2024.12.23

2023 (Ju) 1583

Minshu Vol. 78, No. 6

(Civil Case) Judgment concerning whether Article 5, paragraph (2) of the Provider Liability Limitation Act (after amendment by Act No. 27 of 2021) is applicable even in the case in which the specified telecommunications that resulted in the violation of another person's rights and the violation-related telecommunications related to such specified telecommunications had been performed before Act No. 27 of 2021 came into effect

Case demanding the disclosure of sender identification information, etc.

Judgment of the Second Petty Bench, other

Osaka High Court, Judgment of May 11, 2023

1. Article 5, paragraph (2) of the Provider Liability Limitation Act (after amendment by Act No. 27 of 2021) is applicable even in the case in which the specified telecommunications that resulted in the violation of another person's rights and the violation-related telecommunications related to such specified telecommunications had been performed before Act No. 27 of 2021 came into effect.

2. In the case in which posts that violate another person's rights were made on an account of an information network using the internet, and then communications were performed eight times by the person who made those posts to log in to that account using the internet connection service provided by the same internet service provider, under the circumstances as described in the judgment, namely: [i] there are no circumstances indicating the degree of association between those posts and those communications, except for closeness in time between them; [ii] among those communications, the one that was made 21 days after the abovementioned posts were made is the closest in time to those posts; and [iii] during the period after those posts were made until those communications were performed, communications were performed twice to log in to that account using the internet connection service provided by that internet service provider, but the internet service provider was unable to identify the communications corresponding to the communications on those two occasions in the communication records it retains; in relation to those posts, the communication mentioned in [ii] can be regarded as the transmission of codes by telecommunications that is "reasonably associated with the transmission of the violating information" as referred to in the main paragraph of Article 5 of the Regulation for Enforcement of the Provider Liability Limitation Act.

3. In the case in which posts that violate another person's rights were made on an account of an information network using the internet, and then communications were performed eight times by the person who made those posts to log in to that account using the internet connection service provided by the same internet service provider, under the circumstances as described in the judgment, namely: [i] there are no circumstances indicating the degree of association between those posts and those communications, except for closeness in time between them; and [ii] that internet service provider retains the sender identification information regarding the communication among those communications that was the closest in time to those posts, and there are no circumstances supporting the necessity to particularly and additionally demand the disclosure of the information regarding the communications on the seven other occasions; in relation to these posts, those communications on the seven other occasions mentioned in [ii] cannot be regarded as the transmission of codes by telecommunications that is "reasonably associated with the transmission of the violating information" as referred to in the main paragraph of Article 5 of the Regulation for Enforcement of the Provider Liability Limitation Act.

(Concerning 1 to 3) Article 5 of the Act on the Limitation of Liability of Specified Telecommunications Service Providers for Damages and the Right to Demand Disclosure of Sender Identification Information (Provider Liability Limitation Act) (after amendment by Act No. 27 of 2021)

(Concerning 1) Article 4, paragraph (1) of the Act on the Limitation of Liability of Specified Telecommunications Service Providers for Damages and the Right to Demand Disclosure of Sender Identification Information (Provider Liability Limitation Act) (before amendment by Act No. 27 of 2021), and Article 2 of the Supplementary Provisions of the Act Partially Amending the Act on the Limitation of Liability of Specified Telecommunications Service Providers for Damages and the Right to Demand Disclosure of Sender Identification Information

(Concerning 2 and 3) Article 5 of the Regulation for Enforcement of the Act on the Limitation of Liability of Specified Telecommunications Service Providers for Damages and the Right to Demand Disclosure of Sender Identification Information (Regulation for Enforcement of the Provider Liability Limitation Act)

1. The judgment in prior instance is quashed with respect to the parts concerning the demands for the disclosure of the pieces of information specified in 1 and 3 of the list attached hereto, and the judgment in first instance is set aside with respect to these parts.

