自治体における個人情報保護研修

Privacy in Asia: Building on the APEC Privacy Principles
The Current Framework and the Future
Approach for Protecting Privacy in Japan
October 22nd, 2013
Dr. Fumio SHIMPO
Professor
Keio University
Faculty of Policy Management
Email: [email protected]
List of Questions to be addressed








1) What is the current framework for protecting privacy online in your
country?
2) How do you assess the prospects for greater alignment/harmonization
of national privacy regimes across the Asian region?
3) Will the resulting Asian approach to privacy protection differ in some
respect from those now being developed in the US and within the EU;
what implications does this have for global privacy governance?
4) What is the current framework for protecting privacy online in your
country?
5) How do you assess the prospects for greater alignment/harmonization
of national privacy regimes across the Asian region?
6) Will the resulting Asian approach to privacy protection differ in some
respect from those now being developed in the US and within the EU;
what implications does this have for global privacy governance?
7) Who are the key actors in the privacy debate in your country and what
are their roles and powers?
8) How have data privacy regulations in your country affected
businesses・utilization of cloud services and big data?
Relationship with Personal Information Protection Laws in Other Countries
GPEN (Global
Privacy Enforcement
Network)
International Conference of Data Protection and
Privacy Commissioners
OECD
Privacy Guidelines
Recommendation on Cross-Border Cooperation, Security Guidelines, etc.
Japan’s task is to participate in the network of cross-border
OECD member countries that work together on the
protection of personal information
Japan USA
Act on the Protection
of Personal
Information
Individual laws
(International conference of personal information
protection authorities)
•Japan is an observer
•Establishment of an internationally-accepted
“Independent personal information protection
organization” is a requirement
•Standard for authorization as data protection
organization
•Legal basis
•Autonomy and independence
•Consistency with international instruments
•Appropriate functions
ＥＵ
Data Protection Directive
Data protection directive that regulates
transfers of personal data to third-party
countries
Japan’s task is to satisfy the EU-specified “adequate
level of protection”
Privacy Framework
European Data Protection Regulation (draft)
Cross-Border Privacy Rules (CBPR)
Cross-border Privacy Enforcement Arrangement (CPEA)
Japan’s task is to create a system of cross-border
execution cooperation which can be utilized in cases of
cross-border personal information leakages
APEC
©2013 Fumio SHIMPO
APPA (Asia
Pacific Privacy
Authorities)
（January 25, 2012）
・Establishment of an independent personal information
protection organization is a requirement
・More rights for data subject (The “right to be
forgotten,” data portability)
・Security (duty to report information leakages within 24
hours)
・Management responsibilities (data protection impact
assessment, data protection seal or mark system)
・Transmitting personal data (consistent procedures)
1. History of Personal Data Protection Systems in Japan
Local Government Regulations

Local governments worked quickly to adopt their own personal data protection regulations
before the enactment of the OECD guidelines
OECD Privacy Guidelines : 8 OECD Principles
Start of personal data protection systems management

Administrative Agency Personal Protection Laws


Establishment of personal data protection laws (national administrative
agencies only)
‘Law relating to protection and management of personal data stored on
administrative agency computers’ (December 16th, 1988 Law No. 95 )
Dealing with the Private Sector


‘Guidelines for personal data protection in the private sector’ - Japan Information
Processing Development Corporation (JIPDEC) (1988)
‘Guidelines relating to the protection and management of personal data on
computers in the private sector’, (March 4th, 1997, Ministry of International Trade
and Industry proclamation, No.98)
Privacy Mark System



