Day 0 Event #171 Legalization of data governance
Day 0 Event #171 Legalization of data governance
Session at a Glance
Summary
This discussion focused on the legalization of data governance and internet regulation in various countries, with a particular emphasis on China’s approach. Speakers from China, Singapore, Brazil, and international organizations shared insights on their respective legal frameworks and strategies for managing data in the digital age.
The discussion highlighted the importance of balancing data security with development and innovation. China’s approach, as outlined by several speakers, involves a comprehensive legal framework including cybersecurity, data security, and personal information protection laws. The country is also working on regulations for cross-border data flows and AI governance.
Singapore’s representative described their evolving approach, which began with minimal regulation but has expanded to address harmful content, online falsehoods, and cybersecurity. Brazil’s speaker outlined their efforts in data protection, AI legislation, and plans for a national data economy policy.
Corporate perspectives were provided by representatives from Lenovo and ZTE, who shared their companies’ data governance practices and compliance efforts. Both emphasized the importance of aligning with national and international regulations while fostering innovation.
Key themes that emerged across presentations included the need for international cooperation in data governance, the challenges of regulating rapidly evolving technologies like AI, and the importance of balancing security concerns with the benefits of data sharing and utilization.
The discussion underscored the complex and evolving nature of data governance in the digital age, with countries and companies alike grappling with how to protect privacy and security while promoting innovation and economic growth.
Keypoints
Major discussion points:
– The importance of balancing data security and development in data governance
– The need for international cooperation and harmonization of data governance approaches
– The challenges and opportunities presented by AI and emerging technologies for data governance
– The role of law and regulation in ensuring responsible data practices and cross-border data flows
– Industry perspectives on implementing data governance and compliance frameworks
The overall purpose of the discussion was to explore different national and industry approaches to data governance, with a focus on legal and regulatory frameworks. Speakers shared insights on how to balance innovation and security, address emerging challenges, and promote international cooperation on data governance issues.
The tone of the discussion was largely informative and collaborative. Speakers presented their country’s or organization’s approaches in a factual manner, while acknowledging common challenges and the need for continued dialogue and cooperation. There was an underlying sense of urgency about addressing data governance issues, but the overall tone remained constructive and solution-oriented throughout.
Speakers
Speakers from the provided list:
– Tang Lei: Director of the Internet Governance Research Center, Chinese Academy of Cyberspace Studies
– Wolfgang Kleinwächter: Professor Emeritus at the University of Aarhus, Denmark
– Shi Jainzhong: Professor and Vice President of China University of Political Science and Law
– Jose Roberto de Andrade Filho: Immediate past deputy consul general from consulate general of the Federative Republic of Brazil, Shanghai
– Daniel Seng: Director of Center for Technology, Robotics, Artificial Intelligence and Law Studies, National University of Singapore
– He Bo: Director of Research Center for Internet Law, China Academy of Information and Communication Technology
– Zhao Jingwu: Associate Professor at Law School of Beihang University
– Gao Huandong: Vice President of Lenovo Group
– Li Wen: Vice President of ZTE Corporation
Additional speakers:
– Wu Shenghua: Professor at Beijing Normal University (mentioned but did not speak)
Full session report
Data Governance in the Digital Age: Balancing Security, Development, and International Cooperation
This discussion brought together experts from various countries and sectors to explore the complex landscape of data governance in the digital age. The speakers, representing China, Singapore, Brazil, and major technology companies, shared insights on national approaches, legal frameworks, and corporate practices in data governance.
Key Themes and Approaches
1. Balancing Security and Development
A central theme throughout the discussion was the need to balance data security with development and innovation. Tang Lei, representing China’s perspective, emphasised that the country’s data governance framework aims to achieve “high-quality development and high-level security”. This approach is reflected in China’s comprehensive legal framework, which includes cybersecurity, data security, and personal information protection laws, as outlined by Shi Jainzhong. Tang Lei also noted China’s global initiative on data security, highlighting the country’s efforts to engage internationally on these issues.
