Rule of Law for Data Governance | IGF 2023 Open Forum #50

Moderator 2

The second session of the roundtable discussion began with Mr. Fang Yu, Director of the Internet Law Research Centre of China Academy of Information and Communications Technology. He provided valuable insights into the field and emphasized the importance of Internet law in the rapidly evolving digital landscape. Following Mr. Fang Yu, Mr. Lee Makiyama from Brussels shared his perspectives, contributing interesting ideas to the discussion.

Next, Ms. Wang Rong, a senior expert from Tencent Research Institute, offered her valuable insights on the topic. She shed light on the significance of research and development in the context of internet technology and its implications for legal regulation.

Continuing the discussion, Mr. Zhu Ran, Vice President of Alibaba Cloud Intelligence Group, shared his profound insights into the advancements of cloud computing in relation to internet law. His perspectives highlighted the need for effective legal frameworks to address the challenges and opportunities presented by cloud computing technologies.

The final speaker, Professor Zhao Jingwu from Beihang University’s Law School, delivered a thought-provoking presentation. He explored various legal aspects of internet governance and emphasized the need for comprehensive legal frameworks to address emerging digital issues.

Despite the time limitation, the forum concluded on an optimistic note, expressing the desire for more in-depth exchanges and discussions in the future. The participants and speakers were sincerely thanked for their wisdom and efforts in contributing to the open forum.

Moreover, the UNIGF was acknowledged for its vital role in providing a relevant dialogue platform for global stakeholders to engage in meaningful discussions on internet law and governance.

In summary, the second session of the roundtable discussion featured a diverse range of speakers who presented their perspectives on various aspects of internet law. The insights and arguments shared highlighted the need for robust legal frameworks to navigate the complexities of the digital era. The forum concluded with a shared commitment to further exploration and collaboration in this important field.

Fang Yu

The digitisation of our world is a key trend in the 21st century, with the digital economy and the internet becoming indispensable global goods. This has resulted in the need for new laws and regulations to effectively govern the cyberspace.

The digital economy is rapidly developing, and the internet plays a crucial role in its growth. It is now an integral part of our lives, facilitating communication, commerce, and innovation on a global scale. The significance of the digital economy is further emphasised by its relation to SDG 9: Industry, Innovation and Infrastructure.

Data legislation plays a fundamental role in enabling the effective use of data in the digital economy. It is divided into three key areas: data security, personal information protection, and data value. Data security focuses on ensuring that data is used effectively without compromising national security and stability. Personal information protection is vital as it ensures individuals have control over their private data and prevents unauthorised access or misuse. Realising the value of data is essential for the digital economy, as it drives innovation, creates new opportunities, and contributes to economic growth. The importance of data legislation aligns with SDG 16: Peace, Justice and Strong Institutions.

Furthermore, the issue of data governance is a long-term concern in the face of the growing digital economy. It is recognised that effective data governance is crucial to address the challenges and risks associated with handling vast amounts of data. Data governance offers the potential to enhance the level of data governance and ensure the benefits of the digital economy are shared among all stakeholders. This aligns with SDG 17: Partnerships for the Goals.

In conclusion, the digitisation of our world and the growth of the digital economy have necessitated the development of new laws and regulations to govern the cyberspace. Data legislation, including data security, personal information protection, and data value, is imperative for the digital economy to thrive. Moreover, data governance is a long-term issue that requires attention to improve the level of data governance and maximise the benefits of the digital economy for all.

Moderator 1

The expanded summary provides a detailed analysis of the importance of fair and effective data governance for public benefits and sustainable development. It emphasizes the role of data in driving economic innovation and social development, highlighting its significance in today’s society where it has become a key driver of innovation and development.

The analysis recognizes that data application and governance present both opportunities and challenges. On one hand, data has the potential to bring about significant positive impact by informing decision-making processes, driving economic growth, and fostering social progress. However, it also raises concerns about privacy, security, and ethical considerations. Therefore, it is crucial to have effective data governance to maximize the benefits of data while mitigating potential risks and negative consequences.

To address the complex nature of data governance, the analysis suggests the need for multi-stakeholder forums that facilitate the exchange of insights on data-related applications and governance. These forums aim to bring together representatives from government, civil society, the technology community, and the private sector on a global scale. By fostering collaboration and knowledge-sharing, these forums can contribute to the development of fair and effective data governance frameworks that address the concerns and interests of all stakeholders.

In conclusion, the analysis highlights the critical role of data in driving economic innovation and social development. It underscores the importance of fair and effective data governance to maximize the benefits of data while addressing the challenges and concerns associated with its use. The suggestion to hold multi-stakeholder forums reflects the need for a collaborative approach to data governance, where different perspectives are considered to develop comprehensive and inclusive frameworks. The expanded summary provides valuable insights into the significance of data governance for public benefits and sustainable development.

Wang Rong

The Personal Information Protection Law (PIPL) in China is gaining recognition for its alignment with international standards. The law covers all sectors, including private and public, ensuring comprehensive protection of personal information.

Platform companies like Tencent stand to benefit from the strict provisions of the PIPL. Tencent has developed systematic tools for data privacy compliance and is committed to protecting user privacy and data compliance. They have also been at the forefront of developing privacy technologies such as the Linxi privacy platform, Federated learning, Trusted computing, and Secure multi-party computing.

In addition to technical solutions, Tencent focuses on giving users more control and transparency in their products. They aim to empower users with informed choices regarding their personal information.

The PIPL in China is seen as a positive development in personal information protection and data compliance. It sets a high standard for businesses, particularly platform companies like Tencent, who demonstrate their dedication to safeguarding user privacy and complying with the law.

Overall, the PIPL and Tencent’s initiatives contribute to the broader goal of data privacy. They encourage companies to prioritize user privacy and comply with regulations, positioning Tencent as an early adopter and industry leader in personal information protection.

Zhu Ran

The Chinese government has consistently upheld the principle of governing the Internet in accordance with the law, recognizing the rule of law on the Internet as vital for digital governance and the advancement of digital civilization. This commitment to legal governance of the Internet reflects a positive sentiment towards ensuring a secure and regulated online environment.

Alibaba Cloud Intelligence Group has played a significant role in cloud-based data governance, offering a range of cloud services to clients from over 200 countries and regions worldwide. Their services include computing, storage, networking, data processing, and security protection, all aimed at effective data management and governance. This demonstrates Alibaba’s strong commitment to data governance and their contributions towards advancing the goal of industry, innovation, and infrastructure.

To strengthen their data compliance governance further, Alibaba Cloud has obtained important certifications, such as ISO 27001 and CSA Star certification. Having also earned PCI DSS certification in the financial field, Alibaba Cloud’s dedication to data compliance is evident. These certifications not only validate their commitment to industry standards but also assure clients of their compliance and security measures.

Alibaba Cloud continues to prioritize data governance by implementing technical guarantees for data security on their cloud platform. They have developed a system that classifies various types of data on the cloud, ensuring secure usage, entry, and exit of data. This commitment to technical guarantees fosters confidence among their clients and ensures that data security remains a top priority.

The release of Alibaba Cloud’s Data Security and Privacy Protection White Paper further emphasizes their focus on safeguarding data. This document highlights the best practices of applying cloud computing to protect data security. Such transparency and information sharing contribute to increasing awareness and understanding of data privacy and security.

Alibaba Cloud takes a proactive stance in supporting data privacy and security. They have launched a data security initiative that emphasizes the importance of cloud computing platforms being solely used for protecting customer data. They believe that platforms have an obligation to help protect the privacy, integrity, and availability of client data. This demonstrates their commitment to ethical data practices and their support for a secure online environment.

In conclusion, the Chinese government’s commitment to governing the Internet in accordance with the law, along with Alibaba Cloud’s significant contributions to cloud-based data governance and commitment to data compliance and security, reflects a positive sentiment towards ensuring secure and regulated online environments. Alibaba Cloud’s technical guarantees, white paper, and proactive stance further reinforce their dedication to data privacy and security. These efforts serve as an example for other organizations and emphasize the importance of upholding data governance standards for the advancement of the industry, innovation, and infrastructure goal.

Hosuk Lee-Makiyama

The analysis reveals significant aspects of cross-border data flow and its legal implications. It suggests that jurisdictional issues have largely been addressed, as many jurisdictions have expanded their reach and established a legal basis for cross-border data regulation. This expansion reflects the recognition of the importance of regulating data flows beyond national borders.

