Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Sub-Working Group on implementation of Rules on Data Handling in the Platform (Second)

Overview

  • Date and Time: Monday, February 14, 2022 (2022) from 1:00 p.m. to 2:30 p.m.
  • Location: Online
  • Agenda:
    1. Opening
    2. Secretariat Explanation (Intellectual Property Strategy Promotion Secretariat, Cabinet Office)
    3. Question and Answer / Discussion
    4. Adjournment

Materials

References

Relevant policies

Summary of proceedings

Date

Monday, February 14, 2022 (2022) from 1:00 p.m. to 2:30 p.m.

Location

Online Meetings

Attendees

  • Chief Inspector Watanabe
  • Fresh Shellfish Committee Member
  • Member Ota
  • Member Sawada
  • Committee member Shishido
  • Member, Tamaru
  • Member Masashima
  • Member Mano
  • Member Mochizuki

Summary of proceedings

About Stakeholders

  • By defining the position when involved in data distribution, it became clearer who and what concerns and anxieties needed to be addressed.
  • In FIG. 3 showing the configuration of the PF, it is better to clearly indicate the existence of not only platform users who have a direct contractual relationship with the platform operator, but also data providers who provide data to the platform users and observers who obtain data from the platform users.
  • Whether or not a party has a direct contractual relationship with a platform operator (platform user) is different from whether or not a party is subject to governance. Governance needs to be structured so that it extends not only to platform users but also to observers beyond them. For example, whether or not a data provider, which is a platform user, has provided illegally acquired data must be properly secured by the platform operator so that fraud does not occur, and ensuring that the rights and interests of observers and data providers upstream from the platform user are not harmed is also included in the purpose of governance structure. This point can be understood if you read the text of the guidance, but it is better to show it in the drawing, so it is better to show all stakeholders in Fig. 3.
  • Figure 3 shows what kind of stakeholders there are, and Figure 4 shows which stakeholders must do what to build governance. At present, the correspondence between Figure 3 and Figure 4 is unknown, and the two figures seem to be completely disconnected. It is good to express Figure 4 based on this after writing down the stakeholders in Figure 3.

Definition of controllability

  • If whether or not the use of data can be permitted by the observer is a requirement for controllability, there may be situations that do not match the actual situation. Therefore, the description of the definition needs to be reconsidered. Even if it is impossible for the observer to exercise control by permission or opt-out without a direct contract, measures should be taken so as not to harm the rights and interests of the observer, and it is better to include this in the concept of controllability.
  • For example, in consideration of the use of camera images, if the permission of the Principal is required in all cases, there will be cases in which utilization will not be possible.
  • For example, efforts such as assigning a privacy protection officer, enabling the observer to complain, and notifying and publicizing in advance what kind of data is handled and how it is handled are considered to be means to ensure controllability. These are already described in the guidance. It is necessary to describe the definition so that it cannot be understood that permission is the only method to ensure controllability.
  • Controllability may include things other than consent or permission. For example, it may be possible to access one's own data, request modification if necessary, or even be allowed to delete it. It is good to include control by routes other than consent, such as access to one's own data, in the concept of controllability.
  • Controllability should be defined as what the provider of data to the platform can do with the data. If it is expanded to what the participants in the front-end process, which is the source of controllability, can do, the definition will be expanded endlessly. Although it is required to prove the legality of the provider of data to the platform and prove that there is no inaction, what is controlled is what the data provider directly participating in the platform brings in. If it is controlled by tracing back how the source data was created, how it was observed, and who was involved in it, it is necessary to control all rights in the data supply chain while ensuring traceability. That is quite unrealistic. Therefore, regarding the wording of controllability, it is good to say "in an environment where data is used only for the purpose of use to the extent agreed," but it is actually very difficult to implementation that "the observer and the data provider can permit the use of data." What is important is whether or not the observer has the right to copy, redistribute, delete, and process the data to be provided to the platform based on his or her own will. Consideration for the rights of the observer is necessary, but it should be positioned in the duty of the provider who brings the data to the platform, and if the controllability is positioned as the rights of the observer, the implementation cannot be made.
  • What is called controllability is basically the involvement of the Principal, isn't it? Even in the The OECD's Eight Principles that is the basis of the personal data Protection Act, there is a principle of the involvement of the Principal. The way of involvement may be the consent of the Principal or notification or public announcement depending on the situation. It is better to replace the concept called controllability with the meaning of the involvement of the Principal, or to adopt the concept of the involvement of the Principal at least for Personal Data as the definition of controllability, and to clarify that there are shades of gray in the method of the involvement of the Principal, and to rebuild the concept of controllability.
    Controllability should be considered as an ideal rather than a substantive individual discipline. It is necessary to consider from upstream participants to downstream participants, but as a substantive discipline, there are various situations in which the observer can be involved depending on the risk, from cases in which the observer does not need to be involved at all to cases in which notification and publication are sufficient, cases in which the data provider guarantees that the observer has admitted, and cases in which it is necessary to effectively guarantee that the observer can exercise his / her right to claim in some form.
  • Each committee member pointed out the same thing in principle from the viewpoint of their specialty. Whether the duties of the platformer are based on the contract or the duties of the trustee beyond the contract, the duties that occur even without the contract are said to be the duties of the trustee, but it is exactly the basic duty of the platformer to the observer that there are certain things that the platformer must do. In Japan, trust-like things are sometimes arranged as if they were entrusted, and the duty of due care of a good manager, such as the duty of a director, is sometimes arranged without knowing whether it is a trust or a contract. In that sense, it is the overall tendency of the duties of the trustee in Japan to be processed in a clean manner, and it is impossible to state in a clean manner that a person who agrees to the terms of service is bound by the contract. In this guidance, the terms of service are specified as a method of constructing a controllability ensuring mechanism, and in Japan, the terms of service are arranged as a contract, so it is possible to think that a person who agrees to the terms of service is bound by the contract. Then, there is a method of creating a state in which profits and rights are indirectly secured by a method of expressing and guaranteeing to another person who is a party to the contract, but it is difficult to explain clearly where the basis for the platformer to be bound by a person who is not a party to the contract is in the end. Therefore, controllability can only be described as a concept.

Expressions concerning invasion of privacy

  • Since there are various theories and interpretations about the right to privacy, it is better to use the expression "the rights and interests of an individual are harmed" rather than the expression "the right to privacy is violated."
  • Whether or not an invasion of privacy is illegal is a matter of the definition of the word "invasion." In some cases, the word "invasion" is widely used in the sense that even an invasion may be justified or legalized. In other cases, the word "invasion" is also used as "illegal." It is important to keep the language neatly organized.

How to proceed in the future

  • Based on the comments, the Secretariat will revise the draft guidance, and after it is sent to all members by e-mail and confirmed, the draft guidance will be brought to the Data Strategy Promotion WG as a draft SWG.
  • In particular, regarding the concept of controllability, please confirm whether or not the modification is appropriate due to its importance.