Click above|Follow us
Recently, the Cyberspace Administration of China released the "Guidelines for the Construction of Mobile Internet Minor Mode," which clearly stipulates the systematic requirements for different responsible entities regarding the construction of a minor mode. In terms of cross-border data processing, the "Personal Information Cross-Border Processing Protection Requirements" in the Guangdong-Hong Kong-Macao Greater Bay Area have been issued, aiming to implement the cross-border security certification of personal information in the Greater Bay Area. In judicial practice, the Shanghai court clarified that "providing a crawler program to scrape public data" constitutes the crime of providing programs for intruding into computer information systems. The Beijing Internet Court ruled that an algorithm service platform that has fulfilled its obligation to explain and clarify the "search suggestion words" algorithm does not constitute an infringement under certain.
HOTSPOT
HOTSPOT
Cyberspace Administration Releases "Guidelines for the Construction of Mobile Internet Minor Mode"
On November 15, 2024, the Cyberspace Administration of China issued the "Guidelines for the Construction of Mobile Internet Minor Mode" (hereinafter referred to as the "Guidelines"), specifying the detailed requirements for the construction of minor modes on mobile smart terminals, applications, and application distribution platforms.
The Guidelines elaborate on the construction tasks of different entities, proposing an overall plan for the construction of minor modes, including the use of time periods, duration, content, and functionality, applicable to the research and development, construction, operation, and management of minor modes.
For more information, please click here.
National Cybersecurity Standardization Technical Committee Releases "Cybersecurity Standard Practice Guide - Personal Information Cross-Border Processing Protection Requirements for the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong)"
On November 21, 2024, the secretariat of the National Cybersecurity Standardization Technical Committee, in conjunction with the Hong Kong Privacy Commissioner for Personal Data, compiled and released the "Cybersecurity Standard Practice Guide - Personal Information Cross-Border Processing Protection Requirements for the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong)" (hereinafter referred to as the "Protection Requirements"). The "Protection Requirements" were formulated to implement the cross-border security certification work of personal information in the Guangdong-Hong Kong-Macao Greater Bay Area, combining the personal information/personal data protection laws and regulations of the two regions. It stipulates the basic principles and requirements that personal information handlers or recipients in the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong) should follow when conducting cross-border flow of personal information within the Greater Bay Area between Mainland and Hong Kong through a secure mutual recognition method. The "Protection Requirements" apply to the cross-border flow of personal information between Mainland and Hong Kong within the Greater Bay Area through voluntary application for the Greater Bay Area personal information cross-border security certification (for personal information handlers or recipients in the Mainland of the Greater Bay Area) or voluntary application to join the "Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong) Cross-Border Personal Data Transfer Recognition List" established by the Hong Kong Privacy Commissioner for Personal Data (for personal information handlers or recipients in the Hong Kong Special Administrative Region). If personal information that has been notified or publicly released as important data by relevant departments or regions is involved, it does not apply to these requirements.
For more information, please click here.
Providing a Crawler Program to Scrape Public Data Constitutes the Crime of Providing Programs for Intruding into Computer Information Systems
Case Background
In 2021, Wang developed a crawler program capable of bypassing the protective measures of the "Poizon" (Dewu) APP and automatically scraping publicly available product data. He published promotional posts on platforms such as WeChat Moments and blogs and sold the program, earning over 600,000 yuan in just two years.
In October 2021, a post by Wang was discovered by an employee of Poizon. The employee added Wang on WeChat and purchased the algorithm. After verification, it was confirmed that the algorithm could indeed obtain core data, including product pricing information, from the Poizon APP without authorization. Poizon immediately reported the case to the public security authorities. Upon investigation by the public security organs, it was found that the aforementioned crawler program bypassed protective mechanisms by cracking API encryption algorithms and obtaining device identity fingerprints SK in bulk, thus accessing server data without authorization.
After trial, the court held that the defendant, Wang, was fully aware that the crawler program and interfaces he developed had the function of cracking the security protection measures of the APP and obtaining publicly available product data. Nevertheless, he sold them online to others and provided maintenance services, with an audited illegal income of over 600,000 yuan. His actions constituted the crime of providing programs for intruding into computer information systems, with particularly serious circumstances, and should be punished according to the law.
For more information, please click here.
"Search Suggestion Words" Algorithm Infringement? Platform Has Fulfilled Algorithm Explanation Obligation, Not Constituting Infringement
On November 11, 2024, the Beijing Internet Court delivered its first-instance verdict in the court's inaugural case involving a network infringement dispute triggered by "search suggestion words." This case provides judicial practice insights into how to understand and apply the "algorithm explanation obligation" of algorithm recommendation service providers under the "Regulations on the Management of Algorithmic Recommendations for Internet Information Services" and how to achieve algorithm transparency, which is of significant reference value for corporate compliance work.
