Rule of Law for Data Governance | IGF 2023 Open Forum #50

Report

China has implemented a comprehensive legal framework to effectively manage the flow of data across borders. This framework consists of three key laws: cybersecurity laws, data security law, and personal information protection law. These laws serve as a solid foundation for regulating and safeguarding the transfer of data.

To support these laws, the Chinese government has implemented additional measures.

These include data export security assessments, which require the export or import of data or a certain amount of personal information to undergo a thorough security evaluation. This assessment ensures that data leaving or entering the country meets the necessary security standards.

Furthermore, standard contracts are signed between personal information processors and overseas recipients.

These contracts outline the rights and obligations of both parties, providing a legal framework for the safe and responsible transfer of personal information. Additionally, China has established detailed rules for personal information protection certification. These certifications are conducted by professional institutions approved by the China Administration of Cybersecurity (CAC).

They evaluate the measures taken by personal information processors to protect and manage personal information in accordance with regulations set by the China Information and Communication Administration (CIC).

China’s commitment to the safe and orderly flow of data across borders is evident in its efforts to create a supportive environment for data exchange.

The State Council of China has issued a special document that establishes a streamlined process, known as the “green channel,” for qualified foreign investment enterprises. This green channel enables these enterprises to effectively conduct outbound security assessments of important data and personal information.

Additionally, the CIC has drafted special regulations on cross-border data flow and is seeking public opinions to further promote the orderly and free flow of data.

These proactive measures demonstrate China’s determination to facilitate secure data exchange and support the growth of the digital economy.

China also emphasizes the importance of international cooperation and open engagement to promote the development of the digital economy.

The establishment of a comprehensive legal system for managing transborder data flow, along with China’s proposal to explore convenient security management mechanisms for cross-border data flow, reflects its commitment to collaboration and partnerships.

In conclusion, China has taken significant steps to establish a robust legal system for managing the flow of data across its borders.

The introduction of cybersecurity laws, data security law, and personal information protection law, along with the implementation of data export security assessments, standard contracts, and personal information protection certifications, demonstrates China’s dedication to the safe and orderly flow of data.

With a strong focus on international cooperation and support for the digital economy, China is positioning itself as a key player in facilitating secure and efficient data exchange on a global scale.

Report

In today’s digital society, data security and cross-border data flow have emerged as crucial issues. Data has become a vital element in the national innovative development of countries. The ability to securely transfer data across borders is not only important for domestic data security regulation and commercial utilization but also essential for promoting the global digital economy.

China, for instance, has taken steps to address the governance of cross-border data flow through its domestic law.

The country has implemented clear rules that classify cross-border data flow into four categories. However, its governance model is seen as lacking openness and cooperation. While China acknowledges the importance of data security, there is also a need to balance it with utilization.

The coexistence of security and utilization is considered essential in the China data governance system.

On the other hand, there are arguments against unrestricted cross-border data flow without proper attention to data security. Pursuing data flow without considering data security risks compromises the exchange value of data and can lead to security vulnerabilities such as data linkage and theft.

It is important to strike a balance between the free flow of data and the necessary security measures to safeguard sensitive information.

Another concern is the politicization of data security, particularly in relation to China. There is an international perception that China follows a path of data controlism, essentially politicizing the issue of data security.

This perception raises questions and highlights the importance of ensuring data security without unnecessary politicization.

In conclusion, ensuring the security of data flow is critical in today’s digital society. While China has defined rules for cross-border data flow, its governance model is viewed as lacking openness and cooperation.

Striking a balance between security and utilization is key to effective governance. Additionally, pursuing unrestricted data flow without considering data security risks compromising the exchange value of data. The observation that the issue of data security can be politicized, particularly with China’s perceived approach, raises further concerns.

Report

The digitisation of our world is a key trend in the 21st century, with the digital economy and the internet becoming indispensable global goods. This has resulted in the need for new laws and regulations to effectively govern the cyberspace.

The digital economy is rapidly developing, and the internet plays a crucial role in its growth.

It is now an integral part of our lives, facilitating communication, commerce, and innovation on a global scale. The significance of the digital economy is further emphasised by its relation to SDG 9: Industry, Innovation and Infrastructure.

Data legislation plays a fundamental role in enabling the effective use of data in the digital economy.

It is divided into three key areas: data security, personal information protection, and data value. Data security focuses on ensuring that data is used effectively without compromising national security and stability. Personal information protection is vital as it ensures individuals have control over their private data and prevents unauthorised access or misuse.

