China publishes Draft Data Security Law
On 2 July, China published the Draft Data Security Law to solicit public opinion. Once finalised and passed, this new law will be the first designated data security law in China.
The Draft’s requirements apply to data activities carried out within the territory of China, but also to data activities carried out by organisations and individuals outside of China if these activities threaten to harm China’s protected interests, such as national security, public interest, or the legal interests of citizens or organisations.
Two important administrative systems are expected to be established under the Draft. One is a classified data protection system where data will be classified into different levels of security and subject to different protection requirements. The other is a data security review system where data activities that may affect national security will be subject to security reviews organised by government authorities.
The Draft also states that if a foreign country imposes any discriminatory or restrictive measures on China’s data or data technology-related investments or trade, China may impose similar measures on this country.
Please click here for more details of this Draft.
Authorities issue opinions to support new digital business models
Thirteen Chinese administrative authorities acted together and issued opinions on supporting the positive development of new digital business models to boost the consumer market and create jobs. Among others, three key business models include online education, online healthcare and remote working.
Regarding online education, authorities are calling for more qualified and market-oriented online course resources in school education systems and are encouraging schools to carry out pilot classroom teaching programmes in intelligent online environments. Regarding online healthcare services, authorities are encouraging healthcare institutions to mutually recognise online examination results, prescription information and patient or user health data sharing mechanisms. Regarding remote working, authorities are encouraging the development of secure and reliable online working tools and platforms to satisfy the needs of multi-party collaborative work on a daily basis, and the improvement of e-contract, e-signature and e-certificate systems. To back up these opinions, the authorities have pledged to provide more detailed implementation rules and supportive policies.
Please click here for the full text (Chinese only) of the opinions.
Ramifications yet unclear on Hong Kong National Security Law on tech companies
On 30 June 2020, China's National Standing Committee passed the Law on Safeguarding National Security in the Hong Kong Special Administrative Region by listing the same in Annex III of the Basic Law of Hong Kong.
This National Security Law criminalises acts of secession, subversion, terrorist activities and collusion with a foreign country or with external elements to endanger national security, and will apply to all individuals, organisations and companies in Hong Kong.
The wide reaching powers that the National Security Law gives enforcement bodies to implement the law's measures in Hong Kong creates new issues and uncertainties for businesses there, particularly internet service providers, social media platform operators, data centres and other companies that hold user data. For example, law enforcement bodies are empowered to, without a warrant from the Magistrates’ Court, enter and search places (including electronic equipment), and inspect, seize and detain anything that is believed to be evidence of an offence. They can remove messages that are deemed dangerous to national security, and can require cooperation from platform service providers, hosting service providers and network service providers.
Since any person without a reasonable excuse who fails to cooperate with law enforcement agencies can attract criminal liability, businesses are advised to assess their risk exposure in their daily operations in the context of the National Security Law and to develop a response plan for any possible law enforcement requests pursuant to the National Security Law. This is of particular importance for multinational companies with operations around the world, given the current geopolitical atmosphere and the possibility of negative feedback from other sovereign nations (in particular, the US) vis-à-vis the National Security Law.
US eliminates preferential treatment of Hong Kong
On 14 July, in response to the passing of the National Security Law, US President Donald Trump issued an executive order to suspend or eliminate any preferential treatment for Hong Kong in relation to China. Among other things, this order includes invoking licence exceptions for exports to Hong Kong, re-exports to Hong Kong and transfers within Hong Kong of “dual-use” items (i.e. items which are designed for commercial purposes, but which could have military applications, such as computers, aircraft and pathogens); and suspending Hong Kong’s special treatment under the Arms Export Control Act (a statute that controls the export of defence articles and services) and the Export Control Reform Act of 2018 (a statute that controls the export, re-export, and transfer of commodities, software, and technology).
Businesses active in Hong Kong in the import or export of sensitive high-technology products are advised to assess how these changes could impact their logistic and supply operations and their contractual obligations under the existing logistics arrangement. For example, products that could be exported from the US without an export licence now require a licence, which means that at the very least it may take more time to process products from the US.
