POPULARITY
China's stance toward data privacy and cybersecurity has been a matter of interest for the last several years, most prominently with the June 2017 passage of China's Cybersecurity Law, and the passage of the Data Security Law and the Personal Information Protection Law in late 2021. Now, more than two years after the 2021 laws were passed, companies wishing to conduct business in this landscape are faced with a daunting set of subsidiary regulations that require self-assessments, impact assessments and certifications to ensure compliance, failure of which can attract potentially heavy fines and restrictions on business operations if circumvented. Join Mayer Brown partner Gabriela Kennedy and host Julian Dibbell as they revisit the China data laws and these latest developments and discuss the effect they've had on the industry, and what interested parties should be aware of in the coming years.
Highlighting the increasingly prominent role of cybersecurity and informatization work in the new era, President Xi Jinping has stressed the need to coordinate development and security, with solid efforts to advance high-quality growth in this regard.Xi, who is also general secretary of the Communist Party of China Central Committee and chairman of the Central Military Commission, made the remarks in a recent instruction on the work of cybersecurity and informatization. The instruction was conveyed at a national meeting on cybersecurity and informatization that was held on Friday and Saturday in Beijing.Xi emphasized the importance of strengthening the country's capability to ensure the cybersecurity and promote building a community with a shared future in cyberspace.He also stressed adherence to several principles, including the Party exercising leadership over cyberspace affairs, developing of cyberspace affairs for the people, and taking a path of internet governance with Chinese characteristics.Calling for vigorous efforts to advance the high-quality development of cybersecurity and informatization, Xi said that new achievements should also be made in boosting China's strength in cyberspace, thus making new contributions to building a modern socialist country in all respects and advancing national rejuvenation on all fronts.The country's system and capacity for cybersecurity have constantly been improving, and its efforts to boost self-reliance and strength in science and technology have also been accelerated, while law-based governance of cyberspace has been intensified, Xi said.Wang Sixin, deputy head of Communication University of China's Institute for a Community with Shared Future, said, "The new requirements raised by Xi in this regard are essential and urgent."Summing up the work experience and clarifying current problems are crucial to future development in this field, as well as to benefiting the people and promoting the high-quality growth of our country."With the Party's leadership, China has seen many achievements in cyberspace governance since the 18th CPC National Congress in 2012. Its technological research, such as that on supercomputers and quantum communication, has been at the global forefront, while its artificial intelligence has been widely applied in many areas.Xi recalled the significant progress achieved in cybersecurity and informatization since the 18th CPC National Congress, noting that China has put in place a system for integrated cyberspace management, with the Party's leadership in such work having been strengthened across the board.As internet technologies, including 5G, big data, cloud computing and blockchain, have rapidly grown, the nation's legal toolkit on cybersecurity and informatization has become more complete through the formulation of a series of laws, such as the Cybersecurity Law, Data Security Law and Personal Information Protection Law.To offer a safer online environment for people, the Cyberspace Administration of China has also issued guidelines and taken measures to prevent online misconduct, such as cyberbullying and rumors, in order to guarantee the healthy development of the internet.All the moves have helped advance cybersecurity and informatization work, Wang said, adding that those measures contributed to enriching the country's theoretical building of cyberspace and improving the capacity of its cyberspace governance.Just like boosting the nation's self-reliance in science and technology, the theoretical construction in the field is vital to enhancing China's international voice, he said.Zhu Wei, deputy director of the Communication Law Research Center at China University of Political Science and Law, said that holding such a meeting to give new instructions on cybersecurity and informatization, following the 20th CPC National Congress in October, was inevitable and filled with profound meaning."When we're benefiting from the internet and solving problems on data, cybersecurity and informatization through laws, we must also acknowledge that we're still facing some challenges brought by emerging technologies," he said."We need to draw on some good practices from past work, as well as conduct new research to find solutions that can both develop the new technologies and meet the challenges."Expressing excitement about the acceleration of law-based governance in cyberspace in recent years, Zhu suggested that legislators and internet regulators continue upholding the principle of coordinating development and security in following lawmaking."The driving force of high-quality development is scientific and technological innovation, so in the coming period of time, the main task of formulating our policies and laws is to seek a balance between security and development," he said, adding that this is also a must to cope with the international situation.As development is a key to solving problems caused by technologies, a number of newly released regulations and laws have clarified that the country encourages technological research, requiring internet platforms to fight online misconduct through technical means.Since the beginning of this year, China has seen internet technologies prosper and also has accelerated steps in cyberspace governance.As ChatGPT takes the tech world by storm and triggers a new wave of artificial intelligence, a host of Chinese tech giants have begun rolling out ChatGPT-style products. Among them, Alibaba has invited enterprise users to test a self-developed large model called Tongyi Qianwen, and Baidu has unveiled its large language model and Chinese-language ChatGPT alternative, Ernie Bot, which could be implemented in a variety of functions including searches, autonomous driving and smart devices.To promote the healthy development of the technology, interim measures for managing generative AI services were jointly disclosed by seven authorities last week. The measures encourage the innovative development of generative AI and supervision of AI using methods compatible with innovation and development.Earlier, the country's top judicial authorities and top internet regulator also solicited public opinion on combating cyberbullying, in order to purify the online environment and protect people's legitimate rights in cyberspace.Zhou Hongyi, founder of 360 Security Group, said he was encouraged by Xi's instruction and felt more responsibility as head of a digital security enterprise."In the era of digital civilization, measures for guaranteeing traditional security are no longer able to meet new challenges, which requires us to strengthen scientific and technological creativity, so as to build a strong digital security barrier for the healthy growth of the digital economy," he said.As an enterprise that has been fighting on the front line of cyberattacks for years, 360 would like to continue being the guardian of national security, and also to be a builder of digital China, helping companies, governments and cities to address security weaknesses and become smarter, Zhou said.Reporter: Cao YinCui Jia contributed to this story.
