Click above|Follow us
Recently, the Beijing Cyberspace Affairs Office has released the Beijing Free Trade Zone Data Export Negative List and launched the Beijing Municipal Data Cross-border Flow Facilitation Service Platform. In terms of judicial practice, the Guangzhou Internet Court ruled on a "Personal Information Data Cross-border Case," determining that cross-border sharing of customer information for marketing purposes exceeds the necessary scope for fulfilling a contract. The Beijing Internet Court released the top ten typical cases of service protection for new quality productive forces, involving AI, connected vehicles, and data intellectual property rights, among others.
HOTSPOT
HOTSPOT
Beijing Free Trade Zone Data Export Negative List (2024 Edition) Released
On August 30, 2024, the Beijing Cyberspace Affairs Office, Beijing Municipal Bureau of Commerce, and Beijing Municipal Government Affairs and Data Management Bureau jointly issued:
(1) "China (Beijing) Free Trade Pilot Zone Data Export Negative List Management Measures (Trial)": Focusing on the formulation process of the negative list, division of responsibilities, use management, and security supervision, it is stipulated, and the "China (Beijing) Free Trade Pilot Zone Data Classification and Grading Reference Rules" are attached as an annex, improving the rules for identifying important data and proposing 13 major categories and 41 subcategories of data classification and grading reference rules.
(2) "China (Beijing) Free Trade Pilot Zone Data Export Management List (Negative List) (2024 Edition)": As the first scenario-based, field-level data export negative list, it initially covers 5 sectors including automotive, pharmaceutical, retail, civil aviation, and artificial intelligence, with a total of 23 business scenarios and 198 specific fields.
On the same day, the Beijing Cyberspace Affairs Office released the "Beijing Municipal Data Cross-border Flow Facilitation Service Guide" and launched the Beijing Municipal Data Cross-border Flow Facilitation Service Platform (https://sjcj.bjcert.org.cn).
For more information, please click here.
Source: Beijing Cyberspace Affairs Office
Guangzhou Internet Court: Hotels' Cross-border Sharing of Personal Information for Commercial Marketing Exceeds the Scope Necessary for Contract Performance
Recently, the Guangzhou Internet Court concluded a case involving the cross-border sharing of personal information, and the judgment has been made public.
In this case, the plaintiff purchased a membership card from an international hotel chain and booked a room at one of the chain's overseas hotels through the hotel's App, providing personal information such as name, nationality, phone number, email address, and bank card number. When registering for the App, the plaintiff agreed to the company's "Customer Personal Data Protection Charter," which stated that the international hotel chain would transmit and share the plaintiff's personal information to multiple regions and recipients globally. Based on this, the plaintiff sued the court, arguing that the international hotel's transmission of citizens' personal information to foreign entities violated relevant regulations.
The Guangzhou Internet Court ruled that the international hotel's cross-border transfer of consumers' personal information to all its business partners and marketing personnel for commercial marketing purposes exceeded what was necessary for contract performance and should have obtained the plaintiff's separate consent. Since the international hotel did not take measures to obtain separate consent and did not have other legal bases that could exempt consent, it should bear civil tort liability.
Source: Guangzhou Internet Court (2022) Yue 0192 Civil First Instance No. 6486 "Zuo et al. v. Certain Company Personal Information Protection Dispute Case"
Beijing Internet Court Releases Top Ten Typical Cases for Service Protection of New Quality Productive Forces
On August 27, 2024, the Beijing Internet Court released the top ten typical cases for service protection of new quality productive forces, covering multiple cutting-edge fields such as artificial intelligence, NFT digital collections, and the Internet of Vehicles. The court clarified that the rights and interests of a natural person's voice can extend to AI-generated voices, creating an AI image of a natural person without consent constitutes an infringement of personality rights, displaying and selling NFT digital collections without authorization from the copyright owner constitutes infringement, and the car system provider and the work provider, by dividing and cooperating to implement copyright infringement, constitute joint infringement, and the data registration certificate has preliminary evidentiary effect on data possession and the legal source of data, among other adjudicative rules.
For more information, please click here.
Source: Beijing Internet Court
NEWSLETTER
NEWSLETTER
(Click on the source or copy the corresponding link to view the details)
LEGISLATION
The State Council deliberated and passed the "Network Data Security Management Regulations (Draft)".
Source: Ministry of Justice
The Beijing Cyberspace Affairs Office and others jointly issued the "China (Beijing) Free Trade Pilot Zone Data Export Negative List Management Measures (Trial)" and "China (Beijing) Free Trade Pilot Zone Data Export Management List (Negative List) (2024 Edition)".
Source: Beijing Cyberspace Affairs Office
The State Administration for Market Regulation and others issued three mandatory national standards, "Technical Requirements for Information Security of Complete Vehicles", "General Technical Requirements for Automotive Software Upgrades", and "Smart Connected Vehicles Autonomous Driving Data Recording System".