‘Privacy mark system’ (effected, April 1st, 1998)
JIS Q 15001, ‘Personal data protection compliance program requirements’,
(established March 20th, 1999)
JIS Q 15001, ‘Personal data protection management system requirements’,
(established March 20th, 2006)
2. History of Establishment of Laws Relating to Personal Data Protection (Japan)
July 14th, 1999, Agreement on formation of ‘Personal Data Protection Investigation Unit’ (Chairman, Masao Horibe,
Professor, Chuo University’s Faculty of Law)
October 20th, 1999, Announcement of paper 'Regarding Protection of Personal Data' (Central theme, Chairman’s plan)
November 19th, Announcement of 'State of Personal Data Protection Systems in Japan‘, by High-Tech
Telecommunications’ Society Promotion Committee’s Personal Data Protection Investigation Unit (Mid-Term Report)
February 4th, 2000, Formation of 'Personal Data Protection Legislation Specialist Committee‘, (Committee Chairman,
Itsuo Sonobe, Professor at Ritsumeikan University’s Graduate School) (Session No.28)
October 11th, 2000, Agreement on 'Fundamentals relating to Personal Data Protection Laws'
Drawing up of proposed legislation in accordance with fundamentals. Submitted as Cabinet Legislation No.90 to the
151st Diet on March 27th, 2001.
April 18th, 2001, Formation of 'Administrative Agency Personal Data Protection Law Research Group' (Chairman,
Takashi Mogushi, former Director-General of the Cabinet Legislation Bureau), presided over by the Secretary to the
Minister of Internal Affairs and Communications on approval of the Minister.
March 15th, 2002, Submission of Cabinet Legislation Nos. 70-73 to the 154th Diet.
December 13th, 2002, five personal data protection bills rejected by the Lower House Committee of the Cabinet.
March 7th, 2003, five revised personal data protection bills, Cabinet Legislation Nos. 71 – 75, submitted to the 156th
Diet.
May 23rd, 2003, five personal data protection bills approved and formally announced on May 30th.
3. Laws relating to Personal Data Protection
Approved on May 23rd, 2003, formally announced and enacted on May 30th.
Regulations in Chapters 4-6, and additional regulations in Articles 2-6 imposing specific responsibilities on
companies handling personal data under the Personal Data Protection laws and Administrative Agency Personal
Data Protection laws, enacted April 1st. 2005.

Act on the Protection of Personal Information


Act on the Protection of Personal Information Held by
Administrative Organs


(2003 Law No.59)
Act for Establishment of the Information Disclosure and Personal
Information Protection Review Board


(2003 Law No.58)
Act on the Protection of Personal Information Held by
Administrative Agencies


(2003 Law No.57)
(2003 Law No.60)
Act on Preparation of Relevant Acts Accompanying Effectuation
of the Act on the Protection of Personal Information Held by
Administrative