Singapore Academy of Law Reform Committee reports on AI
The Singapore Academy of Law (SAL) Law Reform Committee (LRC) set up a Subcommittee on Robotics and Artificial Intelligence to review and make recommendations on the application of the law on AI systems. This is a part of the LRC’s mission to step in proactively and provide reform suggestions as a precursor to the necessary legislative updates. In July 2020, the Subcommittee published two of its four reports forming the “impact of robotics and artificial intelligence on the law” series, so that the reports could contribute to either legislation or “soft law” and initiate systematic thought and debate between various policymaking and industry stakeholders. The aim is that as commercial use of AI expands exponentially, public policy will match this pace of growth by offering corresponding protections against misuse and the physical, financial and psychological harm to individuals by design and use of AI systems.
The two reports already published as of July 2020 include: Applying Ethical Principles for Artificial Intelligence in Regulatory Reform, and Rethinking Database Rights and Data Ownership in an AI World. The remaining two reports of the series will follow, dealing with the topics of application of criminal law to the operation of AI systems and technologies, and attribution of civil liability for accidents involving automated cars. Many of the principles in the reports already draw on reports from other jurisdictions, including the UK House of Lord’s report on AI, various codes and reports on robotics from the European Parliament, and ministerial reports from Australia (on AI Ethical Principles), Japan (AI R&D guidelines) and the US (Guidance for Regulation on AI Applications).
The SAL reports can be found here.
MAS issues consultation paper on strengthening controls for technology risk
On 21 July, the Monetary Authority of Singapore (MAS) issued a consultation paper for a new omnibus Act. This Act will replace the existing MAS Act, whose content on existing regulatory oversight powers and prevention of money laundering and terrorism financing (AML/CFT) will be moved to the new Act. In addition, new provisions will be introduced on the following topics: expanded power to issue prohibition orders, new regulatory powers for virtual asset service providers for AML/CFT purposes, harmonised power to impose requirements on technology risk management, and introducing new dispute resolution schemes. The changes will allow the MAS to respond to risks relating to digital services since safety and soundness of information technology systems supporting financial services are seen as key to growth in the environment of a smart financial centre.
Some of the increased technology risk management (TRM) provisions included in the new Act include the following: instead of issuing notices under various Acts to specify TRM requirements, the Act imposes TRM regulations on any financial institution or any class of financial institutions in relation to their systems, regardless of whether the system supports a regulated activity, in order to protect cyber risk to interlinked systems; the Act increases the maximum penalties for breach of TRM regulations to SGD 1 million in order to accurately reflect the potential severity of disruption to essential financial services and the impact to customers; and the Act empowers the MAS to issue directions or make regulations for managing technology risks, including for cybersecurity and data protection. There are also additional provisions on AML/CFT requirements for digital token service providers under the new Act.
The consultation is open until 20 August 2020. The official consultation paper can be found here.
Singapore launches National Innovation Challenges for technology solutions in post-COVID era
On 22 July, Enterprise Singapore, the Infocomm Media Development Authority (IMDA) and the National Research Foundation Singapore (NRF) launched National Innovation Challenges (NICs). Each of the challenges are linked to a specific public sector lead with some also supported by private sector partners. The aim of the NICs is to increase private and public sector partnerships through the use of a platform that links enterprises, government agencies, research institutions, higher learning institutions and trade associations. The challenges are hosted on the Open Innovation Network. Up to SGD 2 million may be allocated per challenge with SGD 40 million in funding earmarked in total. The challenges span a number of industry sectors with a focus on solutions for the COVID-19 and post-COVID-19 eras. These solutions include: autonomous or remote inspection solutions to improve container depots, cost effective common tagging solution for airfreight shipments and user-friendly AI enabled resource management systems for post-COVID-19 work settings; digital solution allowing for integrated management of worksites and workforces in the construction industry, allowing for a scaled application to manufacturing and other resource management settings; new tourism experiences through 5G-enabled virtual AR/VR platforms, creating interactive experiences for cultural and tourism sites; developing an integrated platform with safety measures to re-attract visitors for tradeshows, conventions and conferences, allowing for integration with third party event management, e-payment, chatbots, and tracing applications; and developing an integrated track and trace system for port workers that offers on-site risk control, mitigation and intervention, and allows for the risk profiling of vessels through the application of tracking data for safety measures in ports.
The official IMDA press release for this initiative can be found here.