Realising the value of data is essential for the digital economy, as it drives innovation, creates new opportunities, and contributes to economic growth. The importance of data legislation aligns with SDG 16: Peace, Justice and Strong Institutions.

Furthermore, the issue of data governance is a long-term concern in the face of the growing digital economy.

It is recognised that effective data governance is crucial to address the challenges and risks associated with handling vast amounts of data. Data governance offers the potential to enhance the level of data governance and ensure the benefits of the digital economy are shared among all stakeholders.

This aligns with SDG 17: Partnerships for the Goals.

In conclusion, the digitisation of our world and the growth of the digital economy have necessitated the development of new laws and regulations to govern the cyberspace. Data legislation, including data security, personal information protection, and data value, is imperative for the digital economy to thrive.

Moreover, data governance is a long-term issue that requires attention to improve the level of data governance and maximise the benefits of the digital economy for all.

Report

The analysis reveals significant aspects of cross-border data flow and its legal implications. It suggests that jurisdictional issues have largely been addressed, as many jurisdictions have expanded their reach and established a legal basis for cross-border data regulation. This expansion reflects the recognition of the importance of regulating data flows beyond national borders.

Additionally, the analysis underscores the importance of harmonizing and aligning laws to facilitate cross-border data flow.

It argues that built-in transfer mechanisms within privacy laws and expedited data sharing processes can enhance efficiency and collaboration among agencies. This highlights the necessity of a cohesive legal framework for seamless data exchange.

The analysis also highlights the progressive evolution of the rule of law on the internet.

By codifying rules and regulations, there is greater legal clarity compared to relying solely on executive orders. This signifies a positive step toward establishing a solid legal foundation to govern online activities and ensure accountability.

Furthermore, the analysis challenges the notion of a fictitious debate around ‘trust’ in data governance.

Despite varying societal backgrounds, agencies worldwide are working toward similar data governance goals. This implies the potential for common ground and shared objectives, fostering trust through collaborative efforts.

Overall, the analysis provides a comprehensive overview of the progress made in addressing cross-border data flow challenges.

It emphasizes the importance of jurisdictional expansion, harmonization of laws, clear regulations, and collaborative data governance. These insights shed light on the complexities associated with cross-border data flow and the ongoing efforts to navigate them while promoting trust and accountability.

Report

Mexico is currently facing challenges in data handling, specifically regarding data literacy and data protection. A significant concern is the lack of necessary skills amongst many citizens to understand and effectively utilize data. To address this issue, there is a need to raise awareness and promote the importance of data literacy and its benefits for personal and professional development.

Mexico has taken steps to ensure data protection by including it in Article 16 of its Constitution.

The country has a solid rule of law regarding data governance, which encompasses principles and practices that ensure fair, transparent, and consistent management and governance of data within organizations and society. This provides a strong foundation for data protection.

However, Mexico still faces difficulties in data handling.

Data breaches, with hackers targeting both private and government repositories, pose significant threats. This highlights the need for robust cybersecurity measures to safeguard sensitive information.

Legislative lag is also a concern. Data protection legislation often falls behind technological advancements and emerging threats, making it difficult to effectively address data security issues.

It is essential to update and strengthen legislation to keep up with the evolving landscape of data handling.

Government ethics in data handling is another aspect that needs attention. Ensuring transparency, accountability, and ethical practices in the collection, storage, and use of data by government entities is vital to foster trust and protect citizens’ privacy.

Additionally, the widespread use of social media and the tracking of individuals’ data present further challenges in data handling.

Stricter regulations and better controls are required to manage the risks associated with the use of personal data on social media platforms.

To overcome these challenges, Mexico should prioritize data and information literacy education and training. This could involve offering courses on data and algorithmic literacy and providing access to data analysis tools and resources.

By prioritizing data literacy education at both individual and organizational levels, Mexico can empower its citizens to understand and make informed choices about their digital presence in cyberspace.

In conclusion, Mexico faces various challenges in data handling, including limited data literacy, data breaches, legislative lag, government ethics, and social media tracking.

It is essential for the country to promote data literacy, strengthen data protection measures, update legislation, ensure government ethics, and regulate social media data handling. By prioritizing data and information literacy education and training, Mexico can empower its citizens to engage with data effectively and confidently navigate the digital world.

Report

The expanded summary provides a detailed analysis of the importance of fair and effective data governance for public benefits and sustainable development. It emphasizes the role of data in driving economic innovation and social development, highlighting its significance in today’s society where it has become a key driver of innovation and development.