(2003 Law No.61)
4 Overall Outline of Personal Data Protection Laws in Japan
Basic Policy
Personal Data Protection Laws
Administrative Agency Personal Data
Protection Laws
Basic Policy (basic policy on personal data protection approved by the Cabinet)
Basic laws and laws relating to the private sector (laws and ordinances regarding
the protection of personal data)
Laws relating to administrative agencies in the public sector. (laws and
ordinances concerning administrative agency personal data protection)
Protection of personal data by following regulations with the aim of personal data
protection under each individual law (existing laws such as ‘The Dispatch Industry
Law’ and ‘Employment Security Law’)
Individual Laws
Laws with regard to legal liability concerning leakage and misuse of personal data.
(‘Unfair Competition Prevention Law’)
Privacy protection obligation regulations from a professional standing. (‘Public
Servant Law’, various industrial laws)
Personal Data Protection Regulations
Local government personal data protection regulations.
Guidelines for each Ministry in accordance with Article 8 of the Personal Data
Protection Law.
JIS Q 15001 'Personal Data Protection Management System, Requirements'
Guidelines
Standards and guidelines in accordance with laws (guidelines adhering to ‘The
Industry Standardisation Law’ and ‘Provider Limited Liability Law’)
Administrative agencies setting guidelines for themselves (safety management
and use of telecommunications technology)
Setting guidelines for private organisations and the private sector (business world
guidelines)
Application of the Act on the Protection of Personal Information
Private sector
Public sector
Act on the
Act on the
Protection of
Protection of
Personal
Personal
Information Held by
Information Held by
Independent
Administrative
Act on the Protection
Administrative
Organs
of Personal Information
Agencies, etc.
Act for Establishment of the Information
Disclosure and Personal Information
Protection Review Board
Act on Preparation of Relevant Acts
Accompanying Effectuation of the Act on the
Protection of Personal Information Held by
Administrative Organs
Ordinances in
local
governments
1742 bodies
(As of Oct 1, 2012)
Basic principle
Responsibilities of the state and local governments
Measures for the Protection of Personal Information, etc.
Basic
Policy
portion
Basic Policy on the Protection of Personal Information
©2013 Fumio SHIMPO
Ministry of
Economy Trade
and Industry
Financial
Services
Agency
Ministry of Land,
Infrastructure
and Transport
Land transport
Real estate distribution
companies
General
operations
Credit information
Ship crew employment
management
Medicine / nursing
Credit retrieval
Medical information
systemsSafety
management
Ministry of
Justice
Medical information
management
Financial
safety management practice
guidelines
General employment
management
Personal genetic
information
5. Areas for Establishing Ministerial Guidelines Relating to Personal Data Protection Laws
Human
genome /
genetic
analysis
research
Genetic therapy
clinical research
justice
schools
Telecommunications
Health information
Human hepatic cell
clinical research
Ministry of Health,
Labour and Welfare
Worker dispatch
Employment introduction
Epidemiological
research
Clinical research
Welfare
Police mutual aid
association
Ministry of Education,
Culture, Sports, Science
and Technology
Broadcasting
Postal Service
Correspondence
service
Ministry of Internal
Affairs and
Communications
Trade unions
Health insurance
union
National health
insurance union
Local public
employee’s mutual
aid association
Ministry of
Defense
Ministry of
Finance
Ministry of
Agriculture, Forestry
and Fisheries
defense
finance
Agriculture, forestry
and fisheries
Corporate pensions
National Public Safety
Commission
Ministry of
Foreign Affairs
police
Foreign affairs
Italics = communication / Underline = notification
©2013 Fumio SHIMPO
Land
Infrastructure
and Transport
Employment
Education
Police
Agriculture,
Forestry and
Fisheries
Ministerial Guidelines
Medical
Services
Financial
and Credit
Services
Telecommu
nications
Justice
Finance
etc
Basic Policies
Individual Investigation
Measures
Revision of Guideline Policy
Settlement
Personal Data Protection Law
Article 6 3rd Clause
Article 7
Article 8
Individual laws,
other measure
management
Basic policy settlement
Settlement of guidelines
other necessary measures
Secondary Resolutions
Financial and
Medical
Services Credit Services Telecommunications
Enterprises under the jurisdiction of Personal Data Protection Law Article 36
1st Clause
Welfare
Overall
Enterprises
6. Ministerial Guideline Policy Decisions / Basis of Revisions
PrivacyMark System
For enterprises that have prepared a management system in compliance
with requirements of JIS Q 15001 for the protection of personal
information, and properly handle personal information
