Although I used the term data privacy in the introduction above, this expression itself actually contains some problems.
If we refer to a part of the conclusion precedently without fear of misunderstanding, Privacy protection and personal information protection are actually different things (or similar but different), and as a concept to connect them, it is a question whether data privacy can be developed or not. So, it is one of the roles of this project to clarify it.
In the first place, the idea of privacy protecting as a right or legal interest was born in the United States in the late 19th century. At that time, America was undergoing rapid urbanization and industrialization, and along with that, tabloid newspapers specializing in gossip articles appeared. The problem at that time is that the traditional legal system can not offer any effective measures against these gossip newspaper articles. In other words, the simple law system at the time, which was not premised on urbanization or the emergence of mass media, typically defamation law, was not predicted to be a business of revealing private life. Under such circumstances, there was a demand for recognition of privacy as a new interest, and also a demand for recognition of “the right to be let alone” in response to these social changes, and this right was recognized at the beginning of the 20th century.
Under such circumstances, there was a demand for recognition of privacy as a new interest, and also a demand for recognition of "the right to be let alone" in response to these social changes, and it was approved in the beginning of the 20th century.
However, since the 1970s, the value of personal information has grown dramatically in conjunction with an increasingly-complex society and constantly-evolving computer technology. This has created concern for a new privacy violation that differs from exposure of lifestyles by the mass media. For example, an information on the past behavior of a certain individual can be collected without that person knowing, and is stored in a computer database. Then a company might secretly use this information at the time of job searches.
In response to the risk of such new violation, one idea is to protect as an extension of the conventional privacy rights. A prominent example of this approach is privacy rights as the right to control one’s personal information. In other words, discussion on the conventional concept of invasion of privacy rights has been limited to focusing on exposure by the mass media, within the process of collecting, saving, processing, and using personal information. However, in the first place, a person possesses the right to decide how their own personal information is used. Therefore, even if it is an infringement from the collection stage or by an entity other than the mass media, it is an approach to consider as privacy infringement.
Although, in Japan, such individualistic right was not understood until the end of World War Two, “The Utageno-Ato case” in 1964 The Tokyo District Court ruled that this concept was approved, and opened the road to the advancement of privacy rights in Japan.
However, there is a major problem with this approach. To begin with, when discussing conventional privacy rights, there is the issue of reconciling freedom of expression by mass media (and underlying the right to know of citizens) with privacy protection. Accordingly, the court verdict in the aforementioned “The Utageno-Ato case” established that privacy violation exists when there was public disclosure of matters for which disclosure is recognized as undesirable from the perspective of the individual in questions, based on the sensitivity of an ordinary person. This case is still upheld by the Supreme Court of Japan even today.
However, the idea of privacy right as the right to control one’s personal information right is regarded as a condition for discussing "diversity of individual values". In other words, in an advanced information society, the very question of when, how, and to whom one’s own information is disclosed during life depends on the selection of personal values. Privacy right is exactly what protects it. Then, there is very little room for the concept of the sensitivity of an ordinary person.
Here, when examining the relationship between “the privacy right as the right to be let alone” and “the privacy rights as the right to control one’s personal information”, they are not in a simple relation in which the former is subsumed by the latter. It is just a complex relationship which possesses conflicting elements.
Therefore, many countries (including Japan) have temporarily shelved discussions on giving basic constitutional recognition to privacy rights as the right to control one’s personal information. Instead, as much as possible, these countries take an approach which seeks to realize protection of personal information as system of positive law. It has led to such direction that Organization for Economic Cooperation and Development (OECD) in 1980, " Guidelines on the Protection of Privacy and international distribution of Personal Data" and its Annex (OECD 8 Principles). Although the recommendation uses the phrase of privacy protection, it does not encourage countries to implement privacy protection. Conversely, if each country were to implement protection of privacy based on independent standards, there would be interference with smooth international distribution of personal information. To avoid such interference, the context of the recommendation proposes the establishment of a global system for personal information protection with high communality. Although Japan also enacted the Act on the Protection of Personal Information in 2003, the fact that the purpose of the Act is not "protecting privacy" clearly indicates that it is based on the OECD Recommendation.
In this way, in many countries including Japan, the system that privacy protection and personal information protection is actually different has been established.