JAPAN Law and Practice Contributed by: Hiromi Hayashi, Daisuke Tsuta, Masaki Yukawa and Keiichi Bando, Mori Hamada & Matsumoto
• there is a statement in the manual that the device cannot be directly connected to the internet. Secrecy of Communications The TBA stipulates that the secrecy of communi - cations must be protected. “Infringement” of the “secrecy of communications” without obtaining the “consent” of the parties violates the TBA. The “secrecy of communications” includes (i) the content of the individual communication and (ii) all of the following matters in connection with the individual communication, the knowledge of which enables inference of the content of the communication: • the date and time of communication; • the location of communication; • the name, address, and whereabouts of the communicating parties; • codes for identifying the communicating par - ties, such as telephone numbers; and • the frequency of communication. The TBA does not have an exemption for machine-to-machine communications. JC-STAR On 30 September 2024, the Information-Tech - nology Promotion Agency (IPA) published the “Labeling Scheme based on Japan Cyber- Security Technical Assessment Requirements (JC-STAR)”. This is not legally binding. The primary purpose of JC-STAR is to enable pro - curers to easily select IoT products that meet their required security standards and to promote the widespread adoption of IoT products with appropriate security measures. The main objectives of this scheme are as fol - lows.
• To evaluate and visualise the security func - tions of products procured by government agencies and companies using a common standard. • To ensure that only IoT products with suf - ficient security measures are adopted in specific fields. • To reduce the burden on vendors exporting IoT products by achieving mutual recognition with overseas systems. 4.2 Compliance and Governance There are no specific regulations for deploy - ing IoT solutions, although one must examine whether providing IoT solutions falls under a tel - ecommunication business that requires a licence (see 6.1 Scope of Regulation and Pre-Market- ing Requirements ) and whether using devices included in IoT solutions falls under operating a radio station that requires a licence (see 4.1 Machine-to-Machine Communications, Com- munications Secrecy and Data Protection ). Further, in the case of IoT solutions deployed by essential infrastructure providers under the Act on the Promotion of National Security, such pro - viders may be required to submit a written plan to the regulator for review before such deploy - ment. For more details, see 2.1 Highly Regu- lated Industries and Data Protection . 4.3 Data Sharing If an IoT device collects personal information, such as appearance recorded by a camera or a voice recording enabling the identification of a person, the service provider which collects the personal information through that IoT device would generally need to comply with the APPI. On 26 December 2024, the Cabinet Secretariat held a “Data Utilization Framework and System Study Group” to discuss the expansion of data
177 CHAMBERS.COM
Powered by FlippingBook