Line operator LY Corp.: Reform Needed for Management System Handling Users’ Personal Information

It is a matter of concern that the slipshod handling of personal information continues in the case of a free communication app that is in widespread use throughout the country. LY Corp., the operator of the popular Line app, needs to be aware of the heavy responsibility it bears and rectify its management system.

Last November, LY Corp., created through a merger of companies including Line Corp. and Yahoo Japan Corp., announced that there may have been 440,000 cases of personal information of Line users and others being leaked. After a subsequent investigation, the number was increased to about 520,000.

The information suspected to have been leaked was mainly the gender, age and the like of users. But in about 20,000 cases, it is said to have included such data as the date and time of calls made using the app.

The Telecommunications Business Law mandates that carriers protect not only the content of communications, but also the date, time and location as “secrecy of communications.” The latest incident violates this provision and cannot be given a blind eye.

The Line service was launched in 2011, and the original operator was a subsidiary of South Korean tech giant Naver Corp. The subsidiary integrated its business in 2021 with a major Japanese tech company that at the time had Yahoo Japan under its umbrella, but Naver remains a major shareholder in the holding company of LY Corp.

The leak is said to have occurred when a subsidiary of Naver, to which LY Corp. outsources data management and other operations, was hacked, and Line’s servers were also compromised. The Naver subsidiary and the Line operator were using a common authentication infrastructure for access control.

The Internal Affairs and Communications Ministry, viewing it as a serious incident, this month issued administrative guidance to LY Corp. In addition to strengthening management and supervision of the third party it uses for outsourcing, the ministry also demanded the company review its management structure, including its capital relationships.

For outsourcing, LY Corp. uses a subsidiary of a major shareholder. It is believed that supervision of the company possibly lacked thoroughness because the major shareholder holds great sway over LY Corp.

LY Corp.’s holding company is capitalized equally by cell phone giant SoftBank Corp. and Naver. The companies, including SoftBank, should look into ways to establish an appropriate management structure.

In 2021, it was found that employees of an outsourced Chinese company were able to gain access to Line users’ personal information, leading the ministry to issue administrative guidance.

And last August, it was found that location information of users of Yahoo’s search engine was provided to Naver without the users being sufficiently notified.

Protecting personal data is the most important task in the information technology business. There are now nearly 100 million Line users in Japan, and the app has become a part of the public infrastructure, with local governments using it for administrative procedures and other matters. It is imperative that LY Corp. establish a management system so that the service can be used with peace of mind.

(From The Yomiuri Shimbun, March 12, 2024)