Assessed and certified by third-party organization JIPDEC
(and its specified organs)
The system allows the use of the PrivacyMark logo as proof of certification
©2013 Fumio SHIMPO
Report of the Study Group on the Use and Flow of
Personal Data
- Measures to Promote the Proper Use and Flow of Personal Data (Summary)
Ministry of Internal Affairs and Communications, Japan
Study Group on the Use and Flow of Personal Data
utilisation of Big Data
Issues related to Protection of Privacy etc.
Dissemination and development of ICT
Capable of using a large volume of diverse
information so-called “big data”, including
personal data(information about an individual)
● Uncertainty of rules for personal data
and privacy protection obstructs
development of new types of
businesses using personal data
Making it possible to provide a variety of
services that match the needs of each
individual better
●Increase of concerns about privacy
due to accumulation and use of a
large volume of information about
individuals
Measures by MIC
It is necessary to
make rules for
personal data
utilisation clear ,
considering
harmonisation
between free flow of
information and
privacy protection etc.
Ministry of
Internal Affairs
and
Communication
s, Japan has
held the Study
Group on Use
and Flow of
Personal Data.
※Following the various discussions concerning the scope of protected information related to an individual, the Study Group defined ‘Personal
Data’ as information about an individual in general, not limited to information which is personally identifiable and defined as ‘Protected
Personal Data’; ie. information about an individual to be protected.
Members
Meeting schedule
◎Masao Horibe, Professor Emeritus at Hitotsubashi University
○Shigeo Tsujii, Professor at Chuo University
Fumio Shimpo, Professor at Keio University
Masahiro Sogabe, Professor at Kyoto University
Hiroyuki Kuwako, Japan Data Communications Association
Hisamichi Okamura, Attorney, Visiting Professor at National
Institute of Informatics
Miki Nagata, National Federation of Regional Women’s
organizations
Naohiro Yoshikawa, ATKearney
Hiromichi Yasuoka Nomura Research Institute
The other members include representatives from businesses
and local government etc.
(Observers)
Consumer Affairs Agency , METI
◎Chair, ○Vice-Chair
▲
1st (Nov.1,2012)
▲
7th(April 3,2013)
Held once or twice
every month
Points of Issues
Discussion based
on presentations
by the members
or other people
▲
8th(May 14,2013)
Draft Report
▲
9th(June 11,2013)
Report
(Released on
June 12,2013)
Request for Public Request for Public
Comments
Comments
Cabinet level meetings
・Industrial
Competitiveness
Council
・IT Strategic
Headquarters
・Regulatory
Reform Council
Recognition of importance of making good environment for
personal data utilisation
Report of the Study Group on the Use and Flow of Personal Data (Summary)①
Directions for Prompt Implementation
(1)
System of Personal Data Utilisation Framework
• It is important to harmonise the promotion of a framework of personal data utilisation and the
appropriate protection of privacy.
• It is vital to maintain and reinforce people’s trust in the appropriate handling of personal data
in order to promote its utilisation.
• It is necessary to make rules for personal data utilisation clear.
The Scope of “Protected Personal Data”
• Basically, it is appropriate to define the scope as ‘Personal Identifiability’, and it is necessary to
make a substantial judgement in the light of privacy protection.
• ‘Protected Personal Data’ is considered to include any identification data on any individuals’ PCs
and smartphones as well as continuously collected information, such as purchase history data.
The Content of Rules for Personal Data Utilisation
• ‘Protected Personal Data’ is classified into the following three types according to the level of privacy:
✓General personal data (e.g., widely known information, public information, and business-related information,
such as business card information);
✓ Personal data which requires careful handling (e.g., address book, location, and subscriber information on
smartphones);
✓ Sensitive data (e.g., information on thoughts and creeds and health information).
• Personal data should be handled in accordance with the context at the time of data acquisition
and with the level of privacy of the data.
Report of the Study Group on the Use and Flow of Personal Data (Summary)②
Directions for Prompt Implementation
(2)
Method of Rulemaking for Personal Data Utilisation
• Good use of multi-stakeholder processes (i.e., an open process which includes a variety of parties,
such as the government, enterprises, consumers, and experts etc).
Method of Securing Compliance with Rules for Personal Data Utilisation
• Incorporation of privacy policies into contracts.
• Establishment of bodies consisting of experts which present opinions on rules for personal data
