Discuss how to protect users above all when regulating tech firms

With the growth of the internet, a major discussion point is how to protect users’ information collected by tech companies. It is necessary to establish rules that can be accepted by many people.

In mid-February, an expert panel of the Internal Affairs and Communications Ministry released a report regarding new regulations on tech firms.

Although the government plans to submit to the Diet a bill to revise the Telecommunications Business Law that reflects the purpose of the report, it intends not to include strict regulations due to opposition from business circles. The government should carefully listen to the voices of users and reconsider the contents of the bill.

In exchange for providing users with services such as free internet searches, tech companies such as U.S. firm Google LLC collect data on users’ browsing history. By sharing this data with advertisers and other companies, they are able to make huge profits by distributing digital advertisements that match users’ preferences.

Under Japan’s Protection of Personal Information Law, browsing history is not covered by the law as it is not considered personal information because it does not include users’ names, addresses and other such data.

However, there are many people who feel uncomfortable with the fact that data about what they are interested in and what they have bought is being accumulated and used in advertising without their permission. Concerns about information leakage are also growing.

For these reasons, the communications ministry initially tried to mandate that users’ prior consent be obtained before providing their browsing history to outside parties and that a system be introduced to allow users to refuse to provide their browsing history to outside parties after agreeing to do so.

Due to strong opposition from the business community, which claimed this would restrict their business, the report dropped the requirement to gain users’ consent, only stating that it would be sufficient to notify and publicize that the information was being provided externally.

Overseas, the European Union’s General Data Protection Regulation (GDPR), which went into effect in 2018, stipulates that browsing history is also personal information and prohibits in principle the provision of the information to outside parties without consent. In the United States, the state of California has started similar regulations, which are spreading to other states.

The top priority should be placed on protecting users. Japan must avoid lagging behind other countries regarding such legislation.

Discussions over the latest regulations on tech companies began in response to the problem of companies in China being allowed to view user information on the free communications app Line. The Japanese government’s regulations are expected to have companies make public in which country their information storage servers are located, but no conclusion has been reached and it intends to continue considering this issue.

Primarily, the Telecommunications Business Law only applies to businesses under the jurisdiction of the communications ministry. As businesses such as major retailers that also handle online shopping are not included, it cannot be said that the scope of the regulations is sufficient.

In addition to the communications ministry, other related ministries and agencies should work together to put in place an environment as soon as possible in which users can use internet services with peace of mind.

— The original Japanese article appeared in The Yomiuri Shimbun on Feb. 22, 2022.