• menu

PayPay's Commitment to User Privacy

January 28 is Data Privacy Day.

From its inception, PayPay has been strongly committed to protecting user privacy from the earliest stages of service development and design. Legislation for the protection of personal information differs from country to country, but PayPay has been developing in accordance with the guidelines for the financial sector, which is said to be the strictest in Japan. What PayPay values, along with personal information, is to design services that do not cause any discomfort or anxiety to users.

So today, in honor of Data Privacy Day, we would like to share with you what we do in our daily work. Two members of the Legal & Risk Management Division conducted an interview from the perspective of data governance and legal compliance with the head of product development.

Amit Bhasin

PayPay Product Division Head After leading the wallet team at Paytm in India, he came to Japan in preparation for service launch in 2018 and has been a key member of the PayPay Product Team ever since.

Tomoko Mishima

She is a member of the Data & Marketing Team, Legal & Compliance Department, Legal & Risk Management Division, and also serves in the CDO Office. After working in the legal department in a foreign IT company, she joined PayPay in October 2019. She is a Certified Information Privacy Professional/Europe (CIPP/E), a certification for information privacy law in Europe.

Yosuke Tsunoda

Senior Manager, CDO Office, Legal & Risk Management Division; Manager, System Risk Management, Risk Management Department
He moved from Yahoo! JAPAN to PayPay in January 2019,
and moved to his current position in April 2021. He is currently working on upgrading PayPay’s data governance and system risk management.

At what stage of product development do you check for privacy issues?

Amit:

There are multiple phases in product development even before we start developing a service. We first gather business requirements from the department that plans the service, translate that service into product requirements, and test them. If we know that we will be getting personal data from users at this stage, we can create a design and apply it to the UI/UX.

Ask user permission in Mini-App On-demand.

When collecting personal data, we need to adequately inform the users, “this is the data we have to collect from you,” and the purpose for why we are asking for certain information. So at an early stage, we contact the legal team to have discussions to understand the legality of acquiring the data and which laws we have to follow. Once legal and the CISO Office, which is in charge of information security, approves, we decide how to acquire and store the data.

There is a hierarchy of privacy levels, where you need more encryptions and security in the data. And it’s not just that, but it’s also about how secure your encryption keys are. All those checks are maintained by multiple teams, including the legal team and the CISO Office, to ensure that data privacy is good.

Mishima:

When I joined PayPay two years ago, I was surprised to see that from the very beginning, product members were frequently coming to the legal team for advice. They didn’t consult us after something happened. Instead, they were always proactive in collaborating! How did that legal mindset, or rather, a culture with a high level of awareness toward privacy come about?

Amit:

Any culture is something that comes up over a period of time, and we are improving the process as we go on. Very early in PayPay’s journey, we realized that our industry is one where it is important to follow the laws by the book.

As we deal with financial data, that gives us the responsibility to ensure that we take care of all the things that will protect the privacy of the users’ data. So from the very beginning, with any new feature we release, we have a legal correspondence.

If you realize the same concern at a later point in development, we will need to do multiple rounds of development. So from the Product Team’s perspective, it makes sense for us to get that legal evaluation done at once.

Mishima:

I think PayPay’s Product Team is really ahead of the game with that kind of awareness!

What do you pay attention to when you acquire new personal information?

Amit:

There are many things we have to consider. The first and foremost is, do we need it? If the information is not needed, we should not be collecting it.

But if the data is needed, then are the users adequately informed what data is being collected and the purpose for which it is being collected? For example, in our mini apps platform, from Day 1, we ensured that the users can see all the data that is being collected.

And at any point in time, even after they agreed to a mini app’s use of personal data, they can go in the settings and have full visibility on which data points they shared with which mini apps. Proper visibility and transparency, so that users can control their data, are very important for any data privacy.

When it comes to security, PayPay strictly controls information that can be used to identify users, such as their name, email address, or address. PayPay employees, such as myself or Tsunoda-san, cannot access the personal information database. That is the level of data security we have ensured at PayPay.

Amit:

Other than what I said earlier, that is, informing the users which data has been shared, we must understand whether the third party really needs the data and whether it will be beneficial for the users. Otherwise, we just don’t share the data with third parties.

Next, we send a security questionnaire to them to see that they also have a system for storing the data securely. They should have an equally high level of privacy and security methodology as PayPay, and we must ensure the highest level of security and encryption mechanism throughout the ecosystem.

Also, any user at any time can block access to their information by mini apps. This functionality has existed from Day 1, so users are given the choice to do so if they don’t want to continue sharing their information with certain mini apps.

Mishima:

In the case of mini apps, we have a system where we inform users that so-and-so information will be linked, and the user must agree to use a service, right? I think there are other possible ways to do this. What are you doing with the user’s right to privacy control? Do you allow the user to cancel the service when they don’t want certain information to be linked, or make the provision of their information mandatory or optional?

