Line, the Japan-based messaging and payments app with millions of users around Southeast Asia, has conceded that its data protection regimes had multiple shortcomings, and therefore put users’ personal information at risk.
Parent company Z-Holdings yesterday released a report compiled by a Special Advisory Committee on Global Data Governance that it convened in the wake of revelations that some user data had been processed in China and/or stored in South Korea.
Line is vastly popular in Japan, where it boasts over 85 million monthly users and is so prevalent the nation’s government relies on it as a channel for digital services. The app has also made inroads into South Korea, Thailand, Taiwan, and other Asian nations, bringing it a total user population of over 700 million – over 150 million of whom are active monthly users.
The company’s payment service, LINEpay, handled transactions valued at over $8.5 billion a year before Line became a part of Z-Holdings in March 2021.
The headline finding of the committee’s report is that Line outsourced some of its data handling to China without ever stopping to think that the Middle Kingdom’s government might decide to have a look at user data. The report points out this was a big failure that amounted to the company not considering Japan’s economic security.
The company also admitted it fibbed to users when it promised that all data was stored in Japan – some also went to servers located in South Korea. (The company is part-owned by Seoul-based Naver Corporation.)
The report offers the usual social media prescription for sorting out the mess: apologies, pointing out the company tries very hard to do the right thing, and a promise to do better in future.
For Line, that means new committees to consider data security, ensuring that communications to users don’t include falsehoods, and a recognition that the company needs to understand what different jurisdictions’ laws – and changes to those laws – mean for Line users everywhere. Especially if its operations are going to cross national borders.
Another item identified as needing more work is governance across Z-Holdings. That matters because the company also owns Yahoo! Japan, and data sharing among brands has been mooted.
Line also issued a guidance to users that explains how it responds to law enforcement authorities’ requests to access users’ data.
That document boils down to a pledge to comply with Japanese law, and the disclosure of users’ ID, email address, phone number, and even messages if they weren’t sent with end-to-end encryption.
Line won’t automatically hand over such data. The document explains that a privacy team assesses incoming requests from investigators and may reject them if an investigation is deemed too broad, or displays “legal inadequacy”.
Nor will the company assist authorities for all matters. Instead, the company will only consider handing over data for investigations of:
- Personal injury (murder, bodily injury, etc.)
- Monetary damage (fraud, blackmail, etc.)
- Child abuse
- Illegal trade (drug trading, bank account fraud, money laundering, etc.)
- Threats of illegal activity (suicide threats, murder threats, bomb threats, etc.)
Isn’t it nice to know that at least one of Asia’s tech giants has more or less the same blind spots as Facebook and friends? ®