Following the revelation that personal data of users of the free messaging app Line was accessible to a Chinese affiliate firm in disregard of privacy protection, concerns and distrust have spread among users, which number some 86 million people in Japan.
The Chinese affiliate had access to users’ names, telephone numbers, email addresses, IDs and other personal data, with no sufficient explanation provided to individual customers. It has been confirmed that engineers of the firm had accessed such data a total of 32 times since August 2018.
Furthermore, images and videos shared among users are found to have been stored in South Korea, and employees of a local affiliate had access to the data.
Japan’s Act on the Protection of Personal Information requires businesses to gain consent from individual users when they provide personal data to overseas companies or allow access to personal information from abroad.
China has implemented the national intelligence law requiring private companies to cooperate with state intelligence activities. As there are risks of Line users’ information being transferred to Chinese authorities, some within the Japanese government have raised voices of concern, with one saying, “It’s a critical matter in terms of national security as well.”
Line Corp. has explained that there has been no information leakage or unauthorized access from third parties, but one is tempted to pose a host of questions including whether there was really no divulging of information, and why the company allowed access to personal data to a foreign business.
Line was launched in the wake of the 2011 Great East Japan Earthquake and tsunami, when it became difficult to confirm the safety of loved ones and others due to communications network glitches.
In recent years, Line has enjoyed widespread use in Japanese public services as well, ranging from filing applications for resident registers, consultations over bullying and other issues, to monitoring the health status of individuals infected with the coronavirus.
In response to the revelation of the data breach, the Japanese government and many local governments stopped their use of Line. Voices of bewilderment have been raised from some local bodies that are planning to use Line for coronavirus vaccination reservations.
Line Corp. is set to review problems concerning information management through an independent committee review. Based on the verification results, the Ministry of Internal Affairs and Communications and the Personal Information Protection Commission intend to consider meting out administrative punishment to the firm.
It is, however, questionable if they can get to the bottom of the firm’s shoddy information management by leaving the investigation in the hands of the app provider itself. The national government is urged to consider carrying out an on-site inspection of the company as well. As this issue affects numerous members of the public, the Japanese government must take a proper response.