigenous shape. Firstly, I examine three models for judging the success of a legal transplant and conclude that whether success is defined in terms of ‘taming’, usage, or indigenisation, this transplant was an overwhelming success. Secondly, I trace the background and rationale for the Privacy Act and thirdly, I explore the ‘hollow’ scheme of the Act.
Rosen recounts the arrival of the right to privacy in Japan as an academic opinion in the suitcase of a Tokyo University law professor, Ichiro Kato. Having returned in 1964 from a year’s sabbatical in the US, Professor Kato was completely enamoured with American tort law.[33] The right to privacy appeared in the seminal Tokyo District Court decision regarding Yukio Mishima’s work Utage no Ato [After the Banquet], later in the same year.[34]
Rosen affirms Beer’s view that the right arrived into untilled soil ‘with little support in legal and social tradition’.[35] However, a concept of which only the barest stirrings existed in Japan four decades ago[36] has since become a keenly sought ideal[37] and the subject of indigenous omnibus legislation. Rosen noted, in 1990, that Japanese courts had become more protective of privacy than courts in the US.[38] This was clearly ‘an idea whose time has come’.[39] There are at least three ways in which to measure the success of a transplantation of law into a new context. One theory defines success in terms of whether the transplanted law is re-engineered for local needs. Tanase, for example, states that when foreign law is successfully transplanted into Japan: we may expect the same custom-made law which fits the Japanese worldview while providing the infrastructure necessary to facilitate the workings of the market or of the government.[40] This is not because Japan is exceptional, but because this is what happens in any country receiving foreign law; the foreign law must be ‘tamed’ to make it serve the local context. The receiving country may ‘nonetheless show a strong ambivalence’ toward it because, while desiring modernity, the receiving country is naturally sceptical about a foreign influx which may threaten the local moral order. Tanase predicts that ‘the modus vivendi Japan achieves may be quite different from that of the originating country’. He goes further: Japanese modernity has been successful to date due to the adoption of the external aspects of the modern, without the adoption of the core. Japanese modernity is seen as hollow and Japanese law is ‘de-centred … [i]ts core is a hollow to be filled ad hoc by situational exigencies’.[41] I argue below that the Privacy Act is a convincing illustration of this ‘hollow core’ model of adaptation. Specifically, it represents flexible and practical regulation occurring within a ‘hollow’ legislative space, which has been deliberately left by an active and functional legislature in response to the wishes of the populace.[42]
A second theory defines success as the imported rule being actually used, subject to appropriate tailoring. Predictors of success include the micro and macro ‘fit’ of the new law (its compatibility with the existing legal and non-legal infrastructure), the availability of substitute control mechanisms, and the importance of practical utility over political and symbolic notions.[43] The ‘fit’ of the privacy tort alongside existing tort law and against Japan’s cataclysmic transition from militarism to constitutionality was excellent, no substitute solutions had yet been conceived, and breach of privacy had immediate practical application. A privacy right was read into Article 13 of the Constitution of Japan (1946) – which provides that ‘[a]ll of the people shall be respected as individuals’ – and damages provisions were available in the Civil Code (1896).[44] Rosen cites Professor Masami Ito’s view that there was a pent-up yearning in Japan for a remedy for excessive media intrusion into personal matters.[45] The early broad use of the concept was illustrated by the first mass privacy protest by Japanese citizens in the early 1970’s in response to a Japanese government initiative to introduce a citizen identification numbering system. The proposal was abandoned and dozens of local governments passed municipal privacy ordinances, proving the right to privacy as a popular value only nine short years after its emergence.[46]
A third theory divides Western law transplanted into Japan into that which is distorted, that which is never used, and that which is successfully ‘Japan-ised’ or indigenised.[47] The indigenisation of the privacy tort in Japan is demonstrated by it having been immediately conflated with the tort of defamation.[48]
In summary, whether success is defined in terms of ‘taming’, usage or indigenisation, the transplantation of privacy law into Japanese society was an overwhelming success.
Westin and Van Gelder and Horibe both pinpoint the elevation of privacy protection to the national political agenda to a research initiative in the Administrative Management Agency in 1981.[49] This agenda led to the passage of Japan’s original sectoral legislation, the 1988 Act for the Protection of Computer-Processed Personal Data held by Administrative Organs (Act No. 95 of 1988), which governed personal information held by government agencies in computerised files and was modelled on European ‘fair information use’ principles.
Meanwhile, tortious privacy suits continued to flourish in the two decades leading up to 2003. Nelson and Rosen both outline a succession of privacy and defamation cases; but none so prominent as the 487 separate lawsuits instigated by one Miura in response to media attention after his 1985 arrest for the murder of his wife.[50] The aggressive enforcement of his rights fed the growing public awareness of privacy issues.[51]
Other sectoral laws were enacted from the late 1980s to provide standards for the handling of financial, credit and employee information by the private sector,[52] but the largely self-regulatory agenda prevailed until the late 1990s. Businesses operated in the shadow of influential ministerial guidelines issued by the Ministry of International Trade and Industry,[53] the Ministry of Foreign Affairs and the Ministry of Posts and Telecommunications.[54] The government also actively fostered privacy mark systems and encouraged peak industry bodies to issue further private guidelines. The Electronic Commerce Promotion Council (‘ECOM’),[55] a body established in 1996 with connections to the Ministry of Economy, Trade and Industry (‘METI’), first issued its own guidelines in 1998. A 2000 ECOM charter communicated a deep sense of foreboding and urgency that Japan may be left out of global prosperity without rapid regulatory change to facilitate e-commerce.[56]
Surveys of community privacy concerns from the late 1990s show overwhelming anxiety. A 1999 Ministry of Posts and Telecommunications survey found 92 per cent of respondents believed that their personal information had been disclosed without their consent; 83 per cent believed organisations and individuals who hold personal information should be regulated.[57] Westin’s 1999 survey showed that 82.5 per cent of respondents felt that ‘Japanese companies will need to pay more attention to…privacy…in the future if they are to keep the confidence of Japanese consumers’ and 74.2 per cent were ‘not comfortable with the way the government is handling the protection of consumer privacy in Japan’.[58] Westin and Van Gelder reported frequent and well-publicised privacy violations ‘in almost every sector of Japanese industry’ in the lead up to the 2003 passage of the Privacy Act, as well as at local and national government levels and a concomitant rise in the crime of identity theft. Prosecutions did ensue under some sectoral laws[59] but there was no liability for incidents involving simple negligent disclosures.[60]
The immediate catalyst for elevating privacy to a societal interest (deserving of proactive government regulation), rather than individual interest (to be defended only reactively by aggrieved individuals in the courts), was the public and political resistance to the enactment of the Basic Resident Registers Act 1999.[61] The Basic Resident Registers Act, an e-government initiative, converted the long-established paper-based system of family registers holding the personal information of every citizen kept in every municipality to a national electronic network, the Juki-net. This new electronic version of the registers implemented an 11-digit citizen numbering system. Westin and Van Gelder observe that it was impossible for the ruling Liberal Democratic Party (‘LDP’) to use its coalition majority get the Juki-net legislation through the Diet without an amendment promising a personal data protection law.[62] A Working Group on Personal Data Protection was established in July 1999.[63]
Takama reports that a July 2002 Asahi Shimbun survey, conducted prior to the Juki -net becoming operational, recorded that 86% of respondents were concerned about leaks of personal information from the system and that some 60 municipalities had disconnected, or were considering disconnecting themselves, from the network in Japan’s own privacy revolt.[64] Other factors in the frenzy of public concern included doubts over the efficacy of Japan’s new freedom of information legislation (since amended) and laws to counter the extreme level of e-mail spam experienced in Japan, as well as other e-government initiatives, such as smart vehicle number plates and the proliferation of permanent surveillance cameras in public spaces.[65] In May 2002 it was revealed that the Defence Agency had ‘systematically compiled a comprehensive database of personal details’ of persons who had made freedom of information requests to the Agency. This contravened action demonstrated widespread illegal data-sharing across the Japanese bureaucracy.[66] It was followed within days by revelations that municipalities had provided the Defense Agency with confidential information on potential teenage Defense Force recruits since 1966.[67]
The excruciating progress of the 1999 Working Group’s recommendations, leading to the eventual enactment of the Privacy Act in May 2003, is covered by Westin and Van Gelder,[68] Horibe[69] and Privacy and Human Rights.[70] The key points are: firstly, unlike in the United States, where there is entrenched and overt industry opposition to the strengthening of privacy controls, there was no overt industry opposition to omnibus legislation in Japan. In contrast, ECOM backed the regime. Any concerns industry did have were resolved quietly in a collaborative behind-the-scenes manner. Secondly, whilst the opposition parties, led by the Democratic Party of Japan (‘DPJ’), did oppose the legislation, this was from a staunch pro-privacy regulation platform. The opposition parties and consumer groups argued that the opt-out standard proposed was too liberal, and demanded an independent data protection authority and greater controls for individuals. Thirdly, the publishing industry, including giant concerns such as the Yomiuri Shimbun, the Sankei Shimbun and the Nihon Keizai Shimbun, and vocal tabloid press groups, stridently opposed the legislation on the basis that it was too restrictive of the freedom of the press. Fourthly, those in opposition to the original bill engaged in the usual vociferous democratic process: they ‘staged protests, issued press releases, aired anti-Bill programs…printed anti-Bill editorials’ and lobbied opposition parties in the Diet.[71] Fifthly, whilst the political, media and consumer opposition resulted in the legislation being withdrawn in late 2002 and ‘watered down’ by a provision clarifying the media’s exemption[72] and the ‘removal’ of the core European privacy principles,[73] the latter change was illusory. The amended regime, which was passed with lightning speed[74] in early 2003, had actually been augmented with penalty provisions for public officials[75] and contemplated supplementary legislation enforcing tighter controls on specific industries. Sixthly, a self-regulatory plan proposed by the Chairman of the Working Group on Personal Data Protection and chief authority in the area for two decades (the ‘Horibe Plan’)[76] did not prevail, and nor did Japan simply ‘Americanise’ its privacy regime[77] or mimic the European regime.