utilisation and resolving of disputes.
Utilisation of Technologies for Personal Data Protection(Anonymisation, Cryptography etc.)
• In order to promote utilisation of personal data, it is appropriate to make the maximum use of
technologies to protect privacy (eg, anonymisation and encryption).
• It is considered that anonymised data, of which re-identification is impossible or sufficiently
difficult, can be utilised freely.
Securing free flow of personal data beyond borders
• In order to ensure international free flow of personal data, Japan should actively contribute to
discussions for international rulemaking.
Report of the Study Group on the Use and Flow of Personal Data (Summary)③
Directions for Full-Scale
Implementation
• The voluntary efforts of business operators and operational improvements in the current system will not have sufficient
legal binding power. In order to ensure consistency and stability, institutional efforts, such as a review of the Act on the
Protection of Personal Information is essential.
• As a result, international expansion of enterprises and the effective trans-national use of big data etc. will become easier,
thus contributing to the realisation of world-wide, highly literate ICT society and economic growth.
The Need for the study of the following items by the Japanese Government.
● Privacy Commissioner System Appropriate for Japan
• It is essential to establish a system in which knowledgeable human resources deal with issues relating to personal data
‘horizontally’, in a prompt and proper manner, making substantial judgments in order to secure people’s trust.
• Many countries including the US, the EU and other developed countries have independent supervisory bodies, (Privacy
Commissioners) for personal data protection.
Under the present circumstances, there exists an international environment for Privacy Commissioners of respective countries to
exchange views and adjust policies relating to personal data.
●Method for Securing the Effectiveness of Multi-Stakeholder Processes etc.
• Institutional arrangements to ensure compliance of enterprises and other organisations with their own policies or rules
declared voluntarily.
• Incentives for enterprises to participate in multi-stakeholder processes.
• A mechanism to ensure privacy protection by enterprises not participating in multi-stakeholder processes protect privacy.
●Other Issues relating to the Current Law (Act on the Protection of Personal Information).
•
Treatment of small businesses, shared use, certification systems to ensure substantial privacy protection, etc.
Change in and Forecast of the Number of Domestic Smartphone Shipments
Smartphones are continuing to make up a rapidly growing percentage of the mobile phones shipped in
Japan, and are expected to reach 80% in FY 2013.
(Units:
million)
5,000
（万台）
スマートフォン出荷台数
Smartphones
4,500
4,274
4,000
3,589
1,857
3,444
3,000
4,370
4,240
スマートフォン出荷台数比率
Smartphones, as
percentage
4,260
860
1,130
3,764
3,500
フィーチャーフォン出荷台数
Feature Phones
80.3%
73.3%
82.6%
4,480
690
84.6%
100.0%
4,390
90.0%
85.6%
630
80.0%
740
70.0%
60.0%
56.6%
2,500
50.0%
2,909
2,000
3,479
3,210
3,510
3,520
3,790
3,760
3,110
1,500
22.7%
30.0%
2,417
1,000
500
0
40.0%
20.0%
6.8%
3.1%
110
234
FY200
08年度
8
FY200
09年度
9
10.0%
855
0.0%
FY201
10年度
0
FY201
11年度
1
FY201
12年度
2
FY201
13年度
3
FY201
14年度
4
FY201
15年度
5
FY201
16年度
6
* Survey conducted by MM Laboratories (values from FY 2012 onwards are estimated). (“Recorded and projected numbers of smartphones shipped annually
(as of March 2012)” (13th March 2012) and “Smartphone terminals shipped in Japan in the first half of FY 2012” (1st November 2012)).
©2012 Ministry of Internal Affairs and Communications
Structure of Smartphone Services
 As for smartphones, a variety of business operators with different roles offer services in each layer. On the
other hand, as for traditional mobile phones, mobile phone carriers offer all services from infrastructure
to contents.
 Business operators which provide the operating system (OS) equipped with smartphones usually
operate sites for providing applications and have an influence on each layer, such as the development
of devices, use of communication networks, provision of applications, charging/authorization, etc.
 It is pointed out that an application developer gains certain compensation for incorporating
information collection modules provided by an advertisement delivery business operator into
applications and that user information may be transmitted to information collection business operators
through information collection modules.
Examples of the parties related to user information on smartphones
Provision of
individual
apps
Contents
service layer
Mobile terminal
providers
App.
App.
App.
Application
provision sites of
contents
business
operators
Mobile
telecommunicat