In contrast, Daniel Seng described Singapore’s evolving approach, which began with minimal regulation but has expanded to address harmful content, online falsehoods, and cybersecurity. Singapore has recently enacted laws addressing online safety and criminal harms, demonstrating a shift towards more comprehensive regulation. This “light-touch” approach to content regulation differs from China’s more comprehensive framework, highlighting the diversity of national strategies in data governance. Seng also emphasized the importance of public education in Singapore’s approach to internet governance.
2. Legal Frameworks and Regulatory Challenges
The discussion revealed that countries are at different stages of developing and implementing legal frameworks for data governance. Brazil, as described by Jose Roberto de Andrade Filho, has had a data protection law (LGPD) in place for four years and is currently working on AI regulations and plans for a national data economy policy.
Speakers agreed that emerging technologies, particularly AI, are creating new challenges for data governance. He Bo highlighted the shift from model-centric to data-centric approaches in AI development, emphasising the crucial role of data quality management. He stressed the importance of high-quality data in training AI models and suggested strengthening policy guidance to encourage data sharing among companies, particularly to benefit smaller firms and startups in AI development.
3. Cross-Border Data Flows
The regulation of cross-border data flows emerged as a complex challenge requiring international cooperation. Zhao Jingwu provided detailed insights into China’s approach, outlining four categories of rules governing cross-border data flows: general rules, rules for important data, rules for personal information, and rules for specific industries. He also mentioned a recent regulation issued in March 2024 aimed at facilitating data flows while ensuring security.
4. Corporate Data Governance Practices
Representatives from major technology companies provided insights into corporate data governance practices. Gao Huandong described Lenovo’s comprehensive data security and privacy framework, which includes a global privacy compliance system, data classification, and protection measures. Li Wen outlined ZTE’s data compliance system designed to improve efficiency, detailing their approach to data governance, risk management, and compliance with various international standards.
5. Multi-stakeholder Collaboration
Wolfgang Kleinwächter, Professor Emeritus at the University of Aarhus, emphasised the importance of multi-stakeholder collaboration in internet governance. This view was echoed by other speakers, who recognised the need for cooperation among governments, private sector entities, and civil society to address the complex challenges of data governance effectively.
Areas of Agreement and Disagreement
There was broad consensus among speakers on the fundamental importance of data governance in the digital age. All participants acknowledged the need for comprehensive frameworks to address security, privacy, and economic development concerns. However, specific approaches and priorities varied between countries and organisations.
The main areas of disagreement revolved around the level of regulation required. While China’s approach emphasises comprehensive legislation, Singapore’s evolving strategy represents a different philosophy. These differences reflect diverse regulatory landscapes and national priorities, which may complicate efforts to establish global standards for data governance.
Emerging Challenges and Future Directions
Several speakers highlighted the need to address emerging challenges in data governance:
1. AI Regulation: The rapid development of AI technologies requires new approaches to regulating training data and algorithms.
2. Data Economy: He Bo discussed data as an economic asset, citing Shanghai’s data exchanges as an example of how data can be leveraged for economic growth.
3. Data Quality Management: He Bo emphasized the critical role of data quality in AI development and the need for policies to support effective data management practices.
4. Adapting Governance Models: Kleinwächter emphasised the need for tailored governance models for specific digital issues, challenging the notion of a one-size-fits-all approach.
5. Blurring of Communication and Content Platforms: Daniel Seng highlighted the challenges posed by the convergence of communication and content platforms, necessitating new regulatory approaches.
Conclusion
The discussion underscored the complex and evolving nature of data governance in the digital age. While there is general agreement on the importance of balancing security, development, and innovation, the specific approaches vary significantly across nations and sectors. The speakers highlighted the need for continued international dialogue, flexible regulatory frameworks, and multi-stakeholder collaboration to address the challenges posed by rapidly evolving technologies and the increasing economic value of data.
As the digital landscape continues to evolve, policymakers, industry leaders, and academics must work together to develop governance models that protect privacy and security while fostering innovation and economic growth. The diversity of approaches presented in this discussion provides valuable insights for shaping future data governance strategies in an increasingly interconnected world.