The structure of Japan’s privacy regime has been determined by a vibrant, indigenous political process motivated by a rational calculation of economic self-interest. This process involved fierce political wrangling within the LDP coalition and with the opposition parties and interest groups, as well as a lengthy period of heated public debate.
Japan’s privacy legislation is in fact a suite of five separate laws centred on the Privacy Act. It formalises the opt-out[78] approach already taken in Japan, binding those enterprises that have a place of business in Japan,[79] and that are entities handling personal information[80] on specific individuals. The key private sector provisions, chapters four to six, came into force on 1 April 2005. In brief, companies holding ‘personal data’ in ‘personal information databases’[81] with entries on 5 000 or more individuals are now required to use secure information management systems and set up procedures for handling requests for disclosure and complaints from customers. The Privacy Act is administered for each industry by the relevant ministry. Key ministries issued guidelines on defining personal information and appropriate management systems well in advance of April 2005.[82] The Privacy Act contemplates industry associations certified by the Minister being given a role in creating guidelines and dealing with complaints as ‘Approved Personal Information Protection Organizations’ (‘Approved Protection Organisations’).[83] Companies in violation of the guidelines will receive ministerial guidance and, when necessary, be ordered to comply.[84] Failure to comply may result in both administrative and criminal penalties.[85] The compromises made to ensure the passage of the regime included making an undertaking to completely review the Privacy Act within three years of 1 April 2005.[86]
Any summary of the regime must deal with what it does not contain; what Tanase calls the characteristic ‘hollowness’ of Japanese regulation. The legislation is short and in simple terms, so that much detail could be said to be ‘missing’. In particular, the following three features are most commonly noted as absent. Firstly, the Article 23 ‘opt-in’ restrictions on onward transfer do not contain any special requirements for cross-border transfers similar to Article 25 of the EU Directive[87] and do not apply in most cases where information is transferred in the context of subcontracting arrangements, mergers and notified joint use. This and other features easing the burden of practical implementation imposed in Europe makes the Privacy Act somewhat ‘pro-business’ by comparison.[88] However cross-border transfers within one multinational company are also not given clear relief from the ‘opt-in’ provisions, making this provision a possible two-edged sword.[89]
Secondly, Western observers have commented pointedly on missing features usually associated with the regulation of ‘hard’ agenda issues. The duty to keep personal data accurate in Article 19 is expressed only as a duty to ‘endeavour’ to maintain accuracy. Companies must also ‘endeavour’ to process and resolve complaints under Article 31. The lack of absolute duties in some instances, the piecemeal nature of the scheme’s administration,[90] the unusual absence of oversight by an independent arbiter and the lack of a new right in individuals to sue or instigate administrative review of the actions of a business in breach and receive compensation are perplexing. Individuals can make complaints to a company, then to an Approved Protection Organisation, and even to the competent Minister, but the discretion as to what action to take rests entirely with the Minister. Of these omissions, it is the lack of an independent oversight body that is identified as a consistent demand of Japanese consumers not met by the Privacy Act.[91] However, Kusakabe and Sawasaki point out that the tortious liability for damages for breach of privacy under the Civil Code is unaffected by the new regime and will be assisted by the legislation’s clarification of infringement standards.[92] They also emphasise that a variety of remedial orders, including to delete, to cease using and to cease to offer to third parties, can be made under Article 34 of the Privacy Act in addition to the criminal sanctions available under Chapter 6.[93]
Thirdly, no distinction is made in the Privacy Act for the handling of sensitive data. The opposition parties wanted an opt-in standard to be applied to information on political opinions, religious beliefs, medical and welfare information, criminal history, birthplace and permanent domicile. The 1999 Japan Consumer Privacy Survey shows that Japanese consumers do have a measurably higher level of concern in relation to this sensitive information as against concerns regarding routine information.[94]
The scheme of the Privacy Act accords with Tanase’s depiction of Japanese law as ‘hollow’ in core content. Kusakabe and Sawasaki note that the privacy protection content of the Privacy Act itself is so minimalist that the disparate collection of non-binding government and industry guidelines pre-dating the regime are still effectively operating after its passage; at least until they are replaced by new guidelines for each sector promulgated pursuant to the Privacy Act.[95]
The inception of the Privacy Act demonstrates that privacy is already a societal, rather than an individualistic, value in Japan. This means it is regarded as warranting broad-based and proactive regulatory protection, rather than patchy ‘after-the-fact’ protection in the form of the isolated lawsuits of aggrieved individuals. The narrative behind this legislation is about regaining prosperity by boosting consumer confidence through the active and reasonable regulation of privacy. If the mechanisms for enforcement can be shown to be an effective modus vivendi in a ‘hollow’ society then there is every reason to expect that the regime will work, and be promptly amended where it is not working, notwithstanding the obvious disparity with the mechanisms usually used for the enforcement of ‘hard’ societal agendas globally.
Westin highlights the continuum between authoritarianism, where personal privacy is a negative value, and constitutional democracy, where the protection of individualism is crucial to societal progress and morality.[96] In this context, Sugimoto suggests Japan is a system of ‘friendly authoritarianism’ rather than constitutional democracy.[97] Yet could the new privacy regime show a transition from the former to the latter? Privacy protection now enjoys high political priority in Japan, leading to the inference that Japan may be transitioning away from ‘friendly authoritarianism’ towards functioning constitutional democracy.
