TOKYO -- Technicians at a Chinese company affiliated with the Japanese provider of the Line chat app had access to personal information of users in Japan.
The affiliate, Line Digital Technology (Shanghai), had four employees who could access user data from a server in Japan since August 2018. The data included names, phone numbers and identification numbers, as well as some messages that were reported by users to Line as inappropriate content. Line said the affiliate was given access to the extent required to perform its job. Line also said it did not know of any unauthorized access at this time.
However, Line said it had already denied Line Digital Technology (Shanghai) permission to access some data between February and March, to "further raise the security level."
Line has around 86 million users in Japan, making it a major component of people's online lives.
In addition, there was not sufficient explanation about the work of foreign companies in monitoring the contents of the profile screen and its bulletin board function, called open chat. Line outsourced the monitoring to a domestic contractor, but it subcontracted the work to a company in Dalian, China.
Line does not appear to have violated Japan's Personal Information Protection Law, which stipulates that the user's consent should be obtained when transferring personal information overseas. But the impact to its reputation as a secure messaging app could be severe, and that could derail its efforts to create an all-in-one "superapp" after completing a merger with Yahoo Japan, an affiliate of SoftBank Group, in early March.
Line plans to step up efforts to explain how it uses customer information, and revamp internal rules regarding access to sensitive data. It will also set up a special committee made up of security and privacy experts.