Digital Economy and Data Protection Newsletter(24.10)

来源:TMT法律论坛

文章摘要
In the context of "International Children's Day", various internet courts have released white papers

In the context of "International Children's Day", various internet courts have released white papers on the judicial protection of minors online and related typical cases. The group standard "Management Requirements for Minors' Online Game Services" is open for public comment.
In terms of AI governance, the European Commission has established an Artificial Intelligence Office, the EDPS has issued guidelines on generative AI applicable to EU institutions, and the US NIST has announced an AI evaluation plan. In Chongqing, an AI writing website was penalized for failing to fulfill content management obligations.
Regarding consumer rights protection, the Supreme People's Court, Beijing Consumer Association, and others have focused on prepaid consumption and automatic renewal of apps, and the State Administration for Market Regulation has issued a document regulating the "618" online sales promotion.
In terms of industry governance, the Civil Aviation Administration of China has sought comments on the civil aviation data management measures, the National Energy Administration has issued an emergency plan for power network security incidents, and the Ministry of Industry and Information Technology has announced the pilot project for the access and road traffic of intelligent connected vehicles.
HOTSPOT
TC260 released the draft of “Network Security Technology: Methods for Determining the Boundaries of Critical Information Infrastructure”
The National Technical Committee 260 on Cybersecurity of Standardization Administration of China (TC260) has released the draft for public comment of the national standard "Network Security Technology – Methods for Identifying Boundaries of Critical Information Infrastructure" (referred to as "the Standard") on May 30.
The Standard provides methods for identifying the boundaries of critical information infrastructure, including basic information sorting, critical information infrastructure function identification, key business chain and key business information identification, key business information flow identification and asset identification, and the process and steps for identifying elements and boundaries of critical information infrastructure. It is intended to guide critical information infrastructure operators in determining the boundaries of their critical information infrastructure and can also be used by other related parties for critical information infrastructure security protection.
Source: TC260
Guangdong High People's Court overturned the original judgment in a Baidu Netdisk infringement case
Recently, the Guangdong High People's Court pronounced a retrial verdict on the case of Jade Dynasty Guangzhou Branch vs. Baidu Company over the infringement of the right to disseminate works online. The court ruled that Baidu Company should compensate Jade Dynasty Guangzhou Branch for economic losses and reasonable expenses for rights protection, totaling 100,000 yuan. The case clarified that when users use Baidu Cloud to "offline download" the infringing files involved, the download page can display the download speed and progress of the files, proving that there is data transmission between Baidu Cloud and third parties. The files come from third parties, and Baidu Cloud only serves as a download tool, so Baidu Company does not constitute direct infringement. However, after receiving a request from the right holder to take necessary measures, Baidu Company only disconnected the infringing link and did not take necessary measures to block the "share" function of the file, causing expanded losses for the right holder. Baidu Company has subjective fault in this and should bear corresponding indirect infringement liability.
For more details, please click here.
Source: Guangdong High People's Court
EDPS released guidelines on generative artificial intelligence
On June 3, 2024, the European Data Protection Supervisor (EDPS) issued its first guidelines on the use of generative artificial intelligence (AI) by EU institutions, bodies, offices, and agencies (EUIs). The guidelines provide practical advice and explanations on the use of generative AI to process personal data to promote compliance with the data protection legal framework, particularly the requirements of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by Union institutions, bodies, offices, and agencies and on the free movement of such data (EUDPR).
The guidelines clarify that EUIs can develop, deploy, and use generative AI in principle, provided they comply with all applicable legal requirements. If personal data processing is involved, they must fully comply with EUDPR. Compliance measures include reviewing the effectiveness of data anonymization, systematically monitoring and addressing risks throughout the generative AI lifecycle through data protection impact assessments (DPIAs), adhering to principles of legality, transparency, data minimization, and data accuracy, taking measures to ensure the fairness of data sets used for model creation and training, and ensuring the effective exercise of data subject rights and data security.
For more details, please click here.
