Suica travel records for sale!?

A decision was made by JR East to sell information consisting of processed travel records of their Suica travel card. Subsequently, user voices were raised in alarm and opposition, ultimately causing the decision to be abandoned.

The data analytics of boarding and disembarking stations, times and dates of use, age segments, and gender could be extremely valuable to the operation of stores within station premises and commercial establishments surrounding stations. Such big data, or large data sets that, when analyzed, can be used to derive knowledge useful for businesses, is currently a subject of great attention. Even aside from Suica, geolocation from smartphones and Internet shopping purchase histories are analyzed by many types of companies, with high hopes for their use and application by communities and businesses.

However, Suica travel records and purchase histories of beverages, magazines, and other products could also lead to the exposure of individual behavior patterns, interests, and preferences, and so as shown by the Suica problem, big data is now being directly faced with the big challenge of privacy protection.

Misunderstandings of privacy

The use of big data has become subject to constraints, due to disputes over privacy with the vague premise that having one’s personal information used by unknown parties is an undesirable idea. When referring to personal information, the mistaken ideas of users that any and all such information should be protected, coupled with the misunderstandings of corporations that all personal information is fair game for utilization under the pretext of big data, are believed to have caused the advancement of big data and privacy protection to reach a state of stagnation.

Even for the Suica problem, makeshift responses based on the perspectives of anonymity measures for personal information in order to prevent the identification of specific individuals, judgments on relevance to the initial purposes of use, and accountability to users how their personal information is being handled, can also be expected. However, unless the subjects to be protected under the right to privacy are made completely clear, it is only a matter of time before the instinctive feelings of uneasiness perceived by users result in the use and application of personal information becoming restricted.

It is at this point that we should take a moment to stop and think rationally about what privacy really is, why it must be protected as a fundamental right, and what should be done regarding the use and protection of personal information.

Global issues and local culture

When exchanging views with Privacy Commissioners from overseas, I am occasionally asked why we hear of so few personal information leakage incidents involving Japanese global companies. In Japan, provisions for personal information protection are made to near-perfection, and in the worst-case event that leakage does occur, corporations take actions that include publicly announcing the situation, providing apologies to customers, and distributing gift cards voluntarily even if there is no legal trial. This is an illustration of Japan’s unique privacy culture not found in other countries, and is possible because a comparatively strict standard of privacy protection has been maintained. On the other hand, excessive examples of this protection are becoming more widespread, and cases of overreaction, such as cancelling the creation of alumni directories for university reunions, and not sharing necessary personal information even in the event of a disaster, can also be seen.

Privacy is a social norm and aspect of culture that reflects individual senses of community. Information, however, flows globally. Although Japan’s characteristic privacy culture should be treated with great importance, it is also essential to understand at the same time that privacy protection is a universal issue that reaches across the globe.

Thinking rationally about the right to privacy

The right to privacy in America has been composed with a key focus on freedom from government, deeply imbued with a sense of individualism, while in Europe it has been guaranteed on a basis of dignity, arising from its overcoming of the control of personal information by the traditions of status previleges and Nazism. In America, Do-Not-Track mechanism, prohibiting the unauthorized tracking of Internet browsing histories, are recommended, and in Europe the “right to be forgotten” or “right to erasure”, by which personal information infringing on one’s privacy can be deleted from the Internet, is being proposed. Furthermore, there is an international trend toward the idea that regulations are necessary to control profiling such as deriving specific personal profiles, for example from hospital records or medical treatment histories, which could become a cause of discrimination or prejudice. Here in Japan, we are reaching a moment when we must stop not to hold debates over privacy fueled only by intuitive feelings, but to once more reconsider the basic philosophies of why privacy as a fundamental right must be guaranteed.

Louis Brandeis, a U.S. Supreme Court Justice who invented the concept of the right to privacy to the world, stated the importance of this right as “the most comprehensive of rights and the right most valued by civilized men.” A country whose personal information can be sold to others through illegal means will be viewed as one devoid of decency or self-respect. If this happens, any trust in data transfer across national borders will be damaged, and in the long term it will conceivably usher in the failure of big data. The use and application of big data can only begin once privacy is guaranteed as a fundamental right, with both the protection and use of personal information poised as critical issues for the growth of Japan.