In this case, the court comprehensively determined whether the algorithm recommendation service provider for "search suggestion words" knew or should have known about the infringing content on the platform by considering factors such as whether there was human involvement in the generation or review, whether the infringing content was obvious or easy to determine, the platform's technical capability for review, and whether the platform profited from it. The defendant algorithm recommendation service provider provided two written explanations to the court during the trial, detailing the generation mechanism of the search suggestion technology, the basic principles of page suggestion word display, operational rules, and related technical feasibility. These explanations effectively addressed the algorithmic risks reflected by the search suggestion words, their causes, and whether there were possibilities for avoidance, and were considered to have fulfilled the burden of proof and the obligation to explain the algorithm.
For more information, please click here.
NEWSLETTER
NEWSLETTER
(Click on the source or copy the corresponding link to view the details)
LEGISLATION
The National Cybersecurity Standardization Technical Committee releases the "Cybersecurity Standard Practice Guide - Personal Information Cross-Border Processing Protection Requirements for the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong)"
Source: National Cybersecurity Standardization Technical Committee
The National Data Bureau releases the "National Data Infrastructure Construction Guidelines (Draft for Comments)"
Source: National Data Bureau
The National Data Bureau issues the "Trusted Data Space Development Action Plan (2024—2028)"
Source: National Data Bureau
The National Data Bureau announces that the "Interim Administrative Measures for Public Data Resource Registration (Draft for Public Comments)" received a total of 130 comments
Source: National Data Bureau
The National Data Bureau announces that the "Interim Implementation Guidelines for Public Data Resource Authorization Operation (Trial) (Draft for Public Comments)" received a total of 218 comments
Source: National Data Bureau
The People's Bank of China's Science and Technology Department: The "Compliance Guidelines for Promoting and Regulating Cross-Border Data Flows in the Financial Industry" are being urgently introduced
Source: Xinhua News Agency
https://www.news.cn/money/20241122/bf66a82b9c0e4a7f8c1848eb6bdefe96/c.html
The Cyberspace Administration of China releases the "Mobile Internet Minor Mode Construction Guidelines"
Source: Cyberspace Administration of China
The "Anti-Money Laundering Law" is revised and passed, to be implemented from January 1 next year
Source: China Government Network
https://www.gov.cn/yaowen/liebiao/202411/content_6985765.htm
Three departments including the National Health Commission release the "Health Industry Artificial Intelligence Application Scenarios Reference Guide"
Source: China Government Network
http://www.nhc.gov.cn/guihuaxxs/gongwen12/202411/647062ee76764323b29a1f0124b64400.shtml
The Shanghai Intellectual Property Bureau and other departments release the "Shanghai Data Product Intellectual Property Registration and Evidence Preservation Interim Measures"
Source: Shanghai Intellectual Property Bureau
https://sipa.sh.gov.cn/zwgk_zxxxgk/20241114/628f6a97d7ef4b8c9bbcf4a0408ab909.html
The China Internet Association and 17 other organizations jointly release the "Data Security Compliance Guidelines for the Industrial and Information Technology Sector"
Source: China Internet Association
https://www.isc.org.cn/article/22873502862536704.html
INDUSTRY TRENDS
Central Cyberspace Affairs Office: The average time for data export security assessments has been reduced to less than 30 working days
Source: China Securities Journal
http://jnzstatic.cs.com.cn/zzb/htmlInfo/df02b49b901a46ce9689c0809ed002e8.html
The Accounting Department of the Ministry of Finance releases the implementation Q&A for data resource accounting treatment
Source: Ministry of Finance
https://kjs.mof.gov.cn/zt/kjzzss/sswd/sjzykjclsswd/202410/t20241030_3946594.htm
The Ministry of Industry and Information Technology releases the announcement on APP (SDK) violations of user rights and interests (2024, No. 9, total No. 44)
Source: Ministry of Industry and Information Technology
https://www.miit.gov.cn/xwfb/gxdt/sjdt/art/2024/art_a20860e438684a039708611ceeadc003.html
Public security authorities punish Kuaishou according to the "Cybersecurity Law", order it to fully implement the youth mode, comprehensively investigate and clean up illegal information, and deal with illegal and irregular accounts according to laws and regulations
Source: National Cyber Security Notification Center
The National Computer Virus Emergency Response Center monitors and finds 13 illegal mobile applications
Source: National Computer Virus Emergency Response Center
https://www.cverc.org.cn/zxdt/report20241111.htm
The automotive privacy protection logo is released, and the first batch of six car companies are certified
Source: Guangming Network
https://tech.gmw.cn/2024-11/10/content_37667331.htm