The culturalist model draws on the popular image of Japan as an ancient, harmonious and homogenous society, where, in the Confucian tradition, communitarianism takes natural precedence over the assertion of individual rights.[98] This exoticisation has been widely deconstructed, including by Stockwin, who described it as ‘ever recycling facile dichotomies between Japan and the West’.[99] However, the idea that culture controls Japanese decision making has had enduring appeal, perhaps owing to its close ties to the nihonjinron theory of Japanese uniqueness.[100] In its more moderate expression, culturalism acknowledges that distinctive social norms will impact on decision making in any culture, but that these norms are nuanced in nature and change over time, accepting that all cultures are in fact hybrid.[101]
It would be wrong to depict the Privacy Act as illustrating the sway culture has over Japanese decision-making. If anything the regime is counter-cultural, contradicting classical depictions of a harmonious society where the preference is to relinquish rather than assert rights and life is lived first of all in community. Yet Rosen strives valiantly to use Japanese culture to explain Japanese privacy law.[102] He theorises that since actual physical privacy is unachievable, the Japanese desire is for notional privacy. Information about individuals is unavoidably knowable due to close proximity to others and so the dissemination of personal information is tolerated. Offence is taken in Japan, not when others know information about oneself, but when they take advantage of that information, breaching a kind of unspoken communal trust and disrupting relationships.[103] However the Japanese willingness to defend the right to privacy still fits Feldman’s belief that ‘rights talk’ is alive and well in Japan.[104] The trouble with explaining the Privacy Act as motivated by particularistic indigenous values is the universality of similar concerns. Recent European and American research surveys show that a remarkably similar sense of betrayal and entrapment motivates peoples all over the globe to demand privacy protection; this motivation is not uniquely Japanese.[105] Nor is the informality of the regime particularly Confucian. Kelly identifies an earlier trend toward enacting ‘light touch’ or ‘co-regulatory’ regimes in New Zealand, Canada and Australia.[106]
The structuralist model argues that rigid institutional barriers, such as the factional, hierarchical and interest-group power structures within the LDP and the independently powerful Japanese bureaucracy, have created a chronically hamstrung political executive.[107] More broadly, these structural impediments are said to include an inaccessible legal system, vertical labour relations and the collusive influence of big business, which form insurmountable barriers for Japanese individuals seeking to assert rights.[108]
Explaining the Privacy Act as symptomatic of structuralism would mean it is a cynical attempt by vested interest groups, which have survived recent structural reforms, to gag the voracious Japanese tabloid press. Hatch and Yamamura argue convincingly that Japan’s ‘distinctive set of institutions’ are ‘retooled’ rather than ‘dismantled’ in times of crisis or change.[109] Under the structuralist model, collusion between elite business, political and bureaucratic interests continues to usurp the legislature’s role and stymie change. George-Mulgan refers to the ‘chronic inability of Japanese politicians to come up with tough solutions when they are most needed,’ warning that ‘anti-reform forces…are gaining the upper hand’.[110] The trouble with structuralism as a rationale for the Privacy Act is that it fails to account for the evidence which suggests that the enactment of the Privacy Act was the result of careful calculation. The torrid events leading to its passage show transparent strategic manoeuvring by a reformist Koizumi Government determined to push privacy legislation – which is arguably more effective than, for example, Australia’s recent attempt at an omnibus scheme[111] – through the Diet at almost any cost. This narrative accords with Drysdale and Amyx’s analysis of structuralism as an oft-exaggerated and waning force in Japan.[112] Further, for the structuralist theory to fit, the Privacy Act must be ‘yet another toothless tiger’,[113] contrary to popular expectation and indications. It must provide illusory protections for the masses while allowing the bureaucracy to stifle freedom of speech. The structuralist theory will not fit if the Privacy Act actually provides effective protection.
The developmental state model completes the structuralist argument that the political executive lacks authority by explaining that this missing political authority is found in the hands of the elite bureaucracy.[114] The bureaucracy is said to manage Japan in the sole interests of protecting LDP hegemony. This agenda is accomplished by ensuring that social change is centrally managed by drafting legislation that ‘captures and controls’ controversial issues likely to spark ground-breaking litigation, diverting disputes away from the courts into informal and unreviewable resolution processes. Upham develops this model in the context of four instances of potential social unrest: Burakumin (outcast class) liberation; employment discrimination against women; industrial policy; and environmental pollution.
Could the Privacy Act be a usurpation of regulatory power by an overweening and unrestrained bureaucracy desperate to preserve the status quo? Leaving aside the transparent and robust political process between the drafting and eventual passage of the regime, several superficial features of the legislation do support this rationale. Most noteworthy are the absence of an independent policing body and a new right of action, and the presence of hortatory expressions and informality. However there are problems at a deeper level. It is important when considering the ‘missing’ or ‘toothless’ features of the Japanese regime, to resist seductive normative comparisons with the standard of the perfect ‘other’, the fictional, idealised Western regulatory model. Informal regulatory schemes are used effectively in Japan to either ensure,[115] or derail, change.[116] The question is not whether this regime is bad because it is not comfortingly Western in shape, but whether it is intended to produce change in Japan.
Neither an independent arbiter – in the usual sense of the role – nor a new right of action or administrative review have been established under Japan’s privacy regime. Nevertheless, the popular business press, reporting on government guidelines, has characterised the Approved Protection Organisation role as an independent third party, a kakekomidera or ‘place of refuge’ to whom both businesses and aggrieved individuals can turn for assistance in a privacy dispute.[117] Further, what the regime does have is a progression of avenues for relief: a complaint to the company, then to their Approved Protection Organisation, then to the relevant Ministry, which can admonish the company (or skip this step if the matter is urgent)[118] and issue remedial orders followed by the imposition of criminal penalties as necessary. This is a vast improvement on the sexual harassment regime under Article 21 of the Equal Employment Opportunity Act (Law No 113 of 1972), which abdicates the government’s supervisory role, imposes no penalties and offers no external avenues of complaint.[119] Some privacy regime provisions are hortatory and many are generally worded, but most impose duties, the detail of which is supplied by progressively issued ministry and industry guidelines. The fact that the detail is not found in the legislation itself makes the regime flexible and easily adapted to new technologies and economic conditions.
Another reason the developmental state theory is inappropriate is that the mischief and remedy analysis inherent in that theory does not fit the facts. The avalanche of Miura privacy and defamation litigation did not ‘open the floodgates’ of privacy suits generally or threaten runaway social change that would put LDP power bases at risk.[120] Further, potentially calamitous Juki-net breach of privacy litigation continues to brew in lobby groups; the new regime will not stymie these class actions. A greater risk to the LDP may be the failure of Japan to achieve economic recovery through information technology because of the failure of the Privacy Act to produce substantive information security. Moreover, an effective regime was needed to keep in step with foreign business norms.[121] The approval of foreign trading partners is a very practical concern as the Japanese regime awaits the judgment of the European Commission as to whether it is ‘adequate’ under EU Directive Article 25.[122] In light of these imperatives, if the Privacy Act was intended to ‘capture and control’ social change then its intention would be to accelerate it, not frustrate it.
Perhaps the differences between informal regulatory regimes in Japan can be explained by how critical or ‘hard’ the rights protected are perceived to be. I argue that the protection of privacy rights is now high on the popular and political agenda in Japan. Yet perhaps not all societal values are equal. This agenda may be ‘harder’ than preventing sexual harassment, which usually threatens ‘only’ human dignity, but ‘softer’ than environmental concerns, where both lives and economic security are at risk. Such a variation might explain why the Privacy Act has hybrid features. It is lacking a completely independent arbiter and imposes no legally actionable duties, like the new sexual harassment regime. Yet it far surpasses that regime by providing successive avenues of complaint outside the offending business and imposing serious penalties, like the environmental protection regime.[123] It is too early to adduce evidence of bureaucratic enforcement, but there has been a remarkable rush to comply with the Privacy Act;[124] more evidence of the ‘subliminal consensus’ that these rights matter in Japan. Businesses do not rush to comply with irrelevant, ineffective laws.
The rationalist model posits that Japanese decision-makers act solely in their own best interests. In politics, this means re-election. Decisions are made to maximise advantage in the re-election stakes, by increasing funding contributions or votes. Ramseyer and McCall Rosenbluth argue that cost-benefit analyses govern Japanese political behaviour.[125] The bureaucracy and the judiciary, who are firmly controlled by and faithfully implement the policies of their principal, the political elite, act purely as agents, with little or no effective independence.
There is some sense in explaining the Privacy Act according to the rationalist model. Three premises underpin this view. The first is that the legislature is the primary locus of Japanese power. Assuming that to be the case, I have already argued the second premise, that the LPD’s interest in the privacy issue is economic. The third premise is that the successful implementation of such a strategy to achieve economic recovery would naturally also further cement LDP power, serving rational political self-interest. This premise too is uncontroversial. The main problem, however, is with the first premise. I argue that the legislature is not the primary locus of Japanese power in an increasingly pluralistic and participatory society. There is a further objection to an assumption inherent in rationalism. This model is an exclusive answer to the ‘who, or what, controls Japan’ question. No other explanation can be countenanced. This seems to be as unreasonable, monolithic and unrealistic as the strident culturalist approach.
The model of Japan as a pluralist and participatory system has been expounded by Morris-Suzuki, who presents Japanese decision making as occurring in the context of dispersed ‘social networks’.[126] The bureaucracy facilitates the fluid exchange of ideas, rather than dominating. Amyx similarly suggests that Japan is run by ‘network governance’, where stable political, bureaucratic and business institutions collaborate.[127] Haley’s version is that the preference for informal enforcement in Japan actually curtails the policy making power of the bureaucracy whilst also including private parties in decision making.[128]
While it would be difficult to argue that Japanese pluralism is more than in its early stages, it is hard to ignore the evidence of participatory democracy in at least this context. Comprehensive privacy legislation was a direct response to a massive popular privacy revolt. The excruciating process leading up to the passage of the legislation illustrated the fragmentation of political power now that the LDP rules by coalition, rather than in its own right,[129] and the influence now vested not only in minor coalition and opposition parties but also in dissenting voices, particularly the media in this instance. All of these features are symptomatic of pluralistic and participatory decision-making.
