Q: Access to Government Information vs. Protection of Personal Data in Japan: What Businesses Need to Know

In today's data-driven world, the principles of governmental transparency and the protection of personal information are often in a delicate balance. Japan, like many developed nations, has established significant legal frameworks to govern both public access to information held by administrative organs and the safeguarding of personal data these organs collect and manage. For businesses operating in Japan, understanding these dual regimes is crucial. It affects not only their ability to obtain government-held information relevant to their operations but also how their own sensitive commercial data and the personal data of their employees or customers are treated when in the hands of administrative authorities.

Part I: The Drive for Transparency – Japan's Information Disclosure System (情報公開制度 - Jōhō Kōkai Seido)

The move towards greater governmental transparency in Japan gained significant momentum from the local government level, with many prefectures and municipalities enacting information disclosure ordinances before a national law was established. The Act on Access to Information Held by Administrative Organs (行政機関の保有する情報の公開に関する法律 - Gyōsei Kikan no Hoyū Suru Jōhō no Kōkai ni Kansuru Hōritsu), commonly known as the Administrative Information Disclosure Act, was enacted in 1999 and came into full effect in 2001. A similar act governs information held by Incorporated Administrative Agencies.

Purpose and Philosophy

Article 1 of the Administrative Information Disclosure Act states its purpose is to strive for fuller disclosure of information held by administrative organs, thereby ensuring that the government is accountable to the people for its various activities. It aims to contribute to the promotion of a fair and democratic administration that is subject to the people's accurate understanding and criticism, in accordance with the principle of the sovereignty of the people. While the Act does not explicitly enshrine a "right to know" (shiru kenri - 知る権利) as a constitutional right, its underpinnings are clearly rooted in democratic accountability.

Key Features of the System:

• Who Can Request? "Any person" (nanbito - 何人も) can request information under the Act (Article 3). This includes Japanese nationals, foreign nationals, corporations (both domestic and foreign), and other entities. The requester's motive or purpose for seeking the information is generally not a relevant consideration for the agency in deciding whether to disclose.
• What Information Can Be Requested? The Act applies to "administrative documents" (行政文書 - gyōsei bunsho), which are defined as documents, drawings, and electromagnetic records (electronic data) that have been prepared or obtained by an employee of an administrative organ in the course of his or her duties and are held by that administrative organ for organizational use (Article 2(2)). Importantly, agencies are generally not obligated to create new documents or compile information in a new format to respond to a request; the Act pertains to existing, held information.
• Target Agencies: The Act primarily applies to national administrative organs, including the Cabinet, organs established within the Cabinet (like the Cabinet Office and its agencies), ministries, and the Board of Audit (Article 2(1)). The Diet and the courts are excluded, as they have their own separate rules for public access to their records.
• Request Procedure: Requests must typically be made in writing (or electronically), identifying the desired administrative documents with sufficient clarity to allow the agency to locate them (Article 4). A fee is usually charged to cover the actual costs of disclosure, though these are intended to be kept as reasonable as possible.
• Principle of Disclosure and Exemptions: The fundamental principle of the Act is disclosure. An administrative organ must disclose requested information unless it falls under one of the specific categories of non-disclosable information (exemptions) listed in Article 5 of the Act. The agency generally has 30 days to make a decision on a request (extendable under certain conditions).

Non-Disclosable Information (Exemptions - 不開示情報 Fukaiji Jōhō - Article 5)

This is the core area of concern for businesses, both as requesters and as entities whose information might be held by the government. Key exemptions include:

