Digital Economy and Data Protection Newsletter（24.08）

Click above｜Follow us

Recently, the Tianjin Free Trade Pilot Zone issued the "Data Outbound Management List", specifying the specific data that needs to be managed. The Ministry of Finance and the Cyberspace Administration of China have issued "Interim Measures for Data Security Management in Accounting Firms", providing comprehensive guidance and standardization for data security management in the accounting firms. Internationally, four U.S. telecom operators were fined nearly $200 million by the Federal Communications Commission for sharing user data without consent; the European Union passed the "European Health Data Space Regulation"; the EU and Japan agreed to include provisions to promote data cross-border flow in the Economic Partnership Agreement; South Korea issued guidelines on drafting data handling policies.

HOTSPOT

Issuance of the Tianjin Free Trade Zone Data Outbound Management Negative List

On May 9, 2024, the Tianjin Municipal Commerce Bureau and the Management Committee of China (Tianjin) Free Trade Pilot Zone issued the "2024 Edition of the Data Outbound Management List (Negative List)". The list outlines data that needs managed oversight, including "data requiring a data outbound security assessment" and "data needing a standard personal information outbound contract and personal information protection certification".

Issuance of the Interim Measures for Data Security Management in Accounting Firms

On May 10, 2024, the Ministry of Finance and the Cyberspace Administration of China jointly issued the "Interim Measures for Data Security Management in Accounting Firms", effective from October 1, 2024. The measures consist of five chapters and 36 articles, providing a top-level institutional design for data security management in accounting firms.

Article 2 of the interim measures clearly states its applicability to: accounting firms lawfully established in China that provide auditing services to listed companies as well as non-listed state-owned financial institutions, central enterprises, operators of critical information infrastructure, or online platform operators with more than 1 million users; as well as accounting firms that handle important or core data.

Public Disclosure of AIGC Registration Contact Numbers and Requirements

Recently, internet information offices in Beijing, Shanghai, Guangdong, Zhejiang, Jiangsu, and other places have successively made public announcements regarding the acceptance of generative artificial intelligence service registration (hereinafter referred to as "AIGC registration") and opened consultation channels. Services that have the attributes of public opinion or the ability to mobilize society, should, according to Article 17 of the "Interim Measures for the Management of Generative Artificial Intelligence Services" and the guidelines announced, perform the registration procedures with the local internet information office.

From the announcements across various regions:

Applicants for AIGC registration generally need to contact the local internet information office by phone in advance;
Beijing, Sichuan, Tianjin, Liaoning, and other regions have informed service providers about specific requirements for corpus security, model security, security measures, and self-assessment of security, detailed in the "Basic Requirements for Security of Generative Artificial Intelligence Services" (TC260-003) issued by the National Committee for Standardization of Internet Security, and whether they meet the requirements of this TC260 document should be one of the contents of the registration review;
Inner Mongolia and Hubei have made clear that for AIGC applications or functions that directly call the capabilities of a registered large model through an API interface or other methods, if they comply with relevant national laws and regulations, they may be directly launched to provide services without registration after obtaining the consent of the local internet information office, and if violations occur during the operation, they will be notified to carry out the registration as the situation warrants;
Guangdong, Jiangsu, Inner Mongolia, and other places have reminded service providers of the public disclosure requirements after completing the registration, that is, to publicly disclose the registration information in a prominent position or on the product detail page.