Chinese law has evolved rapidly over the past few years, with the introduction of the Personal Information Protection Law in 2021, new cybersecurity laws and regulations, and new standard contractual clauses. It's hard to keep up! Our expert panelists will recap major changes, provide guidance on compliance challenges, and answer audience questions. (5/16/2023) Questions? Inquiries about program materials? Contact Alan I. Johnson at ajohnson@bostonbar.org
In this episode of the FCPA Compliance Report, I am joined by Keith Williamson and Henry Chambers, Managing Directors at Alvarez and Marsal. We look at the firm's Threatscape Report. Highlights of this podcast include: A. Threat 1-ABC Threats Why do you see a potential increase in anti-corruption investigations? In addition to the US under the FCPA, do you see other countries actively assisting US authorities in ABC investigations? The new DOJ Monaco Doctrine reinstates the Yates Memo, and the DOJ focuses on individuals. What does this mean for ABC investigations? What are some of the key challenges in handling investigations in China? How does this increase in ABC enforcement impact M&A? B. Threat 2-Fraud and Digital Asset Fraud Threats What are digit assets and digit asset fraud? The US has not yet released many regulations regarding cryptocurrency. What is the role of other countries in such regulation, if any? Why is the Ukraine war the first ‘digital asset war'? How have the worldwide sanctions against Russia impacted the growth and use of digit assets? What key controls and screen tools for digital assets that you advocate a company employ? C. Threat 3-Data Privacy and Data Protection What is the Personal Information Protection Law, and how does it relate to the Chinese State Secrets and Data Security Laws? How can a non-Chinese company get data out of China? What are some key components of a compliance program for this new law? How does this new law impact investigations in China? Resources Threatscape 2022 report. Keith Williamson, MD, and Head of Disputes and Investigations in Asia. Henry Chambers, Senior Director, Disputes and Investigations. Learn more about your ad choices. Visit megaphone.fm/adchoices
Greg is the founder of Pillar Legal, a boutique international law firm across Shanghai and San Francisco that specializes in the video game industry. Before founding his own law firm, Greg served as General Counsel for Shanda (盛大网络), which was the largest Chinese gaming company at one point with a very successful game Chuanqi (传奇 The Legend of Mir), and completed an IPO at NASDAQ listing in 2004. Hear about: What was the regulatory environment like back then vs now? What was a game approval process like? Are Chinese sensors actual gamers themselves? What challenges did bureaucratic rivals cause for game companies? What happened after the March 2018 reorganization? Why does the Party always have a love and hate relationship with the gaming industry? Is the Chinese government's stance now going more towards the fear side? Why are Chinese gaming companies looking for a global audience from day one? Has the IP situation in China improved over time? Finally, hear Greg's recommendations for foreign companies to anticipate in China, especially after the new Personal Information Protection Law was passed on November 1st. Find Greg at http://www.pillarlegalpc.com/en/
China's policymakers have been busy upgrading the country's cybersecurity regime. Over the last couple of years, the Cybersecurity Law (2016) has evolved and been joined by a whole host of accompanying legislation, including the Personal Information Protection Law and the Data Security Law of last year. In short: Beijing has made clear that data must be regulated and that it falls on companies to ensure that they are toeing the line. Many of the country's tech giants have already fallen foul of such legislation, but China's new cybersecurity regulatory regime is about so much more than meting out punishment; it's actually smart regulation, says Rogier Creemers, Assistant Professor in Modern Chinese Studies at Leiden University. Rogier talks to Joe Cash about what prompted a shift in the Chinese government's attitude towards data security, what Beijing plans to do with its new powers going forward, and why the introduction of the PIPL and DSL could be good for China's economy. This episode is part one of two, and listeners wanting an introduction to the PIPL and the DSL are encouraged to first listen to this earlier episode of the China Business Brief featuring Torsten Weller: https://podcasts.apple.com/gb/podcast/china-business-brief/id1541091516?i=1000525682356 The views expressed in the China Business Brief podcast are those of invited contributors and not necessarily those of the China-Britain Business Council ('CBBC'). We do not accept any liability if the podcast is used for an alternative purpose from which it is intended, nor to any third party in respect of this podcast. Links to resources mentioned in the episode: DigiChina: https://digichina.stanford.edu Rogier's piece for SupChina: https://supchina.com/2022/01/26/chinas-data-legislation-matures/
