Hello privacy pros!

We are less than one week away from the IAPP Asia Privacy Forum in Singapore! I can't wait to catch up with privacy friends and colleagues, old and new. A trip to Singapore will also be a special treat for me, a Beijinger, to enjoy a few chill days in Singapore and escape from the scorching heat in Beijing.

This summer Beijing sees unusual heatwaves, but at the same time remains a hotbed for a series of initiatives to promote the digital economy. With the establishment and implementation of China's comprehensive cross-border data transfer mechanisms since autumn of last year, the Cyberspace Administration of China has been building up a friendly business environment for companies keen to focus on exploring the value of data assets.

In practice, the CAC's security assessment and Chinese standard contractual clauses are the most-used channels for transferring data outside China, although they are subject to different application scopes under Chinese data laws. Most data exporters that have passed the CAC security assessment so far are Beijing based and come from a range of industries, including health care, aviation and automotive industries.

On 25 June, just 15 working days after the formal launch of China's SCCs, the Beijing office of the CAC completed the first-ever SCC filing in China for a Beijing-based company that transfers credit reference data to its affiliate company in Hong Kong. Afterwards, other local CAC offices have adopted an approach similar to the Beijing office for SCC guidelines and to expedite the SCC filing process.

The Beijing office's intention to promote the capital as China's significant hub for digital economy can also be demonstrated by a policy issued by The People's Government Beijing Municipality on 5 July.

According to that policy, Beijing will establish pilot data initiatives to achieve a data market size of RMB200 billion, approximately USD27.9 billion, by 2030. Beijing will further remove market access barriers and promote international collaborations along the entire supply chain for the digital economy.

Regarding cross-border data transfers, Beijing is keen to explore innovative regulatory schemes such as "sandboxes" to accommodate innovations of new technologies and business models. Multinational corporations are encouraged to build data platforms based on existing cloud computing infrastructures. Beijing will construct the Beijing Digital Trade Port in the Haidian District — generally perceived as China's Silicon Valley — as it plays host to many Chinese top universities, research institutes and startup companies.

Just at the time of finalizing this digest, China released the final version of the Interim Measures for Administration of Generative AI Services 13 July. Compared to the draft Generative AI Measures issued in April for public comments, the final version is much friendlier to businesses with a supportive tone.

The AI Measures apply to the provision of services of generating text, image, video and audio content by using generative AI technology and are offered to the public in China. The AI Measures provide that China will focus on both development and security by taking an "inclusive and prudent" approach. It is worth noting the AI Measures include more comprehensive provisions to promote international collaborations on generated AI technology and services than the previous draft. The AI Measures lay down an array of legal requirements in performing and using generative AI services, including following core social values, protecting IPRs and trade secrets, and taking effective measures to prevent discrimination and avoid monopoly and anticompetition when designing algorithm, choosing training data, creating computing models.

The AI Measures keep the whistle-blowing mechanism as in the consultation draft, but the final AI Measures have now removed the punitive terms in the consultation draft that authorities can impose an administrative fine of RMB10,000-100,000 for violations if silent in the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law.

The AI Measures will come into force 15 Aug. and sends a very positive signal to businesses that look to invest, develop and engage in generated AI services in China. Undoubtedly, we will see significant investments pour into China’s AI space in the months and years to come.

While many positive developments have encouraged innovations and investments in data assets and digital economy, data and privacy compliance and enforcement have never been absent from the legal scale in China. On 7 July, the People's Bank of China imposed hefty fines (ranging from USD70,000 to USD1 billion approximately) on five major Chinese FinTech companies, insurance companies and banks, with alleged violations including failure to clearly specify the protection of consumers' financial data, failure to improve the protection consumers' personal data, failure to prevent new type internet crime, among others.

Hope you have enjoyed this digest! If you are attending the IAPP Asia Forum, please feel free to say hello!