Utilization of Personal Data (1)

Utilization of Personal Data (1)

Thank you very much for your purchase of Ryoden products and services. My name is Ryuji Takeuchi and I am an engineer with Ryoden Corporation’s New Business Promotion Department.

As an introduction to security technology, I would like to explain to you how personal data is utilized. I will divide my discussion into three parts.

1-1 Personal Data and MyData

In the world we live in today, we are called upon in a wide variety of situations to say who we are and to prove it. In Japan, the most common ways of identifying ourselves is to produce a driver’s license, health-insurance card or personal identification number (“My Number”) card. Of course, these identification methods simply provide a number that identifies us uniquely; they are not intended to tell the whole story of who we are. A full picture of each of us as individuals is formed from a wide range of information about our daily activities, such as our movements, the food we eat, how we exercise and our shopping habits, as well as our conversations with others, our hobbies and our interests.

In a telecommunications white paper published in 2017, Japan’s Ministry of Internal Affairs and Communications (MIAC) divided data into four categories. The Ministry positioned data belonging to individuals as one of the most important categories, alongside government and corporate data.

There is a distinction to be drawn between personal information and personal data. These terms are defined as follows.
Personal information
→ Information about a living person, as defined in Article 2 of the Personal Information Protection Act
Personal data
→ Personal information plus a wide range of other information with regard to a certain person, including information that cannot be used to identify that person

Put simply:
Personal information is information that identifies an individual. Personal data includes personal information but also includes a much wider range of information about that individual.
Let’s now consider how this personal data is used in the real world.

1-2 What is MyData?

Professor Koichi Hashida of the Graduate School of Information Science and Technology, University of Tokyo, describes MyData as follows.

  • MyData is the principle that the person to whom the information pertains is the person who takes the initiative in deciding how that information is used. This principle has the following important implications:
  • • Unless otherwise stipulated by law, the use of personal data requires the consent of the person to whom the data pertains.
  • • It is impossible to manage the sharing and use of personal data on a wide range of services from some central depot. This information must be managed on the periphery, as close to the user as possible.
  • • The value of a service is its value to its recipient. The value of a service is maximized when personal data is used in accordance with the needs of the person to whom it pertains.

Professor Hashida also points out that MyData must be an inseparable part of AI.

  • • In order to provide good-quality services to each individual using AI, it must be possible to use rich data with respect to that individual.
  • • When analyzing data about large numbers of individuals, it must be possible to collect rich data from those individuals based on their individual consent.

In the near future, the principle that each individual manages and operates his or her own personal data may become an inevitable condition for the receipt of AI services tailored to one’s own needs.

1-3 Globalization and Data Portability

The European Union has recently overhauled its rules on the protection of human rights regarding data, implementing the new rules as of May 2018. These rules are known as the General Data Protection Regulations (GDPR). Following the EU’s lead, countries around the world are preparing their own legislation, against a background of rapid advances in ICT and globalization.

Symbolizing that globalization are the quadrumvirates of Google, Amazon, Facebook and Apple (“GAFA”) in the United States and Baidu, Alibaba, Tencent and Huawei (“BATH”) in China.
These platform operators rake in prodigious amounts of money based on their oligopoly over personal data. The GDPR is putting a stop to their centralized collection of personal data, founded on the principle that “personal data is the property to whom the data pertains, and every individual has the right to control how that personal data is used (control of one’s own data is a basic human right).”
Individual management and use of one’s personal data require something called “data portability.”

Data portability is the ability to transfer personal data collected and accumulated by one service freely to another, at the individual’s discretion, based on the principle that information about an individual is the property of that individual. This is crucial for the realization of MyData as described in 1-2 above.

1-4 The Environment Surrounding Data Portability

After its promulgation of the GDPR, the EU has continued to reinforce this directive with a series of actions to protect personal information. Legislation is being prepared in numerous countries, from the United States, which champions free competition, to totalitarian China.
We will now take a simple overview of trends in these three regions and Japan.

Technology Blog