The analysis recognizes that data application and governance present both opportunities and challenges.

On one hand, data has the potential to bring about significant positive impact by informing decision-making processes, driving economic growth, and fostering social progress. However, it also raises concerns about privacy, security, and ethical considerations. Therefore, it is crucial to have effective data governance to maximize the benefits of data while mitigating potential risks and negative consequences.

To address the complex nature of data governance, the analysis suggests the need for multi-stakeholder forums that facilitate the exchange of insights on data-related applications and governance.

These forums aim to bring together representatives from government, civil society, the technology community, and the private sector on a global scale. By fostering collaboration and knowledge-sharing, these forums can contribute to the development of fair and effective data governance frameworks that address the concerns and interests of all stakeholders.

In conclusion, the analysis highlights the critical role of data in driving economic innovation and social development.

It underscores the importance of fair and effective data governance to maximize the benefits of data while addressing the challenges and concerns associated with its use. The suggestion to hold multi-stakeholder forums reflects the need for a collaborative approach to data governance, where different perspectives are considered to develop comprehensive and inclusive frameworks.

The expanded summary provides valuable insights into the significance of data governance for public benefits and sustainable development.

Report

The second session of the roundtable discussion began with Mr. Fang Yu, Director of the Internet Law Research Centre of China Academy of Information and Communications Technology. He provided valuable insights into the field and emphasized the importance of Internet law in the rapidly evolving digital landscape.

Following Mr. Fang Yu, Mr. Lee Makiyama from Brussels shared his perspectives, contributing interesting ideas to the discussion.

Next, Ms. Wang Rong, a senior expert from Tencent Research Institute, offered her valuable insights on the topic. She shed light on the significance of research and development in the context of internet technology and its implications for legal regulation.

Continuing the discussion, Mr.

Zhu Ran, Vice President of Alibaba Cloud Intelligence Group, shared his profound insights into the advancements of cloud computing in relation to internet law. His perspectives highlighted the need for effective legal frameworks to address the challenges and opportunities presented by cloud computing technologies.

The final speaker, Professor Zhao Jingwu from Beihang University’s Law School, delivered a thought-provoking presentation.

He explored various legal aspects of internet governance and emphasized the need for comprehensive legal frameworks to address emerging digital issues.

Despite the time limitation, the forum concluded on an optimistic note, expressing the desire for more in-depth exchanges and discussions in the future.

The participants and speakers were sincerely thanked for their wisdom and efforts in contributing to the open forum.

Moreover, the UNIGF was acknowledged for its vital role in providing a relevant dialogue platform for global stakeholders to engage in meaningful discussions on internet law and governance.

In summary, the second session of the roundtable discussion featured a diverse range of speakers who presented their perspectives on various aspects of internet law.

The insights and arguments shared highlighted the need for robust legal frameworks to navigate the complexities of the digital era. The forum concluded with a shared commitment to further exploration and collaboration in this important field.

Report

The importance of data governance in personal, national, and international security is emphasised in the provided information. With data driving our thought processes and daily activities, its governance becomes critical. This highlights the need for effective management and protection of data to ensure security at various levels.

Another key point highlighted is the need for good legislative and governance mechanisms for managing data.

It is mentioned that the governance of raw and segmented data often lacks clarity, indicating the importance of establishing clear frameworks and guidelines for data management.

Furthermore, there is an urgent call for a comprehensive law and policy framework to assess threats and prosecute offenders in the cyber realm.

This is prompted by a recent devastating cyber attack in Eastern Africa that had significant impacts on the economy and security of the affected country. The lack of involvement from countries in Eastern Africa in convention work is noted, which is discouraging considering the need for collective efforts in addressing cybercrime.

In the context of the Cybercrime Convention, it is advocated that all factions, including NGOs, civil society, and academia, should be involved in the debate.

This inclusivity is seen as essential despite the diplomatic difficulty arising from the divergent views of countries involved. It is important to consider different perspectives and input from various stakeholders to ensure a well-rounded and effective approach to tackling cybercrime.

Additionally, the significance of active listening and open communication for preventive diplomacy is highlighted.

It is acknowledged that active listening and dialogue among individuals and nations are essential tools in the pursuit of preventive diplomacy. This process enables understanding, cooperation, and the building of partnerships to address conflicts and maintain peace.

In conclusion, the provided information underscores the importance of data governance in personal, national, and international security.

It highlights the need for legislative and governance mechanisms to effectively manage data. Furthermore, the urgency for a comprehensive law and policy framework to address cyber threats and prosecute offenders is emphasised. The importance of inclusivity in the debate surrounding the Cybercrime Convention, involving various factions and stakeholders, is also stressed.

