Latest Issue
Vol 8, Issue 3, September 2017 Global Policy’s September 2017 issue contains, among others, research articles on the BRICS’ new development bank, the G20 and climate change, the human right to health, and digital diplomacy. It has a special section on ‘Policy Instruments for Innovation, Investment and Global Trade’

Future Challenges of Data Governance and Implications for Japan: An Interview With GGF 2027 Fellow Reirui Ri

Joel Sandhu - 25th April 2017
Future Challenges of Data Governance and Implication to Japan: An Interview With

This interview was conducted by Joel Sandhu for the Global Governance Futures – Robert Bosch Foundation Multilateral Dialogues, which bring together young professionals to look ahead and recommend ways to address global challenges.

Your work focuses on how the courts of the United States and the European Union determine internet jurisdiction, especially with regard to freedom of expression and data governance. Tell us a bit more about what you have learned.

Jurisdiction and interoperability of local laws governing the internet has become one of the biggest concerns in internet regulation after “rights to be forgotten” debate. Nations fear losing power to regulate global internet services servicing their nation citizens, and internet services fear they are regulated under every applicable local law. My research focuses on the legal systems of the EU and the US to determine how they differ from Japan’s in their approaches to internet jurisdiction. I discovered that, for each country, the history and political structure of national or regional governance had helped to influence how advanced their legal theory was. For example, given the federal structure of the US, cross-state disputes were constantly an issue. As a result, US legal doctrine evolved to deal with complex jurisdictions. Japan, being one nation with one jurisdiction, did not have to deal with such a problem as much, and is therefore further behind on developing legal theory to handle extraterritorial jurisdiction and conflicting laws. A US court is much more likely to claim jurisdiction over a foreign entity or oversea based data than Japanese courts. This is easily seen in the recent Microsoft Ireland case, in which US ordered data stored in Ireland datacenter should still be turned over to US government. US courts also tend to focus more on the actual relationships between the company and the US (e.g. interaction between US customer, whether an US employees works from US for the company, etc.)

How has your research shaped your thinking about the balance between privacy protection and freedom of expression?

It is still a very hard question for me, but if there is anything I have learned, it is that every individual and every culture has a different interpretation of and expectation for their privacy. For example, is a community doctor a public figure? A lot of Asian communities would say yes, while European and US communities would say no. I do not think there is a one-size-fits-all rule or some kind of a legal test that can be applied to this space. Each society and community would need to have a strenuous discussion and form a consensus about what their social justice is. Personally, I do believe that with some exceptions, the information you have willingly made public is no longer private. Allowing limitless retraction of personal disclosure and speech does not encourage healthy online behavior and digital literacy growth.

What are some current data governance issues in Japan that global stakeholders should be aware of?

Recently, the integrity of information online has been the topic of heated debate. Much like the fake news debate in the US, but different in topic, in Japan inaccurate medical information provided by curated news media was called into question. Japanese web media and society are taking on hard questions about what kind of information requires strict journalistic evidence (e.g., medical information, slander, and defamation, and what does not (e.g., fashion and health tips. Given that this also taps into the arena of intermediary liability and the responsibility and morality of internet media platform services, some interesting policy implications may arise.

Another area to watch out for is Japan’s Social Security and Tax Number System, the so-called “My Number” system. As the name signifies, the national ID system is currently only used to identify individuals for social security, taxes, and in cases of natural disasters. However, the Japanese government is looking to expand its use to private services such as banking and ticket sales. The current plan includes eliminating existing banking login information and substituting it with a “My Number” ID. Given the large quantity of aggregated personal information, many believe such expansion may instigate data security concerns and privacy concerns.

In the longer term, Japanese policymakers are focusing on rule-making for exponential data growth as a result of Internet of Things (IoT) product penetration and artificial intelligence.

What are some of the major data governance challenges that you foresee arising in the near future?

Different challenges lie ahead for different stakeholders. But to give a broad answer, I see a lack of effective conflict resolution between private parties as a major challenge. Nations often have political or bureaucratic channels to communicate in instances of cybersecurity breaches or cyber-crime cooperation. However, in disputes between private parties, it is becoming increasingly difficult for individuals and companies to resolve their conflicts given the web anonymity, territoriality, and the complexity of data systems. This could lead to a heightened fear and induce individual resignation from participating in data governance rule-making.

From a company’s perspective, competition issues may become challenging. Data as a barrier to market entry and monopolization issues are currently actively debated. Smaller companies and developing nations are playing with the idea of encouraging or forcing the existing internet giants to make their consumer data and market expertise publicly available. Depending on the results and compromises of this debate, we could be moving toward a change in the data governance structure of companies.

Finally, I also see lone-wolf or small-scale cyber-terrorism as a big threat to global data governance. These attacks can be manipulative and may initiate political actions that prioritize domestic interest, or reduce citizens’ trust in their governments.

Reirui Ri is a research fellow with the Stanford Program in International Legal Studies at Stanford Law School and a Global Governance Futures 2027 fellow. The views expressed here are her own.

Photo credit: ~Bob~West~ via Foter.com / CC BY-NC-SA