ions carriers
App.
Application
provision sites of
OS providers
Mobile
terminal layer
OS providers
Sites
Application
provision sites of
mobile
telecommunicatio
ns carriers
Application
provision sites of
device
manufacturers
Provision of
places
where apps
can be
provided to
users
Network layer
Website
operators for
apps
distribution
App.
Browsing
Platform
layer
Apps providers
& individuals
Provision of
information
collection
modules
Advertis
ement
Ad. Service
providers
Advertis
ement
Advertiser
Information
collection
providers
Downloading apps
WiFi
WiMAX
3G network
User Information
Smartphone
User
©2012 Ministry of Internal Affairs and Communications
“Smartphone Privacy Initiative”
Structure of the Guideline for Handling Smartphone User Information
19
 Anxiety of users regarding user information should be eliminated voluntarily by responsible business actors.
 The Guideline provides the principles to which a variety of different stakeholders (including app providers who do not take part
in the industry associations) can refer. Taking into account the status quo of the industry, the industry is encouraged to make their
industry-specific guidelines by enriching and further developing the principles proposed in the Guideline.
Fundamental Principles
1.
2.
3.
Ensuring Transparency
Securing the Opportunity of User Participation
Ensuring Data Collection through Proper Means
4.
5.
6.
Measures Undertaken by User Information Acquirers
(e.g., Apps provider, information collection modules providers,
Advertisement delivery service providers)
1. Making Application Privacy Policy
☞ A privacy policy including the following items should be
created for each app and each information collecting module.
Such privacy policy should be easily understandable and a
simplified version or short notice should also be made
available.
i)
Name of the apps provider who
consent, and how the user
acquires personal information;
participates are ensured;
ii) Details of the personal
vi) Whether or not the acquired
information to be acquired;
information is to be transmitted
iii) How to acquire such personal
to the third party; whether or
information;
not it is transmitted to
iv) Specifying and explicitly
information collecting module
explaining the purpose of
providers;
acquiring personal information vii) Contact point for queries; and
v) How to notify and disclose
viii) Procedure for changing privacy
privacy policy, and acquire user
policy
2.
3.
Proper Management of User Information
Special Instructions regarding Information Collection
Module Providers and Advertisement Delivery Service
providers
Ensuring Proper management of User Information
Properly Handling Complaints and Requests for Advice
Privacy by Design
Measures taken by other relevant business
operators
1.
Mobile Network Operators and Mobile
Terminal Providers
☞ when selling smartphone services, etc.
☞ Application distribution portals operated
by mobile telecommunication carriers
2. Application Distribution Portal Operators,
and OS Providers
☞ Application distribution portals
3. Other relevant business operators
☞ Reviews on applications, etc.
Guideline for Handling Smartphone User Information: Fundamental Principles
20
１ General Provisions
To develop an environment in which users can use smartphones and services provided through them in a safe and secure manner, all
the relevant business players are required to appropriately handle user information, thereby securing users’ trust in the provided
services. (e.g. Providing sufficient explanation to users and ensuring transparency of services; ensuring substantive opportunities for
user participation)
Fundamental Principles
1. Ensuring Transparency
Users should be notified of the details of the target information, its utilization and opportunities for user participation in case
personal information is collected. Otherwise such details should be placed where that they are easily noticeable. In case of notifying
users of the collection of their personal information, announcing it or acquiring consent from users, such notification, announcement
and acquisition should be conducted in an easily recognizable and understandable manner.
2. Securing Opportunities of User Participation
Relevant businesses operators should notify or disclose necessary details in case of collecting personal information (e.g.,
information to be collected, purpose of information usage, and a range of information that is to be provided to the third party). Users
should be able to know how to stop personal data being collected and how to get involved in the process.
3. Ensuring Personal Data Collection by Proper Means
Relevant businesses acquire target personal information by proper acceptable means.
4. Ensuring Proper Management of User Information
Relevant businesses take necessary and proper measures in order to prevent targeted personal information from leaking, being lost
