Digital Economy and Data Protection Newsletter（24.21）

Click above｜Follow us

Recently, regarding algorithm and AI governance, the Cyberspace Administration of China (CAC) has initiated a special governance campaign addressing typical platform algorithm issues and issued a governance checklist guide for corporate self-inspection. Concurrently, local cyberspace affairs offices have publicized another case of Generative AI non-compliance, underscoring the primary responsibility for information content security. Regarding telecommunications regulation, the expansion of the value-added telecommunications services pilot program has been fully activated, with various pilot regions successively issuing related interpretations and announcements. Regarding digital economy development, the State Council, the People's Bank of China (PBOC), and the National Data Bureau have successively released opinions and plans concerning digital trade reform, digital finance, and data circulation security, all in the effort to bolster the steady and enduring growth of the digital economy. Regarding cross-border data flows, the European Data Protection Board (EDPB) has unveiled draft guidelines on requests from third-country authorities for data transfer or disclosure, intending to offer direction for data controllers and processors on the comprehension and enforcement of Article 48 of the GDPR.

HOTSPOT

CAC Launches the "Qinglang · Special Action on Typical Issues of Platform Algorithm Governance"

On November 24, 2024, the Cyberspace Administration of China (CAC) issued a directive to commence the "Qinglang · Special Action on Typical Issues of Platform Algorithm Governance" from the date of issuance until February 14, 2025, further implementing policy documents such as the "Guiding Opinions on Strengthening the Comprehensive Governance of Internet Information Service Algorithms" and the "Regulations on the Management of Internet Information Service Algorithm Recommendations."

The special action covers the following main tasks: (1) In-depth rectification of "information cocoons" and addiction-inducing issues; (2) Enhancing the transparency of ranking lists and combating the manipulation of such lists; (3) Preventing the blind pursuit of profit from infringing upon the rights and interests of new forms of employment; (4) Strictly prohibiting the use of algorithms to implement big data "price discrimination"; (5) Strengthening algorithms to serve and protect the legitimate rights and interests of netizens in a positive direction; (6) Implementing the subject responsibility for algorithm security. The CAC also releases the "Algorithm Special Governance Checklist Guide" for enterprises to self-inspect and implement the aforementioned subject tasks.

According to the arrangement, during the special action period, local cyberspace affairs departments will receive reports through public channels for algorithm-related issues, supervise websites and platforms with problems to rectify in a timely manner, and feedback the rectification results to netizens. Concurrently, from January 1, 2025, to January 31, 2025, local regulatory departments will conduct in-depth assessments of enterprises, verify the self-inspection situation of enterprises, and organize technical forces to urge enterprises to rectify. It is recommended that relevant enterprises carry out self-inspection and self-rectification in a timely manner within the year to comply with regulatory reforms.

For further information on the "Regulations on the Management of Internet Information Service Algorithm Recommendations," please click here.

Source: CAC

Comprehensive Launch of the Pilot Program to Expand the Opening Up of Value-Added Telecommunications Services

On October 23, 2024, the Ministry of Industry and Information Technology (MIIT) organized a symposium on the pilot program to expand the opening up of value-added telecommunications services to foreign investment, officially launching the pilot work in Beijing, Shanghai, Hainan, and Shenzhen . Recently, each pilot region has successively issued relevant interpretations and announcements, fully initiating the pilot program to expand the opening up of value-added telecommunications services to foreign investment. Foreign-invested telecommunications enterprises planning to operate in the pilot areas in businesses such as Internet Data Centers (IDC), Content Delivery Networks (CDN), Internet Service Providers (ISP), online data processing and transaction processing, and information services including information publishing platforms and delivery services(excluding internet news information, online publishing, online audiovisual, and internet cultural operations), and information protection and processing services, can prepare relevant materials based on the requirements and guidelines issued by the localities, and log in to the MIIT Integrated Government Service Platform (https://ythzxfw.miit.gov.cn) to submit applications online.

