The Japanese government’s pressure to sell Line’s shares began two years ago with the suspension of personal information protection certification review.

Line was virtually eliminated from the Japanese certification agency’s audit two years ago.
“Doubts about credibility. Unusual warning that “internal control is not working”
Ministry of Internal Affairs and Communications, strong dissatisfaction with poor management that has been repeated for several years

It was revealed that Japan’s largest messenger service ‘Line’ had its global personal information protection certification reviewed in Japan two years ago after being notified that its reliability was in doubt.

Regarding the personal information leak last November, which led to pressure to sell Naver’s stake in Line Yahoo, it is known that the Japanese government belatedly found out that Naver and Line shared an authentication base and severely reprimanded Line Yahoo. .

For this reason, there is a strong view in Japan that the security problems of Line, the country’s national messenger service, cannot be resolved without changing the structure in which Naver holds a 50% stake in Line Yahoo. This is why the Japanese government is pushing hard-line measures against Naver and Line Yahoo, regardless of the improvement in Korea-Japan relations.

● Line virtually fails Japanese personal information protection certification review

According to the Japanese information technology (IT) industry and the Nippon Keizai Shimbun on the 12th, Line received an unusually strong warning in the international personal information protection certification review conducted by the Japan Information Economy Society Promotion Association (JIPDEC) in the spring of 2022 and was notified of suspension of the review. received. JIPDEC is a foundation in charge of operating the electronic signature and authentication system in Japan. It is a de facto public institution similar to the Korea Internet & Security Agency.

At the time, Line underwent the Asia-Pacific Economic Cooperation (APEC) Global Personal Information Protection Certification System (CBPR) review here. Obtaining APEC CBPR certification is recognized as a company that adheres to data protection rules, which is advantageous when entering the financial and online shopping businesses in the United States, Japan, Singapore, and Taiwan. Naver and Yahoo each obtained CBPR certification in Korea and Japan in 2022.

The Japanese association is on the line during the screening process. “Internal controls are not working properly and the reliability of your company’s self-declaration (related to personal information protection) is questionable.”It was reported that he pointed out that also “The declaration of security measures and safety management measures is not appropriate.”He gave unusually strong notice. After the review began, nearly 10 cases of personal information leakage that were not reported to the association were revealed. Ultimately, the association stopped the certification review of the line. It was a virtual elimination.

An official in the Japanese information and communications industry said, “It was nominally a review by a private association, but this was the first time the Japanese authorities’ distrust of Line’s personal information protection was revealed on the surface.”

● Japan’s Ministry of Internal Affairs and Communications reprimands “Isn’t this different from what we have said so far?”

Japan’s Ministry of Internal Affairs and Communications has expressed strong dissatisfaction with Line’s poor management of personal information, which has continued for several years without improvement.

The Ministry of Internal Affairs and Communications’ first administrative guidance on the line was in April 2021. At the time, Line entrusted work to China for the development of artificial intelligence (AI) technology, and in the process, it was belatedly revealed through media reports that Chinese engineers had the right to view Japanese personal information. Not only the Japanese government but also SoftBank, which was conducting integrated management, failed to understand that Line had entrusted the business to China.

In a third-party committee investigation commissioned by Line to an external expert, the committee pointed out, “Even though Line’s image and video files were stored on a Korean server, Line explained that the data was located in Japan.” At the time, in order to make up for the trust damaged by the accident, the line pursued international certification, but ultimately it did not achieve any results.

Security incidents surrounding Line Yahoo continued. In July last year, the Ministry of Internal Affairs and Communications issued administrative guidance because 4.1 million pieces of ID location information provided by Yahoo Japan to Naver were physically copied and security control measures were not sufficient.

Line Yahoo’s response to the information leak in November of last year, which directly led to the pressure to sell its shares, was lax. At the time, the incident occurred when Naver and Line shared an authentication-based system, and the cyber attack suffered by Naver extended to Line. After the 2021 incident, Line Yahoo said it had moved its data to Japan, but as a result, the status of access abroad did not change. The Ministry of Internal Affairs and Communications summoned Line Yahoo officials. “Isn’t it different from what you said so far?”It is said that he was strongly reprimanded.

● Japan’s Ministry of Internal Affairs and Communications takes a hard line, “Reexamine security governance”

Key logs related to Line personal information protection

The Japanese government plans not to bend its existing administrative guidance measures requesting a review of capital relations, despite whether Korea-Japan relations will improve and the recent public opposition in Korea. Minister of Internal Affairs and Communications Takeaki Matsumoto said at a press conference on the 10th, “We are requesting measures such as reexamining relationships that are largely controlled by capital and accelerating the essential review of security governance for the entire group, including the parent company.”

Tokyo = Correspondent Lee Sang-hoon sanghun@donga.com