Japan, Harsh on Line Yahoo for Data Leaks... Lenient with Domestic Companies

The Japanese government, which forced Line Yahoo to restructure its shareholding after leaking personal information, has been found to have imposed lenient measures on domestic companies involved in similar incidents. NTT Docomo, Japan's largest mobile carrier, leaked about 6 million personal information records?ten times more than Line Yahoo?but resolved the issue by accepting its own countermeasures. Analysts suggest that the root cause of the situation lies more in the broader context of Korea-Japan relations and concerns over infringement of platform sovereignty than in the personal information leak itself. Our government stated, "There should be no discrimination against companies," hinting at a diplomatic response.

According to related industries on the 30th, the Japanese Personal Information Protection Commission announced administrative guidance in February regarding the personal information leak involving NTT Docomo and its subsidiary NTT Nexia. NTT Docomo experienced an incident last March where 5.96 million personal information records were leaked.

NTT Docomo entrusts customer information management for telemarketing purposes to NTT Nexia. An employee of NTT Nexia accessed the cloud via a work PC and uploaded customer information, which was then leaked externally. In response, both companies submitted improvement plans to strengthen safety management measures, including enhanced supervision of the entrusted party. The Japanese Personal Information Protection Commission accepted these measures.

This approach contrasts with that taken toward Line Yahoo. Although both cases involved information leaks through subcontractors, the scale of damage in Line Yahoo’s case was about one-tenth that of NTT Docomo’s, yet much stronger measures were imposed. Line Yahoo leaked 520,000 personal information records over two months from September to October last year.

In March, Japan’s Ministry of Internal Affairs and Communications conveyed the intention to "review the shareholding relationship with Naver and prepare improvement measures," and on the 16th requested a resubmission of improvement plans. Despite Line Yahoo deploying virtually all possible measures?including ▲system separation and reduction of outsourcing with Naver and Naver Cloud ▲a comprehensive inspection of Line data access routes ▲establishment of recurrence prevention measures through external agencies ▲and the creation of a decision-making body to discuss the group’s information protection governance?the government judged these efforts as "insufficient." This has led to evaluations that the Japanese government is pressuring private companies to change their shareholding structures.

Experts interpret this as a highly unusual measure, citing Japan’s relatively weak personal information protection regulations. Professor Choi Kyung-jin of Gachon University Law School said, "Unlike Korea’s opt-in system (where users must explicitly consent to the collection of personal information), Japan uses an opt-out system (where users are presumed to consent to providing personal information unless they explicitly refuse), resulting in a lower regulatory level." Consequently, there are only punitive provisions for information leaks that effectively constitute criminal acts, while most cases are handled through administrative guidance.

Pressuring companies to the extent of interfering with management rights is also considered unprecedented. There is no legal basis under the Personal Information Protection Act to order changes in shareholding relationships. Professor Lee Chang-beom of Dongguk University Graduate School of International Information Security said, "Even when large-scale leaks of public institution information occurred due to cloud service providers in the past, measures of this magnitude were not taken," and added, "Considering that the Line Yahoo incident was neither malicious nor large-scale, this is a difficult measure to understand."

Ultimately, the special nature of Korea-Japan relations is seen as exacerbating the issue. Professor Lee Sung-yeop of Korea University Graduate School of Technology Management said, "From the perspective of US-Japan relations, it would be difficult to impose such measures on American big tech companies," and added, "On the other hand, the fact that Korea manages a messenger used by 100 million people can be seen as an infringement on platform sovereignty."

Our government has stepped in to provide support. The Ministry of Science and ICT stated, "We are closely monitoring related developments and will provide support to Naver if necessary." The Ministry of Foreign Affairs also recently said, "There should be no discriminatory measures against our companies," and added, "We will communicate with the Japanese side if necessary."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.