Line has about 86 million users in Japan. Both national and local governments have been relying heavily on the app. The Ministry of Health, Labour and Welfare has been using it to report the daily number of COVID-19 patients, while local governments have been using it to receive vaccine applications.
Last month, it was revealed that engineers in China have accessed Line servers at least 32 times, enabling them to observe some users' names, phone numbers and messages. The firm says there has been no abuse or leaking of personal information stemming from the access.
Even so, the Japanese government decided to temporarily halt its use of Line this week. Chief Cabinet Secretary Katsunobu Kato told reporters that the government will set up a task force to thoroughly examine the issue. Some municipalities, including Osaka City, also suspended the use of Line for administrative services, until data security can be confirmed.
Meanwhile, operator Line Corp has already taken steps to resolve the issue. It announced on March 23 that the Chinese engineering firm it outsources work to can no longer access the data of users in Japan.
There is no Japanese law that prohibits businesses assigning work to Chinese firms, but many experts have expressed concern that the Chinese government can ask firms and individuals to submit any of their data under the country's National Intelligence Law.
Another factor that alarmed some Japanese users is the fact that personal data, including records of financial transactions made through the app, were stored on South Korean data servers. Again, there is no law prohibiting Japanese businesses from storing their data overseas.
Call for clarity
Matsumoto Tsuneo, a former president of the National Consumer Affairs Center of Japan, says the lesson from this controversy is that it is not enough for companies to get simple, superficial approval from their customers. Instead, he says, they need to reach out to their users on the assumption that they rarely look closely at the terms and conditions of services.
One idea that firms could adopt is offering explicit explanations of how they plan to handle personal data. They should repeatedly obtain approval from users to allow data transfers to a certain country.
The Japanese government has a role to play, too. Many countries have already introduced restrictions on cross-border data flows. The Line controversy may prove to be the impetus for Japan to follow suit.