MIHÁLOVITS GAZDA: Beszéljünk végre egy komplex élelmiszergazdaságról! Az élelmiszerre elköltött pénzből az értéklánc tagjaihoz nagyon eltérő összegek jutnak el. Úgy véli, hogy egy egészségesebb magyar élelmiszergazdaság érdekében a megoldás a stabilabb ár- és jövedelmi szint kialakítása lenne ideális az értéklánc minden tagjánál. Hollósi Dávid, a Takarékbank és a Magyar Bankholding csoport Agrár és Élelmiszeripari üzletág vezetője EQUILOR TŐZSDENYITÁS - Bosnyák Zsolt, senior elemző HEURÉKA: Privacy - a magánszféra jövője. November 1-től érvénybe lépett Kínában a Personal Information Protection Law vagyis a PIPL, ami nagyon hasonló az EU GDPR-jához. Bizony, meglepő, de nem váratlan fordulat. Egyre inkább úgy tűnik, hogy Kína ebben is megelőzheti pl. az USA-t, pedig ezt aztán tényleg nem gondoltuk volna még 5 éve. A kínai privacy gondolkodás mögé pillantunk, hogy kicsit jobban értsük, mi is zajlik ebben a meghatározó országban, talán egy kicsit a klasszikus nyugati kliséből kitekintve. Ezzel párhuzamosan az ISO sztenderdek között hamarosan megjelenik egy új, a 31700-es család, amely "Privacy by design for consumer goods and services” problémát kezeli vagyis erre tolja a cégeket, hogy a magánszféra védelmét tényleg alap szinten építsék be a szolgáltatásaikba. Közben a GPT-3 már nem várólistás, tehát szinte “bárki” ráugorhat, ha használni akarja. Ezek a lépések, változások alapvetően befolyásolják a magánszféra közeli jövőjét, és egy érdekes távoli jövőt vetítenek előre. Keleti Arthur, az Informatikai Biztonság Napja (ITBN) alapítója, kibertitok jövőkutató
The new Personal Information Protection Law has already entered into effect from Nov 1st, 2021. With personal information data increasingly a hot button topic globally amid cybersecurity investigations into popular apps' illegal collection and use of users' personal information, all eyes are fixed on this new Law which will govern the personal data of China's 989 million internet users. Let's discuss it today. Website: https://www.carlodandrea.it Twitter: https://twitter.com/DAndreaCarloD Amazon: https://www.amazon.com/s?k=Carlo+Diego+d%27andrea&ref=nb_sb_noss
Topics Discussed and Key Points:● How Singles' Day performed relative to Jacob's expectations● Platforms that will gain traction at next year's 11.11● Notable creative or marketing tactics used at this year's festival● How this year's GMV may compare to 2020s● Whether there is still room for foreign brands going forward● What to know about Pipl (Personal Information Protection Law)● WPIC's plans for Southeast Asia● Demographic differences in China versus Southeast Asia Episode Summary:Today on The Negotiation, we speak with Jacob Cooke who shares his observations on Singles' Day in 2021 and how closely the festival met his expectations.In his words, how 11.11 unfolded was “almost bang on” with what Jacob anticipated, with a couple of categories “going a little bit over” and toys being the only underperformer.It was a “Tmall-dominated shopping festival” that was largely untouched by the influx of new government regulations this year which, again, Jacob expected. He predicts more platforms gaining traction at next year's 11.11 as Walled Gardens continue to come down and cross-platform functionality increases in scope.Platforms also doubled down on live streams which had already been immensely popular in the Chinese market for some time, precisely because they know that live streams have become such an effective way to move product.In many ways, “China is starting to become comfortable in their skin,” pushing for local champions in each of the different categories. While the country had been playing catch-up as recently as a decade ago, today local brands have been dominating in the market.Finally, Jacob gives his thoughts on how companies will have to deal with the legal implications of Personal Information Protection Law, WPIC's budding work in the Southeast Asia market, and demographic differences between the China market and that of Southeast Asia. Key Quotes:“There are a lot of misconceptions about why local brands are doing well. In a lot of cases, they have an easier time because they're focused solely on China. Very few of them have global ambitions because the market is so large here.” “I don't think we're done with regulators in terms of what's done with personal data. I think that's actually going to be further enhanced. [...] I think that what's happened this year [with Pipl] is that the regulators have started to take action to make people take these new laws seriously.” “eCommerce has normally been adopted by younger consumers. China's done a really good job at making eCommerce universal.”
Topic 1: Skimpflation: Will this affect us? Aside from basic inflation, will the labor shortage cause this for IT services? https://www.npr.org/sections/money/2021/10/26/1048892388/meet-skimpflation-a-reason-inflation-is-worse-than-the-government-says-it-is Topic 2: China's Privacy Law China's new policy looks "western" at first, but is used for strick tracking of citizens. The Personal Information Protection Law allows the government to blacklist companies, including those outside the country. Will companies go along or opt out of the largest market in the world? Do providers really care? https://www.wired.co.uk/article/china-personal-data-law Topic 3: Hackers are stealing data today so quantum computers can crack it in a decade It makes sense once you hear it. But it's still surprising. https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/ -- -- -- :-) Sponsor Note: Egnyte Are you still using on-prem file servers and VPNs to share files with remote workers? Egnyte is a business class cloud sharing solution that works more like your on-prem server than other solutions. With a security first approach to file sharing and collaboration, Egnyte offers multiple options for sharing files and collecting files from outside sources. And do it all addressing data governance and compliance. Want to learn more? Check out https://Egnyte.com/msp, and when you do, tell them we sent you. :-)
The Personal Information Protection Law gives authorities the power to impose huge fines and blacklist companies. But the biggest impact may be felt outside the country.
The Personal Information Protection Law gives authorities the power to impose huge fines and blacklist companies. But the biggest impact may be felt outside the country.
Worried about data breaches, identity theft and your private information getting in the hands of wrong people? China has a new law combating these complications. / Is the living room a disappearing concept? / Children's discount tickets will base on age, instead of height.