Additionally, the analysis underscores the importance of harmonizing and aligning laws to facilitate cross-border data flow. It argues that built-in transfer mechanisms within privacy laws and expedited data sharing processes can enhance efficiency and collaboration among agencies. This highlights the necessity of a cohesive legal framework for seamless data exchange.

The analysis also highlights the progressive evolution of the rule of law on the internet. By codifying rules and regulations, there is greater legal clarity compared to relying solely on executive orders. This signifies a positive step toward establishing a solid legal foundation to govern online activities and ensure accountability.

Furthermore, the analysis challenges the notion of a fictitious debate around ‘trust’ in data governance. Despite varying societal backgrounds, agencies worldwide are working toward similar data governance goals. This implies the potential for common ground and shared objectives, fostering trust through collaborative efforts.

Overall, the analysis provides a comprehensive overview of the progress made in addressing cross-border data flow challenges. It emphasizes the importance of jurisdictional expansion, harmonization of laws, clear regulations, and collaborative data governance. These insights shed light on the complexities associated with cross-border data flow and the ongoing efforts to navigate them while promoting trust and accountability.

Tang Lei

China has been dedicated to promoting law-based cyberspace governance ever since it became fully connected to the Internet in 1994. The country has taken significant steps to establish a comprehensive legal framework by enacting more than 140 laws pertaining to cyberspace. This legislation serves as the basis for governing and regulating the online environment in China.

One of China’s key arguments is that it champions the interests of all countries in promoting law-based cyberspace governance. The country believes that all nations should adhere to legal principles and frameworks to ensure a safe and secure online space for everyone. China’s commitment to this ideal is evident in the number of laws it has enacted and the efforts it has made to create a robust legal framework for cyberspace governance.

Furthermore, China emphasises the importance of equal participation in global cyberspace governance. It supports the involvement of all nations on an equal footing and actively engages in international exchanges and cooperation in the field of law-based cyberspace governance. By promoting inclusivity and collaboration, China seeks to foster a global community that works together to address the challenges and opportunities in cyberspace.

China also recognises the need for constant innovation and adaptation to keep up with the evolving technological landscape. It acknowledges the challenges posed by new Internet technologies and responds to them in a forward-looking manner. By promoting innovation in the concept, content, approach, and methods of law-based cyberspace governance, China ensures that its legal frameworks remain relevant and effective in addressing emerging issues.

In conclusion, China’s efforts in promoting law-based cyberspace governance are commendable. The country has enacted numerous laws and established a comprehensive legal framework to govern the online environment. China advocates for the interests of all countries and supports equal participation in global cyberspace governance. Additionally, it emphasises innovation in adapting to the challenges brought by new Internet technologies. Overall, China’s commitment to law-based cyberspace governance contributes to a safer and more secure online space for people worldwide.

Zhao Jingwu

In today’s digital society, data security and cross-border data flow have emerged as crucial issues. Data has become a vital element in the national innovative development of countries. The ability to securely transfer data across borders is not only important for domestic data security regulation and commercial utilization but also essential for promoting the global digital economy.

China, for instance, has taken steps to address the governance of cross-border data flow through its domestic law. The country has implemented clear rules that classify cross-border data flow into four categories. However, its governance model is seen as lacking openness and cooperation. While China acknowledges the importance of data security, there is also a need to balance it with utilization. The coexistence of security and utilization is considered essential in the China data governance system.

On the other hand, there are arguments against unrestricted cross-border data flow without proper attention to data security. Pursuing data flow without considering data security risks compromises the exchange value of data and can lead to security vulnerabilities such as data linkage and theft. It is important to strike a balance between the free flow of data and the necessary security measures to safeguard sensitive information.

Another concern is the politicization of data security, particularly in relation to China. There is an international perception that China follows a path of data controlism, essentially politicizing the issue of data security. This perception raises questions and highlights the importance of ensuring data security without unnecessary politicization.

In conclusion, ensuring the security of data flow is critical in today’s digital society. While China has defined rules for cross-border data flow, its governance model is viewed as lacking openness and cooperation. Striking a balance between security and utilization is key to effective governance. Additionally, pursuing unrestricted data flow without considering data security risks compromising the exchange value of data. The observation that the issue of data security can be politicized, particularly with China’s perceived approach, raises further concerns.

Wang Yi

The analysis provides a comprehensive overview of the personal information protection laws and data governance in China. It highlights some unique characteristics of China’s personal information protection laws and their approach to balancing the protection and utilization of personal information. Specifically, China’s civil code distinguishes between the right to privacy and the right to personal information protection. This distinction allows for a nuanced understanding of personal information and ensures that individuals’ rights are safeguarded while also promoting the responsible use of personal data.

In terms of data governance, the analysis reveals that in China, there is a consensus that data carries a wide range of interests beyond personal and property interests. This understanding indicates a broader perspective on data and its potential for various applications. The analysis suggests that data is non-exhaustible and can be used by multiple entities simultaneously. This recognition underscores the importance of developing comprehensive data governance frameworks that account for the diverse interests associated with data.

Notably, the analysis explores two main perspectives on data governance in China. The first perspective advocates for establishing property rights over data. This approach requires defining the boundaries of rights for different entities, ensuring that ownership and control over data are clearly defined. The second perspective focuses on access to data through lawful behaviours. This view prioritises the establishment of regulations and guidelines that govern the appropriate uses and accessibility of data. Both perspectives demonstrate the need to navigate the complex challenges surrounding data governance and strike a balance between individual rights and collective interests.

The analysis also acknowledges that China’s governance practices in this field could offer valuable insights for other jurisdictions facing similar concerns. It highlights the potential for China’s experience to serve as a reference for state governments worldwide grappling with data regulation and governance issues. By examining China’s approach, other jurisdictions may gain useful knowledge and strategies for developing effective policies and frameworks to protect personal information and regulate data usage.

In conclusion, the analysis sheds light on the distinctive features of personal information protection laws and data governance in China. It underscores the importance of balancing the protection of personal information with the need for responsible utilization. Furthermore, it emphasises the recognition of data as carrying a wide range of interests and the necessity of establishing comprehensive data governance frameworks. Overall, the analysis contributes valuable insights and recommendations for the ongoing global conversation on data governance and personal information protection.

Zheng Junfang

Alibaba, a prominent player in the digital economy, has been instrumental in connecting merchants and consumers through the use of data. This connection has revolutionized commercial operations, making them smarter, more transparent, and highly efficient. By harnessing the vast amount of data at their disposal, Alibaba has created a platform that facilitates seamless transactions between merchants and consumers, driving growth and prosperity in the digital ecosystem.

With a global reach that serves nearly 10 million merchants and 1.3 billion consumers worldwide, Alibaba continues to create greater value for customers and society as a whole. Their positive impact on the digital economy is evident through their ability to leverage internet technology to foster innovation and develop industries.

However, Alibaba acknowledges the challenges presented by data governance in the rapidly advancing digital economy. They are advocates for a law-based approach to data governance, recognizing the importance of protecting personal information, intellectual property rights, and ensuring network and data security. By acknowledging the risks associated with extensive data usage, Alibaba emphasizes the need for a robust legal framework to support a thriving digital economy.

In alignment with their commitment to responsible data management, Alibaba emphasizes the importance of AI technology serving humanity’s interests while safeguarding personal privacy and data security. Their efforts in this regard are exemplified by their launch of large-language model R&D in 2019 and the recent introduction of their ethical risk review management system. By proactively adhering to AI regulations, Alibaba ensures the advancement and stability of AI technology while prioritizing personal privacy and data security.

In conclusion, Alibaba’s significant impact on the digital economy is indisputable. Their role in connecting merchants and consumers through intelligent data usage has revolutionized commercial operations, promoting efficiency and transparency. Moreover, Alibaba’s dedication to law-based data governance and ethical AI practices underpin their commitment to responsible data management. Overall, Alibaba’s positive contributions to the digital economy firmly establish them as a global leader in the industry.

Jesus Lau

Mexico is currently facing challenges in data handling, specifically regarding data literacy and data protection. A significant concern is the lack of necessary skills amongst many citizens to understand and effectively utilize data. To address this issue, there is a need to raise awareness and promote the importance of data literacy and its benefits for personal and professional development.

