Journal of Law and Information System Volume 9

Regulation of Video Games and the Internet Use by Ordinance

This paper examines the issues involved in local governments regulating video games and Internet use by ordinance using the Kagawa Prefecture Video Game Ordinance (KPVGO) enacted in 2020.
　First, this paper discusses the limitations of local governments’ authority to enact ordinances regulating digital platform operators that provide online games and other services. In the digital age, the regulation of digital platform operators under the ordinance raises the problem that the effect of the ordinance extends extraterritorially.
　Secondly, this paper examines whether KPVGO violates the parent’s right to educate the children, the children’s freedom of playing video games, and the freedom of business by digital platform operators.
　Finally, this paper points out that there are limits to the judicial remedies for video games and Internet regulation by ordinance. The court’s power to review unconstitutional legislation may not adequately examine the constitutionality of ordinances regulating the Internet and video games enacted by local governments. Therefore, local governments themselves need to examine the legislative facts and carry out a fair public comment process.

The Constitutional Theory of the Digital Media Platforms

The concentration of economic power threatens to erode not only consumer welfare, but also citizen welfare, such as the sustainability of democracies and the guarantee of individual freedom. The digital media platform companies that have emerged in recent years already have significant economic and media resources, and in addition to their economic dominance, they are also gaining political influence. If the present situation remains unchanged, the danger of a decline in citizen welfare could become apparent.
　This article argues that the introduction of new economic regulatory rules is necessary to prevent a decline in citizen welfare resulting from the concentration of economic power in digital media platform companies. The article then proposes three possibilities as new economic regulations: 1) strict application of conduct regulations in Antitrust Act, 2) separation of platforms and commerce, and 3) enactment of new regulatory Acts to ensure platforms neutrality and fair redistribution of their advertisement revenues.

The Right of Attribution and Expression on SNS

Twitter employs an automatic image clipping system, which sometimes result in the author’s name not being displayed on posted or retweeted image. The Supreme Court of Japan on July 21, 2020 ruled that a retweet of another person’s post containing an image would be an infringement of the Right of Attribution under the circumstances of this case when the image was displayed with the attached author’s name removed by Twitter’s automatic image clipping system. This article discusses the conflict and the coordination between the author’s rights and expressions on SNS through the intrinsic understanding and the critical review of this decision. The article understands that the purpose of the attribution right is to protect the interest of claiming authorship of the work. In light of this purpose, the court should leniently find that the author’s name is indicated. We doubt that the interest of claiming authorship was harmed in this retweet case. With the development of search technology, it has become easier to secure the benefit of claiming authorship. Thus, we need to explore a new way of the right of attribution.

The Future of the Right to Demand Disclosure of Identification Information of the Sender

A victim damaged by a distribution of a violating information can demand ISP to disclose the identification of its sender. But to obtain the information which can identify the sender, the victim must file two lawsuits, firstly against the hosting provider, and secondly against the internet access provider, because the former provider normally doesn’t keep the name and address of the sender, but only the IP address and timestamp of violating information which make the victim to identify the latter provider who has the information of real name and address of sender. This is long way to file a lawsuit against the sender violating the victim’s right.
　To get the identity of the sender, the victim must prove the violation of his right, mainly defamation or copyright infringement. In case of defamation, the plaintiff has to prove not only his damage of reputation from the distribution of sender’s expression, but also the lack of public interests or the falsehood. This burden of proof is more than the lawsuit between the victim and the sender.
　In 2020, Japanese government prepared the reform of this law. The research group made a plan to reform which establish a single procedure to disclose the information of the sender violating the victim’s right.
　This article analyses the plan to reform of the right to demand disclosure of identification information of the sender.