Pinterest will launch the shoppable live series Pinterest TV later this month, Facebook AI Research open-sources a suite of tactile technologies for robots, and China’s Personal Information Protection Law goes into effect. MP3 Please SUBSCRIBE HERE. You can get an ad-free feed of Daily Tech Headlines for $3 a month here. A special thanks toContinue reading "Pinterest Launching a Shoppable Live Series- DTH"
Heart Of The Matter - A Podcast On Legal Developments From Around The World
This episode takes a look at The China Personal Information Protection Laws and what this means for businesses. With Anna Gamvros and Lianying Wang, lawyers from Norton Rose Fulbright.For more details on China's data and privacy laws, please visit https://www.nortonrosefulbright.com/en-hk/services/172fd60c/information-governance-privacy-and-cybersecurityAnna is a data and technology lawyer, and heads the firm's Data Protection, Privacy and Cybersecurity practice for Asia Pacific. Anna's practice focuses on technology agreements and outsourcing transactions; privacy and data protection; cybersecurity and breach response; telecommunications and Internet regulatory issues.She has nearly 20 years of experience in Hong Kong, and has assisted clients with Hong Kong and China based projects. As a result, Anna has a wealth of experience in advising clients on high-value technology transactions and outsourcing deals, and multi-jurisdictional projects, particularly focused on data management.Lianying Wang is a corporate lawyer based in Beijing. He focuses on foreign direct investment, joint ventures, mergers and acquisitions and other general corporate and commercial matters in and involving China.Lianying has also increasingly been advising multinational companies on data protection and privacy issues in China, helping clients navigate China's complex data protection and privacy landscape.
The internet and the worldwide web – the words envision a global communications system that transcends national borders. But the reality differs. Is it increasingly the splinternet? Is www really a series of webs that don't connect globally? And how is our privacy affected by data fences and controls erected by nations? In this first of a series, we explore how China deals with personal information of its residents. China collects a vast array of personal information about its people – financial, judicial, commercial, societal, and governmental. These are the five pillars of China's Social Credit System, which aims to reward loyal and trustworthy citizens and penalize others, based on information collected about Chinese residents. Individuals are white-listed or black-listed to be rewarded or penalized, based on personal data collected, analyzed, and applied by the Government to encourage a socially proper citizenry. China has an extensive and evolving set of laws, including recent changes to its Data Security Law, Cybersecurity Law, and the forthcoming Personal Information Protection Law, which aim to keep within China's borders “personal information” and “important data.” This allows China to prevent transfers of these two types of data to other countries. But the definitions of “personal” and “important” data are left to a vast array of sectoral ministries and regulators and to other national, regional, and local organizations, which may issue categories or lists to define and apply these broad terms. By contrast, China is free to import personal information of non-Chinese residents. Take TikTok, for example. Over twenty million U.S. persons use TikTok, owned by a Chinese company. It is not clear whether the personal information TikTok collects is made available to the Chinese Government, pursuant to PRC laws and procedures. If Chinese companies and Government can collect personal information about U.S. citizens but U.S. companies and Government cannot collect and utilize personal information about Chinese citizens, this creates an imbalance of trade and business opportunities. Is this a path to a data trade war? And if our personal information can be shared beyond our country's borders, will this change what data we post and share within our borders? This podcast explores how China affects personal privacy and the future of the internet. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
In this episode, we discuss why China has passed the Personal Information Protection Law (PIPL), how it differs from the EU's GDPR, and how companies can process employees' personal information. Subscribe to our podcast today to stay up to date on employment issues from law experts worldwide.Moderator: Cynthia Chung (Deacons / Hong Kong)Guest Speaker: Jane Lu (JunHe / China)
Antriksh Matters: Is Space the Ultimate High Ground?— Aditya RamanathanSeveral of the world's major powers have devoted hard cash and organisational resources to defend their interests in space. Most prominently of the new institutions created is the US Space Force, but its most notable counterpart is the PLA Strategic Support Force (SSF) in China. Even India has created a far more modest Defence Space Agency, though it is hardly comparable to the American and Chinese organisations. While these new institutions have come up, the development of theories of space power is still a work in progress. In 1996, the strategic thinker Colin S. Gray, asked: "Where is the Mahan for the final frontier?" In the quarter-century since, there have been several notable efforts at developing a useful body of theories on space power. Yet despite the growing body of sophisticated literature, all too many observers and practitioners continue to simply define space as the “ultimate high ground” or simply as “high ground”. Even in India, it’s common to see articles on space power that have titles like “Seizing the Ultimate High Ground” or that warn readers that “space is becoming the new military high ground that countries want to seize and dominate.”Much of this thinking about the “ultimate high ground” seems to originate from the US, and more specifically, the US Air Force. Its senior officers have cited the idea for decades, and it has remained an organising principle for thinking about space. Even the newly minted Space Force has imported the notion of "high ground" uncritically. As its official 2020 doctrine makes clear:“The value of high ground is one of the oldest and most enduring tenets of warfare. Holding the high ground offers an elevated and unobscured field of view over the battlefield, providing early warning of enemy activity and protecting fielded forces from a surprise attack. Furthermore, forces on elevated terrain hold a distinct energy advantage, increasing the efficiency and longevity of military operations. Finally, control of the high ground can serve as an effective obstacle to an opponent’s military, diluting combat power by forcing the enemy to dedicate time and resources away from the main effort in order to dislodge an entrenched force.”The doctrine is making three propositions. The first of these is that space helps provide early warning and reduces the risk of surprise. This is self-explanatory and hard to contest. It is the remaining two propositions that are more problematic. There is no doubt that “elevated terrain” and “entrenched