'Background of GDPR and European Values on Privacy', a Consento webinar at ProjectDS


European flag displayed on a tough skin, with a missing star, signifying Brexit. (Image contributed by freestocks.org -- CC0 1.0 Universal (CC0 1.0) Public Domain Dedication)

GDPR is a regulation set in Europe, mainly to protect personal data by setting out the rules on how to deal with/transfer data. However, the tricky part is that this regulation goes beyond the border if you deal with personal data linked to users residing within EEA. Comment

Japan is also one of the biggest countries which has numerous business activities between Europe, and we see an increasing awareness of GDPR in Japan. On 27th February, we had an opportunity to give a webinar at Project DS run by Mr. Hiroshi Sonoda from Yamato Logistics, and we introduced the narrative of GDPR in the European context, and how Consento as a startup supported by NGI Ledger program is trying to offer the solution.

“Background of GDPR and European Values on Privacy - Europe’s Frontline Attempt to Create a New Internet Space”#

Since the General Data Protection Regulation (GDPR) was officially launched in Europe in 2018, there has been a lot of focus in Europe on data privacy considerations and the use of decentralized networks such as blockchain. Considering the huge fines for violations and the risk of damaging company’s reputation, it is important that not only European companies but also Japanese companies that exchange data with Europe take action. With presenting the example of Consento developing GDPR compliant data privacy apps, we discussed on the current data privacy situation in Europe right now.

What’s Project DS?#

Project DS is a closed community of 100+ people in various businesses to foster digital transformation in Japan, and the aim is to learn from each other through presentations and networking.

The organizer, Mr. Sonoda is a member of the SAAJ (System Auditors Association Japan), the Institute of Actuaries of Japan, and the ITPS (Japan Management Association). After working for Meiji Yasuda Life Insurance Company’s Information Systems Department, The Meijiseimei Asset Management of America INC (NY), and Yamato Autoworks Co. He has worked as a Board Member, PM, PMO, and Solution Consultant for general-purpose computer system development, Open system development, and AI evangelist. He is also an auditor for an architectural company, a consultant for an IT-related company, a representative for a DX project, and an advisor for public insurance. He has a strong passion for fostering Digital Transformation in Japan.

About 30+ DX enthusiasts participated in our webinar, and we had some very interesting discussions on the Japanese values on data privacy and the issues on privacy mark (The biggest 3rd party certification for data privacy in Japan).

We implemented a survey using 5-point scale after the webinar. According to the feedbacks, 53% of the participants feel the strong relevancy of GDPR to their business and daily work-flow, and 60% feel Japan should implement the strong data privacy policy as GDPR.

Many of them see challenges in Japan’s data privacy compliance policy, and here are some interesting feedbacks.

Perspectives of the webinar participants on privacy data handling in Japan#

Question : "What do you think is a challenge in the way the Japanese government handles data?"

  • I have been advocating the need for this for 3 years now, but I feel that there is still a lack of awareness in Japan. I think it will be difficult to penetrate the market unless the government presents a solid sample. The opt-in/out system is not thoroughly implemented, and this can be seen in both of the person presenting and the receiving end. (System Auditor)*
  • It costs us a lot of money just to obtain and maintain the Privacy Mark. However, the content of the Privacy Mark seems to be quite late compared to the case study presented here, and the Privacy Mark will probably not be approved if it has to comply with GDPR. The Privacy Mark is supposed to be an organization that examines whether or not personal information is being used in a safe and secure manner, but I felt again that the purpose of the Privacy Mark has become more about collecting money. (IT Coordinator)
  • I feel that the protection of personal information in the Diet’s answer is too much, and we should have a discussion on how much we are using big data and whether it is allowed. (Recruiter)
  • There are a lot of ambiguous policies, and I get the feeling that the user side is not getting the message. (Sales)
  • I think it is necessary to put people in charge who are not dragged down by the organization with specialized knowledge and create a system that transcends interests. (System Engineer)
  • Data privacy policy will be a hot topic in the coming years, as governments are expected to shift paper-less.(Administrative Lawyer)
  • I feel we tend to care about privacy only when the crisis hits. I also think that the current legal system is too inadequate, and not ready. (Anonymous)
  • I felt it would be interesting to differentiate ourselves from Europe by creating a society where data is open and can be used by anyone.(Managing Director)

The benefits of Consento#

All in all, we felt the strong need to show the uncomplicated solution for the Japanese market. Consento provides a user-centric Human Factor Authentication process to secure operations collaboratively based on “Shamir’s Secret Sharing” without the need for passwords and across organizations. Here are the 3 main key features;

  1. Decentralized: Consento is a decentralized solution based on peer-to-peer and distributed ledger technologies. There is no centralized server or cloud infrastructure.
  2. Password-less: Consento turns your devices into a key, and enables you to build your private MFA (multi-factor-authentication) workflow with your own devices and your trusted relations.
  3. No single-point-of-failure: Consento makes authentication more secure through partial keys distributed within your organization (and to your suppliers or customers). No single user is left as a potential point of failure of the system as a whole.