Session Transcript
Tang Lei: You Sustainable development Sustainable development Sustainable development Sustainable development Net governance forum and to the day zero event on the legalization of data government data governance You He from You World Internet Conference WuZhen Summit, President Xi Jinping noted that we should see the trends of digitalization, networking and intelligentization, embrace innovation as a primary driver, uphold security as a baseline requirement, and pursue inclusiveness as a core value. Efforts must be accelerated to promote innovative, secure, and inclusive development in cyberspace, working together to usher in a brighter digital future. Today we are gathering here to jointly discuss issues related to data governance, which are of great importance. In cyberspace, China has consistently committed itself to place equal emphasis on development and security, establishing and improving the legal system for data governance. Firstly, China has enacted the cybersecurity law. data security law, and a personal information protection law, providing basic provisions for data security and personal information protection systems. Secondly, China has released the provisions for promoting and regulating the cross-body flow of data, fostering the free flow of data in a lawful and orderly manner. Thirdly, China has released several provisions on the management of automobile data security and several regulations to build the data security management systems in some key areas. Firstly, China has issued the global initiative on data security. For example, an effective utilization of network data Firstly, the regulations forward the overall requirements and the general provisions for network data security. Secondly, the regulations further specify rules concerning personal information protection. Thirdly, the regulations improve mechanisms for the management of important data security. Fourthly, the regulations enhance the provisions on security management. cross-border network data flows. In recent years, with the advancement of new technologies and applications such as artificial intelligence, the volume of data has been growing rapidly. Accompanied by escalating security risks, striking a balance between high-quality development and high-level security has become a common challenge all over the world. It has become increasingly crucial to promote data governance by law-based approaches. To address this, the following actions are necessary. Firstly, improve the legal system for data governance. Establish and improve the foundation rules for data governance and address the data security challenges brought about by the development of new technologies. Secondly, strengthens theoretical support for law-based data governance. Promote the development of the theoretical system for data governance, ensuring a notational relationship between theory and practice. Thirdly, strengthen international exchanges and cooperation on the legalization of data governance. Create a win-win international cooperation pattern for data governance. Colleagues, data governance is a shared challenge for countries worldwide. I encourage that all the guests here today to conduct in-depth discussions around relevant topics, jointly discuss the legal solutions for data governance, work together to promote the legalization of data governance. global data governance and ensure that the benefits of digital advancements are shared by people worldwide. In closing, I wish today’s event a full success. Thank you. Thank you Mr. Tang for the relevant experience of China. Now I give the floor to Professor Wolfgang Kleinwachter, Professor Emeritus at the University of Aarhus of Denmark.
Wolfgang Kleinwächter: Okay, thank you. Thank you very much and thank you for the invitation and thank you all the private administration of China for organizing this important workshop. Mr. Tang Li in his opening speech mentioned two very important concepts. One is education and the other one is collaboration. I think the whole internet is a permanent learning process, so we know more than we knew 20 years ago and we will know a lot more in 20 years from now. So it means it’s a never ending story and it will continue. And the other one is collaboration, so it means No one is able to manage all the things, you know, with one shot. So there is no silver bullet. So there is no one road. So there are many roads which has to be taken and the only way to manage all the forthcoming problems is by collaboration of all stakeholders in their respective roles. I think this is the beauty of the Internet Governance Forum. This was the beauty of the outcome of the World Summit on the Information Society 20 years ago. It was a compromise at this time. Some governments wanted to have private sector leadership. Others wanted to have governmental leadership. And the compromise was we need all stakeholders. So the Internet and all these new achievements are not for leadership. They are for collaboration. So that means we have to work hand in