In other words, in some but not all regulatory contexts, the developmental state explanation is a poor fit. A better model is that of a vibrant political economy, where the bureaucratic role is reduced to delivering flexible and practical regulation into the ‘hollow’ space deliberately left by an active and functional legislature, which in turn is responsive to the wishes of the populace. Privacy is one of these contexts where popular empowerment is real, because it is a ‘hard’ enough economic imperative to have been elevated from popular civil rights concern to a political and economic concern. This combination of popular and political will means that privacy regulation is now a subject of Beer’s ‘subliminal consensus’ in Japan.
Egregious breaches of privacy have continued unabated since 2003. The monthly Privacy Resource Newsflash records repeated instances of data loss through hacking, theft by rogue employees and incompetence that mirror the frequent similar reports in other jurisdictions, as well as the usual cases of media excesses leading to tortious claims.[130]
Whilst nearly 82% of respondents to Westin’s 2004 survey had heard of the new regime, most were sceptical, expecting it would not result in business or government ‘protecting individuals’ privacy thoroughly’.[131] There results were consistent with those of ‘other leading democracies’.[132]
Meanwhile, business seems to be taking the new regime very seriously. Whilst there was an unseemly last minute rush by some to comply with ministerial and industry guidelines by 1 April 2005, implementation was clearly on track in many sectors prior to that date.
ECOM announced its revised Personal Information Protection Guidelines for the private sector on 31 March 2005 following the release of METI guidelines in October 2004. Interestingly, the ECOM guidelines have a broader application to all companies involved in e-commerce, and set higher voluntary privacy standards, demonstrating an unmet appetite, at least in the e-commerce sector, for more comprehensive and specific privacy regulation than is provided by the Privacy Act and the sectoral guidelines issued under it.[133] ECOM’s motivation is evidenced by a 28 February 2005 newsletter noting the massive size of the global e-commerce market (an expected US$3 826.2 billion in 2005, with an average annual growth rate of nearly 70 per cent over the five years to 2005) and that Japan is ranked a distant third in global market share (ECOM 2005).[134] It is not difficult to see why business and government, struggling to emerge convincingly from a long-term recession, would share a commitment to creating the conditions for lucrative participation in such a market.
The Daily Yomiuri Online noted that even public schools, which are not bound by the Privacy Act, have been increasing controls on student contact lists since April.[135] Other reports flag a booming industry in services and technologies aiding compliance. Sales of shredders and data leak protection insurance jumped[136] and the Nikkei Weekly devoted two full pages to sophisticated new hardware and software products enhancing information security and enthusiastic implementation by businesses and community groups that are clearly not bound.[137] However, The Asahi Shimbun observed a rush by some to collect additional stores of private information for improper or illegal purposes before the legislation came into effect.[138] Whilst businesses trafficking personal information were outlawed from 1 April, the Privacy Act does not cover the same activity when performed by individuals, and would not outlaw the compilation of lists of fax numbers of corporations. The article speculated that whilst operators might change and the information peddled might alter, the industry would not disappear. Further, illegality would be unlikely to deter malicious leaks of information by employees or the escapades of skilled hackers.
JIPDEC Privacy Mark accreditation had been given to around 1,500 companies by April 2005.[139] This was five times the figure at the passage of the Privacy Act, despite obligations for those businesses, mostly dealers in information,[140] not yet having come into effect.
In terms of bureaucratic actions, Approved Protection Organisation certifications are issued separately for each sector by the 14 bodies competent to administer the regime and statistics are difficult to aggregate. However, the initial certifications granted were certainly processed without delay. The General Insurance Association of Japan drew up industry guidelines prior to 1 April 2005 and announced its Approved Protection Organisation certification on 4 April 2005.[141] METI announced that a personal data security self-test would be available online for businesses from the northern hemisphere autumn. Crucially, METI was considering giving preference to companies with high scores on this ‘voluntary’ test when allocating government IT procurement deals and to disclosing the test results to other government departments outsourcing government functions.[142] It was announced in January 2005 that plans to release sector-specific laws had been dropped because of the strictness of some pre-existing sectoral laws and arguments that further such laws should be specific to the sensitivity of the information, not to sector.[143]
The four opposition parties, spearheaded by the DPJ, presented alternative ‘opt-in’ style legislation immediately before the passage of the Privacy Act in early 2003. The former leader of the DPJ, Yukio Hatoyama, suggested that strict privacy provisions be specifically included in a revised constitution [144] The political will behind privacy regulation is, however, best illustrated by the report of a five-year House of Councillors study on constitutional reform released on 20 April 2005, stating that the majority of parties ‘support the incorporation of environmental and privacy rights’ in a revised constitution.[145]
Meanwhile lawyers, lobbyists and journalists have repeatedly expressed doubts and distrust, whether on the basis that the regime is too repressive, too permissive or strikes the wrong balance between freedom and fairness. Harland mentions the vagueness of the media exemption in the Privacy Act and the scope for abuse of the de minimis exemption[146] as factors which may limit its effectiveness and remain the subject of trenchant criticism by civil rights groups, before dismissing the scheme as ‘yet another toothless tiger’.[147] Other practitioners and economic commentators tend to regard it as ‘very general’,[148] offering incomplete protection whilst impeding mergers and acquisitions.[149] Commentators sympathetic to civil rights accuse it of containing inappropriate loopholes, and being ‘decidedly pro-business’.[150] Journalists, in particular those working for salacious magazines, see it as ‘dangerous’,[151] violating the constitutional principle of equality under the law,[152] stifling free speech,[153] and evidencing intractable media gagging.[154]
The concept of a right to privacy was transplanted into fertile soil in Japan, meeting a perceived need for a check on media excesses and quickly metamorphosing into a general expectation of protection from government surveillance, defeating the national ID scheme in 1975. A quarter of a century later, the same government proposal catapulted privacy protection onto the mainstream political and economic agenda. Japan entered the new millennium teetering on the brink of privacy disasters, with political and economic ramifications matching the environmental disasters of the 1960s. This final elevation of privacy protection to the priority policy agenda has been based on the conviction that privacy protection is indispensable to success in e-commerce, and that Japan is already slipping dangerously behind.
Hiroshi Oda argues that careful selection and adaptation of foreign law into Japan has achieved a rational and coherent legal system little different from those of the West.[155] Perhaps the most important transition in Japan will be the movement away from the belief in Japan’s exceptionalism, which is characterised by the nihonjinron theory,[156] to a perception that while Japan is different, it is not so different as to be an invalid subject of study and comparison.
Taken in context, the new Japanese privacy regime is a serious first step in dealing rapidly and effectively with the threat. ‘Hollow’ or informal regulatory regimes have worked well in the past in Japan and should do so in this case. Not all informal regulation is intended to be effective; however, the Privacy Act is intended to produce substantive change. Evidence of this is found not only in the scheme of the legislation itself, but in the economic rationale behind the regime, and an iron-clad political will overlaying the ‘soft’ popular demand for privacy as a civil right. The early signs from the business community, the bureaucracy, the political elite and the populace at large are overwhelmingly supportive of the conclusion that the Privacy Act will be effective.
If the comparativist omits the insider’s perspective, he or she misses the ‘subliminal consensus’ about whether rights should live or die in this constitutional democracy.[157] Despite the unfamiliar and apparently vague shape of the privacy regime, it was designed – in light of a subliminal consensus in Japan that privacy rights should live – to work. Admittedly, vague and flexible regulatory regimes in Japan are sometimes designed to be ineffective: they serve to placate Japanese and western observers while slowing social change. This is not the case with the privacy regime, however. This particular regime was intended to produce rapid and substantive change. It is no ‘toothless tiger’.