1. Personal Information (個人情報 - Kojin Jōhō) (Art. 5(1)): Information that can identify a specific living individual is generally non-disclosable to protect personal privacy.
   • Exceptions: This non-disclosure does not apply if (a) the information is, by law or established custom, made available to the public; (b) disclosure is deemed necessary to protect a person's life, health, livelihood, or property; or (c) the information pertains to the official duties of a public official, and disclosure is in the public interest (though names of public officials in certain contexts may still be withheld if disclosure would unduly infringe privacy). A 2016 amendment also added provisions for the non-disclosure of "administratively processed non-identifying information" (行政機関非識別加工情報 - gyōsei kikan hi-shikibetsu kakō jōhō), which relates to a specific type of anonymized data.
2. Corporate Information (法人等情報 - Hōjin-tō Jōhō) (Art. 5(2)): This is a critical exemption for businesses. Information concerning corporations or other legal entities (including unincorporated associations) is non-disclosable if:
   • (a) Its disclosure is likely to harm the rights, competitive position, or other legitimate interests of the said corporation, etc. This is the primary ground for protecting trade secrets, confidential business strategies, sensitive financial data, R&D information, customer lists, and other proprietary information submitted by businesses to government agencies.
   • (b) It was voluntarily provided to an administrative organ on the condition that it would not be disclosed to the public (and such a condition is reasonable in light of the nature of the information, etc.), and the administrative organ does not disclose it as a matter of practice.
   • Exception: Even if falling under (a) or (b), the information must be disclosed if disclosure is deemed necessary to protect a person's life, health, livelihood, or property.
3. National Security, Defense, Foreign Affairs Information (Art. 5(3)): Information whose disclosure is reasonably deemed by the head of an administrative organ to be likely to harm national security, undermine trust with other countries or international organizations, or be detrimental to diplomatic negotiations.
4. Public Safety and Order Information (Art. 5(4)): Information concerning the prevention, suppression, or investigation of crimes, maintenance of prosecutions, execution of sentences, and other matters related to maintaining public safety and order, if its disclosure is reasonably deemed by the head of an administrative organ to be likely to prejudice these functions.
5. Deliberative, Consultative, and Internal Examination Information (審議検討情報 - Shingi Kentō Jōhō) (Art. 5(5)): Information regarding deliberations, examinations, or consultations within or between national or local government organs, if its disclosure is likely to unjustly harm the frank exchange of opinions or the neutrality of decision-making, cause undue confusion among the public, or unfairly benefit or prejudice specific individuals. The Supreme Court, in the Kamo River Damsite case (judgment of March 25, 1994), upheld the non-disclosure of internal planning documents under a similar provision in a local information disclosure ordinance, recognizing the need to protect ongoing deliberative processes.
6. Information on Administrative Affairs and Undertakings (事務事業情報 - Jimu Jigyō Jōhō) (Art. 5(6)): Information concerning the affairs or undertakings conducted by an administrative organ (or a local public entity), if its disclosure is likely to hinder the proper execution of those affairs due to factors such as revealing audit or inspection methods, impairing contractual negotiations, or undermining research objectives.
   • This exemption has been frequently litigated, especially concerning the disclosure of government entertainment and travel expenses. The Supreme Court, in cases like the Osaka Prefecture Water Department entertainment expense case (judgment of February 8, 1994) and the Osaka Governor's entertainment expense case (judgment of January 27, 1994), has provided guidance. Generally, basic factual information about expenditures (date, amount, number of attendees, purpose) is disclosable, but the names of private individuals attending government functions may be withheld if disclosure would breach trust or hinder the conduct of official duties, unless the attendance was already public or intended to be so. The agency bears the burden of demonstrating how disclosure would specifically hinder its operations.

Other Key Provisions:

• Partial Disclosure (Art. 6): If a document contains both disclosable and non-disclosable information, the agency must disclose the disclosable portions if they can be reasonably severed.
• Discretionary Disclosure (Art. 7): Even if information falls under an exemption, the head of an administrative organ may choose to disclose it if they deem it to be in the particular public interest.
• Refusal to Confirm or Deny Existence (Art. 8): In rare cases where merely confirming or denying the existence of certain information would effectively disclose exempt information (e.g., sensitive security or personal information), the agency can refuse to confirm or deny its existence.

Remedies for Non-Disclosure:

If an agency denies a disclosure request, the requester has two main avenues for redress:

1. Administrative Appeal: An appeal can be filed with the head of the administrative organ that made the decision. In most cases, the agency head is then required to consult the Information Disclosure and Personal Information Protection Review Board (情報公開・個人情報保護審査会 - Jōhō Kōkai / Kojin Jōhō Hogo Shinsakai). This is an independent expert body that reviews the agency's decision, often conducting in camera (private) inspections of the documents in question and potentially requesting detailed justifications from the agency (similar to a Vaughn Index in U.S. FOIA practice). While the Board's opinions are not legally binding on the agency, they carry significant weight and are usually respected.
2. Administrative Litigation: The requester can file a lawsuit in court, typically an action for the revocation (torikeshi soshō) of the non-disclosure decision, often combined with an action for an order to disclose (gimuzuke soshō). Courts generally do not conduct in camera reviews of the disputed documents themselves (Supreme Court, judgment of January 15, 2009, indicated that this is a matter of legislative policy, though not unconstitutional per se). An administrative appeal is not a mandatory prerequisite for filing a lawsuit.

Third-Party Rights:

If a request is made for documents containing information about a third party (e.g., another company), Article 13 of the Act provides that the administrative organ must, in certain circumstances, notify that third party and give them an opportunity to submit a written opinion on whether the information should be disclosed. If the agency decides to disclose information despite the third party's objection, it must wait at least two weeks before actual disclosure, allowing the third party time to file an administrative appeal or seek an injunction from a court.

Part II: Safeguarding Data – Personal Information Protection (個人情報の保護 - Kojin Jōhō no Hogo)

Alongside transparency, Japan has robust laws to protect personal information, both in the private and public sectors.

