On 1 July 2019 the Unfair Competition Prevention Act was amended to afford new legal protection to Big Data. The act regulates several types of unfair competition, including the new act of wrongfully acquiring, disclosing and using Big Data. Thus, parties should review their management systems, internal rules and agreements regarding the handling of data in order to ensure that such data is eligible for this new legal protection.

Background

Following the Fourth Industrial Revolution, the way in which data is used has changed significantly (eg, the Internet of Things and AI) and the increasing importance of data is now well recognised. However, cases in which data is subject to legal protection under Japanese law remain limited. For instance, data is an intangible asset and thus cannot be the subject of legal rights under the Civil Code, such as ownership or possession. Further, although data can theoretically be protected as intellectual property (eg, copyright, patents and trade secrets), in reality, it is generally difficult for data that is mechanically generated by devices such as sensors and cameras or the use logs of smartphones to fulfil the requirements of these IP rights, such as the creative element. In addition, in order to be protected as a trade secret under the Unfair Competition Prevention Act, data must:

  • be managed as a secret;
  • have utility; and
  • not be in the public domain.

In practice, it is difficult to satisfy all of these requirements if the data is intended to be distributed to, or shared with, a certain number of parties through a transaction.

Given the lack of adequate legal protection available for data, data owners tend to be reluctant to share their data with others because they believe it is likely to lose its value once it is disclosed to third parties. This is regardless of the fact that data is essential for developing a country's economy and society.

Requirements of protected data

To enhance the legal protection available to data and encourage its use, the Ministry of Economy, Trade and Industry (METI) amended the Unfair Competition Prevention Act to include the wrongful acquisition, disclosure and use of 'data for limited provision' (ie, protected data) in the list of acts of unfair competition.

'Protected data' is defined under the amended act as technical or business information that is:

  • accumulated in a reasonable amount by electronic or magnetic means (ie, an electronic form, a magnetic form or any other form that is impossible to perceive through human senses alone); and
  • managed by electronic or magnetic means as information provided to specific persons on a regular basis.

To avoid an overlap of trade secrets and protected data, data that is managed as a secret is excluded from the definition of protected data. Further, any open data that has been made available to the public without compensation is excluded.

Big Data is generally expected to fall within the scope of protected data. However, it must satisfy the abovementioned requirements, particularly the main elements of protected data – namely:

  • accumulated in a reasonable amount (significant accumulation);
  • managed by electronic or magnetic means (electromagnetic management); and
  • provided to specific persons on a regular basis (limited provision).

The meaning of each element is explained in the Guidelines on Protected Data, which METI published on 23 January 2019.

Remedies

Similar to how trade secrets are protected under the Unfair Competition Prevention Act, the courts can issue injunctions and award monetary damages in respect of the wrongful acquisition, disclosure or use of protected data where this amounts to an act of unfair competition under the Unfair Competition Prevention Act. Provisions relating to the presumption of the amount of damage also apply. However, unlike with trade secrets, criminal penalties do not apply with respect to protected data.

Comment

The new legal protection for Big Data is expected to increase data use. However, in order to qualify as protected data, data must be managed accordingly. Thus, all parties which use or might one day use Big Data in their business should review their management systems, internal rules and agreements regarding the handling of data in order to ensure that such data can fall under the definition of protected data set out in the act. Failure to do so will prevent such parties from claiming legal remedies when their data is misused.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.