No jurisdiction has yet resolved the modern privacy dilemma completely. Even in flagship Europe, the implementation of the 1995 EU Directive is nascent and problematic.[158] Japan’s first step is one of a range of possibilities available on the regulatory continuum and arguably closer to the full omnibus model adopted by the EU than other informal models, including the Australian regime.[159]
This paper also concludes that the inception of the new regime demonstrates the vibrant political process and societal consensus-led change commonly found in constitutional democracies. This is evidence of an emergent political transition away from Sugimoto’s ‘friendly authoritarianism,’ meaning that the ‘developmental state’ model is waning as an explanation for Japanese decision making in at least some contexts. It follows that Japan’s political system is transitioning away from exceptionalism, towards a pluralist and participatory system that shows no more than an ordinary and appropriate degree of difference with other complex systems in which political power is shared.
It is worth observing in passing that just as the new Japanese privacy regime is a poor fit with simplistic assumptions about the locus of power in Japan, it also fits poorly under broad-brush convergence theories. Convergence theorists argue that industrialism breeds uniformity between societies; Japan is ‘catching up’ to Western development. Opponents say divergence is the norm; the forces of industrialism are no match for ingrained and endemic cultural traits. Reverse convergence theorists suggest the world is emulating Japan in industrial development, while multiple convergence theorists identify development nodes that attract clusters of similarly developing societies.[160]
Westin and Van Gelder suggest the broad view that Japan’s privacy regime plots a ‘middle way’ in global terms.[161] However, approaching the question at three distinct levels – rationale, policy and regulatory model – gives different answers. At the most concrete level of regulatory model, Japan is divergent from both the US and Europe and has indeed adopted a distinctive, hybrid model suited to Japanese conditions. At the intermediate level of privacy policy, the Japanese regime is convergent with the privacy policy already uniform in developed nations: the European ‘fair information’ principles.[162] At the most abstract level, the underlying rationale for privacy regulation, the Japanese regime supports a version of the ‘nodes’ theory. It rejects American reasoning that privacy protection is an individual interest that hampers business,[163] but converges with the European rationale. The European belief is that the protection of personal information is a societal interest and a critical determinant of future economic development. Note that these ‘nodes’ of privacy law development by no means correlate to cultural or geographic ‘legal families’.
Tanase makes the real complexity of the modern process of transplanting and receiving law and convergence even more plain. The trend is:
not the reception of a complete legal system but the cross-border transfer of legal norms, procedures and systems as a variety of fragments that are intertwined within one law or are imposed on or replace part of an existing law. To borrow a term favoured by modern anthropology, the assertion could even be made that the emergence of ‘creoles’ or the mixture of different species is occurring even in the legal world. The fact that abundant mutual permeation and harmonization has made the comparative law concept of legal ‘families’ difficult to accept is another expression of this stateless distribution and transfer of legal information.[164]
In other words, Japan’s new privacy regime is evidence that just as monotone, broad brush explanations for who or what controls Japan are unconvincing, so are simplistic assumptions about Japan’s convergence with, or divergence from, global regulatory patterns. Just as a complex power-sharing model offers the best explanation for legal change in Japan, accurate insights into global convergence are also gained by acknowledging complexity. Simplistic explanations of Japanese legal developments as bound by culture or geography or ‘catching up’ to the US are unhelpful.
The new Japanese privacy regime has been met by earnest attempts at compliance, amidst a chorus of criticism from various sectors. It is arguably not how perfectly honed and balanced the text of a new law is that determines its success, but ‘law in action’: the success of the Privacy Act will be measured in both enforcement and fine-tuning efforts. In Japan, and perhaps everywhere, it is the ‘subliminal consensus’ undergirding a law determines success. Consultative, flexible, informal regulatory schemes can be highly effective where this consensus exists, possibly more so than absolutist, transparent and accountable rules that fit the Western regulatory ideal.
Westin notes that now is the opportune moment for omnibus privacy regulation in Japan. The data mining and direct marketing industries are still puny and real economic harm to individuals is still rare.[165] The politically-prescribed priority given to privacy in Japan is now high. There is a clear political vision of the economic imperative of information security, and the active enforcement of the recent related laws also bodes well for the Privacy Act. Bureaucratic tools for ensuring compliance include not only the administrative and criminal penalties in the legislation but also plans to ‘name and shame’ businesses against which privacy complaints have been made.[166]
The nature of modern privacy violations means that when a violation occurs, vocal and outraged victims can easily number in millions.[167] In fact, continuing disquiet and pending litigation over the Juki-net system will keep privacy in the news and on the priority policy agenda, forcing augmentation of the Privacy Act[168] or the evolution of the Japanese privacy tort.[169] Even if Japan is yet some way from a pluralist and participatory system, ‘[t]he elite can never have a free hand in implementing its political will. It has to solicit the support of the masses even in a very authoritarian regime’.[170]
Despite depictions of ‘the Japanese’ as deferential to authority, and strident global criticism of Japan’s human rights abuses,[171] Wolff argues that ‘civil society is strong and influential’ in Japan where rights are concerned.[172] It is inevitable that privacy disasters will have an increasingly global ‘footprint’, which the newly unexceptional Japan must confront with other nations. I argue that the Privacy Act is a demonstration that Japan has taken a serious first step in that confrontation.
[*] LLM in Asian & Comparative Law, University of New South Wales; Masters in Advanced Japanese with Distinction, University of Sheffield; BA (Asian Studies)/LLB, Australian National University.
[1] Jeffrey Ritter, Benjamin Hayes and Henry Judy, ‘Emerging Trends in International Privacy Law’ (2001) 15 Emory International Law Review 87.
[2] See BBC News, World: Asia-Pac ific Japanese hijacker kills pilot (23 July 1999) BBC Online Network <http://news.bbc.co.uk/1/hi/world/asia-pacific/401680.stm> at 6 July 2006.
[3] Samuel Warren and Louis D Brandeis, ‘The Right to Privacy’ (1890) 4 Harvard Law Review 123. The ‘right to be let alone’ is the classic American expression of the privacy right.
[4] J A A Stockwin, Governing Japan: Divided Politics in a Major Economy (3rd ed, 1999) 23–3 5.
[5] Aurelia George-Mulgan, ‘Japan’s Political Leadership Deficit’ (2000) 3 5(2) Australian Journal of Political Science 183.
[6] Daniel Okimoto, ‘Regime Characteristics of Japanese Industrial Policy’ in Hugh Patrick (ed) Japan’s High Technology Industries: Lessons and Limitations of Industrial Policy (1986); Chalmers Johnson, Japan: Who Governs? The Rise of the Developmental State (1995) 7–13.
[7] J Mark Ramseyer and Frances McCall Rosenbluth, Japan’s Political Marketplace (1993) 1–15.
[8] Jennifer Amyx, ‘Delayed Response to Banking Crisis in Japan: Policy Paralysis in the Network State’ in Daniel Okimoto (ed), Japan’s Economic Crisis (2002).
[9] J Mark Ramseyer and Minoru Nakazato, Japanese Law: An Economic Approach (1999) xiii.
[10] Hideki Kanda and Curtis Milhaupt, ‘Re-Examining Legal Transplants: The Director’s Fiduciary Duty in Japanese Corporate Law’ (2003) 51 American Journal of Comparative Law 887, 888. An example of initial failure is the transplanting of the fiduciary duty of directors, which lay stagnant for almost 40 years in the Japanese Commercial Code.
[11] Yukiko Tsunoda, Sexual Harassment and Domestic Violence in Japan (Vicki Beyer trans, 1997) Temple University, Japan <http://www.tuj.ac.jp/newsite/main/law/lawresources/TUJonline/SexualDiscrimination/tsunodasexualharrassment.html> at 30 June 2006; Leon Wolff, ‘Japanese Women and the “New” Administrative State’ in Peter Drysdale and Jennifer Amyx (eds), Japanese Governance: Beyond Japan Inc (2003) 157–70.
[12] See Part III of this paper.
[13] Alan F Westin and Vivian Van Gelder, ‘Special Issue on Consumer Privacy in Japan and the New National Privacy Law’ (2003) 10(8) Privacy & American Business 1, 25–6.
