Daily revision of personal information protection method to help large data utilization

The "Personal Data Seminar", organized by the Japanese Prime Minister's residence, June 19 proposed changes to the "Personal Information Protection Act" and developed new personal data usage programs to promote and standardize the use of "Big data". The programme recommends that enterprises may, without their consent, provide to third parties and use information that cannot be presumed to be specific to individuals, such as a shopping resume, mobile status, etc. In order to avoid discrimination, "private information" such as race, belief, social identity is not provided. Facial identification data, such as "physical characteristics of information" added to the need to protect the "personal information".

Japan's "It Integrated Strategic headquarters" will be discussed in accordance with this plan, and the enactment of "Personal Information Protection Law" amendment. The amendment is expected to be submitted to Congress next year.

Study on amending personal information Protection law

With the development of it technology, it is possible to use the voluminous "personal data" in the network. The data, known as "Big Data", is considered a treasure trove of great wealth. By analyzing these data, we can understand the consumer's action pattern and preference, which is helpful to the enterprise's commodity development and advertising.

In order to promote and standardize the "big data" use, while protecting personal information, Japan's "It Integrated Strategic headquarters" in September 2012 set up a "personal data workshop" composed of experts, specializing in the revision of "Personal Information protection law" matters.

"It integrated strategic headquarters" for the Prime Minister's official residence under the policy meeting, known as "the promotion of high information and communication network social strategy headquarters", by the Prime Minister himself as minister.

Japan enacted the "Personal Information Protection Law" in 2003, which stipulates that the name, address, etc. can represent the specific person's information belongs to "personal information", protected by law. The user must properly manage the collected personal information, without the consent of the third party can not be provided or transferred to use, offenders will be sentenced to criminal penalties.

At present, the "personal data" in "Big Data" belongs to the "personal information" which is protected by law, and which is still a vague grey area which can be used freely. The business side wants the law to be clear about the scope of "personal data" that can be freely used to give effect to "big data". Consumers, on the other hand, fear that privacy is not protected when using "Big Data".

Several examples in recent years reflect the contradictions between enterprises and consumers. such as Japan's largest mobile communications company "DoCoMo" from October 2013 onwards to the enterprise sales through mobile phone location information collected population information. The information provided cannot be presumed to be specific and does not violate the "Personal Information Protection Act", but in order to eliminate user unease and reduce resistance, the company says it can be excluded from the collection as long as the user requests it.

Scheme proposes "flexible" personal data

"Personal Data Seminar" after 12 meetings, on June 19, proposed the "flexible system outline of personal data modification" program. The basic idea is that the use of "personal data" is not only beneficial to individuals and the interests of the whole society, in the process of using the protection of privacy, to make use and protection in line with the development of information technology and maintain a balance.

The programme asserts that, under the existing law, the use of personal information for the purpose of providing or using a third party is subject to the consent of the person, which is a huge burden for the enterprise and a "wall" that impedes the flexible application of "large data". A new system should be set up to allow the enterprise to "process" personal information and to remove any part of the individual that may be identified, allowing the provision of or other use to third parties without my consent.

As to how to "process" personal information in order to reduce the likelihood of the presumption of specific persons, the programme considers that information and communication technologies are evolving and that factors such as individual subjective awareness will change with the times, and that in order to remain flexible, the law only provides for a large framework, with specific rules to be developed by

The program is called this should set up a third party body, the civil society and its established rules of identification, supervision, at the same time give it to the personal data users of the inspection, supervision, management authority.

The amendment is submitted to Congress early next year

In the area of personal information protection, the Programme recommends the inclusion of "information on physical characteristics" as protection. Facial and fingerprint identification information, voice print, DNA, handwriting and so on may become the protection object after the law changes. The enterprise must make clear the use of the purpose and obtain the consent of the person to obtain this information, and can not be provided to third parties.

In addition, in order to avoid discrimination, ethnic, religious, identity, criminal record, experience and other "private information" in principle, prohibit the collection and use of enterprises. But in the case of consent or for the protection of personal, property security needs, and so on.

The programme also emphasizes that system development should pay attention to international standards. Network Without Borders, with the internationalization of enterprise activities, Cross-border information exchange is very normal. In 2013, OECD developed a "Privacy Policy", in 2012 the United States published "Consumer Privacy rights guidelines", in 2014, the European Parliament passed the "Personal data protection provisions." In this context, Japan's new system should consider the compatibility with other countries ' systems to ensure that Japanese enterprises and foreign enterprises to exchange and share personal data.

"It integrated strategic headquarters" This week will be based on this outline plan to begin to revise the "Personal Information Protection law" discussion. The proposed proposal will be submitted to Congress as soon as possible in early 2015, and a third party institution shall be established by law as soon as possible.

(Responsible editor: Mengyishan)