Hello privacy pros. Greetings from Beijing.

The data, privacy and cybersecurity field in China will never leave you bored. These past weeks have seen significant developments in data legislation, administration and enforcement.

On 16 Oct., the State Council of China published the Regulations on Protection of Minors in Cyberspace. As China's first regulations on protecting minors in cyberspace, they aim to create a healthy online environment to protect minors' physical and mental health, safeguard their personal information and prevent children from online addiction. Parents, legal guardians, online service providers, personal data collectors and manufacturers/sellers of smart electronic devices must take appropriate compliance steps.

The regulations will come into effect 1 Jan. 2024, so there is a short compliance window of only two months. The regulations have far-reaching impact on businesses in various industries, ranging from gaming, education, social media, live-streaming, online publication and broadcasting, and wearable devices, to advertising and online shopping. The penalty for noncompliance can go as high as RMB50 million (approximately USD6.85 million) and senior executives can face personal liability. We do not have room in this digest for more details, but I will have a deeper dive into the regulations in a separate piece.

Artificial intelligence has been a hot topic discussed around the world, including China. On 18 Oct., China issued the Global AI Governance Initiative at the 3rd Belt and Road Forum for International Cooperation held in Beijing. The initiative focuses on the development, security and governance of AI. Under the initiative, China proposes establishing and improving the data and cybersecurity landscape in research and development as well as application of AI technologies and implementing agile governance for AI. China also promotes explainability and predictability of AI, to make AI technologies more secure, reliable, controllable and equitable. The initiative further emphasizes the importance of adhering to the principles of fairness and nondiscrimination in AI governance to avoid prejudice and discrimination in data collection, algorithm design, and research and development in the AI space.

On the governmental administration side, China's National Data Bureau became formally operational on 25 Oct. NDB is a new important governmental agency at China's national level, focusing on promoting and developing digital economy in China. Mandated with powers and duties of coordinating the integration, sharing, leveraging and deployment of data resources, NDB is expected to play an important role in formulating China's data strategies, especially from the economic development side.

The establishment of the NDB demonstrates a notable shift of data governance to achieve a better balance between data security on the one hand and the development of digital economy on the other. This trend is clearly reflected in the draft Provisions on Promoting and Regulating Cross-Border Data Transfer issued by the Cyberspace Administration of China on 28 Sept., where restrictions on cross-border data transfers will be much relaxed, upon the finalization and implementation of the draft provisions. Many multinational companies eagerly await the next move. I will keep the privacy community posted on further developments.

On the enforcement front, CAC officials at national and local levels stay active in investigations and enforcement actions. Mobile apps with consumer end-users remain a major target for compliance investigations and noncompliant mobile apps are removed from app stores or suspended for remediation within the prescribed period and fines are not rare.

Hope you have enjoyed this note. Until next time.