Session
Data Governance & Trust
Data Free Flow
Data Localization, Data Residency, and Data Sovereignty
Data Privacy and Protection
Information Technology Federation of Japan(IT Renmei)
Naoya Bessho, IT Renmei, Federation Member(Director/Chairman), Japan Natsuhiko Sakimura, MyDataJapan, Cooperating organization, Japan Sako Kazue, MyDataJapan, Cooperation organization, japan Mr.Christian Reimsbach-Kounatze, OECD Secretariat Kazuhiro Kameda, IT Renmei, Federation Member(Vice Chairman), Japan Masahiro Hanatani, IT Renmei, Federation Member, Japan
Natsuhiko Sakimura, MyDataJapan, Cooperating organization, Japan
3. Good Health and Well-Being
4. Quality Education
11. Sustainable Cities and Communities
Targets: [Goal 3] Good Health and Well-Being In Japan, personal health information is distributed and managed by multiple medical institutions and testing institutions. All people can enjoy a healthy life by aggregating and utilizing personal information based on the consent of the individual. In addition, the circulation of personal health information will create new industries, which will be advanced examples for improving the well-being of society as a whole. These new industries will contribute to resolve global issues. [Goal 4] Quality Education In Japan, personal learning information is distributed and managed by many public and private educational institutions. When such personal learning information is aggregated and utilized with the consent of the individual, everyone can enjoy high-quality education. In addition, the circulation of personal educational information will give rise to new industries, which will be advanced examples for providing optimal learning environment for individuals at low cost. These new industries will contribute to the solution of global issues. [Goal 11] Sustainable Cities and Communities In Japan, public services provided to citizens are uniform. Rare examples are utilizing individual preferences and action histories. When existing public services may not be provided due to population decrease and/or tight local government finances in the future, personal information aggregated and utilized with the consent of the individual will contribute to provide high-quality public services at low cost. In addition, the circulation of citizens’ personal data will create new industries, which will be advanced examples of “Super/Smart Cities”.
Presentation
When an individual uses various Internet services, personal data, including the individual's profile, location information, purchase history, search history, etc., is collected by the business operator that provides the Internet service. Part of the personal data is sometimes provided to third parties by the operator. However, individuals do not always remember consenting to the provision of their personal data to third parties, do not fully understand what the provided personal data is used for, and do not perfectly know how to stop the provision of personal data to third parties. On the other hand, business operators are currently showing hesitation in utilizing personal data, due to concerns whether individual users correctly understand the content of their consent and concerns about reputational risks. The above situation is an issue that needs to be resolved in order to realize the "Data Free Flow with Trust (DFFT)" advocated by Japan.In order to realize DFFT, it is essential to foster trust among data providers, data users (third parties), and individuals. The information banking service is a service for data providers, data users (third parties), and individuals. With the consent of the individual, the information bank service provider receives the individual's personal data from the data provider. The information bank service provider also determines the appropriateness of the third-party data utilization service provider on behalf of the individual and provides the personal data to the data utilization service provider in question. In order to ensure the trust of the individual, the information bank is required to follow the information bank guidelines regarding the specific method of obtaining consent and to establish an ethical review board to review the provision of data. In other words, information banks are designed as mechanisms to reduce information asymmetries among data economy participants by holding individuals accountable, ensuring transparency, and enabling individuals to control their own information. It is also accompanied by a mechanism to reinforce trust through third-party certification of compliance with information banking guidelines. In this tutorial, the ITFR will explain the nature of information banking and the "Information Bank Accreditation System". This accreditation system has been operated by the Federation of IT Organizations since 2018 to examine and accredit information banking service providers.
1. Receiving opinions and questions from online participants and share them with onsite participants 2. Realizing interactive session with Q&A 3. Visualizing the opinions of participants by using questionnaire tools
Report
Session Presentation
Nat Sakimura from Information Technology Federation of Japan (IT Renmei) provided presentation of “Trusted Personal Data Management Service (TPDMS) Certification Program”.
In G20 Osaka Leader’s Declaration (2019) , G20 countries can facilitate data free flow and strengthen consumer and business trust. In order to realize the safe and free flow of data, the Ministry of Internal Affairs and Communications of Japan has established the Information Bank system.
Information Bank is seen as a third way, different from the "CRM" in which a single company manages customer information and the "VRM" in which individuals manage personal information. Under this scheme, Information Bank, which has been certified according to guidelines set by the government, holds personal information in trust and provides support for data distribution and data utilization.
The guidelines established by the government have the following characteristics:
1)Certification Criteria
2)Model Terms and Conditions
3)Governance
Especially in governance, it is important that both the certification body and each information bank have a Data Ethics Board. This makes it possible to protect individual privacy and gain trust in data distribution and data utilization.
The IT Renmei certifies Information Banks according to these guidelines. The certification, called TPDMS (Trusted Personal Data Management Service), has the following characteristics:
T: Third Way for Personal Data Ecosystem
P: Participation of Individuals(Controllability)
D: Data Free Flow with Trust
M: Multi-stakeholder Governance
S: Soft Law(Co-regulation)by Public-private Initiative
Information Bank, certified by TPDMS, is a Personal Data (Trust) Bank that receives trust from individuals and supports the distribution and utilization of data. In return, in the unlikely event that an individual is disadvantaged, such as due to information leakage, they will act as the primary point of contact and be responsible for compensation. Through this, the aim is to dispel individual concerns and realize smooth data utilization.
Personal Data (Trust) Bank's Data Ethic Board ensures that the above is achieved by reviewing data collection methods, data utilization purposes, data provision to third parties, etc.
In addition, for certification, we collaborate with ISO's Security Management standards and Privacy Enhancement standards and provide certifications that are comparable to global standards.
Discussion
Kazue Sako (Vice Chairperson, MyData Japan) agrees and supported IT Renmei’s action. She also recognizes the same issues and is working to realize safe and secure distribution of personal information led by consumers through the activities of MyData Japan.
Among them, she asked why such good initiatives have not become more widespread.
IT Renmei believes there are several reasons for this, but the most important one is that data portability has not yet been legislated in Japan and is not fully recognized as a consumer right.
Christian Reimsbach-Kounatze,(OECD Secretariat) said that Japan is leading the way in this field.
In other countries, data brokers distribute data against people's wishes and use it for commercial purposes.
He said that there is a big difference between Japan's Personal Data (Trust) Bank, which support data distribution on the consumer's side.
On top of that, he presented the issue of:
・Will Personal Data (Trust) Bank be useful even in Europe, where data portability is allowed?
・Is it possible for small and medium-sized enterprises to realize this?
・Furthermore, if we are to leave discretion to individuals, how much discretion can we leave to them, and will they be able to understand and exercise it?
Summary
・TPDMS is a mechanism that helps reduce the information asymmetry among the data economy participants by implementing transparency, accountability, and controllability by individuals.
・TPDMS Certification Scheme formed by Public-Private partnership will help the trust formation by removing the need to verify by each participant.