NEWSLETTER

LEGISLATION

Tianjin Free Trade Zone releases the Data Outbound Management List (Negative List) for 2024
The Ministry of Finance and the Cyberspace Administration of China issue the "Interim Measures for Data Security Management in Accounting Firms"
The State Council's 2024 Legislative Work Plan is released, containing the Network Data Security Management Regulations
The Ministry of Industry and Information Technology releases the 2024 Regulation Making Work Plan
16 national standards for network security are approved and published, including "Network Security Technology Information Technology Security Evaluation Methods" and "Data Security Technology Mobile Internet Applications (App) Personal Information Processing Normative Review and Management Guidelines"
The National Information Security Standardization Technical Committee has released the first batch of national cybersecurity standard requirements for 2024, including data security requirements for cloud computing services, personal information protection requirements for small-scale personal information handlers, guidelines for anonymous processing, and methods for identifying generative AI content
The Hubei Provincial Data Bureau has released the "Draft Hubei Provincial Data Regulations (Consultation Draft)"
Shanxi Province has released the "Draft of Management Measures for Data Work in Shanxi Province (Consultation Draft)"
The Hunan Provincial Department of Industry and Information Technology has issued the "Management Measures for Cybersecurity and Data Security Support Services in the Field of Industry and Information Technology in Hunan Province (Trial)"

INDUSTRY TRENDS

The National Internet Emergency Center releases a notification about the security requirements testing situation for automobile data processing and includes the testing standards and methods
The Beijing CAC opens a consultation phone line for generative artificial intelligence service registration
The Shanghai CAC releases an announcement about accepting generative artificial intelligence service registrations
The Zhejiang CAC releases an announcement about accepting generative artificial intelligence service registrations
The Shanghai Office of Cyber Information has released the "Enterprise-related Infringement Information Processing Service Package 1.0"
All data outbound applications of the first enterprise to trial the "Green Channel" for data export in Beijing have been approved
China and France release a joint statement on artificial intelligence and global governance
The Ministry of Commerce issues the "Digital Commerce Three-Year Action Plan (2024-2026)"
The Zhejiang Provincial Government Office releases "Opinions on Deepening Data Intellectual Property Reform to Promote High-Quality Development"
The "Hebei Province Industrial Field Data Security Capability Enhancement Work Plan (2024-2026)" is released
The Guangdong Provincial Department of Transportation issues the "Guangdong Province Transportation Field Data Governance Development Plan (2024-2030)"
The Beijing High-Level Autonomous Driving Demonstration Zone Office releases a notice about designated policy pilot zones for autonomous driving vehicle testing roads and testing areas
Hangzhou City issues the "Hangzhou City Digital Trade Strong City Three-Year Action Plan (2024-2026)"
Alibaba plans to build its own data center in Vietnam to meet local data localization requirements
The Guangzhou Municipal Government Service and Data Management Bureau guides a city-owned state-owned enterprise to complete the cross-border data asset entry form
The Suzhou Data Resources Court is unveiled
The Central Cyberspace Affairs Office deploys the "Clear · Crackdown on Illegal Information External Links" special action
The National Computer Virus Emergency Response Center announces the recent detection of 10 non-compliant mobile applications
The Beijing Communications Administration releases a notification about problem APPs (2024 fourth issue)
The Guangdong Communications Administration publicly reports 7 APPs that have not completed the required rectifications and delists 1 APP that infringes user rights
The Zhejiang Communications Administration reports 15 APPs that infringe user rights (2024 third batch)
The Anhui Communications Administration releases a notification about APPs that infringe user rights (2024 third batch)

OVERSEAS

Four telecom operators are fined nearly $200 million by the Federal Communications Commission (FCC) for sharing user data without consent
The FTC makes a decision to prohibit InMarket from selling or sharing precise location data
The White House, based on Executive Order 14110, releases 180-day key AI actions
The Department of Homeland Security (DHS) releases a fact sheet to facilitate the safe and responsible deployment and use of AI in the federal government, critical infrastructure, and the U.S. economy
The Department of Commerce (DoC) releases guidelines to promote Executive Order 14110, as well as a new plan for generative AI evaluation by NIST
The United States' International Cyberspace and Digital Policy Strategy is released
Florida signs a bill related to the use of AI in political propaganda
A consumer protection bill regarding interactions with artificial intelligence systems passes a second reading in the Colorado House
Maryland Signs Online Data Privacy Law
Maryland Signs Children's Law

