Hi privacy pros. Greetings from Beijing.
I know many of you are thrilled about the European Parliament's 13 March passage of the groundbreaking Artificial Intelligence Act. In light of this exciting development, I'd like to highlight some significant AI developments in greater China.
On 7 March, the National Information Security Standardization Technical Committee of China issued the Basic Security Requirements for Generative AI Services. These guidelines offer some clarity and guidance for implementing China's regulations for AI-generated content issued in August 2023.
The TC260-003 AI requirements include detailed provisions covering security and accuracy of training data, large language model security, content monitoring, algorithm transparency and nondiscrimination, privacy and intellectual property protection, and responsibility and accountability expected for developers and service providers of AI-generated content. Although not legally binding, these requirements can serve as best practices and references for regulators enforcing the AI-generated content regulations.
In a significant legal development, the Guangzhou Internet Court of China recently ruled on a copyright infringement case involving generative AI service providers. The court found a company had used AI technology to create images resembling the iconic science fiction character "Ultraman" without proper authorization, violating the copyright holder's rights to reproduction and adaption. Additionally, the AI company failed to comply with statutory obligations under the AI-generated content regulations. The court ordered the cessation of infringement activities and compensation for damages. Notably, the damages awarded were mild at RMB10,000, reflecting the court's recognition of the nascent stage of AI-generated content technology and the need to balance rights protection with technological innovation and development.
In Hong Kong, the Office of the Privacy Commissioner for Personal Data recently completed compliance checks on 28 local organizations regarding their practices related to personal data collection, use, and processing in AI development or usage, as well as their AI governance structures. These checks covered various industries, including telecommunications, finance and insurance, retail, transportation, education, and government departments. According to the PCPD's findings, the majority of the organizations assessed have integrated AI into their day-to-day operations, established internal AI governance frameworks, conducted privacy impact assessments prior to the development or use of AI products and services, and implemented proper security measures, indicating a growing trend of AI deployment across public and private sectors to enhance operational efficiency.
The IAPP Global Privacy Summit 2024 in Washington, D.C., is just three weeks away. Can't wait to catch up with privacy pros around the world and exchange ideas in this rapidly changing data and privacy landscape.
Hope you have enjoyed this note. Until next time.