2. The demands filed by the appellee of final appeal with respect to the parts mentioned in the preceding paragraph are dismissed.

3. The other part of the final appeal filed by the appellant of final appeal is dismissed.

4. The total court costs are divided into eight parts, of which one part shall be borne by the appellant of final appeal and the remaining parts shall be borne by the appellee of final appeal.

Concerning the reasons for a petition for acceptance of final appeal stated by the counsel for final appeal, WATANABE Shun, et al.

1. In this case, the appellee of final appeal, who alleges that their rights have been violated by the posts on an account on Instagram (an information network on which images and other content can be posted using the internet) (this account is referred to below as the "Account"), demands that the appellant of final appeal, which is an internet service provider that provided the internet connection service for the communications performed on eight occasions to log in to the Account (referred to below as the "Logins") disclose the pieces of information specified in the list attached hereto regarding the Logins (these pieces of information are referred to below as the "Information"), based on the Act on the Limitation of Liability of Specified Telecommunications Service Providers for Damages and the Right to Demand Disclosure of Sender Identification Information (referred to below as the "Act").

2. The outline of the facts legally determined by the court of prior instance is as follows.

(1) Users of Instagram cannot post any content without logging in to their account by transmitting their password, etc. to its operator. The operator of Instagram records the IP addresses and the dates and times of communications relevant to such transmissions but does not record these types of information regarding communications performed upon posting.

(2) A person whose name is unidentified (referred to below as the "Poster") posted on the Account the articles specified in the columns of Posts [i] to [iv] of the List of Posted Articles attached to the judgment in first instance on April 29, 2021, and the article specified in the column of Post [v] of that list at an unknown date and time (below, these posts are referred to with the numbers assigned in that list, as "Post [i]" or the like, and are collectively referred to below as the "Posts"). All of the Posts contained the photos of the appellee displayed without the appellee's permission and violated the appellee's personality interest beyond the tolerable limit in social life. The appellee is preparing to file an action against the Poster to seek damages due to the violation of their personality interest.

(3) During the period from May 20 to June 13, 2021, the Poster made the Logins at the respective dates and times of connections specified in the columns of IP Addresses [i] to [viii] of the List of IP Addresses attached to the judgment in first instance (these communications are referred to below with the numbers assigned in that list, as "Login [i]" or the like). The appellant provided the internet connection service for the Logins and retains the Information.

(4) During the period after Posts [i] to [iv] were made until the Logins were made, communications were performed twice to log in to the Account using the internet connection service provided by the appellant (these communications were performed on April 29 and May 1, 2021, respectively; referred to below as the "Intervening Logins"). The appellant was unable to identify the communications corresponding to the Intervening Logins in the communication records it retains.

(5) October 1, 2022, the Act Partially Amending the Act on the Limitation of Liability of Specified Telecommunications Service Providers for Damages and the Right to Demand Disclosure of Sender Identification Information (Act No. 27 of 2021; referred to below as the "2021 Amendment Act"; the Act before and after the amendment by the 2021 Amendment Act is referred to below as the "Act Before Amendment" and the "Act After Amendment," respectively) and the Regulation for Enforcement of the Act on the Limitation of Liability of Specified Telecommunications Service Providers for Damages and the Right to Demand Disclosure of Sender Identification Information (Order of the Ministry of Internal Affairs and Communications No. 39 of 2022; referred to below as the "Regulation for Enforcement") came into effect.

The Act Before Amendment provided that a person alleging that their rights have been violated by dissemination of information through specified telecommunications may demand that a specified telecommunications service provider that uses specified telecommunications facilities used for the specified telecommunications disclose the sender identification information related to violating the person's rights if prescribed requirements are satisfied (Article 4, paragraph (1)).