forces” can confer major advantages in land warfare. But do these apply to space? In a Takshashila discussion document we recently published, Aditya Pareek and I consider the vulnerability of satellites in Earth’s orbital space or “celestial littoral” and argue against the “high ground proposition”:“There is no question that space is an unmatched vantage point from which to observe the earth. However, the celestial littoral lacks the other attributes commonly associated with “high ground” on land. Orbital space offers no natural protection from enemy observation and attack. A satellite cannot “dig in”. This means orbital craft do not enjoy natural cover (some protection from enemy fire) or concealment (protection from enemy observation, but not necessarily enemy fire). In short, satellites in low earth orbit are vulnerable to any adversary with adequate space situational awareness (SSA) and some offensive capabilities. Satellites can only achieve a form of concealment by deceiving adversaries into believing they are something else—a purely commercial craft or a piece of debris—or by being too small to detect, which usually means less than 10 centimetres in size.”Besides deception and miniaturisation, satellites can also park themselves out of range. For example, geosynchronous satellites, which orbit the Earth at an altitude of nearly 36,000 kilometres, cannot be reached by most existing ASAT missiles. However, every orbit involves trade-offs of its own, and emerging capabilities in electronic warfare and directed energy weapons (DEWs) could reduce the advantage of distance in space warfare. Rather than persist with the popular “high ground” idea, we can turn to conceptions of airpower and maritime power for more useful points of departure when thinking about space. More broadly, any conception of space power cannot be purely military, not even when discussed in a military doctrine document. Seen as a source of comprehensive national power, space power encompasses commercial, military and scientific activity in space, as well as all Earth-based activities connected to the use of space. In our document, we define space power as “the ability of a state to leverage its space-related activities to wield influence in international politics.”Strangely enough, the idea of “ultimate high ground” actually understates the importance of space and gets its most basic characteristics wrong. It’s time to recognise the idea is as vacuous as the deepest reaches of interstellar space. You can find our discussion document, hereInfopolitik: Open Source Intelligence & India— Pranay KotasthaneOpen Source Intelligence (OSINT) is having its moment in the sun. DRASTIC's work on the origin of COVID-19 highlighted not just how amateurs can expose the blind spots of government intelligence agencies, but also how OSINT could demolish widely established narratives. Then in June 2021, Decker Eveleth, brought to light China's new missile silos, using just commercial satellite imagery. In addition, an OSINT pioneer Bellingcat was out with a book while The Economist described OSINT as one of the bright sides of the Information Age. Earlier this year, CSIS's (An American think-tank) Technology and Intelligence Task Force recommended that OSINT be elevated as a core "INTs" — at the same level as GEOINT, HUMINT, and SIGINT, complete with a separate intelligence agency of its own.So, this article is my first-cut attempt to understand the promise of OSINT from an Indian perspective.Let's begin with the three functions of intelligence work and try to see where OSINT fits in each of them.Collection. OSINT technically refers to a collection discipline. It refers to using publicly available information once the requirements are specified by the intelligence community's customers. With satellite images being available easily and people leaving vast amounts of digital footprints, OSINT offers a lot of promise as a means of collection. However, what blocks its wider adoption in a government intelligence agency is precisely that it’s publicly available. Mark Lowenthal, an authority on this subject, writes that intelligence agencies share the assumption is that the more secret the information, the more valuable it is. So OSINT is seen as useless by default. Adopting OSINT then becomes a much tougher behavioural problem rather than a technical one.Analysis. This step involves generating insights and recommendations based on information collected by one or more sources. Like with the collection step, the information provided by OSINT is likely to be given less importance over data collected by other 'secret' sources.Operations. In this step, OSINT could be used to expose the adversary's plans or actions with the aim of either discrediting or causing a domestic upheaval in the target country. More realistically, this could be done to weaken the negotiating position of an adversary. But if such an OSINT operation is traced back to the attacking country's government, it faces the risk of being devalued as a disinformation exercise.Taken together, it does seem that OSINT’s importance will only increase in the Information Age. It also becomes apparent that the OSINT modus operandi differs in fundamental ways from that of traditional intelligence agencies. Given this paradox, how can India leverage OSINT for its benefit?In the Indian setup, keeping OSINT distinct from traditional intelligence agencies seems to be a better idea for both. The rigid structures in the old-world agencies might continue to glorify secretly obtained information, relegating OSINT permanently to the sidelines. On the other hand, a stand-alone, non-classified entity whose findings other agencies can choose to use in their analysis might be more acceptable. A third way is to eschew government linkages with private OSINT organisations and instead focus on presenting a united front to the adversary. The flowers of OSINT might well bloom on the fertile soil of social trust.Takshashila is doing a Global Outlook Survey covering domains like India’s bilateral and multilateral engagements, national security concerns, economic diplomacy and attitudes towards the use of force. If this sounds interesting, do click-through to participate.Cyberpolitik #1: China's first move-Sapni G KThe Cyberspace Administration of China (CAC) released the draft "Internet Information Service Algorithmic Recommendation Management Provisions" for public comments on 26 August 2021. Algorithms and data are the fundamental blocks of our increasingly technology-mediated economies. This is one of the first concrete endeavours across the globe to regulate algorithms, positioning algorithm regulation as process or mechanism regulation rather than mere input/output based regulation. Once passed, China can claim to be the first State across the globe to institutionalise algorithm audits at scale. China’s legal system is undergoing an overhaul to ensure adequate regulation of market players in a technology-mediated society; ranging from antitrust reforms to labour reforms. A common thread runs through these regulations, shifting China's narrative from creating wealth to equitable distribution of wealth and holistically improving the quality of Chinese life. China is