The amended privacy protection law, which was fully implemented this week, aims to facilitate the use of people's personal information, such as their shopping history, as a business tool as long as the information has been processed into anonymous data, while also tightening the rules on parties that handle personal information. Whether anonymity of the private data that gets traded is secure enough must be continuously monitored. At the same time, efforts must be made to ensure that tightened rules on the handling of personal data does not deter the disclosure or flow of necessary information in the name of privacy protection.
People's personal information, including their names, dates of birth and home addresses, is passed on every day through the use of credit cards, IC train passes, online shopping, health checkups and so on. The revised law meanwhile allows personal information to be freely traded — without the consent of the individuals — once the data has been rendered anonymous by deleting the names and other pieces of information that identify individuals. There are demands for analyzing and using such data to develop new services and products.
Concern lingers, however, that the anonymity of such data may not be secure if it's not sufficiently processed. Even if names and addresses have been removed, it has been pointed out, individuals may be identified by matching the data with other information available. The government must monitor whether the mechanism to ensure the anonymity of the traded personal information is working as intended.