Telecommunications data storage locations will soon be public in Japan • The Register
Social media and search engine operators in Japan will be required to specify the countries in which user data is physically stored, as part of a planned adjustment to local laws.
The Interior and Communications Ministry announced this week that it plans to submit the revised Telecommunications Business Law early next year.
The amendment, if passed, requires search engines, social media operators and mobile phone companies with over 10 million Japanese users to disclose where in the world they store data and identify all foreign subcontractors who can access the data.
The proposed law applies to foreign companies operating in Japan, which means Twitter and Facebook will have to publicly disclose their storage choices. Oddly enough, search engines that only cover travel and food get a pass and don’t have to comply.
Concerns of opponents of the law Express Tuesday include how far the measures will expand, and that they may be too broad and ambiguous. Business operators wondered whether they would face difficult-to-predict management costs and technical limitations in information management.
“There is a risk that the costs will be passed on to users in the form of lower service levels and price increases, causing social inefficiencies,” said a response to the ministry’s hearing with telecom operators.
The move is in part a reaction to Japan’s wildly popular free instant communication app, LINE, which has had several recent issues with data storage and protection.
In March of last year, it was revealed that some of LINE’s data had been routed to China, prompting Japanese government officials to stop using the app. Previously, LINE was used for communications for many regional governments. Like a Reg reader underline, the ban did not last long, and the use of LINE was reinstated by some regional government departments.
A few months later, 100 local politicians and their LINE communications were extracted when a cyber attack successfully disabled the encryption features.
And just a few weeks ago, it was reported that 133,000 LINEpay user data had been uploaded to the unlikely location of GitHub when a research group employee allegedly performed a random oopsy.
With these incidents in mind, the government’s legislative move looks less like a knee-jerk reaction and more like a justified preventive action against future data snafus – especially as different countries use different storage standards and laws.
A company that violates the amendment proposed by Japan could face business improvement orders and more. In addition to the change in the law on telecommunications companies, companies will have to comply with the Japanese law on the protection of personal information from April 2022. ®