Legal Framework:

• Act on the Protection of Personal Information (APPI - 個人情報保護法 Kojin Jōhō Hogo Hō): Originally enacted in 2003 and significantly revised in 2015 (with further amendments since), the APPI is the comprehensive law that sets out the general principles for personal information protection. It imposes detailed obligations on private sector businesses handling personal information (e.g., specifying purpose of use, obtaining consent for sensitive data, limiting third-party provision, data security measures, responding to individual access/correction requests). The 2015 revision, among other things, clarified the definition of "personal information" (including "personal identification codes"), introduced the category of "specially-care-required personal information" (要配慮個人情報 - yō-hairyō kojin jōhō, i.e., sensitive information like race, creed, medical history), and established the Personal Information Protection Commission (PPC - 個人情報保護委員会 Kojin Jōhō Hogo Iinkai) as a central, independent oversight authority.
• Act on the Protection of Personal Information Held by Administrative Organs (APPIHAO - 行政機関個人情報保護法 Gyōsei Kikan Kojin Jōhō Hogo Hō): This law specifically governs the handling of personal information by national administrative organs. It was also significantly revised in 2016 to align with the main APPI and modern data handling practices. It covers both electronically processed and manually processed personal information.
• Similar laws exist for personal information held by Incorporated Administrative Agencies and local public entities (most local governments have their own Personal Information Protection Ordinances - 個人情報保護条例 Kojin Jōhō Hogo Jōrei).

Key Principles for Government Handling of Personal Information (under APPIHAO):

1. Purpose Specification and Use Limitation (APPIHAO Arts. 3(2), 4): Agencies must clearly specify the purpose for which they collect personal information and generally cannot use or hold it beyond what is necessary for that specified purpose.
2. Accuracy (APPIHAO Art. 5): Agencies must endeavor to keep the personal information they hold accurate and up-to-date within the scope of the specified purpose of use.
3. Security Measures (APPIHAO Art. 6): Agencies are obligated to take necessary and appropriate measures to prevent the leakage, loss, or damage of the personal information they hold.
4. Restrictions on Use and Provision for Other Purposes (APPIHAO Art. 8): Agencies generally cannot use personal information for purposes other than those specified at collection, nor can they provide it to third parties (including other government bodies for unrelated purposes), without the individual's consent or a specific legal basis (e.g., a requirement under law, urgent necessity to protect life).
5. Introduction of "Administratively Processed Non-Identifying Information" (行政機関非識別加工情報 - gyōsei kikan hi-shikibetsu kakō jōhō): The 2016 revision to APPIHAO introduced a system allowing agencies to create and provide to the private sector datasets derived from personal information but processed in such a way that specific individuals cannot be identified. This aims to promote the use of "big data" for innovation while protecting privacy.

Rights of Individuals (Regarding their information held by government agencies):

APPIHAO grants individuals (including business contacts if their information is personally identifiable) several key rights concerning their personal information held by national administrative organs:

• Right of Access (Art. 12): The right to request disclosure of one's own personal information held by an agency.
• Right to Request Correction (Art. 27): If disclosed personal information is found to be factually inaccurate, the individual can request its correction, addition, or deletion. However, this right is not unlimited. The Kyoto City Medical Rezept Correction case (Supreme Court, March 10, 2006), decided under a similar local ordinance, illustrates that an agency may not have the authority or duty to "correct" records that accurately reflect what was submitted by a third party (e.g., a medical bill from a doctor), even if the individual disputes the underlying facts recorded by that third party. The agency's duty is to ensure the accuracy of the records it holds and controls, not necessarily to adjudicate disputes about facts originating elsewhere.
• Right to Request Suspension of Use, Deletion, or Suspension of Provision to Third Parties (Art. 36): If personal information is believed to be held, used, or provided in violation of the Act (e.g., beyond purpose, unlawfully obtained, unlawfully provided to third parties), the individual can request the agency to suspend its use, delete it, or stop providing it to third parties.

Remedies for denial of these rights typically involve an administrative appeal (again, usually with consultation of the Information Disclosure and Personal Information Protection Review Board) and/or administrative litigation.

