The US communicated concerns with the PRC Cybersecurity Law to the WTO
On 25 September 2017, the United States communicated its concerns with certain measures that China has adopted in relation to the PRC Cybersecurity Law and the relevant implementing measures that are under development (the “Law”).
The US’s main concern is the data localisation and cross-border transfer assessment requirements under the Law, as well as the requirement for obtaining data subjects’ consent in the context of cross-border transfer. The US claims that the Law would discourage cross-border data transfers and would promote domestic processing and storage. The impact would disproportionately affect foreign service suppliers operating in China, as pursuant to the Law, these suppliers must routinely transfer data back to headquarters and other affiliates. The US requests that China refrain from issuing or implementing final measures until such concerns are addressed.
Please click here to read the full text of the US’s communication.
Ten Chinese online service providers signed a personal data protection proposal
On 24 September 2017, ten influential Chinese online service providers including WeChat, Sina, Taobao, JD, Alipay, GaoDe Map, Baidu Map, Didi and Ctrip signed a personal data protection proposal in Beijing. The ten companies committed to respect users’ right to know and control how their personal data are collected, processed and used; to obtain sufficient consent from users; to protect the security of user data; to supply safe and reliable products and services; and to make continuous efforts to improve their personal data protection capabilities. In particular, the ten companies committed further to improve the privacy policies that they use in daily operation.
The signing of the proposal is led and guided by the relevant government authorities (e.g. CAC, MIIT and MPS) as part of a wider effort to implement the PRC Cybersecurity Law. The ten companies are expected to demonstrate best practice in the industries and to become role models for other online service providers.
Four administrative items concerning commercial encryption products are removed
On 29 September 2017, the State Council issued the Decision on Removing a Batch of Administrative Approval Items, among which four items are relevant to commercial encryption products.
The specific administrative approval items concerned included the approval for the manufacturing of commercial encryption products, the permission for the sale of commercial encryption products, the approval for foreign-invested enterprises to use foreign manufactured encryption products, and the approval for foreign organisations and individuals to use encryption products or devices containing encryption technology in China.
After removing these administrative approval items, the regulatory focus will shift from enterprises to products. The State Encryption Management Bureau will increase supervision over the market and, in particular, prohibit products that are not approved from being sold in the market.
Please click here to read more details (item 28-31).
New policies encouraging the development of Internet Plus, AI and digital economy are published
The National Development and Reform Commission (the “NDRC”) published the Notice on the Organisation and Implementation of the Internet Plus Action, the Creation and Development of Artificial Intelligence and the Major Pilot Projects of Digital Economy in 2018 (the “Notice”) on 11 October 2017. Companies operating projects in the Internet Plus, AI and digital economy sectors are encouraged to file applications with the local NDRCs and other relevant local government authorities for funding and other government supports and benefits.
The three attachments to the Notice described the key areas which the projects should focus on. In particular for AI, the key areas include the industrialisation of deep learning artificial chips, the establishment of open source platforms for deep learning applications, the industrialisation of high-accuracy face recognition systems and high sensitivity speech recognition systems, and the systematic development of intelligent unmanned systems and intelligent robots. Under the overall national strategy for the development of AI, these areas will likely enjoy strong government support and fast growth.
Please click here to read more details of the Notice.
Guiding cases concerning cybercrimes are published to guide practice
The Supreme People’s Procuratorate published the ninth batch of guiding cases on 17 October 2017. All the cases included concern crimes committed via the Internet or in the cyberspace.
According to the guiding cases, the following activities, when resulting in certain consequences, might constitute crimes under the PRC Criminal Law: (i) hijacking domain names by changing the pointing of domain name resolution services and thus causing the improper operation of computer systems; (ii) pretending to be buyers and invading online crediting systems to tamper reviews and comments; (iii) changing others’ passwords and remotely locking their smart phones; (iv) accessing computer systems beyond the authorised scope and downloading data; (v) stealing others’ domain names; and (vi) fabricating online transactions to defraud third party transaction platforms to obtain rewards and subsidies.
Please click here to read more details about the guiding cases.