Source: China Standardization
The State Administration for Market Regulation issued the "Internet Advertising Recognizability Law Enforcement Guide".
Source: State Administration for Market Regulation
The Ministry of Industry and Information Technology and others jointly issued the "IoT Standard System Construction Guide (2024 Edition)".
Source: Ministry of Industry and Information Technology
The State Administration for Market Regulation is openly soliciting opinions on the "Trademark Administrative Law Enforcement Evidence Provisions (Draft for Comments)".
Source: State Administration for Market Regulation
https://www.samr.gov.cn/hd/zjdc/art/2024/art_275583fb35664df595acaf3c38cba102.html
The National Cybersecurity Standardization Committee is openly soliciting opinions on the "Cybersecurity Technology Security Technology Cybersecurity Part 7: Network Virtualization Security (Draft for Comments)".
Source: National Cybersecurity Standardization Committee
The National Tourism Standardization Committee is openly soliciting opinions on the "Tourism Big Data Security and Privacy Protection Requirements (Draft for Comments)".
Source: China Information Security
Hebei issued the "Hebei Province Data Intellectual Property Registration Measures (Trial)".
Source: People's Government of Hebei Province
Shanghai is openly soliciting opinions on the "Pudong New Area Public Data Authorized Operation Management Several Provisions (Draft) (Draft for Comments)".
Source: Pudong New Area Justice Bureau of Shanghai
Jinan issued the "Jinan City Data Asset Accounting Data Element Voucher Issuance Activity Implementation Details".
Source: Jinan Big Data Bureau
http://jndsj.jinan.gov.cn/art/2024/8/12/art_38874_4892833.html
INDUSTRY TRENDS
China and Russia issue a joint statement to strengthen cooperation in the development of artificial intelligence.
Source: China News Service
The China-Europe data cross-border flow exchange mechanism is officially established and holds its first meeting.
Source: National Cyberspace Administration
Guangzhou Internet Court: Hotels cross-border sharing of personal information for commercial marketing exceeds the necessary scope of contract performance.
Source: (2022) Yue 0192 Civil First Instance 6486
Beijing Cyberspace Affairs Office issued the "Beijing Municipal Data Cross-Border Flow Facilitation Service Guide", and launched the Beijing Municipal Data Cross-Border Flow Facilitation Service Platform.
Source: Beijing Cyberspace Affairs Office
Beijing Internet Court released ten typical cases of service protection for new quality productive forces.
Source: Beijing Internet Court
Guangzhou Internet Court issued the "Internet Enterprise Foreign-related Litigation Procedure Guide and Legal Practice Common Question Answer".
Source: Guangzhou Internet Court
The Ministry of Industry and Information Technology issued a notice on APP (SDK) infringing user rights and interests (2024 Batch 7, Total Batch 42).
Source: Ministry of Industry and Information Technology
https://www.miit.gov.cn/jgsj/xgj/gzdt/art/2024/art_93a1b8bbf8ff491490afc9115d267fcf.html
Shanghai reported the first batch of APPs infringing user rights and interests in 2024.
Source: Shanghai Communications Administration
Shanghai Lingang Free Trade Zone publicly disclosed the first general data list filing cross-border car enterprise case.
Source: Shanghai Lingang
Shanghai issued a registration announcement for generative artificial intelligence services (August 30).
Source: Shanghai Cyberspace Affairs Office
Shanghai Lingang New Area will release a data cross-border list in the fields of reinsurance, shipping, and securities.
Source: First Financial Daily
https://m.yicai.com/news/102237766.html
Zhejiang reported APPs infringing user rights and interests.
Source: Zhejiang Communications Administration
Sichuan and Chongqing reported APPs infringing user rights and interests.
Source: Chongqing Communications Administration
Chongqing Liangjiang New District organized a talk with the person in charge of the violating APP.
Source: Chongqing Cyberspace Affairs Office
Tibet Cyberspace Affairs Office opened a special report channel for network data security and personal information protection.
Source: Tibet Cyberspace Affairs Office
The State Administration for Market Regulation supervised Alibaba Group to complete three-year rectification.
Source: State Administration for Market Regulation
Taobao, JD, Pinduoduo, Douyin, and Kuaishou, five major internet platform companies, jointly signed the "Network Transaction Compliance Self-discipline Convention".
OVERSEAS
European Union:
The European Commission officially issued an investigation order to Meta under the Digital Services Act.
Source: European Commission
https://digital-strategy.ec.europa.eu/en/news/commission-sends-request-information-meta-under-digital-services-act-2
Major adjustment by Apple: To avoid huge fines, allowing EU users to delete pre-installed software.
Source: Apple
https://developer.apple.com/news/?id=zglax7gc
Data cross-border violation, Uber fined 2.3 billion by the Netherlands.
Source: CCTV News
Germany BaFin releases DORA technical implementation guidelines.
Source: BaFin
https://www.bafin.de/DE/Aufsicht/DORA/Technische_Umsetzung/Technische_Umsetzung_artikel.html
France CNIL releases BCR monitoring tool.