On the other hand, the Act After Amendment defines a certain scope of transmission by telecommunications of identification codes and other codes relating to the specified telecommunications service conducted in order to use or terminate the use of the specified telecommunications service (referred to below as "login communications, etc.") as "violation-related telecommunications" (Article 5, paragraph (3); Article 5 of the Regulation for Enforcement). It then provides that a person alleging that their rights have been violated due to dissemination of information through specified telecommunications may demand that a specified telecommunications service provider that uses specified telecommunication facilities used for the specified telecommunications disclose the sender identification information related to the violation of the person's rights (including the specified sender identification information, such as an IP address, that relates to violation-related telecommunications) if prescribed requirements are satisfied (Article 5, paragraph (1); Articles 2 and 3 of the Regulation for Enforcement). It also provides that such person may demand that a telecommunications service provider that uses telecommunications facilities used for the violation-related telecommunications relating to the specified telecommunications disclose the sender identification information regarding the violation-related telecommunications (Article 5, paragraph (2)).

(6) In February 2023, the court of prior instance concluded oral argument proceedings.

3. Based on the facts mentioned above, the court of prior instance ruled that Article 4, paragraph (1) of the Act Before Amendment is applicable to the demands for disclosure in this case and that the Information falls within the scope of "sender identification information related to violating the person's rights" referred to in that paragraph because the same person made both the Logins and the Posts. The court determined that the appellee may demand that the appellant disclose the Information, and concluded that the demands for disclosure should be approved.

4. However, although the determination by the court of prior instance mentioned above can be upheld with respect to the part concerning the demand for the disclosure of the piece of information specified in 2 of the attached list, the other part of the determination cannot be upheld for the following reasons.

(1) The 2021 Amendment Act was already in effect at the time when oral argument proceedings were concluded at the court of prior instance. Given that the Posts and the Logins had been made before that Act came into effect, a question arises as to whether Article 5, paragraph (2) of the Act After Amendment rather than Article 4, paragraph (1) of the Act Before Amendment would be applicable even in such case.

The Supplementary Provisions of the 2021 Amendment Act include a provision stating that any hearing of the sender's opinion carried out under Article 4, paragraph (2) of the Act Before Amendment is deemed to be a hearing of the sender's opinion carried out under Article 6, paragraph (1) of the Act After Amendment (Article 2). However, in the 2021 Amendment Act or other laws and regulations, there are no other provisions excluding the application of the provisions of the Act After Amendment and applying the provisions of the Act Before Amendment as transitional measures with regard to the case in which the specified telecommunications that resulted in the violation of another person's rights and the violation-related telecommunications related to such specified telecommunications had been performed before the 2021 Amendment Act came into effect. In addition, the 2021 Amendment Act introduced Article 5 in the Act After Amendment to sort out some of the requirements for the right to demand the disclosure of sender identification information, and it does not create the right to demand the disclosure of sender identification information as a new right.

According to the above, it is appropriate to consider that Article 5, paragraph (2) of the Act After Amendment is also applicable in the case in which the specified telecommunications that resulted in the violation of another person's rights and the violation-related telecommunications related to such specified telecommunications had been performed before the 2021 Amendment Act came into effect.

It follows that there is no room to consider that Article 4, paragraph (1) of the Act Before Amendment is applicable to the demands for disclosure in this case, and the determination by the court of prior instance that is contrary to this is illegal due to errors in the interpretation and application of laws and regulations.

(2) However, based on the facts mentioned above, if the Logins can be regarded as "violation-related telecommunications" as referred to in Article 5, paragraph (2) of the Act After Amendment, the demands for disclosure in this case can be regarded as satisfying all the requirements prescribed in that paragraph. The Logins constitute the transmission of codes by telecommunications set forth in Article 5, item (ii) of the Regulation for Enforcement, and if the Logins fall within the scope of transmission of codes by telecommunications that is "reasonably associated with the transmission of the violating information" as referred to in the main paragraph of that Article in relation to the Posts, the Logins can be regarded as "violation-related telecommunications." Accordingly, this point is examined below.