Nationwide ID Systems: Jūki Net and My Number

• Resident Basic Ledger Network (Jūki Net - 住基ネット): Introduced in 2002, this system connects municipalities nationwide and uses an 11-digit resident identification code to share four basic pieces of personal information (name, date of birth, sex, address) for identity verification in various administrative procedures. It faced significant privacy litigation. The Jūki Net case (Supreme Court, March 6, 2008) ultimately found the system constitutional, holding that given the limited scope of data shared and the existing legal and technical safeguards against misuse, it did not constitute an unreasonable infringement of privacy rights under Article 13 of the Constitution.
• My Number System (マイナンバー制度 - Mai Nanbā Seido): Established by the My Number Act of 2013, this system assigns a unique 12-digit individual number to all residents of Japan (including foreign residents with long-term status). Its primary initial uses are for social security, taxation, and disaster response administration, aiming to improve administrative efficiency, ensure fair benefit distribution and tax collection, and enhance convenience for citizens (e.g., through the "MyNa Portal" for online services and information access). Due to the potential for linking vast amounts of sensitive information, the My Number Act includes stricter data protection measures than even the APPI/APPIHAO, such as more severe penalties for misuse and specific oversight by the Personal Information Protection Commission.

Part III: The Foundation – Public Document Management (公文書管理 - Kōbunsho Kanri)

The effectiveness of both information disclosure and personal information protection regimes heavily depends on the proper creation, maintenance, and preservation of public documents. If relevant documents are not created in the first place, are poorly organized, or are prematurely or improperly destroyed, then rights to access information or ensure data accuracy become meaningless.

The Public Documents and Archives Management Act (公文書等の管理に関する法律 - Kōbunsho-tō no Kanri ni Kansuru Hōritsu), enacted in 2009 and effective from 2011, aims to address this. It was prompted in part by various scandals involving missing or improperly handled government records (such as the "disappearing pension records" issue).

Key features include:

• Declaring public documents as "intellectual resources shared by the people," essential for government accountability (Article 1).
• Imposing a duty on public officials to create documents that properly record important decision-making processes, policies, and administrative actions (Article 4).
• Requiring heads of administrative organs to establish systems for the proper classification, retention scheduling, preservation, and eventual transfer to the National Archives of Japan or appropriate disposal of administrative documents (Articles 5, 8). This involves creating "record schedules" that define how long different types of documents must be kept.
• Documents transferred to the National Archives as "specified historical public documents and records" (tokutei rekishi kōbunsho-tō - 特定歴史公文書等) are, in principle, preserved permanently and made available for public use, subject to restrictions similar to the non-disclosure exemptions in the Information Disclosure Act (Articles 15, 16).
• The Act establishes a Public Document Management Commission to provide expert advice and review certain decisions (e.g., concerning restrictions on the use of historical documents).

Balancing Transparency and Data Protection for Businesses

For businesses, these two legal regimes create a dynamic interplay:

• Accessing Government Information About Your Business or Competitors: The Information Disclosure Act allows businesses to request information held by government agencies. This can be valuable for understanding regulatory decisions, market conditions (from public data), or even information related to competitors (subject to the robust "corporate information" exemption designed to protect trade secrets and competitive standing).
• Protecting Your Company's Sensitive Information: When businesses submit confidential commercial information to government agencies (e.g., for regulatory approvals, in response to investigations, or as part of procurement bids), they need to be aware of the "Corporate Information" exemption (Article 5(2) of the Disclosure Act). While this exemption provides significant protection for trade secrets, proprietary financial data, R&D plans, and customer lists, it is not absolute. Agencies must balance this against any overriding public interest in disclosure (e.g., to protect life, health, or property). Businesses should:
  • Clearly mark information submitted to the government as confidential where appropriate.
  • Understand the agency's policies on handling confidential business information.
  • Be prepared to make a case for non-disclosure if they are notified that a third party has requested access to their information.
• Handling Personal Information in Business Records Submitted to Government: Business records provided to administrative agencies might also contain personal information about employees, customers, or other individuals. This personal information would be subject to the protections of APPIHAO (or local ordinances) once held by the agency, and also to the exemptions under the Information Disclosure Act.
• Data Protection Compliance (as a private entity): Separately, businesses themselves are subject to the main Act on the Protection of Personal Information (APPI) for how they collect, use, and manage personal data in their own operations.

Conclusion: A Dual Imperative for Modern Governance

Japan's legal system strives to achieve a difficult balance between the democratic imperative for government transparency and the fundamental right to the protection of personal information. The Administrative Information Disclosure Act provides a broad right of access to government documents, tempered by necessary exemptions to protect legitimate private and public interests. Simultaneously, a comprehensive suite of laws, spearheaded by the APPI and APPIHAO, and supported by robust document management practices, aims to ensure that personal data held by both public and private entities is handled responsibly and securely.

For businesses operating in Japan, this dual framework means they have avenues to seek information from the government that may be relevant to their interests, while also having a reasonable expectation that their own sensitive commercial information and the personal data they may entrust to public bodies will be appropriately safeguarded. Navigating this landscape effectively requires an understanding of the specific rights and obligations under each regime, awareness of the scope of exemptions and protections, and attention to the procedural mechanisms for exercising access rights or seeking redress.