Mexico has taken steps to ensure data protection by including it in Article 16 of its Constitution. The country has a solid rule of law regarding data governance, which encompasses principles and practices that ensure fair, transparent, and consistent management and governance of data within organizations and society. This provides a strong foundation for data protection.

However, Mexico still faces difficulties in data handling. Data breaches, with hackers targeting both private and government repositories, pose significant threats. This highlights the need for robust cybersecurity measures to safeguard sensitive information.

Legislative lag is also a concern. Data protection legislation often falls behind technological advancements and emerging threats, making it difficult to effectively address data security issues. It is essential to update and strengthen legislation to keep up with the evolving landscape of data handling.

Government ethics in data handling is another aspect that needs attention. Ensuring transparency, accountability, and ethical practices in the collection, storage, and use of data by government entities is vital to foster trust and protect citizens’ privacy.

Additionally, the widespread use of social media and the tracking of individuals’ data present further challenges in data handling. Stricter regulations and better controls are required to manage the risks associated with the use of personal data on social media platforms.

To overcome these challenges, Mexico should prioritize data and information literacy education and training. This could involve offering courses on data and algorithmic literacy and providing access to data analysis tools and resources. By prioritizing data literacy education at both individual and organizational levels, Mexico can empower its citizens to understand and make informed choices about their digital presence in cyberspace.

In conclusion, Mexico faces various challenges in data handling, including limited data literacy, data breaches, legislative lag, government ethics, and social media tracking. It is essential for the country to promote data literacy, strengthen data protection measures, update legislation, ensure government ethics, and regulate social media data handling. By prioritizing data and information literacy education and training, Mexico can empower its citizens to engage with data effectively and confidently navigate the digital world.

Xu Zhiyuan

China has implemented a comprehensive legal framework to effectively manage the flow of data across borders. This framework consists of three key laws: cybersecurity laws, data security law, and personal information protection law. These laws serve as a solid foundation for regulating and safeguarding the transfer of data.

To support these laws, the Chinese government has implemented additional measures. These include data export security assessments, which require the export or import of data or a certain amount of personal information to undergo a thorough security evaluation. This assessment ensures that data leaving or entering the country meets the necessary security standards.

Furthermore, standard contracts are signed between personal information processors and overseas recipients. These contracts outline the rights and obligations of both parties, providing a legal framework for the safe and responsible transfer of personal information. Additionally, China has established detailed rules for personal information protection certification. These certifications are conducted by professional institutions approved by the China Administration of Cybersecurity (CAC). They evaluate the measures taken by personal information processors to protect and manage personal information in accordance with regulations set by the China Information and Communication Administration (CIC).

China’s commitment to the safe and orderly flow of data across borders is evident in its efforts to create a supportive environment for data exchange. The State Council of China has issued a special document that establishes a streamlined process, known as the “green channel,” for qualified foreign investment enterprises. This green channel enables these enterprises to effectively conduct outbound security assessments of important data and personal information.

Additionally, the CIC has drafted special regulations on cross-border data flow and is seeking public opinions to further promote the orderly and free flow of data. These proactive measures demonstrate China’s determination to facilitate secure data exchange and support the growth of the digital economy.

China also emphasizes the importance of international cooperation and open engagement to promote the development of the digital economy. The establishment of a comprehensive legal system for managing transborder data flow, along with China’s proposal to explore convenient security management mechanisms for cross-border data flow, reflects its commitment to collaboration and partnerships.

In conclusion, China has taken significant steps to establish a robust legal system for managing the flow of data across its borders. The introduction of cybersecurity laws, data security law, and personal information protection law, along with the implementation of data export security assessments, standard contracts, and personal information protection certifications, demonstrates China’s dedication to the safe and orderly flow of data. With a strong focus on international cooperation and support for the digital economy, China is positioning itself as a key player in facilitating secure and efficient data exchange on a global scale.

Neil Walsh

The importance of data governance in personal, national, and international security is emphasised in the provided information. With data driving our thought processes and daily activities, its governance becomes critical. This highlights the need for effective management and protection of data to ensure security at various levels.

Another key point highlighted is the need for good legislative and governance mechanisms for managing data. It is mentioned that the governance of raw and segmented data often lacks clarity, indicating the importance of establishing clear frameworks and guidelines for data management.

Furthermore, there is an urgent call for a comprehensive law and policy framework to assess threats and prosecute offenders in the cyber realm. This is prompted by a recent devastating cyber attack in Eastern Africa that had significant impacts on the economy and security of the affected country. The lack of involvement from countries in Eastern Africa in convention work is noted, which is discouraging considering the need for collective efforts in addressing cybercrime.

In the context of the Cybercrime Convention, it is advocated that all factions, including NGOs, civil society, and academia, should be involved in the debate. This inclusivity is seen as essential despite the diplomatic difficulty arising from the divergent views of countries involved. It is important to consider different perspectives and input from various stakeholders to ensure a well-rounded and effective approach to tackling cybercrime.

Additionally, the significance of active listening and open communication for preventive diplomacy is highlighted. It is acknowledged that active listening and dialogue among individuals and nations are essential tools in the pursuit of preventive diplomacy. This process enables understanding, cooperation, and the building of partnerships to address conflicts and maintain peace.

In conclusion, the provided information underscores the importance of data governance in personal, national, and international security. It highlights the need for legislative and governance mechanisms to effectively manage data. Furthermore, the urgency for a comprehensive law and policy framework to address cyber threats and prosecute offenders is emphasised. The importance of inclusivity in the debate surrounding the Cybercrime Convention, involving various factions and stakeholders, is also stressed. Finally, the significance of active listening and open communication for preventive diplomacy is acknowledged.

Moderator 1:
Beijing Normal University, welcome to the open forum on the role of law for data governance hosted by the Bureau of Internet Laws and Regulations of the Cyberspace Administration of China. With the deepening of globalization and digitalization, data has become one of the core drivers of economic innovation and social development. Data application and governance face both opportunities and challenges. At the same time, fair and effective data governance is essential for public benefits and sustainable development. This forum aims to gather different stakeholders from government, civil society, and the technology community, as well as private sectors in Asia, Africa, Europe, and America to exchange insights and ideas on the current status and evolution trend of global data-related applications and data governance, to examine and assess important concerns and challenges in global data governance, and to explore the role of law approach for data governance that is beneficial to the common values of humanity. Now let’s start the forum with the first session of keynote speech. Please remind you that each speaker can have eight minutes. First of all, let’s welcome Mr. Tang Lei, Deputy Director General of the Bureau of Internet Laws and Regulations of the Cyberspace Administration of China.

Tang Lei:
Please. Distinguished guests, ladies and gentlemen, good morning. Today we are gathering here in the Internet Governance Forum. to exchange our thoughts on the future of digital governance for humankind. I find it very meaningful and look forward to a constructive outcome of the forum. Since China was fully connected to the Internet in 1994, it has committed itself to law-based cyberspace governance, enhancing continuously the level of law-based cyberspace governance. China is the world’s largest developing country and has the largest number of Internet users. We always uphold people-centered development and we always uphold further development of the Internet, with a keen understanding of the extreme difficulties and complications in cyberspace governance. China has been forward-looking in responding to the challenges brought by new Internet technologies, applications and business forms and models, and promoted innovation in the concept, content, approach and methods of law-based cyberspace governance. Meanwhile, China has played an active part in international exchanges and cooperation in law-based cyberspace governance, is committed to build a multilateral, democratic and transparent global Internet governance system together with other countries. Distinguished guests, friends, China set out from its realities to explore its approach to cyberspace regulation and governance, consolidating the legal system for cyberspace governance. Until March 2023, China has enacted more than 140 laws on cyberspace, forming a cyber legislation framework endorsed by traditional legislation and underpinned by specialized cyber laws governing online content and management, cybersecurity, information technology, and other elements. Keeping order in a rule-based cyberspace, China has taken rigorous measures to ensure fair and rule-based law enforcement in cyberspace, strengthening enforcement in key areas of immediate concern to the people, promoting a healthy cyber environment, promoting public awareness and competence in law-based cyberspace governance. China makes every effort to break new ground in the content, form, and means of spreading legal knowledge via the Internet. The Chinese netizens’ awareness and understanding of the rule of law have generally increased. Respecting, learning, abiding by, and using the law is a shared understanding and basic principle. Increasing international exchanges and cooperation in law-based cyberspace governance, China is fully engaged in international exchanges and cooperation in the field of law-based governance of cyberspace. It plays an active role in rule-making and it resolutely safeguards the international system with the United Nations at its core, supports the participation of all countries. in global cyberspace governance on an equal footing, engage in bilateral and multilateral dialogues and exchanges in law-based cyberspace governance, increase international law enforcement and judicial cooperation on cybersecurity. Distinguished guests, friends, the internet benefits the whole world. China champions the interests of the people of all countries in promoting law-based cyberspace governance. We stand ready to partner with colleagues from all over the world to enhance the level of law-based cyberspace governance. China will further improve legislation on digital governance and endeavor to establish a legal system for the protection of people’s rights and interests in cyberspace, data security, and platform regulation, deepen the implementation of laws and regulations in the digital field. China will also put the role of the United Nations as a main channel into foreplay and has strengthened international exchanges and cooperation in making rules for digital governance through platforms like the BRICS Cooperation Mechanism, Shanghai Corporation Organization, and the World Internet Conference. Distinguished guests, friends, facing the opportunities and the challenges brought by digitalization, China will follow the global governance principle of achieving shared growth through convolution and collaboration and work together with the international community. to ensure global digital governance is law-based, and that digital progress will deliver greater benefit to the people and a better world. In the end, I’d like to conclude by wishing today’s Open Forum a great success. Thank you all.