[14] IT Strategy Headquarters documents make this clear. The E-Japan Strategy of 22 January 2001 proposes ‘revolutionary…action’ to redress Japan’s ‘backwardness’ and ‘make Japan the world’s most advanced IT nation within 5 years’ including through privacy laws to ‘win the confidence of consumers’ and harmonisation with international benchmarks: IT Strategic Headquarters, E-Japan Strategy (22 January 200 1) 1–2, 5–6 <http://www.kantei.go.jp/foreign/it/network/0122full_e.html> at 30 June 2006. The 18 June 2002 E-Japan Priority Policy Program reflects heightened desperation; Japan is falling further behind in the IT race and ‘needs to further accelerate the promotion of IT’ to win. Privacy legislation is a priority policy to ‘ensure…security and reliability on advanced information and telecommunications networks’: IT Strategic Headquarters, E-Japan Priority Policy Program 2002 (18 June 2002) 10, 20 <http://www.kantei.go.jp/foreign/policy/it/0618summary/images/02.gif> at 30 June 2006.The IT Policy Package – 2005 promises the ‘full’ enforcement of the Privacy Act and the review of penalties: IT Strategic Headquarters, IT Policy Package 2005 – Towards the Realisation of the World’s Most Advanced IT Nation (24 February 2005) 27–8 <http://www.privacyexchange.org/japan/JAPAN_IT_Package2005.pdf> at 30 June 2006.
[15] Frank Upham, Law and Social Change in Postwar Japan (1987) 16–27.
[16] Quotations from the Act in English are taken from the Proskauer Rose LLP translation of 2005 and an unofficial translation of 2003. Both have, as of June 2006, been superseded by a translation prepared with the new Standard Bilingual Dictionary for Japanese to English legal translation. See <http://www.cas.go.jp/jp/seisaku/hourei/data2.html> at 30 June 2006.
[17] Holy Bible (King James version), New Testament, The Gospel According to Saint Luke II: 4–5.
[18] Alan F Westin, A Guide to Understanding Privacy (2004) Japan Privacy Resource <http://www.privacyexchange.org/japan/japanindex.html
[18] > at 30 June 2006.
[19] James Nehf, ‘Recognising the Societal Value in Information Privacy’ (2003) 78(1) Washington Law Review 9–15.
[20] Daniel Roth and Stephanie Meta, ‘The Great Data Heist – Why Can’t Corporations Keep their Customers’ Information Secure? Inside the World of Identity Theft’, Fortune Asia, 16 May 2005, 62.
[21] To illustrate, recent data theft at a US credit card processing company exposed 40 million credit card holders globally to the risk of fraud: Ruth Williams, ‘Australian Credit Card Holders Hit by US Computer Scam’, The Age (Melbourne), 21 June 2005, 1.
[22] Nehf, above n 19, 14, 24–6.
[23] Mike Hatch, ‘The Privatization of Big Brother: Protecting Sensitive Personal Information from Commercial Interests in the 21st Century’ (2001) 27 William Mitchell Law Review 1457, 1477–81.
[24] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L 281, 31–50.
[25] European Commission, Report on the Transposition of Directive 95/46/EC (16 May 2003) <http://ec.europa.eu/justice_home/fsj/privacy/lawreport/report_en.htm> at 30 June 2006 (‘EC Report’).
[26] European Opinion Research Group (EORG), Special Eurobarometer 196: Data Protection (December 2003) <http://ec.europa.eu/public_opinion/archives/ebs/ebs_196_highlights.pdf> at 30 June 2006 (‘EORG Report’).
[27] Veronica Taylor, ‘Beyond Legal Orientalism’ in Veronica Taylor (ed), Asian Laws through Australian Eyes (1997) 47, 62.
[28] Tom Ginsburg, ‘In Defense of “Japanese Law”’ in Tom Ginsburg, Luke Nottage and Hiro Sono (eds), The Multiple Worlds of Japanese Law: Disjunctions and Conjunctions (2001) 29, 33.
[29] Penelope Nicholson, ‘Vietnamese Legal Institutions in Comparative Perspective: Contemporary Constitutions and Courts Considered’ in Kanishka Jayasuriya (ed), Law, Capitalism and Power in Asia (2000) 305.
[30] Nathaniel Berman, ‘Aftershocks: Exoticization, Normalization and the Hermeneutic Compulsion’ (1997) Utah Law Review 281.
[31] See James Nelson, ‘Culture, Commerce and the Constitution: Legal and Extra-Legal Restraints on Freedom of Expression in the Japanese Publishing Industry’ (1996) 15 UCLA Pacific Basin Law Journal 45.
[32] Taylor, above n 27, 57.
[33] Dan Rosen, ‘Private Lives and Public Eyes: Privacy in the United States and Japan’ (1990) 6 Florida Journal of International Law 141, 15 1–2.
[34] The writer Yukio Mishima had offended a prominent Tokyo couple by using their lives, including political and marital failure, as the thinly-disguised plot for a work of fiction: Arita v. Hiraoka 385 Hanrei Jiho 12 (Tokyo District Court 28 September 1964). See Shoetsu Matsumoto’s commentary in 154 Kenpo Hanrei Hyakusen [100 Selected Constitutional Cases] (4th ed, 2000) 138 (Japanese).
[35] Rosen, above n 33, 144.
[36] See ibid, 152; Masao Horibe, ‘Privacy and Media’ (Paper presented at the 26th International Conference on Privacy and Personal Data Protection, Wroclaw, Poland, 15 September 2004).
[37] See, eg, Alan F Westin, Report on the Japan National Consumer Privacy Survey (1999) Japan Privacy Resource <http://www.privacyexchange.org/japan/westinsurvey_1999.pdf> at 30 June, 2006; Alan F Westin, Commentary on the Japan Consumer Survey on E-Government (2004) Japan Privacy Resource <http://www.privacyexchange.org/japan/japanindex.html> at 30 June 2006; also the 1999 Ministry of Posts and Telecommunications survey and the 2002 Asahi Shimbun survey, in Part III(B) of this paper.
[38] Rosen, above n 33, 173.
[39] Jonathon Green (ed), The Book of Political Quotes (1983) quoting Victor Hugo in 1852: ‘Greater than the tread of mighty armies is an idea whose time has come’.
[40] Takao Tanase, ‘The Empty Space of the Modern in Japanese Law Discourse’ in David Nelken and Johannes Feest (eds), Adapting Legal Cultures (2001) 187, 190.
[41] Ibid 197.
[42] See below Part IV(A) of this paper.
[43] Hideki Kanda and Curtis Milhaupt, ‘Re-examining Legal Transplants: The Director’s Fiduciary Duty in Japanese Corporate Law’ (2003) 51 American Journal of Comparative Law 887, 891.
[44] Horibe, above n 36. See Civil Code (1896) arts 709, 710.
[45] Rosen, above n 33, 15 1–2.
[46] Alan F Westin and Vivian Van Gelder, above n 13, 5.
[47] Aritsune Katsuta, ‘Japan: A Grey Legal Culture’ in Esin Orucu, Elspeth Attwooll and Sean Coyle (eds) Studies in Legal Systems: Mixed and Mixing (1996) 249, 259.
[48] Rosen, above n 33, 152–3; see also Nelson, above n 31. The legal journal, Jurisuto, used a conjoined term “meiyo-puraibashii” for the two torts from 1977.
[49] Westin and Van Gelder, above n 13, 5; Masao Horibe, ‘Privacy and Personal Information Protection in Japan: Past, Present and Future’ (Paper presented at the Almaden Institute on Privacy, IBM Almaden Research Centre, San Jose, 9 April 2003) <http://www.almaden.ibm.com/institute/pdf/2003/MasaoHoribe.pdf> at 10 April 2005; See also Charles E.H. Franklin (ed), (1996) Business Guide to Privacy and Data Protection Legislation, 279.
[50] See Nelson, above n 31; Rosen, above n 33.
[51] See Nelson, above n 31, 73–82; Kenichi Asano, ‘The Crime of Crime Reporting (Precis)’ (Fred Uleman trans, 14 July 2000) <http://www1.doshisha.ac.jp/~kasano/FEATURES/2000/translation.html> at 13 June 2005.
[52] Alan Westin and Vivian Van Gelder, above n 13, 5.
[53] Ministry of Economy, Trade and Industry (METI) since 6 January 2001.
[54] Ministry of Public Management, Home Affairs, Posts and Telecommunications since 6 January 2001. See Westin and Van Gelder, above n 13, 5; Joanne Harland, ‘Japan's New Privacy Legislation: Are You Ready?’ (2004) 20 Computer Law and Security Report 200, 200.
[55] Renamed the ‘Next Generation Electronic Commerce Promotion Council of Japan’.
[56] Electronic Commerce Promotion Council of Japan, Outline of A Survey of the Market Scale for Electronic Commerce (1999) <http://www.ecom.jp/qecom/ecom_e/index.html> at 30 June 2006 (a 1999 joint ECOM and Andersen Consulting survey forecasting exponential growth in the Japanese e-commerce market by 2004); Electronic Commerce Promotion Council of Japan, Founding Prospectus <http://www.ecom.jp/ecom_e/index.html> at 30 June 2006.