Pandemics, the Protection of Personal Information and the Right to Privacy, (Part 2: The Right to Privacy)

The following perspectives will be deliberated with regard to fundamental considerations for ensuring both the effectiveness of infectious disease control measures and the guarantee of the right to privacy:
　⑴ issues concerning the restriction of the right to privacy in emergency situations, including: (ⅰ) measures associated with emergency situations and the restriction of the right to privacy in a such situations; (ⅱ) normalisation, regularisation and the continuing of exceptional responses in emergency situations, (eg concerns about ‘roll-back’ and the ‘ratchet effect’); (ⅲ) use for purposes different from those originally intended, (‘Dual-Use’); and (ⅳ) acquisition of subsidiary information and unexpected emergence of unexpected situations, (eg the applicability of ‘human-body temperature’ to personal information requiring consideration and subsidiary information associated with the measurement of human-body temperature and the example of ‘mission creep’); and (ⅴ) the need to respond to over-reactions which do not recognise the urgency of the situation.
　⑵ Issues concerning privacy in infectious disease control include: (ⅰ) procedures for requesting and disclosing personal information and the issues related to privacy; (ⅱ) the obligation to cooperate with active epidemiological surveys of specified patients and others based on the revised Infectious Diseases Control Act and restrictions on the right to privacy; (ⅲ) the correspondence between the personal information taken and thus, sensitive personal information acquired in relation to the taking of tests, etc, (ⅳ) the implementation of tests for infectious diseases which are not included in the tests to be taken and the violation of privacy and (ⅴ) the necessity of thorough security management measures for information management in relation to countermeasures against infectious diseases.
　⑶ The use of technology for infectious diseasecontrol and privacy: (ⅰ) the use of GPS location information, (ⅱ) the introduction of contact-tracing and confirmation applications and the considerations required to resolve concerns about their widespread use, (ⅲ) the acquisition of biometric information and the use of biometrics, and (ⅳ) sewage epidemiological surveys and privacy, (eg the privacy of waste-water).

Economi analysis of privcy in an emergency

After the breakout of new corona infection, active discussions are started on how to use personal data in an emergency. This paper discusses the use of personal data and privacy protection in crisis situations such as the new corona infection, and what kind of suggests can be obtained from the viewpoint of “economics of privacy”. In Japan, privacy and security protection issues are discussed exclusively from the viewpoint of a legal framework. In europe and the U.S., policy discussions are examining how policy decisions on data protection affect stakeholder trade-offs from an economic perspective. In this paper, I introduce the “economics of privacy”, which is not familiar in Japan, and discuss the usefulness of economic analysis of privacy in crisis situations.

The EU Law Enforcement Directive (LED)- Implementing in Germany and the LED adequacy decisions, Mainly about the supervisory authorities

The EU Law Enforcement Directive (Directive (EU) 2016/680, LED), which governs data protection in the police and criminal justice sectors, has a framework for the adequacy decisions for international data transfers to third countries, territories, and international organizations outside the EU (Art. 35 LED). The UK’s LED adequacy decision process was initiated for the first time in 2021, and discussions may begin on Japan in the future. 　This article gives an overview of the relationship between the Judicial Police Directive and EU Member States’ law. As an example, it explains the relationship with national legislation in Germany and describes the supervisory authorities’ powers. This is because it is necessary to observe the Member State Law’s implementation regarding the “essentially equivalent” level for LED. Moreover, it overviews the requirements for international data transfers, introduces criticisms of the lack of LED adequacy decisions, and confirms the recommendations of the European Data Protection Board (EDPB) (2021/01 Recommendation). Based on the above analysis, I would like to comment on the necessity of action in Japan.

Law and Policy on the Cyber Supply Chain Security in the United States

This paper deals with cyber supply chain security policy in the United States.
　First, the objectives of the policy are to ensure the confidentiality of information in the supply chain, integrity (genuine and unaltered IT/OT products and services), resilience, and quality.
　Second, this paper points out that U.S. policies ensure confidentiality primarily through NIST’s information security management standards for organizations/contractors, and achieve integrity and quality mainly through procurement rules.
　Third, this paper also points out the challenges. The implementation rate of such standards by federal agencies is low, and it is pointed out that the reason is the lack of procurement rules. Therefore, this paper points out that, for supply chain security policy, it is important to raise awareness through information security management standards and to make it mandatory through procurement rules.