Moderator 1:
Thank you, Mr. Tang, for the relevant experience of China. Now, I give the floor to Neil Walsh, Head of UNODC Mission and Regional Representative for East Africa.

Neil Walsh:
Good morning, everybody. Can I check that you can hear me okay? Yes, you can. Thank you. Okay, a very good morning to you all from Vienna in Austria, where it’s approaching three o’clock in the morning, and I’m in a very small hotel room. So it is a great pleasure to be with you all. My name is Neil Walsh, and it’s my honor to be the Head of Mission and Regional Representative of the UN Office on Drugs and Crime in Eastern Africa, where I’m normally based in Kenya. My 200 staff and I cover 13 countries in East Africa and the Indian Ocean, and we deliver UNODC’s effects to counter organized crime, terrorism, and corruption. I wish to express at the outset my deep thanks to the Internet Governance Forum, the Bureau of Internet Laws and Regulations of the Cyberspace Administration of China, and to my dear friend and mentor, Professor Wu Shenguo of Beijing Normal University, who I saw on camera a few moments ago. I only wish that I could be with you all in Kyoto, but unfortunately the dates clashed with UNODC’s annual Heads of Mission meeting, and I have to be here in Vienna. The topic of today’s event is the rule of law for data governance and subjects that both the CAC and BNU are world experts in. But these are topics of criticality, not just for the institutions I’ve named, not just for the People’s Republic of China and the IGF, but for every nation, every business and every person on our planet. And in Eastern Africa, I see on a daily basis the absolute need for all of these aspects to come together. Data governance is a broad term, and I suspect that all of us could explain it and define it in different ways, based upon our experience, our education and our culture. And as we all know, definitions in all things cyber are often very politically challenging and academically diverse. But friends, I think we can all agree that we have a broad collective understanding of the importance of data governance in personal, national and international security. Data, be it personally identifiable or more anonymized, drives our world, whether we’re conscious of it or not. Data also drives our thought processes, our desires and our biology. Whether it’s the serotonin boost from a social media like or a revulsion when we see, experience or think about organized crime, data is at the core of everything that we do. And thinking about the adverts that we see every day, the data mining that drives targeted advertising and the surprise that we all feel, followed by a slightly uncomfortable sense when we realize that the new product we’ve been discussing with friends is suddenly across all of our social media feeds without asking or without searching consciously for it can be quite unpleasant. Data is the product of choice for exploitation and profit. And the region of the globe that I lead for UNODC, there is a daily clash between the desire for more data and our ability or not to analyze and exploit it at pace. The legislation and governance mechanisms of the raw and segmented data, whether within one’s own country of residence or nationality or beyond that is often unclear. And from my experience, conversations and guidance from Professor Wu and the CAC over the years, it’s clear to me that there is much more always to be done. And so data is at the heart of the United Nations. It must be at the core of our decision-making on topics as diverse as economic growth, sustainable development, encountering cyber crime. And I was able to listen to the last 15 minutes of the previous session and to see some old friends like Deputy Assistant Secretary Alison Peters on stage where we are discussing these matters together. Data when mined proportionately, lawfully, accountably and necessarily can make the difference between an emotional response and an objective decision. And in my role leading the UN’s work in Eastern Africa, I’ve placed the need for routine, accurate, strategic intelligence data at the core of our business. We can’t give good country level and regional policy advice if we don’t have good data. And good data sourcing without the ability to assess, analyze and exploit it is at best wasted or at worst dangerous. And some years ago, I led the UN’s policy response to cyber crime and my colleague Nayeli Loya led our operational programming globally. And I can remember so many meetings and conversations when we met ministers around the world who saw cyber crime as a future threat. None of us consider cyber crime to be a future threat now. It is the here and now everywhere. And just recently, a country in my region in Eastern Africa suffered a devastating cyber attack. It only lasted for a few hours, but the impact was significant. Electricity failed in some regions, payment systems in shops failed, the economy stalled. This was without doubt a national security incident and an international security incident. And so we need good law. We need good policy nationally and internationally to create the means to assess the threat and to prosecute offenders and to hold to account those who seek to undermine development and cause harm. And we need it now. I’m deeply encouraged by the work being done by UN member states under UNODC’s stewardship to craft the new Cybercrime Convention and the interventions of non-governmental organizations and civil society and academia are absolutely critical in this debate as well. This is diplomatically hard and many countries have divergent views. But most worryingly for me is the lack of involvement of countries in my region in Eastern Africa. The convention work is as important for Africa as it is for Asia, Europe and the Americas. So it is incumbent for all of us to create a supportive, nurturing, challenging environment for those who should engage and get the best out of this debate but are currently absent. We need to use our collective skills to bring them and their insights, their experience and guidance to support and mentor those who are yet to step in to these areas in necessary depth. Because we all know that if we don’t fill this space, others will. Others who don’t have our good, peaceful intent at heart. Others who will seek to harm and to exploit. And that’s why it’s so important to talk together about the rule of law for data governance. We need to talk to one another and most importantly, friends, we need to actively listen to each other too. That’s what the public, the people we serve, expect from us and need from us. This is preventive diplomacy in action. And that is why today’s event right now is so important. So friends, I want to thank you once again to the IGF, to the Cyberspace Administration of China and Beijing Normal University for inviting me to speak with you. I really wish I could be sitting with you right now. But most importantly, I want to say an enormous thanks to all of you who care about the topic, its seriousness and the consequences if we get it wrong. So from the middle of the night in Vienna, thank you for listening. And I hand it back to you in Kyoto. Thank you.

Moderator 1:
Thank you, Mr. Walsh, for your wonderful sharing. Now let’s turn to Professor Wang Yi, Vice President of Renmin University of China, for his speech. Professor Wang.