Amit:

This is something we are very serious about.
We make sure that users go to the settings and see which permissions they have given to the mini app. For example, if I order food through a delivery mini app, the reason to provide location information is inbred in the business flow. However, if the reason for requesting location information is for “providing better services,” allowing such information is optional, and users can decide whether or not to provide it.

First, the app requests information, then the user sees on the screen very clearly what things will be shared with the mini app, and can decide whether they want to share information. Even if they have given permission earlier, they can go to the settings and revoke the access they have given. We have had that feature since Day 1.

How do you resolve conflicts between privacy design and convenience? For example, how would you release a feature that is not legally problematic in terms of privacy, but may be concerning for users?

Amit:

At the end of the day, a good product is a service that users can trust. Especially with a payment system in place, it is not just being on the right side of the law, but also being on the right side of the users’ trust. This is an even more fragile line to pass than legal matters.

It is just not correct to create features which breach the users’ trust. User data privacy is very important. There are multiple ways of making features, whether it’s with local data storage, or not getting the data at all. Like for SMS, you need a phone number, but we consider ways with which we don’t need to use the phone number. There are always alternatives, some of which may need more development, but we choose the methods that are in the interest of users.

Compared to other countries, what do you think is unique about Japan?

Amit:

This is what I discussed with Mishima-san earlier, but at PayPay, going through all the legal reviews before development is a very unique culture we have here. That’s something unique to Japan, and I think it’s a good practice. It helps you to gain more users’ trust. This doesn’t mean that we do not do legal checks in other countries. In Japan, the process is more structured and designed to ensure that nothing can be missed.

Mishima:

So Japan is strict (laughs)!

Amit:

Initially you may think so, but I realized that there are benefits to having these processes. When I first came to Japan, I was surprised to see that there were so many processes in place. Now that I’ve lived here for more than three years, I realized these processes have value! It was a learning for me.

Everyone:

Laughs

Mishima:

Globally speaking, Europe requires the most stringent privacy protection standards. Japan is said to be as strict as Europe in terms of the level of protection. PayPay is in the financial industry, so among the tough norms in Japan, it follows the most stringent ones. That rigor is so prevalent in our development, so I’m guessing that was another factor that added to your surprise.

Tsunoda:

Is there anything that you from the Product Team would like to see us improve?

Amit:

I think you guys are doing a terrific job already. My work is to ensure that users are able to use the PayPay app in the best possible way. So, it’s good that legal helps us know, like giving us explicit guidelines, on what can or what cannot happen.

I do have one request. Sometimes, if a third party comes in a similar business domain and is able to do what we want to do, then we should check whether there are legal reasons we cannot do it, or something else. Even if it doesn’t have to do with data privacy, I would like to look into it.

Tsunoda:

Many features have been implemented in the PayPay app now. I’m sure that you and Mishima-san have had a lot of discussions in the development process, but were there any specific features that were difficult to settle on?

Mishima:

With me (laughs)?

Tsunoda:

With legal!

Amit:

I’ve had so many discussions (laughs)!
I respect legal judgment on matters. Whenever you’re working, you have to give your best point of view, but be willing to understand from experts on why that is not possible. And the best part of these discussions is you learn from it.

For example, we’ve had multiple discussions for mini apps. All those discussions helped the Product Team to be more legally aware and make the right decisions going forward with developing better services and experience to users…

But that doesn’t mean I’m comfortable with the questions (laughs). 
One thing I’d like to ask is, what are your expectations from the Product Team from a data privacy perspective?

Tsunoda:

I agree with what Amit said. It’s important to comply with laws and regulations as a prerequisite. That way, we can provide users with clear explanations on how to handle their information, and then allow them to control their own information. I think creating that kind of environment is crucial. I hope you will continue to design and develop the best services for users while bearing this in mind.

Mishima:

I know I’ve said stern things from a legal point of view quite a few times in our discussions. But for PayPay, it’s not good enough to comply with legislation at a minimal level, or create something that simply doesn’t violate the law. I’d like for us to create product specifications and internal systems that are worthy of a leading company in the industry. To that end, I’d like the Product Team to cooperate with us in terms of privacy. I’ll probably continue to be strict, but I certainly would appreciate your help.

Everyone:

Laughs

A message to the users!

Amit:

PayPay is diligently developing its services to deliver the best possible experience to its users. Of course, the “best service experience” includes data protection and data control features that ensure users can trust us about how their data is handled.

The PayPay Product Team daily goes into discussion with the CDO Office and the legal team, and through trial and error, has been aiming to create the foremost service. Protecting user privacy is an important theme and at the same time challenging. We will continue to give our best to develop a service that will make users choose PayPay even from the perspective of privacy protection.

Thanks to: Amit Bhasin, Tomoko Mishima, Yosuke Tsunoda / Author & Editor: Az(PayPay inside-out編集部)/ Interpreted by Naoko & Seiko / Photography by Tak

*Employees’ affiliations are as of the time of the interview.