hand in their respective roles. Governments are different than the private sector. Technical community is different from civil society. But we can manage the problems of the future only if we work hand in hand. I think this is the big message. And I’m very happy that Mr. Tang Lai mentioned these two concepts, education and collaboration, as the main guidance. As an academic person, I’m dealing with definitions. So this is a core work of academics. And the title of this session is Legalization of Data Governance. So I want to ask what is data and what is governance? So let’s start with data. So 20 years ago, I was in another workshop where we said, okay, data is the starting point. That’s the resource. That’s the raw resource, the raw material. Data leads to information. Information leads to knowledge. And in the best case, knowledge leads to wisdom. So that’s why some people said, okay, we have, we start with the data society, then we have the information society. It was the world summit on the information society, but we have to move upwards to the knowledge society, and some people say that, and the wisdom society. This is a little bit idealistic, but as an academic person, I think I’m allowed to think in idealistic terms. But more complicated is the term of governance. So this is the internet governance forum. I think internet governance was the term we used 20 years ago, because the internet was brand new. A lot of people did not understand what the internet is. Is it a technical issue? Is this an economic issue? Is this a political issue? So it was very complex, and I was a member of this UN working group on internet governance, which was tasked by Kofi Annan to propose a definition. So just to define and to enable governments and other stakeholders to have an understanding what internet governance means. So the definition we proposed, and which is reflected in the Tunis agenda, had three main elements. The first thing is internet governance means the involvement of all stakeholders. What I said already, so it’s not only one stakeholder approach, it’s a multi-stakeholder approach. Second thing is governance means that you have to share. You have to share protocols, you have to share codes, you have to share regulations and decision making. And the third thing is we proposed a layered approach. We made a differentiation between the evolution and the use of the internet. At this time, the majority of the problems were with the technical layer, the evolution of the internet. And the use of the internet is related to the so-called internet-related public policy issues. Today, the majority of problems is on the application layer and not on the technical layer. I think a lot of issues on the technical layer have been cleared. It’s not a question anymore. So that means 20 years ago, it was a technical problem with some political implications. Today, it’s a political problem with a technical component. And this makes it rather different. So what means this governance now? I think today there is a confusion because everything is governance. We have here data governance in today’s workshop. We have internet governance. People in the cybersecurity field speak about cyber governance. We have now AI governance. We have ICT governance. We have IoT governance for the Internet of Things. So there’s a huge confusion. And what governance do you mean? Data, Internet, AI, and things like that. So I think more or less this is all the same soup because this is governance in the digital age. Governance in the digital age means you have to have a specific solution, governance model, for each of the specific issues. There is no one-size-fits-all that you say this is the governance for the data or this is the governance for AI. You have to identify the problem. What do you want to govern? What is the subject? And then to build the governance model around the system. And this is complicated because in this layered system, you have on the one hand a universal set of norms and principles and codes. The technical layer, this is one world, one Internet. But on the application layer, you have 193 national jurisdictions. So we have a problem, 193 sovereign nations, national jurisdictions, but one world. So and I think this is. a challenge that you have a contradiction and you have to manage the contradiction. You cannot settle this. So that means a settlement would mean the whole world would be ruled only by technical codes. This is an illusion. The other alternative, the whole world would be ruled only by one country. This is also an illusion. So that means you have to find a compromise. And this is the challenge. And to meet these challenges, you need more discussion, more dialogue among all stakeholders. And that’s why the Internet Governance Forum is such a wonderful platform. Thank you very much.
Tang Lei: Thank you very much, Professor Kleinwachter for your wonderful sharing. Next speaker, let’s invite Mr. Shi Jianzhong, Professor and the Vice President of China University of Political Science and Law.