A. Article 5, paragraphs (1) and (2) of the Act After Amendment can be understood as follows. The most appropriate way to identify the sender of the violating information may be to approve the disclosure of the sender identification information regarding the transmission of the violating information. However, in the case in which the sender cannot be identified in that way, if the demand for the disclosure of information regarding login communications, etc. is not allowed, the victim whose rights have been violated due to the dissemination of the violating information would not be given adequate remedy. On the other hand, login communications, etc. per se do not have the nature of violating another person's rights. In light of these points, Article 5, paragraphs (1) and (2) of the Act After Amendment explicitly provide that the victim may demand the disclosure of the sender identification information regarding violation-related telecommunications under the requirements established in consideration of the balance between the necessity to give remedy for the victim's rights, on one hand, and the privacy, freedom of expression, and secrecy of communications of the person who performed the communications in question, etc., on the other hand. It is considered that in line with this purport, Article 5, paragraph (3) of the Act After Amendment provides that violation-related telecommunications that define the scope of information subject to the abovementioned demand for disclosure are login communications, etc. relating to the transmission of the violating information conducted by the sender of the violating information, which "fall within the necessary scope in order to specify the sender of the violating information," and delegates the specification of concrete details of such violation-related telecommunications to Order of the Ministry of Internal Affairs and Communications. Following this, the main paragraph of Article 5 of the Regulation for Enforcement specifies violation-related telecommunications as any of the transmission of codes by telecommunications set forth in the items of that Article that is" reasonably associated with the transmission of the violating information," respectively.

In light of the abovementioned wording of the main paragraph of Article 5 of the Regulation for Enforcement and the abovementioned purport of the Act After Amendment that provides for the right to demand the disclosure of the sender identification information regarding violation-related telecommunications in order to give remedy for the victim's rights, it is inappropriate to consider that login communications, etc. cannot be regarded as being "reasonably associated with the transmission of the violating information" uniformly, even in the case in which the sender of the violating information cannot be identified by at least using the information regarding other login communications, etc., on the grounds that there are circumstances that could reduce the association between the login communications, etc. in question and the transmission of the violating information, such as a certain interval of time between them.

On the other hand, login communications, etc. per se do not have the nature of violating another person's rights even if they are performed by the sender of the violating information. Moreover, the details of the information subject to disclosure may differ depending on the time at which and the devices, etc. with which the communications were performed, and such information could contain information from which the sender's behavior, etc., such as the time and place of the communications, can be inferred, and information on third parties who have concluded a contract for the internet connection service that the sender used, and therefore, it cannot be denied that the disclosure of such information would result in restraining the rights and interests of these persons. The degree of such restraints would increase along with the increase in the number of login communications, etc. subject to disclosure, whereas, on the part of the victim, if it is possible to identify the sender of the violating information by using information regarding at least one of the login communications, etc., it cannot be said that the victim needs to further demand the disclosure of information regarding other login communications, etc.

In light of the above, it is understood that the main paragraph of Article 5 of the Regulation for Enforcement defines violation-related telecommunications as the transmission of codes by telecommunications that is "reasonably associated with the transmission of the violating information," with a view to stipulating that login communications, etc. that constitute violation-related telecommunications should be limited in consideration of the degree of association between individual login communications, etc. and the transmission of violating information, as well as the necessity to demand the disclosure of information regarding the login communications, etc. in question, so that the information to be disclosed for the respective types of transmission of codes by telecommunications set forth in the items of that Article is limited to the extent necessary for identifying the sender of the violating information. Among such types of transmission, with regard to the transmission of codes by telecommunications as set forth in Article 5, item (ii) of the Regulation for Enforcement (referred to below as "login communications"), the circumstances indicating the degree of association between individual login communications and the transmission of violating information may be unclear in most cases, except for closeness in time. It should be said that in such cases, at least the login communication that is closest in time to the transmission of violating information constitutes the transmission of codes by telecommunication that is "reasonably associated with the transmission of violating information," and other login communications can be regarded as such only when there are circumstances that support the necessity to particularly demand the disclosure of the information regarding these login communications.