The third licensed personal credit reporting agency in the country is approved
Source: People's Bank of China
http://www.pbc.gov.cn/zhengwugongkai/4081330/4081344/4081407/4081702/4081770/4081803/5502945/index.html
The Ministry of Public Security releases 10 typical cases of online infringement and counterfeit crimes
Source: Ministry of Public Security
https://www.mps.gov.cn/n2253534/n2253535/c9846802/content.html
From November 12 to 13, the National Data Bureau, together with relevant departments, holds a meeting to promote the construction of Digital China
Source: National Data Bureau
China releases the "Global Data Cross-Border Flow Cooperation Initiative"
Source: Central Cyberspace Affairs Office
https://www.cac.gov.cn/2024-11/20/c_1733706018163028.htm
The national legal AI infrastructure - "FaXin Legal Infrastructure Model" - is officially released
Source: Supreme People's Court
https://www.court.gov.cn/zixun/xiangqing/447711.html
Shanghai's first case to recognize providing web crawler programs to scrape public data as providing programs for intruding into computer information systems
Source: Shanghai High Court
The Beijing Internet Court releases a case: the company's continued use of an employee's appearance in videos after departure infringes on personality rights
Source: Beijing Internet Court
The Changsha Cyberspace Affairs Office continues to carry out on-site inspections for personal information protection
Source: Hunan Cyberspace Affairs Office
The Beijing Internet Court releases a "search suggestion word" algorithm infringement case, the platform has fulfilled the algorithm explanation obligation, and does not constitute infringement
Source: Beijing Internet Court
The Shandong Communications Administration announces APPs with user rights violations (2024, No. 9), and delists 6 APPs that infringe on user rights
Source: Shandong Communications Administration (Announcement, Delisting)
The Guangdong Cyberspace Affairs Office issues a notice on reporting the 2024 automotive data security management situation
Source: Guangdong Cyberspace Affairs Office
The Shanghai Cyberspace Affairs Office issues a notice on reporting the 2024 automotive data security management situation
OVERSEAS
European Union:
BEUC releases GDPR cross-border enforcement recommendations
Source: BEUC
https://www.beuc.eu/sites/default/files/publications/BEUC-X-2024-092_cross-border_GDPR_enforcement.pdf
The European Commission releases the first draft of the general AI code of conduct written by independent experts
Source: European Commission
https://digital-strategy.ec.europa.eu/en/library/first-draft-general-purpose-ai-code-practice-published-written-independent-experts
The AI Office opens a consultation on the application of prohibited AI practices and the definition of AI systems in the AI Act
Source: European Commission
https://digital-strategy.ec.europa.eu/en/news/commission-launches-consultation-ai-act-prohibitions-and-ai-system-definition
EDPB releases the opinion on the Irish supervisory authority's draft decision on the BCR of the Aptiv Group
Source: EDPB
https://www.edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-232024-draft-decision-irish-supervisory_en
United States:
California CPPA passes data broker registration regulations and will accelerate the formulation of insurance, cybersecurity audit, risk assessment, and automated decision-making related rules
Source: CPPA
https://cppa.ca.gov/announcements/2024/20241108_2.html
The Food and Drug Administration (FDA) advisory committee holds a meeting on medical devices supported by generative artificial intelligence
Source: FDA
https://www.fiercehealthcare.com/regulatory/fda-advisory-committee-discuss-generative-ai-meeting-week#:~:text=The%20FDA%20will%20hold%20its%20first%20Digital%20Health,devices%20that%20rely%20on%20generative%20AI%2C%20like%20chatbots.
United Kingdom: The Office of Communications sends an open letter to generative AI and chatbot providers
Source: Ofcom
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/open-letter-to-uk-online-service-providers
India: Antitrust authority fines WhatsApp 2.13 billion rupees and bans data sharing for 5 years
Source: CCI
https://www.cci.gov.in/media-gallery/press-release/details/451/0
Australia: Privacy and Other Legislation Amendment Bill 2024 submitted to the Senate
Source: Australian Parliament
https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/bd/bd2425/25bd016
International: OECD releases report on future AI risks, benefits, and policy imperatives
Source: OECD
https://www.oecd.org/en/publications/assessing-potential-future-artificial-intelligence-risks-benefits-and-policy-imperatives_3f4e3dfb-en.html
Meta to propose "consent or pay" alternative in Europe
Source: Meta
https://about.fb.com/news/2024/11/facebook-and-instagram-to-offer-subscription-for-no-ads-in-europe/amp/
Canada: Establishment of the Canadian Artificial Intelligence Safety Institute (CAISI)
Source: Government of Canada
https://ised-isde.canada.ca/site/ised/en/canadian-artificial-intelligence-safety-institute
Note
本文由AIGC翻译,仅供参考。
Translated by AIGC service. For reference only.
本期编辑:陈瑊 陈煜烺 马辰 陈瑞庭 张丽