[57] Privacy International, ‘Japan’ Privacy and Human Rights 2003 (2003) 2 <http://privacyinternational.org.survey/phr2003/countries/japan.htm> at 10 March 2005.
[58] Alan Westin, Report on the Japan National Consumer Privacy Survey (19 December 1999) Privacy Exchange (1999) 5, 7 <http://www.privacyexchange.org/japan/westinsurvey_1999.pdf> at 12 June 2005.
[59] Westin and Van Gelder, above n 13, 25. There were sixty nine arrests during 2002 under the Unauthorised Computer Access Act (1999).
[60] Westin and Van Gelder, above n 13, 8–10.
[61] Gohsuke Takama, Lies and Secrets – Japan’s National ID Network (31 July 2002) Anti National ID Japan Weblog <http://nationalid.hantai.jp/2002/08/lies_and_secret.html> at 30 June 2006. Long delays in the privacy legislation meant that the Juki-net became operational more than two and a half years before the Privacy Act came into full effect on 1 April 2005.
[62] Westin and Van Gelder, above n 13, 10.
[63] Ibid 11.
[64] Takama, above n 61.
[65] See Privacy International, ‘Japan,’, Privacy and Human Rights 2004 (16 November 2004) 2–3 <http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-83523> at 10 March 2005; Privacy and Human Rights 2003, above n 57, 3–4.
[66] Westin and Van Gelder, above n 13, 9.
[67] Privacy and Human Rights 2003, above n 57, 4.
[68] Westin and Gelder, above n 13, 11–16.
[69] Horibe, above n 49, 9–19.
[70] Privacy and Human Rights 2003, above n 57, 1–2.
[71] Westin and Gelder, above n 13, 13.
[72] Privacy Act 2003 art 50(1)(i) exempts ‘Broadcast organs, newspapers, news agencies or other reporting organs (including individuals who are engaged in reporting by trade …)’ where all or a part of the purpose of handling personal information is for ‘reporting’. Privacy Act 2003 art 50(2) defines ‘reporting’ as ‘the art of communicating objective fact … to an unspecified mass (including expressing thoughts and opinions based on the facts …)’.
[73] Commonly: notice, consent, access, security and enforcement. Control of onward transfers is a sixth.
[74] David Case, ‘The New Japanese Personal Information Protection Law’ (2003) 3 World Data Protection Report 6. The Privacy Act 2003 was finalised by Cabinet on 7 March 2003 and passed on 23 May 2003, just ten weeks later. The US invasion of Iraq in March 2003 had altered legislative priorities: see Westin and Van Gelder, above n 13.
[75] See the Act for the Protection of Personal Data held by Administrative Organs 2001.
[76] See Horibe, above n 36, 25.
[77] R Daniel Kelemen and Eric C Sibbitt, ‘The Americanisation of Japanese Law’ (2002) 23 University of Pennsylvania Journal of International Economic Law 269.
[78] An ‘opt-out’ standard is a weaker protection that puts the burden on the individual wishing to keep her personal information private. The ‘opt-in’ standard is a stronger protection that preserves the privacy of personal information unless the individual concerned specifically consents to the information being collected or used. The Privacy Act provides the higher opt-in control in the limited context of the onward transfer of personal information to unrelated parties: art 23.
[79] Harland, above n 54, 202.
[80] See Privacy Act 2003 art 1.
[81] Privacy Act 2003 art 2.
[82] Privacy Exchange, List of Ministry Guidelines under the Personal Information Protection Act (April 1 2005) <http://privacyexchange.org/japan/JapanGuidelines.html> at 30 June 2006. Six of the 12 cabinet ministries and agencies and the Financial Services Agency had issued 19 sets of guidelines as at 1 April 2005.
[83] Privacy Act 2003 art 43.
[84] Privacy Act 2003 arts 33, 34.
[85] Privacy Act 2003 arts 56–9. A fine of up to 300 000 yen (up to 100 000 yen in frauds involving Approved Protection Organizations) or 6 months imprisonment.
[86] Cabinet Office, Government of Japan, Basic Policy on the Protection of Personal Information [Kojinjoho no hogo ni kansuru kihon hoshin] (2 April 2004) <http://www5.cao.go.jp/seikatsu/kojin/kihonhoushin-kakugikettei.pdf> at 21 June 2006.
[87] Cf Robert Raskopf, ‘2003 White & Case Comparative Data Law Survey’ (2003) 5 Global eCommerce 6, 13. Fourteen of 18 jurisdictions surveyed by Raskopf did have special requirements for cross-border transfers.
[88] Case, above n 74, 3, 5.
[89] Westin and Van Gelder, above n 13, 24.
[90] Japan Cabinet Office, Personal Information Protection (2005) <http://www5.cao.go.jp/seikatsu/kojin> (Japanese) at 30 June 2006 lists 14 different ministries and agencies as bodies competent to administer the regime.
[91] See Case, above n 74, 5; Harland, above n 54, 203; Westin and Van Gelder, above n 13, 23–4.
[92] Shinji Kusakabe and Nobuhito Sawasaki, ‘Data Protection Law Poses Problems for M&A’ (2005) 24 International Financial Law Review – 2005 Guide to Japan 1, 31.
[93] Ibid 34.
[94] Westin and Van Gelder, above n 13, 16, 23.
[95] Kusakabe and Sawasaki, above n 92, 31.
[96] Westin, above n 18, 1, 3–4.
[97] Yoshio Sugimoto, An Introduction to Japanese Society (2nd ed, 2003).
[98] See Takeyoshi Kawashima, ‘Dispute Resolution in Contemporary Japan in Arthur Von Mehren (ed), Law in Japan: the Legal Order in a Changing Society (1963) 43–50.
[99] JAA Stockwin, above n 4, 218.
[100] See Sugimoto, above n 97, 14–32.
[101] See ibid; Katsuta, above n 47.
[102] Rosen, above n 33, 171–3.
[103] Ibid 172–5
[104] Eric Feldman, The Ritual of Rights in Japan (2000) 1–15.
[105] Lawrence Gordon et al, Computer Security Institute / FBI Computer Crime and Security Survey. (2004) <http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml;jsessionid=4YA1YETXIDRRIQSNDBCSKHSCJUMEKJVN> at 7 June 2005; European Opinion Research Group (EORG), Special Eurobarometer 196: Data Protection December (2003) <http://europa.eu.int/comm/public_opinion/archives/ebs/ebs_196_highlights.pdf> at 2 June 2005; Alan Westin, ‘Commentary on the Survey’, Japan Privacy Resource (2004) Privacy Exchange <http://www.privacyexchange.org/japan/japanindex.html> at 15 April 2005.
[106] Paul Kelly, ‘Recent Developments in Private Sector Personal Data Protection in Australia: Will There be an Upside Down Under?’ (2000) 19 John Marshall Journal of Computer and Information Law 71
[107] Aurelia George-Mulgan, above n 5.
[108] See John O Haley, ‘The Myth of the Reluctant Litigant’ (1978) 4 Journal of Japanese Studies 359; Ezra Vogel, ‘Crisis of German and Japanese Capitalism: Stalled on the Road to the Liberal Market Model?’ (2001) Comparative Political Studies 1103.
[109] Walter Hatch and Kozo Yamamura, Asia in Japan’s Embrace: Building a Regional Production Alliance (1996) 62–76.
[110] Aurelia George-Mulgan, ‘Japan: A Setting Sun?’ (2000) 79(4) Foreign Afairs 40, 41, 43.
[111] See Kelly, above n 106, 71.
[112] Peter Drysdale and Jennifer Amyx (eds), Beyond Japan Inc: Transparency and Reform in Japanese Governance (2002) 1–15.
[113] Harland, above n 54, 203.
[114] Okimoto, above n 6; Johnson, above n 6.
[115] Environmental change, for example: see Upham, above n 15, 28–67.
[116] Sexual harassment, for example: see generally Leon Wolff, ‘Japanese Women and the “New” Administrative State’ in Peter Drysdale and Jennifer Amyx (eds), Japanese Governance: Beyond Japan Inc. (2003) 157–70.
[117] Tetsuya Mizutani, ‘Nintei Kojin Joho Hogo Dantai ga tsugitsugi to Tanjo – Nintei Kojin Joho Hogo Dantai wa Kujo no Kakekomidera’ Bizmarketing E-Zine (26 May 2005) <http://www.bizmarketing.ne.jp/2/2933.html> at 1 June 2005.