eyeing to be the leader in establishing norms for the 21st century, on its way to being a comparable standard for liberal democracies across the world to emulate. Interestingly, this draft, the Personal Information Protection Law, other recent regulatory and enforcement steps are comparable to the steps taken by the USA and the EU. Read together, it signals that vastly different regimes are eyeing the lowest common denominator in the regulation of the internet.Clearly, China seems to be racing ahead to achieve the status of a forerunner at regulation of internet-based technologies. There is an attempt at cementing the claims of international legitimacy and trying to win the tripolar contest of regulation. Regulation of e-commerce with a profound environmental angle has been an EU concern that has been co-opted by the US recently. Similarly, labour rights regulation, particularly in the gig economy, seems to be shifting profoundly towards the welfare model proposed by EU states, but China now takes the lead. With the draft Algorithms regulation getting finalised, China also steps in to pivot the algorithm regulation towards its model of social equity, which can possibly become a standard as ubiquitous as the GDPR. Effective regulation is a great tool for soft power. China's track record on liberty and freedoms reflects in this draft and does not bode well for liberal democracies. These are developments India should watch closely and analyse cautiously. Energypolitik: Photovoltaics – The Next Rare Earths?-Arjun GargeyasWith the effects of climate change managing to wreak havoc across the globe (from the wildfires in Australia and California in 2020 to the wildfires in Greece and Turkey in 2021, along with massive flash floods in Germany and China), the Intergovernmental Panel on Climate Change (IPCC) and its report reaffirmed our worst fears. Attention has turned to the adoption of sustainable and clean energy along with states, both developing and developed, requiring to honour their climate change agreement commitments. This has put photovoltaics (PV) (using solar energy to generate electricity) on the path to becoming one of the most critical and useful technologies for states around the world looking to transition into a majorly renewable energy society. The PV sector shares a striking similarity with that of the rare earth industry a decade back, both with its absolute necessity across renewable energy domains and with China establishing a clear lead over all its rivals in terms of meeting the global demand of PV technology (almost 70% along with Taiwan), solar power generation capacity and the solar power generated in a year. The strategic and sustainable angle to PV technology puts it at the forefront of geopolitical competition, similar to what the rare earth industry still faces. Playing a crucial role in the global semiconductor supply chains too, the PV industry has an opportunity to become an area for potential collaboration between like-minded nations to stymie a single state's hegemony and build an alliance for sharing renewable energy technologies. Investment There has been a consistent increase in investments related to renewable and sustainable energy across the world in the last decade. Solar energy and its benefits have long been discussed and pushed forward, but the sector has yet to take off in the developing countries as it is a long, drawn-out process with the need for a consistent influx of money and natural resources. States with additional funding can effectively create a robust supply chain of PV devices with the help of the comparative advantages of the 'sunshine countries', which have abundant solar capacity and the technologically advanced states that can build devices to harness this raw energy into electricity. Critical Materials Supply ChainsPV technology has a number of critical materials that are required for the manufacturing process. Here is where multilateral forums and groupings, especially the Quad in the Indo-Pacific, can come together on emerging technology such as Photovoltaics to reduce the risks of any bottlenecks in the global supply chains of PV materials. The crystalline Silicon (cSi) technology has dominated the PV technology all these years with the copper indium gallium selenide (CIGS) technology slowly gaining importance in recent times. China absolutely rules the world in terms of Silicon production outpacing rivals consistently. But the up-and-coming CIGS technology utilizes Gallium and Indium for which Australia is one of the world's leading reserves. In terms of solar panel manufacturers across the world, China occupies 7 to 8 slots out of the top 10 in terms of shipments (in GW) due to which the supply chain of solar panels has been concentrated in the hands of the Chinese over a decade and a half. Need for Co-operationThere is always a need to ensure better co-operation between states which can be done by creating interdependencies among them. One of the ways to do that in the renewable energy sector, especially the solar power sector is to build transboundary electric grids which can result in the distribution of PV technology. The creation of smaller grids, such as microgrids, across borders, can help in significant transfer of technology between the developed and developing countries along with utilizing the resources that the other states have to offer. This can also result in the increase of cross border energy trade and can help each country achieve its demand if they are falling short of meeting their own demands. Greater electric interconnections between the states can result in widespread access to PV technology across the world.There is almost a global consensus on the threat of climate change and the need for the reduction in fossil fuel dependencies. The international treaties signed by these nations have clearly outlined the path to transition into a sustainable energy-based society with solar energy at the forefront of it. Photovoltaics, as a sector and its technology, has already shown how necessary it can be in the coming decades. With all countries requiring to honour their commitments to global agreements on climate change and sustainable energy, the PV sector will soon be of immense strategic concern, and each state must ensure its presence and influence in the Photovoltaics industry to protect its own interests and prevent any takeovers of the supply chains of critical technologies.Cyberpolitik #2: Middleware - middle ground or middle-of-nowhere?