Wang Yi:
Thank you very much. Thank you very much for your kind introduction. Mr. Speaker, my fellow panelists and our distinguished audience, it is quite an honor to have this opportunity to share some of my thoughts on state governments today. I would like to provide a brief overview from the dual perspective of a participant in the legislative drafting process and a legal scholar in civil law in China. I will introduce some of the consensus reached by the academic community on state governance and the latest progress in this field. They are divided into the following two sections. personal information protection, and corporate data governance. In terms of personal information protection in China, the civil code of the People’s Republic of China has taken the lead in providing rules and standards for personal information protection in both its general provisions and the right to personality section. Since information technology has posed new challenges to the protection of personal information after the enactment of the civil code, the personal information protection law of the People’s Republic of China has overall continued the provisions of the civil code’s relevant articles, but with more specific rules within the existing framework. China’s legislative model of dual protection for personal information through the civil code and the personal information protection law exhibits several unique characteristics. Firstly, the civil code distinguish between the right to privacy and the right to personal information protection, making the boundaries between the two clear. Traditional privacy rights primarily address one-to-one infringement, while personal information protection primarily deals with large-scale macro-level infringements. Secondly, the civil code provides a balance between the protection and the utilization of personal information. The personal information protection framework initially originated from the… handling of personal information by government agencies. However, today, technology companies, especially online platforms, have become the primary actors in information processing. Therefore, personal information protection should be subject to adjustments within civil legal systems. Moreover, China’s civil code also places emphasis on safeguarding personality rights. It complements the personal information protection law, together forming a legal framework with Chinese characteristics in legal practice. The second topic I’d like to discuss is the civil code and corporate data governance in China. In today’s world, where the value of big data is widely recognized, how should we approach the legal framework of this big data? Should big data be exclusively discussed in the context of intellectual property? An emergent and important consensus in China is that there are many types of interests that can be associated with data, not limited to the personal and the property interests typically associated with intellectual property. Based on this consideration, the civil code has included multiple provisions for data within civil law as the object of legal relationships. The Chinese academic community shares the following three points of consensus of the key and the most important. differences between data and others, such as tangible and real property. The first and foremost is that data is non-exhaustible and able to be repeatedly utilized. The second characteristic is that when it comes to collection and utilization, data can be collected and used in parallel among multiple actors. The third characteristic is the complexity of the types of interests that data can carry. It can potentially carry both personal and property interests. Building on such shared notions, the biggest dispute in academia and practice is how the law allocates property interests above data. A typical example is disputes caused by web crawlers. In China, there are mainly two divergent viewpoints. One is to establish property rights over data and resolve disputes through property rights. The other is to access and resolve disputes through the legality of the relevant behaviors. However, given these two models differ, they still lead to similar outcomes. Even when data is subject to general property rights, such rights are often restricted and access is granted to other parties, especially ordinary users. Similarly, establishing legal rules for relevant actions also requires defining the boundaries of rights for different entities. In my personal opinion, it is inevitable to establish property rights. over the monetary interests carried by debt, but the content of debt rights that corporations enjoy may vary in different contexts. As far as I am concerned, governments around the world share similar concerns. I believe that China’s debt governance practice will provide valuable reference for other jurisdictions. This is all I have for today’s forum. Thank you very much.

Moderator 1:
Thanks for Professor Wang’s sharing, which provided us with a new perspective. Next speaker, let’s invite Mr. Xu Zhiyuan, Deputy Chief Engineer from China Academy of Information and Communications Technology. Please.

Xu Zhiyuan:
Hi. Good morning, everyone. I’m here today to talk about China’s framework of transborder data flow management. At present, data has become a key strategic resource. Major countries and regions in the world have implemented different degrees of restrictions on the cross-border data flow, and have constructed their own cross-border data flow management system. However, the international community has not yet formed a general consensus on the specific regulatory rules of cross-border data flow. And there are mainly three models. The United States, the European Union, and the emerging countries. China has always promoted cross-border data flow in accordance with the law. and has basically established a framework based on the rule of law. Since 2016, China has established the three plus three legal system with cyber security laws, data security law, and the personal information protection law as a top level design. And the data export security assessment measures, personal information export standards contract measures, and detailed rules for the implementation of personal information protection certification as supporting rules. In accordance with the three plus three legal system, China has promoted supervision and control of cross-border data flow in an orderly manner. In particularly, a number of demonstration cases have been formed in the security assessment of outbound data. At the same time, China’s local level has actively explored the innovation pilot of data outbound, promoting the safe and orderly cross-border data flow, and has accumulated the value of data elements. Next, I would like to introduce three ways of Chinese data export. First is safety assessment. The three plus three legal system establishes a basic requirement that the data export of import data or certain amount of personal information must pass a security assessment. Second is a standard contract, which is formulated by the Cyberspace Administration of China. China and signed by the information by the personal information processor and the overseas recipient Stimulating the rights and obligations of both parties third is protection certification Protection certification is an activity In which professional institution approved by CAC conducts a comprehensive evaluation of the personal information protection and management measures of personal information processors in accordance with CIC regulations if the merits meet the requirements the institution will issue a certification mark to the processor On the basis of the 3 plus 3 legal system China has further explored and innovated to promote the orderly cross-border data flow Recently the State Council of China issues a special document on foreign investment the title is opinions on further optimizing the environment for foreign investment and increasing the efforts to attract foreign investment. The document proposed to explore a convenient security management mechanism for cross-border data flow we will implement the requirements of the cybersecurity law the data security law and the personal information protection law establish a green channel for qualified foreign investment enterprise effectively carry out outbound security assessment of important data and personal information and promotes a safe orderly and free flow of data. On September 28th, the CIC drafted special regulations on the cross-border data flow to solicit public opinions aiming to further promote the orderly and the free flow of data in accordance with the law. Distinguished guests, China has always opened its door to the development of the digital economy and actively engaged in international cooperation. In the face of the development as a global digital economy, China will continue to regulate the cross-border data flow in accordance with the law, adhere to the vision of building a community with a shared future for mankind and share the dividends of digital development with other countries. Thank you.

Moderator 1:
Thank you, Mr. Xu. Now let’s welcome Professor Jesus Law, co-chair of the International Steering Committee of UNESCO Media and Information Literacy Alliance and the Vice President of University of Veracruz, Zena.

Jesus Lau:
Hello, good evening here. I’m in the southern part of Mexico. And I would like to say thanks to Professor Wu of Virginia Norman University and to CAC for the invitation to be part of this panel. My paper is called, Naked Address, Law for Data, Challenges and Opportunities in Mexico. Citizens in Mexico and in Latin America in general have legal and de facto options to be data naked or dress. In our contemporary data-driven modern society. In other words, they have the right to allow. or restrict the compilation and tracking of the digital footsteps in cyberspace. Mexico has a sound legal framework to protect individuals’ privacy. Data protection is ensured in Article 16 of the Mexican Constitution, as well as in the federal law for the protection of personal data held in private parties published in July 2010 and its regulations published in December 2011. The Mexican rule of law for data governance refers to a set of principles and practices that ensure that data within an organization or society is managed and governed in a fair, transparent, and consistent manner in accordance with established laws, regulations, and ethical standards. The authority responsible for data protection is the National Institute of Transparency, Access to Information, and Personal Data Protection. The acronym or the abbreviation is INAI. INAI oversees compliance with the law and has a primary focus on disclosing governmental activities, budgets, and public information, as well as protecting personal data and individuals’ right to privacy. INAI has the authority to conduct investigations, review and sanction data protection controllers, and authorize, oversee, and revoke certifying entities. The Ministry of Economy is responsible for informing and educating national and international corporations with commercial activities in the Mexican territory about their obligations regarding the protection of personal data. Among other responsibilities, it must issue relevant guidelines for the content and scope of the privacy notice in cooperation with E9. However, there are many challenges in Mexico, such as data breaches, hackers targeting private and government data, repositories pose a significant threat. Number two, legislative lag. Data protection legislation often lags behind technological advancement and emerging threats. Number three, government ethics, ensuring ethical data handling and decision making within the government is essential. Social media tracking. Social media platforms are major data trackers for marketing purposes, and sometimes this can be annoying. Number five, limited data literacy. Many citizens lack the necessary skills to understand, interpret, and effectively use data. The last challenge, in other words, limited data literacy, in the bold list, is certainly the most important because it can help address the rest of the challenges. Mexico needs to foster data literacy among its citizens, empowering them to understand, interpret, and effectively use data in today’s artificial intelligence driven world. To address these challenges, the country should, number one, raise awareness, promote the importance of data literacy and its benefits for personal and professional development. Number two, simplify complex data. Develop strategies and tools to make complex data more accessible and understandable. Number three, manage data overload. Provide guidance on how to navigate and extract meaningful insights from large data sets. Number four, overcome technological barriers. Ensure the technology and offer training on data analysis tools. Number five, address data quality. Promote data quality practices and techniques for cleaning and reprocessing data. Number six, teach a statistical and mathematical concepts. Offer education on a statistical and mathematical concepts relevant to data analysis. Number seven, emphasize data privacy. Educate individuals and organizations on responsible data handling and privacy compliance. Number eight, expand data access and enhance availability and access for all citizens. Number eight, promote change. Encourage organizations to adopt data-driven decision-making and foster a culture that values data. Number 10, address cultural and organizational barriers. Provide support, resources, and a conducive algorithmic culture for data literacy. Number 11, and last, allocate time and resources. Invest in training and development of data literacy skills, considering time and budget constraints. Conclusion, prioritizing data and information literacy education and training at both individual and organizational levels is essential. This may involve offering courses on data and algorithmic literacy, providing access to data analysis tools and resources. Enforcing a culture that values data-driven decision-making. Additionally, continuous efforts to raise awareness about the importance of data literacy can motivate individuals. to acquire these skills and make informed choices about the digital presence in cyber space. As a summary, according to the main message is that we need to offer data literacy training to our citizens. Thank you very much for this opportunity to speak at this session. I wish you success in the following sessions.