or damaged, etc.
5. Properly Handling Complaints and Request for Advice
Relevant businesses are required to respond to complaints and requests for advice regarding personal information.
6. Privacy by Design
When designing new apps and services, relevant businesses should take into account how personal information should be handled
and ensure personal information and privacy be protected and respected. They should well recognize the protection of personal
information and privacy needs to be enhanced. From the users’ perspective, apps and services should be designed and developed in
a user-friendly manner.
Guideline for Handling Smartphone User Information: Specific Issues (1)
21
２ Specific Issues (1)： Measures undertaken by Apps Providers, Information Collection Module Providers etc.
1. Creation of privacy policy
The privacy policy that indicates the provisions below should be created, and displayed or hyper-lined in a easily recognizable
and referable manner. (A simplified, summarized version or short notice should better be created and posted on smartphone screens.
1) Names of apps providers who acquire personal information：
Indicate names and contact details, etc. of apps providers.
2) Details of the personal information to be acquired：
List items and contents of acquired user information.
3) How to acquire personal information：
Indicate whether personal information is acquired by users’ input or whether apps automatically collect personal
information stored in smartphones.
4) Specifying and explicitly explaining the purpose of information usage
Indicate whether user information is used for the purpose of service provision or for other purposes. In particular, if the
information is used for advertisement or marketing purposes, it should be explicitly noted as such.
5) How to notify or disclose privacy policy, how to acquire user consent, and the way of user participation
Indicate how to access the privacy policy, from whom the consent for personal data collection is to be obtained, and when
the consent is to be obtained, etc. Also indicate the way of user participation and how users can stop their information
being used.
6) Whether personal information is to be transmitted to an external third party and whether information collection
modules are installed
Indicate whether personal information is to be transmitted to a third party. Also indicate whether information collection
modules are installed.
7) Contact for user query
Indicate a telephone number, email address, etc. for user queries.
8) Procedure for changing privacy policy
Indicate how to announce changes in the privacy policy (another consent is required if the range of the personal
information that was agreed to be collected is changed).
2. Proper management of user information
3. Special notes on information collection module providers
Notify apps providers regarding the items and purposes, etc. of the personal information to be acquired.
4. Special note on advertisement delivery services providers
Notes on how to behave as apps providers or information collection module providers.
Function and Structure of the Social Welfare and National Taxation Number System
‘My Portal’
（My Portal Management Organisation）
User
（Data
Subject）
６．Display the access log
Data-Holding Organisation
２．Ensure confirmation of the access
log request is transmitted
１．Demand confirmation of
the access log
５．Log into the 'My Portal'
Information
Coordination
Infrastructure
４．
Information
Stored
Accss Log
Access Log
３．Respond to access
request via access log
transmission
＜User folder>＞
※Information on the access log temporarily preserved in the user folder is deleted at the
same time as logging out.
１．Demand the
confirmation of the
'information about oneself
６．Log into the 'My Portal'
７．Display the
'Information about Oneself
２．Inquire into the confirmation of
'information about oneself' request
５．
Information
Stored
３．Transmit the inquiry confirmation request
about 'information about oneself' as received and
approved
Information
about Oneself
４．Transmit the necessary information
Information
about Oneself
＜User Folder＞
※After logging out, information stored by the Data-Holding Organisation, temporarily preserved in the user folder, is deleted.
２．Transmit the application
１．Make the `One-Stop` application
４．Log into the 'My Portal'
５．The receipt of information
request via `notice` is
displayed on the screen
３．
Information
Stored
２．Acknowledge receipt of
information request via `notice`
１．Acknowledge receipt of
information request via `notice`
３．The application
is received
by the
５．申請・審査
５．申請・審査
'organisation'
Administrative
Officer
Notice
＜User Folder＞
６．The application process continues
７．The application is transmitted
to the Data-Holding Organisation
８．The 'Holding
Organisation' accepts
the application

Download Report