Shi Jainzhong: Please. Good afternoon, ladies and gentlemen. I’m very delighted to have the opportunity to visit this ancient and magnificent city, Riyadh, to attend this panel with you to discuss the topic that is both cutting edge and challenging, namely data governance under the rule of law. As we know, the mission of law is to adjust social relations by allocating rights, obligations, and responsibility, even liability among different social entities in order to maintain the security, justice, and efficiencies of these relations. We have uttered The continuous advancement of ITCI technology is a protecting home being in the construction of digital economy, digital government, digital society. In the digital age, the subject identities of various social relations are being digitalized and datafied, such as nature firms and government departments. The behavior of various subjects are also being digitalized and datafied, such as radio consumption, digital transaction of firms, and digital government affairs. And the objects are also being digitalized and datafied, such as the digitalization and the datafication of the goods, the services, even equipment. In the digital age, the social relations are also being digitalized and datafied, such as between individuals, between firms, between individuals and firms, between individuals and governments, between firms and government departments, and among the government departments at center. Consequently, in the digital age, the mechanism, tools, and modes by which law adjusts the social relationship must be changed accordingly, which poses a lot of new challenges and opportunities. The challenges brought by digital intelligence technology to the law mainly refer to the need for the law to confront unprecedented challenges. Unprecedented new issues, such as how to configure the rights related with data, how to ensure data security, how to maintain the data sovereignty, how to make equal use of data resources, how to protect personal privacy, how to protect digital human rights, and how to regulate data processing, including data collection, storage, use, processing, transmission, provision, disclosure, and deletion. The opportunities brought by digital intelligence technology to law are primarily reflected in the fact that the digital intelligence technology can serve as a tool for the rule of law. It can be internalized and embedded in the rules of law process in real time, therefore empowering all the aspects of legislation, law enforcement, and justice, achieving a higher level of scientific legislation, strict law enforcement, and fair justice, while seeing the opportunities that digital intelligence technology brings to law is a great challenge of itself. So we must acknowledge that in the current era of rapid advancement in the AI, the challenge that the digital intelligence technology poses to the law outweighs the opportunities. Now, we can find an interesting phenomenon that is, on the one hand, digital intelligence technology is creating new legal problems. On the other hand, digital intelligence technology is helping the law to solve the problems. In other words, digital intelligence technology and the data are both objects and the tools of the rule of law. This is a special phenomenon that data governance must be aware of. Certainly, it is important to recognize that data we discussed today refers to electronic log records of information, that is electronic data. Compared to the other forms of information recording, such as paper-based terms, such as paper-based forms, electronic data has several unique characteristics, such as technical characteristics of reproducibility, economic characteristics of non-arrival, and legal characteristics of non-exclusivity. We believe that security is the prerequisite for development, and development is a guarantee for security. When it comes to the data governance, it is about both security and development. In other words, in theory, security and developing development, in other words, in theory, security and promoting development are not opposite, and this is no recognizable contradiction. As one of the goals of data governance, in theory, security means protecting individual privacy. commercial security, and national security in the process in developing and utilizing personal data, corporate data, and the government data. In this regard, the China government has enacted the co-authorization laws such as cyber security laws, personal information protection law, and data security laws. Mr. Tang Lei has already touched upon this in his speech just now, so I will not elaborate it further. As one of the objectives of the data governance, promoting development entails effectively developing and utilizing personal data, corporate data, and the government data, while protecting individual privacy, commercial security, and national security. Promoting development means make use of data and digital intelligence technology to foster technological advancement, economic prosperity, social development, and well-being of the people. From this purpose, Chinese government has also made corresponding provision in many laws, such as the civil code. Moreover, it is formulating a number of laws and regulations to facilitate development and utilization of data. For instance, the Chinese government places great emphasis on fair competition in digital economy, specifically stipulating in the anti-monopoly law that undertakings shall not use data and algorithms, technology, capital advantages, and platform rules to engage in monopolistic behavior prohibited by this law. As we know, In every country, the government holds the largest amount and the highest quality of data. If effectively developed and utilized, it can empower business developments. To this end, the Chinese government has formulated the regulation on fair competition review in accordance with the anti-monopoly law, which can guarantee fair and more discriminative exploration and utilization of government data by all type of firms. In the process of using data security and promoting development of the digital economy, Chinese law is continuously improving system and mechanism for governance, while addressing the challenges brought by digital intelligence technology. China is actively using this technology to empower the legal system. For example, China has not only established the three specialized use net codes, but also actively employs procedural rules of digital intelligence technology to enable justice. These rules include online mediation rules, online litigation rules, and online court rules, ensuring that the law is implemented more justly, efficiently, and with great integrity. In summary, data governance requires support of law and is in separate belief. Therefore, only organic integration of law and the digital intelligence technology can build more scientifically sound and reasonable structure and the mechanism for data governance and achieve positive interaction between higher. standard data security and higher quality digital economic development. Thank you.
Tang Lei: Thank you very much Professor Shi. Now let’s turn to online speaker Mr. José Roberto Andrade, immediate past deputy consul general from consulate general of the Federative Republic of Brazil, Shanghai. Please. Thank you very much. Can you hear me well?