Finally, the significance of active listening and open communication for preventive diplomacy is acknowledged.

Report

China has been dedicated to promoting law-based cyberspace governance ever since it became fully connected to the Internet in 1994. The country has taken significant steps to establish a comprehensive legal framework by enacting more than 140 laws pertaining to cyberspace. This legislation serves as the basis for governing and regulating the online environment in China.

One of China’s key arguments is that it champions the interests of all countries in promoting law-based cyberspace governance.

The country believes that all nations should adhere to legal principles and frameworks to ensure a safe and secure online space for everyone. China’s commitment to this ideal is evident in the number of laws it has enacted and the efforts it has made to create a robust legal framework for cyberspace governance.

Furthermore, China emphasises the importance of equal participation in global cyberspace governance.

It supports the involvement of all nations on an equal footing and actively engages in international exchanges and cooperation in the field of law-based cyberspace governance. By promoting inclusivity and collaboration, China seeks to foster a global community that works together to address the challenges and opportunities in cyberspace.

China also recognises the need for constant innovation and adaptation to keep up with the evolving technological landscape.

It acknowledges the challenges posed by new Internet technologies and responds to them in a forward-looking manner. By promoting innovation in the concept, content, approach, and methods of law-based cyberspace governance, China ensures that its legal frameworks remain relevant and effective in addressing emerging issues.

In conclusion, China’s efforts in promoting law-based cyberspace governance are commendable.

The country has enacted numerous laws and established a comprehensive legal framework to govern the online environment. China advocates for the interests of all countries and supports equal participation in global cyberspace governance. Additionally, it emphasises innovation in adapting to the challenges brought by new Internet technologies.

Overall, China’s commitment to law-based cyberspace governance contributes to a safer and more secure online space for people worldwide.

Report

The Personal Information Protection Law (PIPL) in China is gaining recognition for its alignment with international standards. The law covers all sectors, including private and public, ensuring comprehensive protection of personal information.

Platform companies like Tencent stand to benefit from the strict provisions of the PIPL.

Tencent has developed systematic tools for data privacy compliance and is committed to protecting user privacy and data compliance. They have also been at the forefront of developing privacy technologies such as the Linxi privacy platform, Federated learning, Trusted computing, and Secure multi-party computing.

In addition to technical solutions, Tencent focuses on giving users more control and transparency in their products.

They aim to empower users with informed choices regarding their personal information.

The PIPL in China is seen as a positive development in personal information protection and data compliance. It sets a high standard for businesses, particularly platform companies like Tencent, who demonstrate their dedication to safeguarding user privacy and complying with the law.

Overall, the PIPL and Tencent’s initiatives contribute to the broader goal of data privacy.

They encourage companies to prioritize user privacy and comply with regulations, positioning Tencent as an early adopter and industry leader in personal information protection.

Report

The analysis provides a comprehensive overview of the personal information protection laws and data governance in China. It highlights some unique characteristics of China’s personal information protection laws and their approach to balancing the protection and utilization of personal information.

Specifically, China’s civil code distinguishes between the right to privacy and the right to personal information protection. This distinction allows for a nuanced understanding of personal information and ensures that individuals’ rights are safeguarded while also promoting the responsible use of personal data.

In terms of data governance, the analysis reveals that in China, there is a consensus that data carries a wide range of interests beyond personal and property interests.

This understanding indicates a broader perspective on data and its potential for various applications. The analysis suggests that data is non-exhaustible and can be used by multiple entities simultaneously. This recognition underscores the importance of developing comprehensive data governance frameworks that account for the diverse interests associated with data.

Notably, the analysis explores two main perspectives on data governance in China.

The first perspective advocates for establishing property rights over data. This approach requires defining the boundaries of rights for different entities, ensuring that ownership and control over data are clearly defined. The second perspective focuses on access to data through lawful behaviours.

This view prioritises the establishment of regulations and guidelines that govern the appropriate uses and accessibility of data. Both perspectives demonstrate the need to navigate the complex challenges surrounding data governance and strike a balance between individual rights and collective interests.

The analysis also acknowledges that China’s governance practices in this field could offer valuable insights for other jurisdictions facing similar concerns.

It highlights the potential for China’s experience to serve as a reference for state governments worldwide grappling with data regulation and governance issues. By examining China’s approach, other jurisdictions may gain useful knowledge and strategies for developing effective policies and frameworks to protect personal information and regulate data usage.