[118] Westin and Van Gelder, above n 13, 21.
[119] Wolff, above n 11.
[120] See Kenichi Asano (Fred Uleman trans, 14 July 2000), The Crime of Crime Reporting Crimes (Precis) Asano Seminar <http://www1.doshisha.ac.jp/~kasano/FEATURES/2000/translation.html> at 30 June 2006; Nelson, above n 31, 64.
[121] See Amy Gurowitz, ‘Mobilizing International Norms: Domestic Actors, Immigrants and the Japanese State’ (1999) 5 1(3) World Politics 413; see also Sylvia Brown Hamano, ‘Incomplete Revolutions and Not So Alien Transplants: The Japanese Constitution and Human Rights’ (1999) 1 University of Pennsylvania Journal of Constitutional Law 415.
[122] Article 25(1) of the EU Directive states: ‘The Member States shall provide that the transfer to a third country of personal data … may take place only if … the third country in question ensures an adequate level of protection’.
[123] Upham, above n 15, 16–27.
[124] See Part IV(B) of this paper.
[125] Mark Ramseyer and Frances McCall Rosenbluth, Japan’s Political Marketplace (1993) 1–15.
[126] Tessa Morris-Suzuki, The Technological Transformation of Japan: From the Seventeenth to the Twenty-First Century (2004) 6.
[127] Jennifer Amyx, ‘The Banking Crisis in Japan: Policy Paralysis in the Network State’ in Daniel Okimoto (ed), From Bubble to Bust: Japan’s Economic Crisis 1985–2000 (in review).
[128] John O Haley, Authority without Power: Law and the Japanese Paradox (1991) 163–4.
[129] Since losing power briefly in 1993.
[130] Alan F Westin, Japan Privacy Newsflash, Japan Privacy Resource (March 2004–March 2005) <http://www.privacyexchange.org/japan/japanindex.html> at March–June 2005.
[131] Westin, Commentary on the Japan Consumer Survey on E-Government, above n 37, 75.
[132] Westin, above n 18, 2–5.
[133] Masahiro Eguchi, ‘Revision of ECOM Personal Information Protection Guidelines’ (31 March 2005) ECOM Journal, <http://www.ecom.jp/ecom_e/latest/ecomjournal_no9/5e.htm> at 12 June 2005.
[134] Electronic Commerce Promotion Council of Japan, ECOM Newsletter No 56 (28 February) <http://www.ecom.jp/ecom_e/index.html> at 26 July 2006.
[135] Schools Toughen Call List Privacy (18 May 2005) The Daily Yomiuri Online, <http://www.yomiuri.co.jp/newse/20050518wo33htm> at 19 May 2005.
[136] Alan F Westin, Japan Privacy Newsflash, Japan Privacy Resource (March 2005) <http://www.privacyexchange.org/japan/japanindex.html> at 24 March 2005.
[137] Takuji Kunishida, ‘Firms Rush to Plug Security Holes’, Nikkei Weekly (Tokyo), 9 May 2005, Weekly Focus 5; Makoto Stato, ‘Computer Makers Unveil Solutions to Defend Against Information Theft’, Nikkei Weekly (Tokyo), 9 May 2005, Weekly Focus 5; ‘Keyword: Personal Information Protection Law’, Nikkei Weekly (Tokyo), 9 May 2005, Weekly Focus 5; ‘Verification of ID Tie Hot Issue as E-Commerce Grows’, Nikkei Weekly (Tokyo), 9 May 2005, Weekly Focus 5; ‘Public Groups Embracing Privacy Data’, Nikkei Weekly (Tokyo), 9 May 2005, Trends & People 31.
[138] Privacy Law at Hand, but Personal Data Leeks may be Too Elusive to Patch (30 March 2005) Asahi.com <http://www.asahi.com/english/Herald-asahi/TKY200503300157.html> at 7 April 2005.
[139] See JIPDEC Privacy Mark <http://privacymark.jp/> at 30 June 2006.
[140] Japan External Trade Organisation, ‘Japan Steps up Information Protection Measures’ Trends and Topics: Changing Business Environment (November 2004) <http://www.jetro.go.jp.en.market/trend/changing.docs/2004_11_personalinfo.html> at 9 March 2005.
[141] See Response <http://response.jp/issue/2005/0404/article69443_1.html> (Japanese) at 30 June 2006.
[142] Alan F Westin, Japan Privacy Newsflash, Japan Privacy Resource (April 2005) <http://www.privacyexchange.org/japan/japanindex.html> at April 2005.
[143] Alan F Westin, Japan Privacy Newsflash, Japan Privacy Resource (January 2005) <http://www.privacyexchange.org/japan/japanindex.html> at January 2005.
[144] ‘Information Privacy Proposed for Japanese Constitution’, The Industry Standard, 11 February 2005 <http://www.thestandard.com/internetnews/000955.php> at 26 May 2005 referring to Yukio Hatoyama, Shin kenpo shian: songen aru Nihon o tsukuru [A New Draft Constitution: Creating a Japan with Dignity] (2005).
[145] Tetsushi Kajimoto, ‘Upper Panel Can’t Agree on Need for New Article 9’ The Japan Times Online (21 April 2005) <http://www.japantimes.co.jp/cgi-bin/getarticle.pl5?nn20050421a2.htm> at 12 June 2005.
[146] Made by Cabinet Order No. 507 in December 2003 pursuant to Privacy Act Art.2(3)(v). Entities handling the personal information of less than 5 000 relevant individuals are exempt.
[147] Harland, above n 54, 202–3.
[148] Memorandum re Japanese Personal Information Protection Law (17 June 2004) Baker & McKenzie GLBJ Tokyo Aoyama Aoki Law Office, 1 <http://www.bakernet.com/ecommerce/japaneseprivacylaw.pdf> at 25 May 2005.
[149] Kusakabe and Sawasaki, above n 92.
[150] Case, above n 74, 3.
[151] Bruce Rutledge, ‘New Privacy Laws Threaten Magazines’ Japan Media Review (7 August 2003) <http://www.ojr/japan/media/1060286367.php> at 26 May 2003.
[152] Nobuo Ikeda, ‘Opposition to the Privacy Bill that Regulates the Internet’, RIETI Policy Update (8 April 2003) <http://www.rieti.go.jp/en/special/policy-update/007.html> at 9 March 2005.
[153] Okadome quoted in David McNeill, ‘Taboo Buster’, 36 Number 1 Shimbun 6 (9 June 2004) <http://fccj.or.jp> at 25 May 2005.
[154] Justin McCurry, ‘Probing “Privacy”’, 36 Number 1 Shimbun 9 (8 September 2004) <http://fccj.or.jp> at 25 May 2005.
[155] Hiroshi Oda, Japanese Law (1992) 4–10.
[156] See Sugimoto above n 97, 1–29.
[157] See Nelson above n 31.
[158] See EC Report, above n 25; EORG Report, above n 26.
[159] See Kelly, above n 106.
[160] Sugimoto, above n 97, 14–32.
[161] Westin and Ven Gelder, above n 13, 31.
[162] See Ritter, Hayes and Judy, above n 1, 92, 105, 199; Nehf, above n 19, 85.
[163] Nehf, above n 19, 46–8.
[164] Takao Tanase, ‘Global Markets and Law’s Progress’ (2003) Juristo 44 (Author trans) 45–6 [trans of ‘Gurobaru Shijo to Ho No Shinka’].
[165] Alan F Westin, ‘Data Leakage and Harm’, Japan Privacy Resource (May 2004) <http://www.privacyexchange.org> at 17 April 2005
[166] Westin and Van Gelder, above n 13, 26.
[167] See Osamu Inoue, Another Data Leak Discovered at Yahoo! BB (6 December 2004) Nikkei Business <http://nikkeibp.jp/wcs/leaf/CID/onair/nbe/features/347662> at 30 June 2006.
[168] Westin and Van Gelder, above n 13, 25.
[169] See Kusakabe and Sawasaki, above n 92.
[170] Tanase, above n 161, 48.
[171] See, eg, Charles Lane, ‘Japan’s Dark Secret: Inside the Death Chamber’, The Australian Financial Review (Sydney), 10 June 2005.
[172] Leon Wolff, ‘The Future of Human Rights Regulation in Japan’ (2003) Human Rights Defender 3.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/UNSWLawJl/2006/17.html
