Earlier, we wrote about how we prioritize privacy from the beginning…Different countries have varying rules around the use of data & privacy expectations. To make it easier for everyone, we’ve compiled a summary of how data & privacy protection works in Japan.
- Using technologies like Bluetooth & Wifi for location & social behaviour context is 100% acceptable under Japan’s APPI & GDPR regulations.
- When considering APPI, the primary concern is whether we need consent to process the data.
- Consent is not required when processing anonymous / dis-identified data.
- For example: Mr Sakuta, 35, was at ABC Bar with Mr. Nakamura. This scenario should instead read, Person X, aged between 33-40, was in Tokyo’s bar district with a colleague.
- LivNao ensures individuals can never be identified both intentionally and un-intentionally through a variety of methods. From dis-identifying data before it leaves the user device to using encryption keys.
What is the APPI?:
The “Act on the Protection of Personal Information” (APPI) is the principal data protection legislation in Japan. The APPI was created to respect individuals’ personally identifiable information (PII) and to promote the proper handling of personal information—whether that’s manual or electronic information. Click here for the full APPI.
Who regulates the APPI?
The Personal Information Protection Commission (PPC) is an independent regulatory body that is authorized to advise a company or to ask the company submit a report on the handling of personal information. If a company violates APPI, the PPC may tell a company to cease the violation and/or take other necessary measures to correct the violation. Click here for the PPC’s mandates
What is considered PII?
APPI defines Personally Identifiable Information (PII) data in 4 ways:
- Personal Information: This is any information on living individuals that can help identify specific individuals or contains an “Individual Identification Code”.
- Individual Identification Code: This refers to any character, number, symbol, or other code that can single out a specific individual. (e.g. a driver’s licence number, credit card number)
- Personal Information Database: When information is assembled systematically in such a way that specific Personal Information can be retrieved by a computer.
- Personal Data: This is anything that a Personal Information Database can pull from.
- Retained Personal Data: This is any personal information that a company has the authority to disclose, correct, add, or erase.
How can companies alleviate cultural attitudes that contribute to concern towards privacy?
The introduction of truly anonymized data has been recognized by the APPI and rules have been formed so that companies know how to use anonymized data responsibly. Anonymously processed information is data that cannot be traced back to an individual and is not considered PII. Data should be grouped in general and high-level terms. Identifiable outliers should not be included in anonymous data sets. (i.e. When using age ranges such as 33-40, don’t include a 120 year old in that data set)
How do we ensure compliance with APPI (and beyond) at LivNao?
Privacy is engrained into our design & development methodology at LivNao. Customer trust is critical to everything we do, which is why we’ve laid down some ground rules:
- Anonymous – Only the user themselves can ever access their own data. Potentially identifiable data never leaves the user’s device, eliminating any risk of potential leaks.
- Ethical – Our strategy at LivNao is to use the minimum amount of data that is needed to provide a quality product to our customers, and nothing more…
- Transparent – We are always up-front about what data we collect data & how we use it to benefit users. We want our users to trust us.
- Secured – We use industry standard AES-256 encryption to ensure that data in-transit and at-rest is protected.
Privacy or Security Questions?
We’re always happy to chat about how we use & protect your data. Get in touch with our data officer anytime at email@example.com.