In conclusion, the analysis sheds light on the distinctive features of personal information protection laws and data governance in China.

It underscores the importance of balancing the protection of personal information with the need for responsible utilization. Furthermore, it emphasises the recognition of data as carrying a wide range of interests and the necessity of establishing comprehensive data governance frameworks.

Overall, the analysis contributes valuable insights and recommendations for the ongoing global conversation on data governance and personal information protection.

Report

Alibaba, a prominent player in the digital economy, has been instrumental in connecting merchants and consumers through the use of data. This connection has revolutionized commercial operations, making them smarter, more transparent, and highly efficient. By harnessing the vast amount of data at their disposal, Alibaba has created a platform that facilitates seamless transactions between merchants and consumers, driving growth and prosperity in the digital ecosystem.

With a global reach that serves nearly 10 million merchants and 1.3 billion consumers worldwide, Alibaba continues to create greater value for customers and society as a whole.

Their positive impact on the digital economy is evident through their ability to leverage internet technology to foster innovation and develop industries.

However, Alibaba acknowledges the challenges presented by data governance in the rapidly advancing digital economy. They are advocates for a law-based approach to data governance, recognizing the importance of protecting personal information, intellectual property rights, and ensuring network and data security.

By acknowledging the risks associated with extensive data usage, Alibaba emphasizes the need for a robust legal framework to support a thriving digital economy.

In alignment with their commitment to responsible data management, Alibaba emphasizes the importance of AI technology serving humanity’s interests while safeguarding personal privacy and data security.

Their efforts in this regard are exemplified by their launch of large-language model R&D in 2019 and the recent introduction of their ethical risk review management system. By proactively adhering to AI regulations, Alibaba ensures the advancement and stability of AI technology while prioritizing personal privacy and data security.

In conclusion, Alibaba’s significant impact on the digital economy is indisputable.

Their role in connecting merchants and consumers through intelligent data usage has revolutionized commercial operations, promoting efficiency and transparency. Moreover, Alibaba’s dedication to law-based data governance and ethical AI practices underpin their commitment to responsible data management. Overall, Alibaba’s positive contributions to the digital economy firmly establish them as a global leader in the industry.

Report

The Chinese government has consistently upheld the principle of governing the Internet in accordance with the law, recognizing the rule of law on the Internet as vital for digital governance and the advancement of digital civilization. This commitment to legal governance of the Internet reflects a positive sentiment towards ensuring a secure and regulated online environment.

Alibaba Cloud Intelligence Group has played a significant role in cloud-based data governance, offering a range of cloud services to clients from over 200 countries and regions worldwide.

Their services include computing, storage, networking, data processing, and security protection, all aimed at effective data management and governance. This demonstrates Alibaba’s strong commitment to data governance and their contributions towards advancing the goal of industry, innovation, and infrastructure.

To strengthen their data compliance governance further, Alibaba Cloud has obtained important certifications, such as ISO 27001 and CSA Star certification.

Having also earned PCI DSS certification in the financial field, Alibaba Cloud’s dedication to data compliance is evident. These certifications not only validate their commitment to industry standards but also assure clients of their compliance and security measures.

Alibaba Cloud continues to prioritize data governance by implementing technical guarantees for data security on their cloud platform.

They have developed a system that classifies various types of data on the cloud, ensuring secure usage, entry, and exit of data. This commitment to technical guarantees fosters confidence among their clients and ensures that data security remains a top priority.

The release of Alibaba Cloud’s Data Security and Privacy Protection White Paper further emphasizes their focus on safeguarding data.

This document highlights the best practices of applying cloud computing to protect data security. Such transparency and information sharing contribute to increasing awareness and understanding of data privacy and security.

Alibaba Cloud takes a proactive stance in supporting data privacy and security.

They have launched a data security initiative that emphasizes the importance of cloud computing platforms being solely used for protecting customer data. They believe that platforms have an obligation to help protect the privacy, integrity, and availability of client data.

This demonstrates their commitment to ethical data practices and their support for a secure online environment.

In conclusion, the Chinese government’s commitment to governing the Internet in accordance with the law, along with Alibaba Cloud’s significant contributions to cloud-based data governance and commitment to data compliance and security, reflects a positive sentiment towards ensuring secure and regulated online environments.

Alibaba Cloud’s technical guarantees, white paper, and proactive stance further reinforce their dedication to data privacy and security. These efforts serve as an example for other organizations and emphasize the importance of upholding data governance standards for the advancement of the industry, innovation, and infrastructure goal.