Recent news that employees at Line Corp.’s affiliate in China had access to a trove of user information has revealed the messaging app operator’s lax management of sensitive data.

But not only that, it has also shown that international companies handling such data across borders need to be aware of privacy legislation in other countries — in this case, China — that could trigger national security concerns, experts say.

“We have caused users inconvenience and worry, and we take it very seriously that we betrayed the trust of a lot of people,” Line CEO Takeshi Idezawa said at a news conference Tuesday.

“We have continued development in China for a long time. We overlooked the turning point brought about by China’s National Intelligence Law,” he said, referencing legislation that obliges individuals and organizations in China to cooperate with the state’s intelligence apparatus. “In other words, we lacked consideration for our users.”

To address mounting internal concerns over the possible disclosure of personal information within China, Line last month suspended access to private information such as users’ names, telephone numbers and e-mail addresses stored in servers in Japan that had been given to its Chinese affiliate since August 2018. The company said Tuesday it has completely shut off Chinese access since then.

Line, the most popular text and voice messaging app provider in Japan with 86 million domestic users, will transfer all images and video data stored partially in South Korea to Japan by June.

The company also revealed that it would transfer the sensitive data of Line Doctor users, such as health insurance and medical license details, that is currently stored in South Korea to Japan.

The company has invited criticism from the public as well as central and local governments due to its privacy policy on data handling, which only states that personal data may be transferred to a third country without specifying any particular nation.

The company has denied any leaking of personal information or misappropriation of personal data, but government ministries and local municipalities have suspended the app’s use for various administrative services, such as keeping tabs on the health of home-bound people who tested positive for COVID-19 or accepting consultations on bullying.

Idezawa has denied that the company has acted in any way illegally, but has said it will revise its privacy policy next week and list the purpose and the details of the third countries.

The latest scandal is a great cause of concern for Japan’s national security because of obligations under the National Intelligence Law, said Masato Terada, a professor at Tokyo Denki University’s School of Science and Technology for Future Life.

“Highly private information was also stored in South Korea,” he said. “Laws could change in any country, with a possibility of improper use of private and sensitive information.

“The incident has laid bare a wide gap between the expectations of the public and what the company is thinking about,” said Terada.

Line Corp. CEO Takeshi Idezawa said Tuesday that the company lacked awareness of what China’s National Intelligence Law had meant for its business. | KYODO
Line Corp. CEO Takeshi Idezawa said Tuesday that the company lacked awareness of what China’s National Intelligence Law had meant for its business. | KYODO

Idezawa said there had been no significant change in the number of people using its mobile app or use by corporate clients in the wake of the incident. But he said the company would try to regain trust by making various improvements to data management and consumer protection recommended by a third-party committee.

An inaugural meeting of the committee — set up by Line’s parent, Z Holdings Corp. — was held Tuesday, and the head of the committee, George Shishido, a professor at the University of Tokyo’s Graduate Schools for Law and Politics, pledged to make a thorough review to get to the bottom of the issues.

The Internal Affairs and Communications Ministry last week requested Line submit details on the incident, and on whether it had put necessary systems in place to protect personal information and communication privacy, by April 19. The Financial Services Agency and the government’s Personal Information Protection Commission have also asked the company to submit similar reports.

Line said Tuesday that it plans to launch COVID-19 vaccine reservation systems for local governments, storing all data in the country and allowing access from Japan only.

It will also block access to the official accounts of the central government and municipalities from overseas and transfer all data to Japan by August. It also plans to transfer data on Line Pay transactions currently stored jointly in Japan and South Korea back home by September.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.