-Prateek WaghreA recently published paper analysing tweets from Donald Trump’s account that were on the receiving end of policy enforcement from Twitter found that the tweets themselves or related messages continued to spread on Twitter and other platforms.The study categorised the interventions from Twitter in 2 ways. Soft interventions - attaching labels without restriction on interactions (likes, retweets, replies, etc.). And hard interventions - removal or restriction on interactions.On Twitter: Tweets that were labelled spread further than those that were neither labelled nor restricted.On other networks: In general, for posts containing the same ‘messages’, those that were restricted on Twitter spread further those that were labelled or not labelled. But there are some subtleties to highlight (italics indicate quotes from the original paper):Facebook: Messages with/without labels had a similar “average number of posts on public Facebook pages and groups”. Messages that were restricted had “a higher average number of posts, were posted to pages with a higher average number of page subscribers, and received a higher average total number of engagements.”Instagram: On average number the posts, the pattern was similar to Facebook. However, with engagement, there was a difference in that “posts with a hard intervention received the fewest engagements, while posts with no interventions received the most engagements.”Reddit: Reddit doesn’t report engagement numbers in the same way as other platforms, so researchers had to use subreddit size (users) and frequency of posts: “messages that received a hard intervention on Twitter were posted more frequently and on pages with over five times as many followers as pages in which the other two message types were posted.”The authors note that the findings do not necessarily suggest that the ‘Streisand Effect’ was at play, pointing to the exceptional nature of the content/message itself as a possible reason for high engagement.An important takeaway, as Renee DiResta aptly sums up, is “Misinformation is networked, content moderation is not”. It seems obvious from here to suggest that firms operating Digital Communication Networks (DCNs) should collaborate more closely with regard to such enforcement. However, that opens the door to what Evelyn Douek describes as 'Content Cartels' and potentially adds another binary to the DCN governance conversation (e.g. must-carry v/s must-remove, centralised v/s decentralised). But is there a middle ground we can find between these binaries?Unbundling DCNsIn 2020, the ‘Working Group on Platform Scale’ at the Cyber Policy Center, Stanford University, proposed ‘middleware’. By “middleware,” we refer to software products that can be appended to the major internet platforms. These products would interconnect with Facebook, Amazon, Apple, Twitter, and Google APIs and allow consumers to shape their feeds and influence the algorithms that those dominant platforms currently employ. In fact, this approach of ‘unbundling’ DCNs in a way that users can also access them through third party services envisioned to be operating in a competitive marketplace is also apparent in earlier proposals such as magic APIs, protocols-not-platforms and competitive compatibility (I had done a preliminary comparison of them in June as well as a number of questions that still need to be answered).In the context of DCNs, middleware, as proposed, could:(provide) filters for specific news stories and (develop) ranking and labeling algorithms, which are then integrated into the main platformIn addition to user preferences, consumption, middleware could rely on public data sources (RSS feeds, news, etc.) as well as platform-specific data (but not related to the specific user or query/search).Interoperability itself may happen by either consent or decree, though the working group expects that some legislation may be required to ensure that APIs are opened up. They also advocate for the existence of standards or guidelines that middleware companies will have to adhere to. These standards/guidelines can be defined by a regulator or the DCN firms themselves. I think this could be a contentious issue in the future as we dig deeper into questions related to state/regulatory capacity and incentives of firms.The July edition of the Journal of Democracy included a special section titled ‘The Future of Platform Power’ focused on middleware which includes some interesting critique of the approach.Daphne Keller (who proposed Magic APIs, and is optimistic about middleware) poses four questions that need to be addressed:Quality of service: Can middleware companies provide an equivalent or superior experience compared to the incumbents, and can they process the same volumes of data?Business models: How will middleware companies make profits? What incentives do platforms have to share revenues?Curation Costs: Large DCN firms employ/contract a significant number of people in content moderation roles. How can the ‘solved’ aspects of content moderation be replicated so that they can focus on the unique/un-solved aspects?Privacy: Are data generated by interactions in a users’ network available to middleware companies? If yes, there are privacy implications. If no, it limits the utility of middleware solutions and, therefore, their ability to compete with incumbents.Joan Donovan and Robert Faris believe middleware is ‘fragmentation by design’ and question whether it will be lead to outcomes significantly different from the current system. They also raise the concern that middleware could, in theory, exacerbate polarisation. These are recurrent themes in most criticism of the approach. Dipyan Ghosh and Ramesh Srinivasan, like Donovan and Faris, believe the current set of challenges go beyond the narrow, content moderation-focused approach of middleware. Nathalie Maréchal raises the absence of a business model as a red flag:This is essential: Middleware firms will have their own set of incentives and will need to be accountable to someone, be it a board of directors, shareholders, or some other entity. Incentives and accountability both depend on how the “middleware” providers will make money.In a response essay, Francis Fukuyama states:Our working group’s promotion of middleware rests on a normative view about the continuing importance of freedom of speech. Middleware is the most politically realistic way forward.Our Reading Menu:1) [Report] Inside the Shadowy World of Disinformation for Hire in Kenya by Odanga Madung and Brian Obilo2) [Article] This is the real story of the Afghan biometric databases abandoned to the Taliban by Eileen Guo and Hikmat Noori3) [Report] CSIS Technology and Intelligence Task Force’s Maintaining the Intelligence Edge has several recommendations for the future of intelligence agencies in the US.4) [Report] The Economist has a stellar take on how OSINT punctures state monopolies of information and how this is a net positive.5) [Article] Joseph Bernstein’s Harper’s Magazine cover story on the state of disinformation research. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit hightechir.substack.com
Over the past few years, China has introduced a range of laws dealing with data privacy and cybersecurity. The most well-known is China's Cybersecurity Law, which came into effect in June 2017. With the recent passing of China's Data Security Law and Personal Information Protection Law, concerns regarding data localization and how to get data outside of China have been brought back into sharp focus. But beyond cross-border data transfers, these new laws may also have a further impact on technology transactions, particularly in relation to the deployment of cybersecurity products in China or for foreign companies that deliver products or services to Chinese residents or that utilize Chinese service providers. Join Mayer Brown partner Gabriela Kennedy and counsel Karen Lee along with host Julian Dibbell as they explore these developments.