Moderator 1:
Thank you, Professor Law, for your wonderful words. I give the floor to the next speaker, Ms. Zheng Junfang, CRO and CFO of Alibaba Cloud Intelligence Group, please.

Jesus Lau:
Thank you.

Zheng Junfang:
Respected Mr. Tang Lei and the other speakers, ladies and gentlemen, friends, good morning. It is a great pleasure to participate this workshop and exchange ideas with you all on this topic. Today, our lives and work are intertwined with digital technology like never before. Indeed, data as a factor of production has emerged as a strategic resources for economic development. Chinese President Xi Jinping stated, we need to build a digital economy with data as a key factor, boost the integrated development of the real and the digital economies, and further integrate the internet, big data, and artificial intelligence with a real economy. As one of the earliest internet companies in China, Alibaba has benefited from the development of internet technology and from opportunities offered by the times. It is from this standpoint that we wish to share our thoughts and experience in the field of data governance. Data is a key factor of the digital economy. Alibaba, a sci-tech enterprise starting with e-commerce, has empowered the digitalization of numerous merchants and products to meet the huge market demand in China. Since its establishment, Alibaba has played an integral part in establishing connections between merchants and consumers throughout data. These data have made commercial operations smarter, information more transparent, and adjustment of supply and demand structure more efficient. It is also through data that we have built a trust system in transactions. Today, Alibaba serves nearly 10 million merchants and 1.3 billion consumers worldwide, and we work to continuously create greater value for customers and the society. In 2009, the first line of code was written for Alibaba Cloud’s self-developed cloud operation system. After 14 years of tireless efforts, our data-centric cloud computing platform has grown into a front-runner worldwide. In the era of cloud computing, both individuals and start-ups can enjoy the benefits of the digital economy. Mihai You is a video game development and publishing company that took shape in a dormitory at the Shanghai Jiao Tong University in 2011. Mihai You began to utilize Alibaba Cloud Computing Service when there were only eight staffers in the company. As of June 2023, the net profit of this young company reached nearly $2.27 billion. It is fair to say that Mihayo is a true cloud-native digital enterprise. Its success is a microcosm of this era, in which numerous innovative enterprises and Alibaba Cloud are mutually reinforcing. The value of data is unlimited, not only for business, but also for public services. During the Asian Games in Hangzhou, they just closed earlier this week. For example, cloud computing supported three core systems, the games management systems, results distribution systems, and game support systems. Alibaba Cloud also enabled the seamless integration of these core systems and provided intelligent applications, such as broadcasting and event communications. With the technical support of Alibaba Cloud, we can say that the event became the first Asian Games on the cloud. Only through law-based data governance can we give full play to the value of data. As an ancient Chinese saying has it, nothing can be accomplished without norms or standards. With the rapid development of the digital economy, data has played a vital role in promoting economic and social development. However, it has also posed challenges to the protection of personal information, intellectual property rights, and network and data security. In the cyberspace, therefore, promoting law-based data governance has become a global consensus. We believe that effective data governance will better facilitate data flow. Likewise, the free and secure flow of data within the framework of the rule of law will give full play to the strength of data as a factor of production. On the one hand, as a unique factor of production, data can be utilized repeatedly by different parties thanks to their inclusiveness. On the other hand, data can generate different values in different scenarios as their generation and utilization involve various stakeholders, thus creating a bucket effect. For this reason, Alibaba Cloud has advocated the whole process management of data throughout their lifecycle. Looking ahead, we would like to continue to participate in efforts to advance the rule of law in regard to data governance together with all clients and partners in this digital ecosystem. We face both opportunities and challenges in the area of AI. AI is one of the most innovative cutting-edge digital technologies in the world. As a high-tech Internet enterprise, Alibaba Cloud launched R&D on our large-language model in 2019, and the latest iteration, Tongyi Qianwen, was made available to the public recently. In the future, we will launch different partnership programs and endeavor to create more enterprise-specific models to ensure that every industry can better share the fruits of intelligent development. In the new era of intelligent development, we are the benefactors of the advance in AI while facing many uncertain risks and confusion. In response, the Cyberspace Administration of China, together with six other authorities, jointly issued in July the Intricate Measures for Administration of Generative Artificial Intelligence Services. the first of its kind globally. It provides a definitive legal environment and basis for the sound development of AI in China. In line with this regulation, Alibaba then released the management system for Scientech ethical risk review, introducing three principles of responsible AI, namely availability, reliability, and credibility. We hold that AI technology should serve the interests of humanity, be advanced and stable, and protect personal privacy and data security. Here, we would like to make three proposals. First, establishing high-quality university public corporate. Second, developing the standard system and the precaution system of data security for opposing racial discrimination, safeguarding the rights and interests of women and children. And third, actively carrying out international exchanges and cooperation in the field of data governance to promote global norms and consensus in this regard. Thank you.

Moderator 1:
Thank you, Ms. Zheng. Thanks again for all speakers of the first session. Next is the second session of round table, the moderator is my colleague, Wu Shengkuo.

Moderator 2:
Thank you. Thank you very much, Professor Liang. Now let’s move on to the second session of the roundtable discussion. Please remind you that each speaker can have seven minutes. Firstly, let’s welcome Mr. Fang Yu, Director of the Internet Law Research Center of China Academy of Information and Communications Technology, please.

Fang Yu:
Thank you, Mr. Wu. Distinguished guests, friends, good morning. Firstly, please allow me to say hello by Japanese. Ohayou gozaimasu, watashi wa Fang Yu desu. This is the first time for me to be here in Kyoto. This is a nice city and a beautiful place. More importantly, it is my great honor to speak at this forum. I am Fang Yu from China Academy of Information and Communications Technology, which refers to CAICT. The CAICT is a think tank in China engaged in research related to the field of network. Now I’m in charge of the Internet Law Research Center. My center mainly studies issues related to network legislation and has participated in several important legislations in China. As a think tank, we carry out some basic research, especially on cutting-edge legal issues. As we all know, the growing digitalization of our world is one of the key trends of the 21st century, and it is fundamentally changing the way we live and work. Digital economy is developing rapidly. The Internet is now an indispensable global public good. We need new laws and regulations to govern the cyberspace. Mr. Tang Lei has given an overview of China’s cyber law system, which is very impressive. Meanwhile, digital economy is driven by data. So I think data law is absolutely an important part in this system. The issue of data legislation is widely concerned by all countries in the world. In China, we generally divide it into three aspects – data security, personal information protection, and data value. First, data security means to use legal measures to ensure the effective use of data without affecting national security and social stability. To reach this goal, we need to make data classification and protect different types of data by different means. It covers many factors, but in which the issue of cross-border data flows is very critical. Mr. Xu Zhiyuan has already explained this topic in great detail, so I will not repeat it. Second, personal information protection can be said to be the fundamental rule in the development of the digital economy. And most countries are faced with the contradiction between personal information protection and personal information utilization. The European Union wants to balance them by the famous GDPR, and many countries have developed their own personal information protection laws with reference to the EU approach. China has a long history of personal information protection practices and in 2021 adopted China’s personal information protection law, which provides a Chinese plan for the protection and usage of personal information. The last is the issue of data value. This is quite essential for the digital economy, but there is no proper solution to this problem, and China is actively starting and exploring it. China has taken the lead in recognizing that data plays a fundamental role in the development of the digital economy, and encourages it to give full play to its essential role. However, many people are still deeply discussing the issue of data rights, hoping to determine the ownership of data through a legal framework to further realize the value of data. Distinguished guests, friends, I believe that data governance will be an issue which needs to be studied for a long time in the background of the digital economy.I hope that countries around the world can work together to make progress, especially through discussions under the framework of the United Nations. and other international mechanisms, so as to jointly improve the level of data governance and share the benefits of the digital economy development. Thank you for listening.

Moderator 1:
Thank you very much, Mr. Fang, for your wonderful point of view. Now I give the floor to Hosaka Lee Makiyama, Director of European Center for International Political Economy, please.