Regulation No. 2024/1183 establishing the European Digital Identity Framework will take effect on May 20, 2024
The European Commission adopts the European Health Data Space Regulation
The European Commission, based on the DSA, designates Shein as an ultra-large online platform
The European Union and Japan agree to add provisions to facilitate data cross-border flow in the Economic Partnership Agreement
The German Data Protection Conference (DSK) releases "Guidelines on Artificial Intelligence and Data Protection"
The French National Commission on Informatics and Liberty (CNIL) opens a public consultation on health data processing standards
The Dutch Data Protection Authority releases guidelines on the use of facial recognition applications
The European Digital Rights Center (NOYB) files a complaint with the Austrian Data Protection Authority (DPA) regarding OpenAI's data protection issues
The Spanish Data Protection Agency (AEPD) and others release guidelines on Wi-Fi tracking technologies
The Portuguese National Cybersecurity Center (CNCS) publishes a risk and crisis communication guide in cybersecurity

UK: The UK Office of Communications (Ofcom) launches a public consultation on the draft "Children's Safety Code of Conduct"
South Korea: The Personal Information Protection Commission (PIPC) releases guidelines on drafting data processing policies
Singapore: Parliament passes the Cybersecurity Amendment Bill
Brazil: The National Data Protection Authority (ANPD) releases "Data Breach Notification Guidelines"
Turkey: KVKK Publishes Draft Regulation on the Procedures and Principles for Transferring Personal Data Abroad

[sources of information]

legislation

https://shangwuju.tj.gov.cn/tjsswjzz/zwgk/zcfg_48995/swjwj/202405/t20240509_6620796.html
https://kjs.mof.gov.cn/zhengcefabu/202405/t20240510_3934477.htm
https://www.gov.cn/zhengce/content/202405/content_6950093.htm
https://www.miit.gov.cn/xwdt/gxdt/sjdt/art/2024/art_fef56cc2c3bf43c1abfb8b7183a64e0e.html
https://mp.weixin.qq.com/s/aBnH5AgYfgR1acPRJi98gA
https://www.tc260.org.cn/front/postDetail.html?id=20240509164754
https://mp.weixin.qq.com/s/SYzFCWrQYmj3Gf6M8gfGSQ
https://www.shanxi.gov.cn/zmhd/yjzj/202404/t20240430_9553118.shtml
https://mp.weixin.qq.com/s/Jb_mWoAFdpKlW1iVmThFaQ

industry trends

https://mp.weixin.qq.com/s/y4fO_opZH_Qmpv9TIIYVMg
https://mp.weixin.qq.com/s/Cns72xS8v3PQmZRWb3OsKg
https://mp.weixin.qq.com/s/S0igPIQHB-MOsJ-7MQEIpA
https://mp.weixin.qq.com/s/64OPy7liRR_FcSOkuaZqTQ
https://mp.weixin.qq.com/s/Nadx9OnsYGALHfrGqxR4Nw
https://mp.weixin.qq.com/s/nr2eoRRBMZrhJEStkkiuOQ
https://www.mfa.gov.cn/web/ziliao_674904/zt_674979/dnzt_674981/xjpdfsxjxgsfw/zxxx/202405/t20240507_11293821.shtml
https://mp.weixin.qq.com/s/l1MkwP_uJTx4LI0xt2prCA
https://mp.weixin.qq.com/s/vTA97DKGbp8KlgpyvnAzkg
https://gxt.hebei.gov.cn/hbgyhxxht/xwzx32/tzgg83/959014/index.html
https://mp.weixin.qq.com/s/qPAORNd6yHiazLAg0-Kbpw
https://kfqgw.beijing.gov.cn/zwgkkfq/tzgg/202404/t20240422_3628816.html
https://www.hangzhou.gov.cn/art/2024/4/26/art_1229063382_1842452.html
https://www.ithome.com/0/766/805.htm
https://www.cnbayarea.org.cn/city/guangzhou/zxdt/content/post_1241218.html
http://www.snd.gov.cn/hqqrmzf/zwxw/202405/2937cb246f7e467a8156ac40f1cdb9fc.shtml
https://mp.weixin.qq.com/s/AAu30EWkfSVmRiDUdH3AqA
https://mp.weixin.qq.com/s/1j8nzPAECb9XFCPBGZwyyQ
https://mp.weixin.qq.com/s/R56j7ORzrYV-vBXzSTYCOA
https://mp.weixin.qq.com/s/XgmHCUl6VBBeIz7DRb6xSw
https://mp.weixin.qq.com/s/ASvSaBsi8efTTlnNbAt4pQ
https://mp.weixin.qq.com/s/Iq3vb9wQD7g6qAGmy2QUoA