On this week of Serious Privacy, Paul Breitbarth and K Royal discuss the new China Personal Information Protection Law (PIPL) that was adopted on 20 August. This new omnibus data protection law will enter into force on 1 November 2021, without a transition period to comply. 73 days between adoption and entry into force is a very short deadline for compliance, especially for a wide-ranging and complex law such as the PIPL. Although many details remain unclear for the time being, during this week's episode, your hosts will try to guide you through the main characteristics of the new Chinese data protection law. TrustArc will soon make further resources, including a white paper, available via a special microsite at TrustArc.com (select Solutions > Solutions by Regulations > PIPL Compliance Solutions). We also welcome any specific questions you may have on the China PIPL for a future episode of Serious Privacy. Please note that K and Paul recorded this a week before publishing, so there are quite a few items that have since been researched and nuanced excellently outside this episode.In the meantime, we can already refer you to the following blogs:China Personal Information Protection Law AdoptedGetting Started with PIPL ComplianceA webinar will be announced shortly. The registration link will become available here: https://trustarc.com/resource_types/webinars/. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion.
China's congress recently passed the Personal Information Protection Law, a piece of legislation that will significantly impact how foreign and Chinese companies collect, use, and transfer personal information. To get a rundown of what companies need to know about the law and its implementation, we're on the line with Hannah Feldshuh, a business advisory services […]
How the new legislation will protect the public's private data; pork giant gets hamstrung by family feud; and gambling stocks soar after Macau eases Covid restrictions SPECIAL OFFER To enjoy 7-day complimentary access to caixinglobal.com and the English Caixin app visit this link: https://www.caixinglobal.com/institutional-activity/?code=J3XVJC
China is poised to significantly update its current data-protection framework with a key new law: the PRC Personal Information Protection Law ("PIPL"). These new regulations will undoubtedly impact multinationals operating in the PRC. Carol Sun, from Yuanda, explains what you should start thinking about now. Related article: Cross-Border Data Transfers Under the New PRC Data Protection Regime More on Carol Sun. SPEAKERS Carol Sun (Yuanda), Wayne Stacy Wayne Stacy 00:00 Welcome, everyone. This is Wayne Stacey, the executive director of the Berkeley Center for Law and Technology. Today we have with us Carol Sun from the law firm of Yuanda. They are a Chinese law firm that is in the strategic alliance with Winston strong here in the United States. And Carol Sun is an expert in the new laws that are coming online set in early September in, in PRC related to privacy and data regulation. So Carol, thank you for joining us today. Carol Sun 00:39 Thank you so much Wayne, It's my pleasure. Wayne Stacy 00:43 Well, Carol, what I wanted to do was just go through and give the audience a background and an understanding of what's happening. Because it's a it's a new subject for a lot of people. So in particular, there's a new law coming online in September, referred to as the Personal Information Protection Law. Can you tell us what it is and how it is similar or different from other privacy laws like GDPR? Carol Sun 01:12 Sure, I can not sure whether this P IPO we did the full name of the law is the PRC Personal Information Protection Law will come into force September or later, but other people anticipate this law will come by the end of this year. So this personal information protection law is from some Chinese people's view is a Chinese person GDPR. So if we talk about the GDPR, people understand that it is almost the stringent law to protect the personal information, and also the privacy. I think this Chinese version PRPO borrowed a lot of concepts, and also the rise of the personal information subjects from GDPR. For example, this law grabbed a lot of rights, for example, the rise of a deletion, the rise of the revision, and also asked for the subject to always have the rights to say no to withdraw their rights without their consent for the data processing. And also this Chinese law also borrows some data cross border transfer mechanism. For example, this law also have some mechanism like the standard contract clauses. That is, from our view that there will be one of the main mechanisms for the company's transferred some personal information from China to the overseas. Also for the penalty perspective, I think based on my understanding, it is one of the few laws have a very high mandatory penalties. This personal information protection law also have the similar concept compared with GDPR. For example, the Harris the mandatory penalty is a 50 million RMB or the 5% of last year's global turnover. So this is quite high if the company has some violation to the law. But it's not the situation that any violation to law will trigger this kind of a high mandatory penalty, but some also other penalties like the administration level and also some, even the criminal level depends on the severity of the violation. So I think that is this P IPO has a very similar concept with GDPR and also constitute another side in the whole data protection legal framework in China. Wayne Stacy 04:02 How will the PRC go
China is radically changing the way it regulates data environments. With a new Data Security Law passed and a Personal Information Protection Law in the works, China is moving from a largely unregulated data environment to a highly regulated one.Rebecca Arcesati and John Lee, Analyst and Senior Analyst at MERICS respectively, join the podcast to talk about the effects and implications of these laws as well as two recent publications on the evolving data governance regime in China, specifically on AI ethics and governance in China as well as China and the Internet of Things.
UK companies operating in China are beholden to an increasing number of cybersecurity regulations. These influence a raft of business activities, including the ease with which a Chinese subsidiary of a multinational company can share customer or R&D data with other parts of the business; how businesses store data; and how corporate entities interact with the emerging Social Credit System. In this episode, Joe Cash talks to Torsten Weller about two new regulations making their way into law that are bound to add to the compliance burden of companies needing to move data to and from China, the Personal Information Protection Law (PIPL) and the Data Security Law (DSL). How similar is the PIPL to the European Union's GDPR? How can UK companies transfer data obtained by their Chinese subsidiaries out of the country? How does China determine liability when there is a data breach? This episode of the China Business Brief has you covered.
The third episode in our monthly podcast on employment law issues.