In Japan, several incidents happened regarding big data in the context of behavioural advertising and marketing. JR East Japan Railway Company sold data of SUICA, an IC card used for train ticket and shopping, to Hitachi, and Hitachi announced that they will provide it to third parties for marketing information. Although name and address were deleted, many requested not to use their data, and Big Data’s use was terminated. Milog, Co., Ltd., an IT venture business who collected smart phone application usage history was accused for violation of privacy and dissolved.
Personal Information Protection Law has not caught up this technology development. Privacy is out of the regulation and sales of the information which does not specify the individual is not illegal even if no consent is obtained. Japanese government has decided to amend the law in 2015. Some plan proposes to strengthen the regulation. For example, expanding the scope of personal information to protect information which will not be connected to individual alone but be connected together with other information is proposed. Obliging companies to have a technical measure not to be able to specify individual is proposed as well. Establishing new authorities who has a right of on-the-spot inspection is considered. On the other hand, allowing the sales of the data if appropriately made anonymous or if the companies promise not to re-specify individuals is discussed as well.