As the services provided by IT giants continue to expand, how should the personal data of users and the contents of their communications be protected? Regulations responding to changes in the market are called for.
A panel of experts of the Internal Affairs and Communications Ministry has compiled a draft of the points at issue that suggests provisions for protecting the “secrecy of communications” be applied not only to Japanese IT firms but also to foreign companies.
The Telecommunications Business Law prohibits domestic operators from, without users’ consent, seizing the contents of their service users’ communications or e-mails, and divulging them. Social media services are also included.
Foreign IT firms, including Google Inc. and Facebook, Inc., both of the United States, are exempted from the regulations, in principle, despite a large number of people in Japan using their services. Rectifying the current state of affairs, which is devoid of fairness, is an appropriate judgement.
It is said the government will consider revising the law so that administrative punishments or penalties can be imposed on violators.
Should the provisions be applied to foreign companies, the issue of how to ensure their effectiveness will be a challenge. The European Union requires businesses that do not have a base in the EU to have a “representative” located within the EU. Such an example can be helpful.
Regulation of new businesses is one of the pending issues. For instance, such practices as targeted online advertising are spreading, in which users are shown ads that they are highly likely to be interested in, based on their location information and records of their past online searches and purchases on their smartphone.
Secure user consent
Without the user’s consent, such acts could violate the “secrecy of communications.” The work to clarify the scope of personal data corresponding to such a violation should be hurried up.
The government is moving ahead with tightening the regulations on IT giants, also in light of the Antimonopoly Law. The Fair Trade Commission has begun investigating whether there are any unfair dealings.
Measures to deal with the “secrecy of communications” will focus on the protection of personal data of users. The steps taken by the EU seem to have been taken into account. Last year the EU introduced the General Data Protection Regulation (GDPR), a set of rules requiring companies to handle personal data scrupulously.
Following the GDPR’s introduction, France fined Google €50 million (about ¥6.2 billion), for not providing clear information to its users before collecting information about them, including the purpose of using customers’ data.
Needless to say, the protection of personal data is important. Should the regulation be applied too strictly, however, there is a possibility of impeding companies’ business activities. How should the protection of personal data and its usefulness be made compatible? Meticulous discussion is essential.
It can well be assumed that users will consent to the use of their private data, without sufficient understanding, if they are repeatedly asked to do so. Reviewing the ways user consent can be obtained, including by simplifying those very lengthy terms of service, should also be discussed.