Source: EDPS
NEWSLETTER
LEGISLATION
1、SPC of PRC released the draft of “Interpretation of Several Issues Concerning the Application of Law in the Trial of Civil Disputes over Prepaid Consumption”
Source: SPC of PRC
2、CAAC of PRC released drafts of “Civil Aviation Data Management Measures” and “Civil Aviation Data Sharing Management Measures”
Source: CAAC of PRC(http://www.caac.gov.cn/HDJL/YJZJ/202406/t20240604224377.html)
3、NEA of PRC released “Emergency Plan for Electric Power Network Security Incidents”
Source: NEA of PRC
4、TC260 released the draft of “Network Security Technology: Methods for Determining the Boundaries of Critical Information Infrastructure”
Source: TC260
5、SCMR of PRC released the draft of “Key Measures for Optimizing the Business Environment (2024 Edition)”
Source: SCMR of PRC
6、Beijing People's Congress released the “Beijing Foreign Investment Regulations”
Source: Beijing People's Congress
7、MIIT of PRC and others released the “Action Plan for Informatization Standards Development (2024–2027)”
Source: MIIT of PRC(https://www.cac.gov.cn/2024-05/29/c
1718573626118437.htm)
8、TC260 issued national standards plans including the “Basic Requirements for the Security of Generative Artificial Intelligence Services”
Source: TC260
8、MIIT of PRC released the second batch of industry standard revision and foreign language version project plans for 2024
Source: MIIT of PRC(https://www.miit.gov.cn/zwgk/zcwj/wjfb/tz/art/2024/artba23e39151c1489daf315023278d6707.html)
9、Internet Society of China released the draft group standard “Management Requirements for Minors’ Online Game Service Consumption”
Source: Internet Society of China(https://www.isc.org.cn/article/20891286499618816.html)
10、Hunan People's Congress released the “Hunan Province Digital Economy Promotion Regulations”
Source: Hunan People's Congress
11、Neimenggu Government released the “Inner Mongolia Autonomous Region Digital Economy Promotion Regulations”
Source: Neimenggu Government
12、Jinan Big Data Association released the draft of “Jinan Data Registration Interim Measures”
Source: Jinan Big Data Association
13、Chengdu People's Congress released the “Chengdu Data Regulations”
Source: Chengdu People's Congress
INDUSTRY TRENDS
1、The magazine “China Cyberspace” published the article “Design of the Safety Management System for Cross-border Data Flow in China”: As of May 8, 2024, CAC of PRC has completed 234 assessment projects, with a rejection rate of 11.1%
Source: The magazine “China Cyberspace”
2、CAC of PRC launched the “Clean and Clear—Optimizing the Online Business Environment and Rectifying Corporate Infringement Information Chaos” special action, publicly exposing a batch of typical cases
Source: CAC of PRC
3、MIIT of PRC announced the joint pilot project for intelligent connected vehicle access and road operation
Source: MIIT of PRC
4、SCMR of PRC released compliance reminders to regulate the “618” online centralized promotion business activities
Source: SCMR of PRC
5、CNIPA explained the “Implementation Plan for the Construction of the Intellectual Property Protection System”
Source: CNIPA(https://www.cnipa.gov.cn/module/download/downfile.jsp?classid=0&showname=%E7%9F%A5%E8%AF%86%E4%BA%A7%E6%9D%83%E4%BF%9D%E6%8A%A4%E4%BD%93%E7%B3%BB%E5%BB%BA%E8%AE%BE%E5%B7%A5%E7%A8%8B%E5%AE%9E%E6%96%BD%E6%96%B9%E6%A1%88.pdf&filename=5b9683fb547342d79485c1344ee61d67.pdf)
6、Shanghai Cyberspace Administration handled a case of misuse of facial recognition
Source: Shanghai Cyberspace Administration
7、Chongqing Cyberspace Administration imposed administrative penalties on a local AI writing website operator
Source: Chongqing Cyberspace Administration
8、MIIT of PRC reported 50 apps and SDKs for infringing user rights
Source: MIIT of PRC(https://www.miit.gov.cn/jgsj/xgj/gzdt/art/2024/art
499947f4c22f497e96df28eed43bf898.html)
9、Beijing Communications Administration released the fifth issue of problematic apps in 2024
Source: Beijing Communications Administration
10、Zhejiang Communications Administration reported 19 apps for infringing user rights
Source: Zhejiang Cyberspace Administration
11、Sichuan and Chongqing Communications Administrations jointly reported apps infringing user rights
Source: Sichuan Communications Administration
12、Anhui Communications Administration reported 13 apps for infringing user rights
Source: Anhui Communications Administration
13、Nanchang Cyberspace Administration imposed administrative penalties on a local app operator
Source: Nanchang Cyberspace Administration
14、Guangdong High People's Court overturned the original judgment in a Baidu Netdisk infringement case
Source: Guangdong High People's Court