Hosuk Lee-Makiyama :
And once again, I would like to repeat my deepest gratitude to IGF, Benjindorma University and CSE for this invitation to make this very brief intervention. And as a simple legal and economic scholar that has studied global governance of data economy for the last 15 years, I’m very honored to offer my observation on this very difficult topic on the rule of law, because despite all the self-evident societal and developmental benefits that we have heard today in this panel, as well as in the other forums of IGF, it is well understood that the cross-border data flows has raised many important questions regarding rule of law, and especially in the context of international law. And when the internet and the data economy emerged two decades ago, the primary question used to be, and it’s to some degree still is, whether we can avoid internet becoming a legal void, jurisdictional terra nullius, if you like. And to date, I think that these concern has been pretty much addressed, and the issue has been less about determination of jurisdiction or legal forum, as it was believed, as very often the legal questions around new innovation tend to be very, very different than we imagined them at the onset. And many jurisdictions have actually expanded their reach and the legal basis with some form of extraterritoriality. Many speakers already commended the EU GDPR as a model or a template for many laws that have followed. I think EU GDPR is also a good example of the extraterritoriality since it is applied extraterritorially based on the citizenship or residency of the data subject rather than the object, which is the case in many other laws. And it has also established a practice of jurisdiction based on the citizenship or the passport or the fiscal placement of the data subject. And the ecosystem turned out to be much more insulated perhaps than what it was believed. We have seen that due to cultural and linguistical reasons, Internet has actually much more local flavor than we expect them to have. And due to the delivery of the data economy, which is so contingent on a fiscal continuum. So, for example, like local payment systems, banking and or a fiscal delivery of the transaction. We can also see that there is a natural tendency where these jurisdictional questions have been resolved. And despite the use of extraterritoriality issue associated with cross-border compliance and enforcement have been actually quite moderate. And to some extent, it is thanks to the legislative harmonization we have seen, for example, under the COE Budapest Convention on Cybercrime. But first and foremost, it is notable how basic liability principles or contract law or criminal law have actually applied equally online. as well as offline in Europe and many other jurisdictions. And increasingly online services are also subject to various type of licensing and notification requirements, meaning that actually the jurisdictional question has been resolved and also the rule of law has been territorialized at onset. And if that is the development we have seen in the past to first two decades of digital economy and where we have seen the evolution of legal doctrine, which is based on personal information on data management that we know today. We can also see that the current evolution in terms of rule of law on the internet is quite progressive where we have seen codification of in many instances of previous soft laws and executive decision. And the codification has also led to more legal clarity as more and more rules are actually transparent and actually written down rather than executed as executive orders or soft law. We see that there is an improvement of rule of law. However, not all foreign economic actors may not necessarily share the desirability of this clarity or these outcomes that the rules have enabled. So for example, if I just would take an example from Europe once again, Europe has introduced the Digital Services Act, Digital Markets Act and Data Act or EU Cloud Services Scheme which all have shifted the investigative ex post legislation like for example, an antitrust enforcement to an ex ante approach through universal obligations and through regulations rather than investigations. And in other elsewhere, we see cybersecurity laws that have provided more legal clarity with clearer legal basis, distinguishing different cases and practices. And once again, better clarity is always desirable, but some may simply just disagree with the rules. We still see issues with national treatment. So critics say that the EU law set very arbitrary thresholds of what high risk practices entail, and therefore it is very selective in its legal scope. And in fact, many thresholds are naturally ambiguous or subjective. I think there was a disruption in my connection, but I’ll try again. As I was saying, many thresholds that are naturally ambiguous or subjective, and that’s basically the nature of the internet law itself. And it is foreseen that case law will provide the further clarity on these issues. And, but given the dynamism of the legal systems of internet law as a subject, the question is whether we will be required to change the legal framework and update them before any case law actually evolves. This is the risks of governing fast paced technology which we all have to live with. And this basically leads to a final point here that there is a universal problem where enforcement agencies have a natural disadvantage in understanding the current practices, but not necessarily enforcing their rules. Transparency is of course, synonymous with accountability. And I think that the current trend shows that we are regulating to understand commercial practices, user patterns, rather than mitigating actual potential risks associated with data flow or inadequate enforcement. And I think that IGF hosts of this year, Japan has taken significant step here for the global community by taking the initiative for the institutional arrangement under the G7 on the FFT, and which will enable governments to study issues and causality and best practices for better data governance. And to basically to wrap up history and the future of cross-border governance of data flows has been characterized by friction of obligations rather than perceived conflict of laws or values. Different legal system are founded on different societal values. And despite these differences, it is evident that the regulators seek surprisingly similar outcomes in their digital economy and try to address similar issues. And however, these outcomes may have very different commercial consequences if you look at the individual companies. A foreign disruptor in one country is actually an incumbent and a national champion in another country. Some objectives of policy create very different winners and losers. This is not necessarily a product of diverging values or diverging objectives. And extraterritoriality can only be resolved through mutual cooperation and such as mutual legal assistance treaties. And many of the privacy laws have built-in transfer mechanisms. MCC has been mentioned several times under this course of this panel, but also adequacy decision. And these mechanisms for expedited data sharing process can enhance efficiency and collaboration amongst agencies. However, enforcement can only be guaranteed by governments, not by private actors. And this is an understanding which is the basis of the European model and many other legal models we see across Asia. So impetus comes from harmonisation, alignment of laws and especially on data protection, privacy and security, rather than establishing a common international standard or voluntary or trusted global frameworks. And I think we see that the equivalence decisions and other fundamental mechanisms for cross-border data flows are actually 100% legal in their nature. Trust is a matter of question between governments and people, but it does not necessarily relate to the data. It’s a function of equivalence rather than between two jurisdictions, rather than a function of trust. And here’s where many open data advocates tend to talk, prefer to talk about trust rather than equivalence between laws. So it may be a fictionary conflict that we see around trust, where we see, as once again, that many agencies around the world are actually working towards similar goals, despite having very different societal backgrounds. Thank you so much. And I’ll pass the word back to the panel.

Moderator 2:
OK. Thank you very much, Mr. Lee Makiyama from Brussels, for the interesting sharing. Next, we have Ms. Wang Rong, senior expert from Tencent Research Institute.

Wang Rong :
Thank you. Good morning, everyone. I’m Wang Rong from Tencent Research Institute, which is a research platform focusing on public policies in digital economy. I’m very honored to participate in the RGF Data Governance Forum. I guess that everyone must be impressed by the extraordinary accomplishments that China has achieved. just as Tang Lei, Deputy Director, introduced to us. Now, I would like to share the China’s personal information protection from the perspective of corporate compliance practices. First, I would like to share some interesting findings. So for the purpose of corporate compliance, Tencent Research Institute compared the provisions of China’s personal information protection law referred as PIPL, promoted in 2021 with the European Union’s General Data Protection Regulation, as you know, that’s GDPR. Through comparing these two laws, we found some interesting findings. The first, China’s PIPL is fully integrated with the international general principles of personal information protection represented by GDPR. In terms of legislative model, China’s PIPL adopted a globally mainstream model, which is very comprehensive and universal legislative model that is applicable to all sectors, not only to private sector, but also in public sector. And third, in terms of the laws content, the specific rules, the PIPL introduces the basic rules, including the legal basis of data processing, the rights of data subjects, the obligations of data controllers and data processors. Finally, in terms of strictness of rules, China’s PIPL is basically matches the EU GDPR standard. In some aspects, China’s PIPL is even more stringent than GDPR. So as we concluded. Although there are still some subtle differences between the PIPL and GDPR, but in general speaking, China’s PIPL is highly compatible with international legislation standards. The strict PIPL in line with international standards will bring full benefits to the healthy development of platform companies such as Tencent. Companies will fully embrace the implementation of law with a positive attitude. It is constructive to help the digital industry to build consumer trust through legal system protection. As you know, rebuilding consumers’ confidence and security trust is one of the core issues in the digital society. We believe the legal system itself undoubtedly plays an important role in now. As data processing scenarios become more complex, data flows between different institutions increase dramatically. Through the legal system, Clary finds the legal responsibilities of different market players in different aspects of data processing is very constructive to establish a data protection ecosystem. So based on our business, Tencent relies on systematic tools to implement data privacy compliance work. Tencent is one of the earliest internet companies in China to explore personal information protection and data compliance. We emphasize technology itself to empower privacy protection. We have developed the Linxi privacy platform to establish comprehensive technical capabilities to facilitate our service to fully comply with the privacy protection requirements. In addition, Tencent continues to develop privacy technologies such as federated learning, trusted computing, and secure multi-party computing to explore more technical solutions for personal information protection in the whole life cycle of digital service. In the practice of implementation of the PIPL, Tencent continues to improve product transparency, giving our users more choice and control, and provide one-stop privacy solutions for our users. Besides that, we have established an integrated rights response and processing mechanism to ensure that users’ personal information rights requests are responded in a timely and effective way. So, in a conclusion, just as we advocated of technology for good, we hope that our products and services themselves try to take advantage of technology to do good and build up the consumer’s trust. That’s all. Thank you for listening.

