Photo/Illutration Takeshi Idezawa, president and CEO of Line Corp., center, attends a news conference in Tokyo's Minato Ward on March 23. (The Asahi Shimbun)

One tough and vital challenge facing an increasingly globalized world economy is how to respond to growing cross-border flows of personal information.

We need more in-depth debate on this issue from various perspectives on the assumption that the rights and interests of individuals should be adequately protected.

Line Corp. on March 23 apologized for privacy protection lapses. The operator of the Line free mobile messaging application said it had failed to offer sufficient explanations to users about how certain types of user data could be accessed from an affiliated company in China and are stored in a computer in South Korea.

The company has set up a panel of experts to examine its operations to take steps to enhance data protection. The government’s Personal Information Protection Commission and telecommunications ministry told the firm to report on the matter.

The Personal Information Protection Law restricts the transfer of personal information to third parties in other nations, demanding the consent of the individuals involved before such transfers of information. The implementation rules show how the names of the countries should be displayed for users.

But Line’s privacy policy only states “we may transfer personal data to a third country without any data protection laws that are equivalent to those of the country or region where you live.”

As a company operating a messaging app used by 86 million people in Japan and seeking global expansion of its businesses, Line has a duty to rectify any shortcoming in its privacy protection system. We hope it will also make sincere responses to any investigation by the Personal Information Protection Commission or other legitimate bodies.

The revised Personal Information Protection Law, which passed the Diet in June 2020 and will take effect by 2022, stipulates that businesses, when they seek the consent of users for transferring their data to third parties in other countries, should provide instructive information to the users about the privacy protection systems of the countries in question and how their data will be used there.

This requirement is based on the notion that individual users cannot give meaningful consent to such cross-border data transfers unless they are adequately informed about the potential risks involved.

Line and other companies that handle personal data also outside Japan need to take measures to ensure they will comply with the spirit and the letter of the law.

The terms of services provided by companies often constitute a massive document written in formal language that is difficult to understand.

Major tech companies such as Google, Apple, Facebook and Amazon, known collectively as GAFA, have often been criticized for handling personal data in ways that raise distrust and anxiety among users. If they fail to make serious efforts to convince users of their privacy protection efforts, they will eventually lose the trust of customers.

The Japanese government has been promoting the principle of “reliable and free data distribution” at forums of international discussions on issues such as the Group of 20 meetings.

Tokyo’s policy is aimed at promoting both international data distribution that fuels economic growth and securing the protection and safety of privacy and data in a synergistic way.

Meanwhile, the United States and China are moving toward economic decoupling for security purposes. There are good reasons for paying serious attention to security risks in operations in China, which has been tightening government control over a widening range of areas.

But a country could do disservice to its own national interests by imposing excessive restrictions on the international division of labor and cooperation.

It is vital for Japan to share high-quality rules and expand cooperation with other countries under the basic principle of protecting human rights including the right to protection of personal data.

--The Asahi Shimbun, March 25

Related News