It shows an appalling lack of competence if LINE had underestimated the risks of 86 million users’ private content leaking to China and Korea.
LINE logo 006

~~

~

Users of the messaging app LINE are anxious — and rightly so — about whether their privacy had been adequately protected, after security failures were exposed. 

It was revealed that the free messaging app had been allowing its Chinese affiliate company to access its users’ personal information. 

Naturally, the situation has been described as “very threatening” by Takuya Hirai, digital transformation minister, since the Chinese government has been amassing digital information in an attempt to expand its sphere of control.

Saying that LINE was naive would be an understatement. With more than 86 million users in Japan, the app has become a social infrastructure that is even used for some government services. If LINE had underestimated the risks of data leaking to China, it shows an appalling lack of competence on their part.

In the spreading confusion, the Ministry of Internal Affairs and some local governments have suspended the use of the app. The Japanese government’s Personal Information Protection Commission and the Ministry of Internal Affairs have demanded that LINE submit reports under the Personal Information Protection Law.

It’s time for the company to swallow the bitter pill — unless it reveals the full facts and convinces its users that strict privacy management protocols are in place, the air of distrust will never clear. 

Four engineers working at a Chinese affiliate of LINE were able to access the names, phone numbers, and email addresses of LINE’s users. Another company in China was entrusted with monitoring messages deemed inappropriate, while a Korean affiliate had stored images and other data on its servers.

LINE denies that there were any data leaks and insists that the affiliates are now barred from accessing the data. It has apologized for not providing “sufficient explanation” to its users.

The Personal Information Protection Law requires companies to gain consent from their customers before transferring their data overseas or allowing their data to be accessed overseas. The Personal Information Protection Commission requires that countries receiving such data must be stated in the terms and conditions. Since LINE did not specify any countries in its privacy policy, the company cannot claim that users understood or consented to their data being accessed from China. 

The free flow of data across borders is essential to the digital world, but only on the condition that personal data is properly protected. 

It would be an irremediable folly to forget that the goals of the Chinese government are the attainment of digital hegemony and the establishment of a surveillance society. The risk of data leaking to China is a fear shared by the international community. 

All companies, and not just LINE, need to be aware of the risks of outsourcing digital operations overseas, and be constantly scrutinizing their data security for loopholes. 

(Read the Sankei Shimbun editorial in Japanese at this link.)

Author: Editorial Board, The Sankei Shimbun

Leave a Reply