Moderator 2:
Thank you, Mr. Wang, for your relevant sharing. Now, let’s welcome Mr. Zhu Ran, Vice President of Alibaba Cloud Intelligence Group, please.

Zhu Ran:
Thank you. Ladies and gentlemen, friends, good morning, everyone. It’s my honor to participate in the workshop on the role of law for data governance of 18th Internet Governance Forum and share my ideas on this topic with all of you. The Chinese government has always adhered to the principle of of governing the Internet in accordance with law in its efforts to promote the healthy and orderly development of the Internet. The rule of law on the Internet is not only an important way of digital governance, but also an important outcome of digital civilization advancement. Alibaba has done a lot of work in data governance in line with national laws and regulations as well as international initiatives. Practice of Alibaba Cloud in Data Governance Alibaba Cloud Intelligent Group has been committed to the cloud-based data governance for years, relying on a self-developed AppSara system which prides clients from more than 200 countries and regions worldwide with cloud services such as computing, storage, networking, data processing, and security protection. The group has explored a complete set of methods for data governance. In terms of compliance governance, as a company that provides cloud computing services for the public, Alibaba Cloud has worked to improve data compliance governance and has become a cloud service provider with the best qualification in Azure as well as an industry leader in protecting data security and privacy of cloud computing. As early as 2013, Alibaba Cloud passed ISO 27 sound and CSA star certification and later passed PCI DSS certification in the financial field. In terms of technical guarantees, Alibaba Cloud continues to strengthen technical guarantees for data governance of the cloud platform. First, Alibaba Cloud has classified various types of data on the cloud and ensured data security in their usage, entry and exit, and other situations by taking advantage of technologies and stepping up operations and maintenance systems. Second, Alibaba Cloud has established well-functioning disaster recovery systems and redundant systems for cloud computing, networking, storage of data. Several disaster recovery systems have been built such as dual active in the same city, backup data in other cities in case of disaster, multi-active in multiple cities, scheme of two places and three centers, and so on. Third, in terms of infrastructure, Alibaba Cloud has established security controls over data with regard to its storage encryption. transmission, encryption, and across-control, ensuring data security of multi-tenancy in cloud computing. As for the policy support, Alibaba Cloud took the lead in launching a data security initiative in 2015, stating that since data are customers’ assets, cloud computing platforms cannot be used for other purposes. Rather, platforms have the obligation to help protect the privacy, integrity, and availability of client data. The initiative also held that cloud computing platforms should provide a privacy and data protection framework and scheme for cloud users. In 2021, Alibaba Cloud released the Data Security and Privacy Protection White Paper, which introduces the best practice of Alibaba applying cloud computing to safeguarding data security. Efforts in security protection involve physical security, data storage, network transmission, computing security, as well as backup and disaster recovery. Recently, Alibaba Cloud officially launched our LLM. This is a next-generation model for LLM. It can understand complex instructions, engage in multi-round dialogue, write copy, perform loggage rezoning, understand multi-modal inputs and support multiple languages. So it can be applied in, for example, planning, office administration, shopping, recommendation, and home design to help customers raise efficiency of their work and services. What’s more, enterprises can build their own LLM models by Tongyi Qianwen to develop more enterprise level applications. We believe that data guidance for LLM determines the scope and depth of LLM’s application. Therefore, R&D and application of AI have always been pursued under the guidance of principles of availability, reliability, credibility, and controllability in Alibaba Cloud. That’s all. Thank you.

Moderator 2:
Thank you, Mr. Zhu, for your profound insight. Now I would like to give the floor to Mr. Zhao Jingwu, Associate Professor of Law School of Beihang University. Please.

Zhao Jingwu:
Thank you, Professor Wu. Good morning, everyone. It’s my honor to have an opportunity to share my thoughts, speech here. I’m Zhao Jingwu from Beihang University. What I would like to talk today is simple issues, is how to ensuring the security of corresponding data flow. through the legal instruments. Well, in modern society, the economic and strategy value of data has become a crucial element of the national innovative development of digital economy. Well, the combination of traditional and digital business has changed the operating model of the real economy, as well as the basic condition of international digital economy development. So cross-border data flow is not just a matter of domestic data security regulation and the commercial utilization, but also a complex issue that affect the promoting of global digital economy. Well, in recent years, we can see that more and more countries, regions, and international organizations, by including China, has tried to explore safe and trustworthy model for cross-border data flow through domestic legislation, bilateral agreements, and international treaties. However, at the same time, there are also many controversy needs to be solved urgently. Well, in this context, we can see that China has actively promoting the governance path of cross-border data flow. However, here is a misleading in the international governance activities, which is to encourage the cross-border data flow without restrictions. Well, perhaps their original intention was to achieve a border and more efficiency data flow effects, but the key is they fail to understand the relationship between the data security and data flow. Well, it’s worth mentioning that in the Article 1 of the data security law in China, the governance idea of data is to ensure data security and to promote data development and utilization. Well, in summary, it means pay equal attention to safety and utilization. So we agree that blindly pursue cross-border data flow without paying attention to data security. is not only fail to realize the exchange value of data, but also breeds security risk, such as data linkage and theft, which would lead in the reduction of the economy value of data resources. So in the international community, there is a view of China follow the data controlism path, which is essentially politicalized the issue of data security. That is because we don’t have a unified standard for the international cross-border data flow around the world. While multilateral cooperation always have to comply with different domestic laws and the international agreement. So there’s no denying that the national data security and the citizen personal privacy are generally recognized primers for cross-border data flow. Furthermore, across the global, there’s no country allowed cross-border data flow without any condition. And the more country, domestic law put data security and the national security as a first place. So what I want to emphasize is China isn’t an open and cooperative governance model for cross-border data flow. It’s not an empty words. China’s domestic law has clearly defined four categories of rules for cross-border data flow, which including security assignments of outboarding data transfer, standard contract for the cross-border transfer of personal information, and third party security certification and special rules for special areas. So all above these rules are supported by the corresponding laws and regulations. So moreover, a few days ago, China’s regulator authorities just released the regulation on regulating and facilitating the cross-border data flow. There is a draft for comments. which further refined China’s governance framework for cross-border data flow and the response practical issues with social general concern. For example, the draft clarified that the outbounding data transfer does not require security assignment, standard contract or security certifications when the non-important data generated in the activities, such as international trades, academic corporations, corresponding manufacturing and the market influence activities. So Chinese supervisation system for corresponding data flow is not simply to restrict data export, but to better protect and promoting data export. So Chinese legislation has established diverse channel for cross-border data flows, which not only catering to the market demands for various industrial and enterprise, but also align with international rules on the cross-border data flows. So all of these help multinational enterprise to solve practical problems for repeating the compliance, multiple compliance, even conflict compliance during the processing of outbounding data transfer. Finally, I hope we can reach a consensus that the governance of data, which especially is a cross-border data flow, cannot ignore data security, nor can it set too many restrictions for security. The concept of security and the utilization coexistence in China data governance system, offering China a wisdom and approaching to solve the problem of cross-border data flow. That is all what I want to say. Thank you. Thank you, Professor Wu.

Moderator 2:
Thank you, Professor Zhao, for your wonderful words. Due to time limitation, we have to conclude this forum. We hope to have more in-depth exchanges and discussions in the future. Once again, we would like to thank all guests and friends for your wisdom and efforts to contribute to this open forum. We also would like to thank UNIGF for providing us with a more than relevant dialogue platform. This open forum is concluded here. We invite all of you to have a photo group here. Thank you.