Greetings from Beijing, China! Hope you enjoyed watching the Beijing Winter Olympic Games as I did. With the spring approaching, may the new season bring peace, inspiration and energy to the world!
One of the most significant regulatory developments in China’s data field is the adoption of the Cybersecurity Review Measures 15 Feb. These new measures require internet platform operators to conduct a cybersecurity review if they carry out data processing activities affecting China’s national security or if they process personal data of more than 1 million individuals and seek IPOs at foreign stock markets. If triggered, the cybersecurity review process will involve self-assessment by the concerned company plus preliminary and special review by the regulators. Failure to comply will expose businesses to severe legal consequences, ranging from confiscation of illegal gains, administrative fines up to RMB 10 million, revocation of business license or permits, and even criminal liabilities in the worst occasion.
Another interesting development in China is the implementation of the Administrative Regulations on Internet Information Service Algorithm Recommendations 1 March. The new regulations seek to strengthen the regulation over AI-based algorithms, promoting fairness and transparency in the use of recommendation algorithms. Internet companies are required to tell users in a conspicuous way if algorithms are deployed to push information to them and should give users the choice to opt out of being targeted by recommendation algorithms.
As I write this digest, China's cyberspace watchdog published a draft regulation concerning internet popup windows and notification services for the purpose of seeking comments from the general public. According to the draft regulation, providers of internet services cannot push popup windows or notifications containing content involving celebrity gossip and personal privacy. Misuse of algorithms and promoting information that is harmful to minors will also be banned.
The Hong Kong Office of the Privacy Commissioner for Personal Data issued a report summarizing its work in 2021. According to the report, in 2021 the PCPD received 3,151 complaint cases in 2021, received 140 personal data breach notifications from organizations, and initiated 377 compliance checks. The Hong Kong Personal Data (Privacy) (Amendment) Ordinance, which came into force in 2021, criminalizes doxxing acts, and empowers the Privacy Commissioner to carry out criminal investigations and institute prosecutions in respect of doxxing-related offenses. On 13 Dec. 2021, the PCPD made the first arrest for a suspected violation of “disclosing personal data without consent.” Following the commencement of the Amendment Ordinance until 31 Jan., the PCPD has issued more than 350 cessation notices to 12 platforms, involving over 1,700 doxxing messages, which is a strong indicator of the amendment’s enforcement effect.
In India, the Department of Telecommunications is seeking consultations and inviting suggestions for formulating procedures for assessing the fairness of various types of artificial intelligence and machine learning. According to the DoT, bias in artificial intelligence and machine learning systems has raised various legal, ethical and social concerns and thus it is working on a voluntary fairness assessment of AI/ML systems, aiming to build public trust in AI and ML systems.
Hope you enjoy this digest. See you next time!