15、Hangzhou Intermediate People's Court publicly tried an administrative lawsuit involving platform data product trade secrets
Source: Hangzhou Intermediate People's Court
16、China’s first consumer lawsuit against Apple for monopoly has been decided in the first instance
Source: Jiemian News
17、Beijing Internet Court released the “White Paper on Judicial Protection of Minors' Online Rights” and eight typical cases
Source: Beijing Internet Court
Hangzhou Internet Court released the “Compliance Guide for Network Service Providers on Regulating Minors’ Game Recharge Behavior”
Source: Hangzhou Internet Court
18、Hangzhou Internet Court released the “White Paper on Judicial Protection of Minors' Online Rights”
Source: Hangzhou Internet Court
20、Hangzhou Internet Court released the “Behavioral Guide for Guardians (Parents) on Proper Use of the Internet’s Youth Mode”
Source: Hangzhou Internet Court
21、Beijing Consumer Association and others released the “Report on APP Automatic Renewal and Consumer Rights Protection”
Source: Beijing Consumer Association
22、SIC of PRC released the “Research Report on the Consumer Data Circulation Model Based on Portability Rights”
Source: SIC of PRC
23、China Electronics Standardization Institute released the “White Paper on Data Element Circulation Standardization (2024 Edition)”
Source: China Information Security
OVERSEAS
1、EU
a.EDPS released guidelines on generative artificial intelligence
Source: EDPS
b.European Commission established the Artificial Intelligence Office
Source: European Commission(https://ec.europa.eu/commission/presscorner/detail/en/ip242982)
c.EDPB issued a statement on financial data access and payment solutions
Source: EDPB(https://www.edpb.europa.eu/our-work-tools/our-documents/statements/statement-22024-financial-data-access-and-payments-packageen)
d.EDPB commented on the draft decision of the Swedish Privacy Protection Authority regarding the accreditation of certification bodies
Source: EDPB(https://www.edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-102024-draft-decision-competent
en)
e.EDPB announced the adoption of the report by the ChatGPT Task Force
Source: EDPB(https://www.edpb.europa.eu/our-work-tools/our-documents/other/report-work-undertaken-chatgpt-taskforce_en)
f.EU Court of Justice published the Advocate General’s opinion on data subject deletion requests
Source: CJEU(https://curia.europa.eu/juris/document/document.jsf?text=&docid=286578&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=7314054)
2、USA
a.NIST announced the AI evaluation program
Source: NIST(https://www.nist.gov/news-events/news/2024/05/nist-launches-aria-new-program-advance-sociotechnical-testing-and)
b.Future of Privacy Forum (FPF) released the Asia-Pacific AI report
Source: FPF(https://fpf.org/wp-content/uploads/2024/05/Navigating-Governance-Frameworks-for-Gen-AI-Systems-in-the-Asia-Pacific.pdf%C2%A0)
c.New York Senate passed a privacy bill
Source: New York Senate(https://legislation.nysenate.gov/pdf/bills/2023/S365B)
3、UK
a.CMA launched a consultation on the draft guidance for the digital markets competition regime
Source: CMA(https://www.gov.uk/government/consultations/consultation-on-digital-markets-competition-regime-guidance)
b.ICO published a blog on public authorities’ information requests
Source: ICO(https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/06/understanding-what-information-people-commonly-request-from-public-authorities/)
4、Singapore
a.CSA issued a security advisory for IoT devices
Source: CSA(https://www.csa.gov.sg/alerts-advisories/Advisories/2024/ad-2024-012)
b.Monetary Authority of Singapore released guidelines on data governance and management practices
Source: Monetary Authority of Singapore(https://www.mas.gov.sg/publications/monographs-or-information-paper/2024/data-governance-and-management-practices)
5、Spain
a.AEPD published a list of resources for complying with data protection obligations
Source: AEPD(https://www.aepd.es/prensa-y-comunicacion/blog/conoces-las-herramientas-que-ofrece-la-agencia-para-ayudarte-cumplir-con)
b.Government approved a bill to protect minors in the digital environment
Source: AP(https://apnews.com/article/spain-internet-children-safety-cc1f39e403b8b333979794f5e79be23d)
c.Nigeria: Data Protection Commission issued a draft directive on the implementation of the Nigeria Data Protection Act
Source: Nigeria Data Protection Commission(https://ndpc.gov.ng/Home/Resources)
d.Netherlands: AP published an explanation and examples of cookie consent standards
Source: Netherlands AP(https://autoriteitpersoonsgegevens.nl/themas/cameratoezicht/drones/basisprincipes-voor-het-gebruik-van-drones-met-camera)

技术驱动法律,专业成就未来