overseas

https://docs.fcc.gov/public/attachments/DOC-402213A1.pdf
https://www.ftc.gov/news-events/news/press-releases/2024/05/ftc-finalizes-order-inmarket-prohibiting-it-selling-or-sharing-precise-location-data?utm_source=govdelivery
https://www.whitehouse.gov/briefing-room/statements-releases/2024/04/29/biden-harris-administration-announces-key-ai-actions-180-days-following-president-bidens-landmark-executive-order/
https://www.dhs.gov/news/2024/04/29/fact-sheet-dhs-facilitates-safe-and-responsible-deployment-and-use-artificial
https://www.commerce.gov/news/press-releases/2024/04/department-commerce-announces-new-actions-implement-president-bidens
https://www.state.gov/united-states-international-cyberspace-and-digital-policy-strategy/
https://www.flsenate.gov/Session/Bill/2024/919/?Tab=BillHistory
https://www.dataguidance.com/news/colorado-bill-consumer-ai-protection-passes-second
https://mgaleg.maryland.gov/2024RS/bills/sb/sb0541E.pdf

https://eur-lex.europa.eu/eli/reg/2024/1183/oj
https://www.dataguidance.com/news/eu-commission-welcomes-adoption-european-health-data
https://ec.europa.eu/commission/presscorner/detail/en/ip_24_2326
https://www.consilium.europa.eu/en/press/press-releases/2024/04/29/eu-japan-the-council-approves-a-protocol-to-facilitate-free-flow-of-data/
https://www.dataguidance.com/news/germany-dsk-publishes-guidance-ai-applications
https://www.cnil.fr/fr/prenez-date-mise-jour-des-referentiels-sante-la-cnil-vous-consultera-partir-du-16-mai-afin
https://autoriteitpersoonsgegevens.nl/actueel/antwoord-op-prangende-juridische-vragen-over-gezichtsherkenning
https://noyb.eu/en/chatgpt-provides-false-information-about-people-and-openai-cant-correct-it
https://www.aepd.es/prensa-y-comunicacion/notas-de-prensa/autoridades-de-control-proteccion-datos-publican-orientaciones-tratamientos-tecnologias-seguimiento-wifi
https://dyn.cncs.gov.pt/pt/detalhe/art/135857/cncs-publica-referencial-de-comunicacao-de-risco-e-crise-em-ciberseguranca

https://www.dataguidance.com/news/uk-ofcom-launches-public-consultation-draft-childrens
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS217&mCode=D010030000&nttId=10127#LINK
https://www.dataguidance.com/news/singapore-cybersecurity-amendment-bill-passed
https://www.in.gov.br/en/web/dou/-/resolucao-cd/anpd-n-15-de-24-de-abril-de-2024-556243024
https://kvkk.gov.tr/Icerik/7814/Taahhutname-Basvurusu-Hakkinda-Duyuru

Note

本文由AIGC翻译，仅供参考。

Translated by AIGC service. For reference only.

本期编辑：陈瑊陈煜烺马辰陈瑞庭林婉琪