Skip to main content

Nishimura Institute of Advanced Legal Studies (“NIALS”) Report by the “CLOUD Act Study Group” (Ver. 2.0)

  • Others

Read in Japanese

Nishimura Institute of Advanced Legal Studies (“NIALS”) Report by the “CLOUD Act Study Group” (Ver. 2.0)


In recent years, data accumulation in companies has progressed and active cross-border data transfer has taken place more frequently. There have been many cases where a crime is committed in Japan, and data which is important evidence in the subsequent criminal investigation is held by a company on servers located in foreign countries. Therefore, it is increasingly important not only to obtain data stored on the terminals of suspects, but also to obtain data held by companies in Japan and in foreign countries. In these circumstances, considerations are underway in countries around the world regarding obtaining data held by companies in Japan and in foreign countries, and in March 2018, the Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”), which clarifies procedures in the United States when an investigating authority issues an order to disclose data that a company stores on servers located outside of the U.S., was enacted.

In March 2019, NIALS established the CLOUD Act Study Group (the “Study Group”), with George Shishido, Professor, The University of Tokyo Graduate Schools for Law and Politics as the Chairperson as well as Yurika Ishii, Associate Professor, Department of International Relations, National Defense Academy, Ministry of Defense of Japan and Go Naruse, Associate Professor, The University of Tokyo Graduate Schools for Law and Politics as the members. The Study Group handles Japan’s response to the U.S. CLOUD Act, to begin, as well as analyzes legal issues relating to obtaining data held by companies for criminal investigations. The Study Group summarized the results of its discussions in “Nishimura Institute of Advanced Legal Studies ‘Report by the ‘CLOUD Act Study Group’ — LEGAL ANALYSIS AND PROPOSALS ON CRIMINAL INVESTIGATIONS OBTAINING DATA HELD BY COMPANIES —” (this “Report”) and published it in December 2019.

Nishimura Institute of Advanced Legal Studies (“NIALS”) Report by the “CLOUD Act Study Group” — LEGAL ANALYSIS AND PROPOSALS ON CRIMINAL INVESTIGATIONS OBTAINING DATA HELD BY COMPANIES — (December 2019)

Furthermore, as there were various movements in Japan and in foreign countries concerning obtaining data held by companies for criminal investigations after this Report was published, in August 2022, the Study Group began its review to update this Report and completed the update in April 2023. The pillars of the proposals of the updated Report are summarized below.

1. Further Use of Existing Investigative Methods for Obtaining Data Held by Companies, and Considering New Systemic Designs

In recent years, data accumulation in companies has progressed, and it is necessary for investigating authorities to obtain data held by companies efficiently and effectively through cooperation with companies, while taking into account the interests of Data Subjects and companies. A system exists under current laws for seizure via an order to produce a copy of records, to ensure this cooperation, and it is expected that this system will be used actively; however, there are also issues with this system. Under these circumstances, the Criminal Law (pertinent to information and communications technologies) Subcommittee of the Legislative Council of the Ministry of Justice currently is holding discussions to promote digitized or online warrant proceedings and to establish a system for Orders to Produce Electromagnetic Records. If these goals are realized, it is highly expected to promote efficient, effective data acquisition through smooth cooperation between investigating authorities and companies. There are various issues to consider when designing these systems, such as ensuring security when presenting an online warrant to a company holding data, and when submitting data, ensuring the fairness and transparency of procedures for prior or subsequent notice to Data Subjects, expansion of the system to impose confidentiality obligations and similar restrictions, and analyzing relationships with other laws and regulations relating to data protection. It is necessary to advance discussions on these issues while considering technological innovations and sophisticated criminal investigations, domestic and foreign companies’ response policies and actual responses, and movements in foreign countries and international forums, with the aim of strengthening both investigating authorities’ investigative capabilities and protecting the rights of relevant persons.

Another method for investigating authorities to obtain data held by companies is to access the server, where the data is stored, by themselves (i.e. remote access). While this investigative method is useful in different ways from the method of asking companies to submit data, it is advisable to examine the design of the system further, to give consideration to the interests of Data Subjects and the companies that are server-managing entities, as well to guarantee due process of law in the future.

In addition, the prospect of the data so obtained being used in a criminal trial should be considered. In this respect, the relevant Subcommittee of the Legislative Council of the Ministry of Justice has considered the examination methods for trials where data is presented as evidence; however, moving forward, it is advisable to establish certain objective indices (standards or criteria) in order for courts to appropriately evaluate the authenticity and probative value of the data presented as evidence.

2. Deepening Discussions Regarding Trans-border Data Access for Investigative Purposes From the Perspectives of International Law, and Participating in the Establishment of a Cross-national Framework

There are ongoing domestic and international discussions regarding the legality of obtaining data stored outside the territory of an investigating authority. Under international law, if a state exercises its jurisdiction in the territory of another state, such an act infringes upon the other state’s sovereignty. However, it is also possible to conclude that obtaining data stored on servers located in the territory of another state for investigative purposes, for example, through the issuance of a data production order against a domestic company with regard to its data stored overseas, does not necessarily constitute an unlawful exercise of the investigating country’s jurisdiction in the territory of another state, depending on the method employed. In Japan, the 2021 Supreme Court Decision triggered discussions on the methods and limits of trans-border data access; however, given the importance of obtaining data stored abroad appropriately and swiftly, Japan should endeavor to deepen discussions of investigative methods that accord with international law while maintaining Japan’s policy of respecting the sovereignty of other states.

