Japanese Government Allows ISPs to Target Ads by Browsing History

Japanese Ministry of Internal Affairs and Communications (総務省) working group recently published an opinion stating that certain network monitoring technologies (Deep Packet Inspection) can be used by Internet Service Providers to serve targeted advertising to users, but only after the user has been clearly notified of these practices. This news made the top page of Sunday’s Asahi Shimbun newspaper.

As all user communication with websites and other internet services travel through the user’s Internet Service Provider, these Providers theoretically can monitor or even modify these messages. ISP’s often do a simple version of this, looking only at the headers of packets (including the sender and the recipient of the information), in order to operate firewalls or to slow down certain types of traffic, such as file-sharing. Deep Packet Inspection (DPI) is a variant of this method whereby the ISP inspects the actual messages being transmitted, including online purchases or search terms, rather than just the headers. Proponents argue that such technology can lead to better targeted and thus more effective advertising.

Naturally, such technology can also lead to privacy concerns. In the past, US Congressional concerns hampered the widespread use of similar DPI-based targeted ads by NebuAd. Such case law from the United States, as well as similar cases in Europe, were also reviewed in the Japanese Ministry report.

The report (PDF, summary PDF, both in Japanese) is the second recommendation from the Workshop on Various Issues Related to IT Services Considering the User’s Perspective (利用者視点を踏まえたICTサービスに係る諸問題に関する研究会), finalized after a public comment period. The report considers the implications of technology such as DPI-based ad targeting in light of Japanese case law on privacy and telecommunications issues (section II.6, pp. 54-59), and concludes that such technology cannot be used without constituting a breach of private communications if it does not first receive approval from the user (p. 58). However, elsewhere in the report it is stated that an opt-out mechanism must be in place (p. 59), suggesting that the system need not be opt-in.

It will be interesting to follow the public’s response to this opinion and to this type of advertising, if and when they are implemented by ISPs.