During this period, enterprises intending to apply for the pilot program can further consult the regulatory authorities in the pilot regions through the following methods regarding related matters.

FTZ	Contacts
Beijing Comprehensive Demonstration Zone for Expanding Openness in the Service Industry	010-51938033、51938038
Shanghai Free Trade Pilot Zone Lingang New Area and Pioneering Area for Socialist Modernization Construction	Policy Consultation (Municipal Economic and Information Commission): 021-60801129 Guidance for Filling Out Forms (Municipal Communications Administration):021-63905098 Project Application: Pudong New Area 021-58788388 ext. 64417, Lingang New Area 021-68286752
Hainan Free Trade Port	0898-65203155，66520730
Shenzhen Demonstration Zone for Socialism with Chinese Characteristics	For further inquiries, please contact the Guangdong Provincial Communications Administration.

For more information, please click here.

Source: Beijing Communications Administration, Shanghai Communications Administration, Guangdong Communications Administration, Hainan Communications Administration.

EDPB Seeks Public Consultation on Guidelines for Article 48 of GDPR (Regarding Requests from Third-Country Authorities for Data Transfers or Disclosures)

On December 3, 2024, the European Data Protection Board (EDPB) sought public consultation on the "Guidelines 02/2024 on Article 48 GDPR" (hereinafter referred to as the "Guidelines on Article 48 GDPR"). These guidelines clarify the rationale and objectives of Article 48 GDPR (Transfers or disclosures not authorised by Union law), its scope, and provide practical recommendations for controllers and processors in the EU on how to understand and implement the article.

Article 48 GDPR stipulates that any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State, without prejudice to other grounds for transfer pursuant to this Chapter. The Guidelines on Article 48 GDPR further indicate that Article 48 is not a ground for transfer and does not contain data protection safeguards. When controllers or processors respond to requests from third-country authorities for personal data, they must not only comply with the provisions of Article 48 but also adhere to other provisions of the GDPR, including Article 5 GDPR (Principles relating to processing of personal data), Article 6 GDPR (Lawfulness of processing), and Chapter V GDPR (Transfers of personal data to third countries or international organisations).

Source: EDPB

https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2024/guidelines-022024-article-48-gdpr_en

NEWSLETTER

（Click on the source or copy the corresponding link to view the details）

LEGISLATION

The General Office of the CPC Central Committee and the General Office of the State Council issue "Opinions on the Reform and Innovation Development of Digital Trade"
Source: China Government Network
Four departments issue the "Joint Punishment Measures for Telecommunication Network Fraud and Associated Illegal and Criminal Activities"
Source: Criminal Investigation Bureau of the Ministry of Public Security
The National Data Bureau releases the "Implementation Plan for Improving Data Circulation Security Governance to Better Promote the Market Value of Data Elements (Draft for Comments)"
Source: National Data Bureau
The People's Bank of China and others issue the "Action Plan for Promoting High-Quality Development of Digital Finance"
Source: People's Bank of China
http://www.pbc.gov.cn/goutongjiaoliu/113456/113469/5519902/index.html
The National Data Bureau releases the public opinion solicitation situation regarding "Explanation of Data Field Terms"
Source: National Data Bureau
Hunan releases the "Hunan Province Plan for Strengthening Data Asset Management Work"
Source: People's Government of Hunan Province
The Inner Mongolia Autonomous Region Government Services and Data Management Bureau releases the "Interim Administrative Measures for Data Circulation and Trading in Inner Mongolia Autonomous Region" (Draft for Public Comment)
Source: Inner Mongolia Autonomous Region Government Services and Data Management Bureau
Chongqing seeks public comments on the "Chongqing Municipal Public Data Resource Registration Management Implementation Measures (Trial) (Draft for Comments)" and "Chongqing Municipal Public Data Resource Authorization Operation Management Implementation Measures (Trial) (Draft for Comments)"
Source: Chongqing Municipal Big Data Application Development Administration
Hainan Province releases the "Hainan Free Trade Port International Data Center Development Regulations"
Source: Hainan Cybersecurity Administration
The National Cybersecurity Standardization Committee seeks public comments on "Network Security Technology - Guide on the Security Implementation of Electronic Government Information Based on the Internet Part 1: General Principles" and "Information Technology - Security Techniques - Network Security Part 6: Security of Wireless Network Access"
Source:National Cybersecurity Standardization Committee