In addition to building multinational frameworks, such as the Convention on Cybercrime and the Second Additional Protocol, international collaboration can be achieved and advanced through the establishment of bilateral (or multinational) frameworks as envisioned by executive agreements pursuant to the CLOUD Act. As a first step, it is considered effective for Japan to build this type of bilateral (or multinational) framework with like-minded countries with which Japan shares internationally recognized principles, for example, the OECD Government Access Declaration concerning access by public bodies to data held by companies (government access), and a common sense of values, in accordance with the trustworthy concept of Data Free Flow with Trust, while also participating in discussions toward building a multinational framework. If development of a system for Orders to Produce Electromagnetic Records, or other systems, progresses in Japan (see Proposal 1), this will lead to establishment of a foundational system that will allow for bilateral (or multinational) collaboration with like-minded countries, including the U.S.; therefore, it is advisable to proceed with necessary discussions on legal issues to execute bilateral international agreements with like-minded countries.

3. Promoting Companies’ Efforts to Ensure Transparency of Government Access

In order to obtain a deeper understanding from Data Subjects and civil society regarding obtainment of data held by companies for investigative purposes, in addition to government-level efforts, it is important that companies and industries also make voluntary efforts to ensure transparency regarding government access, such as releasing transparency reports that aggregate responses to requests for government access, and preparing and releasing response policies.

These efforts will allow companies to provide a sense of security to users who are Data Subjects and to improve civil society’s trust in each company, and will contribute to the competitiveness and interests of companies in the long run. Therefore, companies and industries are also expected to advance discussions on specific efforts to ensure the transparency of government access (disclosing response policies and actual responses to investigating authorities’ requests for disclosure of information) and to make increased efforts in this regard.


藤井 康次郎

With regard to competition laws, he advises clients on various matters of competition law for both domestic and international cases. He has represented clients with many important international cartel cases, including auto-parts, TFT-LCD, air cargo and high voltage power cables. He also handled significant merger cases in various industries, such as nuclear, security exchanges, local banks, steel and metals, food and agriculture, airlines, paper and natural resources. His practice also covers private monopolization, unilateral conduct and unfair trade practices, including vertical restraints and abuse of superior bargaining position, including platform business and internet industries. He also has been very active in the field of international trade matters. He is one of few lawyers in Japan who acted on behalf of various industries with regard to anti-dumping (AD) and counter-vailing duties (CVD) in Japan and overseas. While he served as deputy director of the Ministry of Economy, Trade and Industry of Japan, he handled several important WTO disputes on behalf of Japanese government. He continues to advice both public and private sectors with regard to various sorts of trade law matters associated with WTO, investment treaties and Regional Trade Agreements. His trade expertise also covers export controls, investment screenings, economic sanctions and customs matters.

北條 孝佳

He mainly handles cyber security. As a cyber security analyst at the National Police Agency, he had been engaged in investigations and research, such as analysis of cyber attacks, for over 10 years.
He advises companies on cases involving crisis management, scandals, and various cyber incidents. Recently, he has handled many security incidents within companies, including ransomware, personal data breaches, and internal crimes.

Shimpei Ishido has been active in the field of international trade matters and international investment disputes for many years. He advises and represents governments and major corporations with regard to investment arbitration under ICSID, ICC, and UNCITRAL arbitration rules. He currently serves as a member of the Japanese delegation to UNCITRAL Working Group III (Investor–State Dispute Settlement Reform). He also advises the government and corporations regarding anti-dumping and countervailing measures and WTO dispute settlements proceedings concerning such trade remedy measures.

In addition, he usually provides his clients with general advice on a variety of international law issues, including investment protection, economic sanctions, government procurement, trade in services, e-commerce, sovereign and diplomatic immunities, law of the sea, and space law. His client engagement in these fields of international law includes:
i) capacity-building training on international investment law and trade in services to government officials of various states in the Asia-Pacific Region and Central Asia;
ii) advice on government procurement procedures covered by GPA and FTA/EPAs;
iii) advice on sovereign or diplomatic immunities issues concerning contracts between a foreign government/international organisation and a private entity;
iv) advice on international law issues arising from private entities' exploration of space resources on the Moon and other celestial bodies.

Before joining Nishimura & Asahi, he led, as legal counsel to the Ministry of Foreign Affairs of Japan, the negotiation of Japan’s international investment agreements, including the investment and trade in services chapters of the Trans-Pacific Partnership, the Japan–EU EPA, the ASEAN–Japan Comprehensive Economic Partnership, the Japan–Australia EPA, the Japan-Mongolia EPA, and the Japan–Mozambique BIT.

He received an LLM in international law from University College London.