B. In this case, in relation to Posts [i] to [iv], there are no circumstances indicating the degree of association between these posts and the Logins, except for closeness in time between them. Among the Logins, Login [ii], which was made 21 days after Posts [i] to [iv] were made, is the closest in time to these posts. In addition, the Intervening Logins exist between Posts [i] to [iv] and Login [ii], but the appellant has not been able to identify the communications corresponding to the Intervening Logins in the communication records it retains, and it is difficult to identify the person who made these posts from the information regarding the Intervening Logins, and hence it can be said that there are circumstances that support the necessity to particularly demand the disclose of the information regarding Login [ii].

Consequently, in relation to Posts [i] to [iv], Login [ii] should be regarded as constituting the transmission of codes by telecommunications that is "reasonably associated with the transmission of violating information" as referred to in the main paragraph of Article 5 of the Regulation for Enforcement.

On the other hand, Logins [i] and [iii] to [viii] are not close in time to Posts [i] to [iv] when compared to Login [ii]. The appellant retains the sender identification information regarding Login [ii], and there are no circumstances supporting the necessity to particularly demand the disclosure of the information regarding Logins [i] and [iii] to [viii] as well.

Consequently, in relation to Posts [i] to [iv], Logins [i] and [iii] to [viii] cannot be regarded as the transmission of codes by telecommunications that is "reasonably associated with the transmission of violating information" as referred to in the main paragraph of Article 5 of the Regulation for Enforcement.

Further in relation to Post [v], the date and time when this post was made is unknown and it is uncertain which of the Logins is the closest in time to this post, and no other circumstances indicating the association between them can be found. Therefore, in relation to Post [v], Logins [i] and [iii] to [viii] cannot be regarded as the transmission of codes by telecommunications that is "reasonably associated with the transmission of violating information."

5. According to the above, the determination by the court of prior instance that the demand for the disclosure of the piece of information specified in 2 of the attached list regarding Login [ii] should be approved can be upheld for its conclusion, and the appeal counsel's arguments on this point cannot be accepted. On the other hand, the determination by the court of prior instance concerning the demand for the disclosure of the pieces of information specified in 1 and 3 of the attached list regarding Logins [i] and [iii] to [viii] contains a violation of law or regulation that has clearly influenced the judgment, and the appeal counsel's arguments on this point are well-grounded.

Consequently, the judgment in prior instance should inevitably be quashed with respect to the parts concerning the demands for the disclosure of the pieces of information specified in 1 and 3 of the attached list, and these demands for disclosure are groundless. Therefore, the judgment in first instance should be set aside with respect to these demands, and all these demands should be dismissed. The other part of the final appeal is groundless and therefore should be dismissed.

For the reasons stated above, the Court unanimously decides as set forth in the main text of the judgment.

(Attachment)

List

1. Name, address, telephone number, and electronic mail address of the subscriber as of the date and time of connection specified in the column of IP Address [i] of the List of IP Addresses attached to the judgment in first instance, regarding the telecommunication facilities to which the IP address specified in that column was assigned at that date and time and which performed a communication to the connected IP address specified in that column

2. Name, address, telephone number, and electronic mail address of the subscriber as of the date and time of connection specified in the column of IP Address [ii] of the List of IP Addresses attached to the judgment in first instance, regarding the telecommunication facilities to which the IP address specified in that column was assigned at that date and time

3. Name, address, telephone number, and electronic mail address of the subscriber as of each date and time of connection specified in the columns of IP Addresses [iii] to [viii] of the List of IP Addresses attached to the judgment in first instance, regarding the telecommunication facilities to which the IP address specified in each of those columns was assigned at such each date and time

Justice OJIMA Akira

Justice MIURA Mamoru

Justice KUSANO Koichi

Justice OKAMURA Kazumi