Source: CNIL
https://www.cnil.fr/en/binding-corporate-rules-bcr-cnil-publishes-monitoring-tool
Czech NÚKIB and ÚOOÚ issue a statement on e-shop applications.
Source: NÚKIB
https://nukib.gov.cz/cs/infoservis/aktuality/2154-spolecne-prohlaseni-k-e-shopovym-aplikacim/
Czech ÚOOÚ releases recommendations on the position of data protection officer.
Source: ÚOOÚ
https://uoou.gov.cz/novinky/vse/doporuceni-uoou-c-022024-k-postaveni-poverencu-pro-ochranu-osobnich-udaju
Denmark Datatilsynet releases a decision on the use of facial recognition consent.
Source: Datatilsynet
https://www.datatilsynet.dk/presse-og-nyheder/nyhedsarkiv/2024/aug/samtykke-til-ansigtsgenkendelse-i-fitnesscenter-var-gyldigt
Poland UODO releases guidelines on publishing children's images in various fields.
Source: UODO
https://uodo.gov.pl/pl/138/3312
United States: Texas sues General Motors, accusing it of illegally collecting and selling driver data.
Source: Texas
https://www.texasattorneygeneral.gov/sites/default/files/images/press/General%20Motors%20Data%20Privacy%20Petition%20Filed.pdf
Chile: The House of Representatives approves the Personal Data Protection Act.
Source: Chilean House of Representatives
https://www.camara.cl/prensa/prensa_cms.aspx?noticia=camara-despacho-a-ley-nuevo-marco-para-el-tratamiento-de-datos-personales
Brazil: ANPD releases the "Data Transfer Regulation" and SCC.
Source: ANPD
https://www.in.gov.br/en/web/dou/-/resolucao-cd/anpd-n-19-de-23-de-agosto-de-2024-580095396
Colombia: MICT announces the establishment of the Artificial Intelligence Committee.
Source: MICT
https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/Noticias/388458:Colombia-avanza-en-la-regulacion-de-la-inteligencia-artificial-con-la-creacion-de-Comision-Accidental-en-el-Congreso-para-articular-proyectos-en-curso
Ethiopia: The official gazette publishes the Personal Data Protection Act.
Source: dataguidance
https://www.dataguidance.com/sites/default/files/personal_data_protection_proclamation_1321-2024.pdf
Australia: The government releases a policy on the responsible use of artificial intelligence.
Source: Australian Government
https://www.dta.gov.au/blogs/responsible-choices-new-policy-using-ai-australian-government#:~:text=To%20protect%20Australians%20from%20harm,of%20the%20policy%20effect%20date.
Saudi Arabia:
SDAIA releases data transfer guidelines for public consultation.
Source: SDAIA
https://istitlaa.ncc.gov.sa/ar/Transportation/NDMO/BCR/Pages/default.aspx
SDAIA releases appointment rules.
Source: SDAIA
https://sdaia.gov.sa/en/SDAIA/about/Documents/RulesforAppointingPersonalDataProtectionOfficer.pdf
Turkey: KVKK releases general recommendations on the use of AI to process personal data.
Source: KVKK
https://www.linkedin.com/posts/kvkkurumu_kvkk-yapayzeka-activity-7232294306265354240-nh0m?utm_source=share&utm_medium=member_desktop
South Korea: PIPC and MSIT announce guidelines for information processing in the education sector.
Source: PIPC
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS217&mCode=D010030000&nttId=10425#LINK
India:
DSCI releases a report on cybersecurity and data privacy.
Source: DSCI
https://www.dsci.in/resource/content/cybersecurity-data-privacy-indian-businesses-strategies-insights
The Securities and Exchange Board of India releases a cybersecurity and cyber resilience framework.
Source: Securities and Exchange Board of India
https://www.sebi.gov.in/legal/circulars/aug-2024/cybersecurity-and-cyber-resilience-framework-cscrf-for-sebi-regulated-entities-res-_85964.html
Malaysia:
The "Cybersecurity Act 2024" takes effect.
Source: Attorney General's Office of Malaysia
https://lom.agc.gov.my/act-view.php?type=pua&no=P.U.%20(B)%20334/2024
The Attorney General releases supporting regulations for the "Cybersecurity Act 2024".
Source: Attorney General's Office of Malaysia
https://lom.agc.gov.my/act-detail.php?language=BI&act=854
PDP initiates public consultation on breach notification, appointment of data protection officers, and data portability rights.
Source: PDP
https://www.pdp.gov.my/jpdpv2/pengumuman/kertas-konsultasi-awam/
Hong Kong, China: PCPD releases the revised version of the "Personal Identification Number Guide".
Source: PCPD
https://www.pcpd.org.hk/english/news_events/media_statements/press_20240822.html
Note
本文由AIGC翻译,仅供参考。
Translated by AIGC service. For reference only.
本期编辑:陈瑊 陈煜烺 林婉琪 张丽