INDUSTRY TRENDS

The Cyberspace Administration of China (CAC) launches the "Qinglang · Special Action on Typical Issues of Platform Algorithm Governance"
Source: Cyberspace Administration of China

The Ministry of Transport press conference indicates the orderly promotion of unmanned vehicle demonstration applications
Source: Ministry of Transport
https://www.mot.gov.cn/2024wangshangzhibo/2024zhuanti3/
The comprehensive launch of the pilot program to expand the opening up of value-added telecommunications services
Source: Beijing Communications Administration，Shanghai Communications Administration，Guangdong Communications Administration，Hainan Communications Administration
The Supreme People's Procuratorate releases a case related to the leakage of user information on e-commerce platforms
Source: Supreme People's Procuratorate
The First Intermediate People's Court of Shanghai releases a civil public interest litigation judgment concerning personal information
Source: The First Intermediate People's Court of Shanghai
Cybersecurity Administration of Shanghai releases compliance guidelines to guide online platforms in fulfilling their obligations to protect minors online
Source: Cybersecurity Administration of Shanghai
Shanghai summarizes the special law enforcement action on the protection of personal information rights in the consumer field and releases the Personal Information Handler's Handbook (Tool Kit), Enterprise Personal Information Protection Compliance Self-inspection List (Health Check Package), etc.
Source: Cybersecurity Administration of Shanghai
The Cybersecurity and Information Office of Nanchang settles a company violating regulations in providing generative artificial intelligence services
Source: Cybersecurity Administration of Nanchang
Multiple cybersecurity and information offices open special reporting channels for "typical issues of platform algorithms"
Source: Cybersecurity Administration of Shanghai, Beijing, Guangdong, Zhejiang
The Cybersecurity Administration of Hunan imposes administrative penalties on an information technology company for failing to fulfill data security protection obligations
Source: Cybersecurity Administration of Hunan
A company in Guangxi is penalized by the cybersecurity department for failing to fulfill the main responsibilities of cybersecurity
Source: Public Security Bureau Cybersecurity Department
An online lending institution in Hainan is summoned for illegally and improperly collecting user personal information
Source: Cybersecurity Administration of Hainan
The Cybersecurity Administration of the Chifeng Municipal Committee of the Inner Mongolia Autonomous Region continues to carry out on-site inspections for personal information protection
Source: Cybersecurity Administration of Inner Mongolia
The Shanghai Communications Administration organizes special governance work on cloud service security for 2024
Source: Shanghai Communications Administration
The Cybersecurity Administration of Fujian releases an announcement on matters related to data security management
Source: Cybersecurity Administration of Fujian
Xiangtan City, Hunan, carries out a joint law enforcement inspection on the protection of personal information rights in the medical industry
Source: Cybersecurity Administration of Hunan
The Zhejiang Communications Administration reports 17 apps that infringe upon user rights and interests (the 11th batch of 2024)
Source: Zhejiang Communications Administration
The Guangdong Communications Administration reports 10 apps that have not completed rectification as required
Source: Guangdong Communications Administration
The Jiangsu Provincial Communications Administration releases a notice on the removal of 18 apps that infringe upon user rights and interests
Source: Jiangsu Communications Administration

OVERSEAS

European Union:

The European Commission announces that VLOPs and VLOSEs must publish annual risk assessment and audit reports under the DSA
Source: European Commission
https://digital-strategy.ec.europa.eu/en/news/very-large-online-platforms-and-search-engines-publish-first-risk-assessment-and-audit-reports
The EDPB is seeking public consultation on Guidelines 02/2024 on Article 48 GDPR (regarding requests from third-country authorities for the transfer or disclosure of data)
Source: EDPB
https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2024/guidelines-022024-article-48-gdpr_en
The European Commission has adopted implementing rules for the core functionalities and certification of European Digital Identity Wallets
Source: European Commission
https://digital-strategy.ec.europa.eu/en/news/commission-adopts-technical-standards-cross-border-european-digital-identity-wallets

United States:

EPIC submits comments on the Department of Justice's proposed rulemaking regarding access to Americans' bulk sensitive personal data by countries of concern
Source: EPIC
https://epic.org/epic-urges-doj-to-clarify-and-strengthen-proposed-rule-on-preventing-access-to-u-s-personal-data/
The FCC adopts new rules for the use of third parties in the caller ID authentication process
Source: FCC
https://docs.fcc.gov/public/attachments/DOC-407664A1.pdf
The California Privacy Protection Agency (CPPA) is seeking public comments on proposed CCPA regulations
Source: CPPA
https://cppa.ca.gov/announcements/2024/20241122.html
The CFPB finalizes a rule on federal oversight of popular digital payment apps to protect personal data, reduce fraud, and stop illegal "debanking"
Source: CFPB
https://www.consumerfinance.gov/about-us/newsroom/cfpb-finalizes-rule-on-federal-oversight-of-popular-digital-payment-apps-to-protect-personal-data-reduce-fraud-and-stop-illegal-debanking/
The CFPB proposes a rule to strengthen regulation of the data broker industry and protect personal privacy
Source: CFPB
https://www.consumerfinance.gov/rules-policy/notice-opportunities-comment/open-notices/protecting-americans-from-harmful-data-broker-practices-regulation-v/

Germany:

The DSK publishes guidelines on the Online Access Amendment Act
Source: DSK
https://www.datenschutzkonferenz-online.de/media/oh/DSK_OH_OZG.pdf
The DSK publishes guidelines on the Telecommunications Digital Services Data Protection Act (TDDDG) version 1.2
Source: DSK
https://www.datenschutzkonferenz-online.de/media/oh/OH_Digitale_Dienste.pdf

Netherlands: The NCSC releases updated guidelines on the Cyber Security Act
Source: NCSC
https://www.ncsc.nl/over-ncsc/documenten/brochures/2024/8/13/informatiebrochure-cyberbeveiligingswet
Brazil: The antitrust agency rules that Apple must remove in-app payment restrictions
Source: Brazilian Government
https://www.gov.br/cade/pt-br/assuntos/noticias/sg-determina-aplicacao-de-medida-preventiva-contra-a-apple
Singapore: The Monetary Authority of Singapore (MAS) issues recommendations on risk management of AI models in banking
Source: MAS
https://www.mas.gov.sg/publications/monographs-or-information-paper/2024/artificial-intelligence-model-risk-management
Australia:

The Privacy and Other Legislation Amendment passes both houses
Source: Australian Parliament
https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r7249
The Online Safety (Social Media Minimum Age) Amendment passes both houses
Source: Australian Parliament
https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r7284

Vietnam: The National Assembly officially adopts the Law on Data
Source: Vietnam Investment Review
https://vir.com.vn/national-assembly-adopts-law-on-data-118886.html
Monaco: The National Council passes the Personal Data Protection Act
Source: Government of Monaco
https://en.gouv.mc/Portail-du-Gouvernement/Policy-Practice/A-Modern-State/News/Monaco-adopts-personal-data-protection-legislation-in-line-with-the-highest-European-standards

Note

本文由AIGC翻译，仅供参考。

Translated by AIGC service. For reference only.

本期编辑：陈瑊陈煜烺陈瑞庭张丽