José Roberto de Andrade Filho: Good morning. Thank you. Good morning from Brasilia. It’s a pleasure to join this event online from far away and I’m happy to see many familiar faces. First of all, let me thank the friends and authorities from the Bureau of Internet Laws and the Cyberspace Administration of China, in special Professor Wu Shenghua, with whom we have from Brazil a long time collaboration, but also my fellow speakers and authorities, Mr. Tang Lei, Professor Kleinwächter and Professor Jiang Zhong. I would like to introduce to you today some examples of how we in Brazil are working on our internal governance, on the structuring of our data environment, and also how this will serve as a support and also a way for Brazil to contribute to international, to global governance. And I liked very much as Professor Kleinwächter gave the example that, well, we have so many governances, but it’s digital age, governance in the digital age, and then we have several different approaches. The examples I will give, I could divide in first what, where are we coming from right now, late 2024? What kind of structures we have? And then I would like to speak about, well, the consolidation of our data protection law, the LGPD, and our national authority of data protection. Also, I would like to give an example as a second, number two, of our AI law, which is currently in fast development. And third, our views, our current discussion for data economy policies. So, just last month, we completed four years of the implementation of Brazil’s National Data Protection Authority, ANPD. ANPD is the most robust data authority and instance in Brazil. It was created because of the provisions that we had in LGPD, our national data law, which was approved in 2021, but has a background of discussion since 2018. Well, Brazil, as you know, is one of the 10 biggest economies in the world. Our population is one that spends most hours a day online. We are a leader in terms of users in all platforms, especially now with e-commerce, with a strong connection to Chinese companies as well. So, we are a big data producer, but also at the same time, we have in all fields of our country, especially, let’s say, in agriculture, in biodiversity. So, we are a big data producer, but also at the same time, we have in all fields of our country, especially, let’s say, in agriculture, in biodiversity. a wealth. I always compare that to the Amazon forest. We have an Amazon forest of data, of wealth. So it’s our duty to organize internally and promote development and new internal governance, I would say, but that reflects our values. So one key element that I would say, even before I dip into the three examples, all discussions in Brazil are very much permeated by inclusion. So we have private sector, civil society is a strong player in all discussions regarding our data laws and our frameworks, and also the need to have people at the center, the human beings at the center. As Professor Wu-Sheng Kuo also said, well-being and development. So inclusion, people, human values at the center, and development and well-being. That is very much the spirit, and we can find many of these provisions at LGPD, as I said four years ago, and now with the National Data Protection Authority. A report, a very extensive report has just been published. It’s available online, but unfortunately so far only in Portuguese, but I hope very soon in English as well, which gives a full vision of how ANPD, our national authority, has been working. First in giving guidance and recommendations, and let’s say soft norms as well, to private sector and data actors. I mean companies and public institutions and others. So ANPD has been working actively and has already consolidated. in line with other exchanges, with other legal environments abroad, but has consolidated a robust set of norms and also publications for guidance for our data players or actors. At the same time, we have, at the National Data Authority, improved the number of people. We are still building the capacity. Currently, ANPD, according to the report, has 150 employees. We still don’t have a career of specialized people inside the agency, but the idea is to further professionalize that. And I would say ANPD is our main vehicle for implementation of data policies in Brazil. And also, as one of its reports, we call it international data transfers, or, well, very much like the cross-border data transfer that is at the center of many discussions. So this is the key platform for us to establish international cooperation. At the same time, number two, we have just, five days ago, approved at the Senate, Brazil legislation has two levels, the Senate and the House of Representatives, we have just approved the new project for AI law. This is the result of years of discussion, which, if we see in the timeline, has increasingly absorbed and included new actors, especially civil society. Now, it has had a very strong contribution. One of the key aspects, let me say, is… For example, the use of copyright material for training models. Our artistic and writers associations have been very, very active and we don’t expect to have a final model. I think right now, nobody can expect to have a final model. Of course, because the AI environment is a fast-changing one. But we do want to have something that reflects our values and is operational. The AI law will now go to the House of Representatives. For further consolidation, there might be some modification, but we expect that in the course of 2025, we will have another tool, another legal framework together with the data protection law from 2021, that will give more robust legal framework for us internally to organize ourselves, this wealth of data, but also to promote our international cooperation. As a third level that I would like to enhance, our Ministry of Industry, and this is very much connected with all the international collaboration, has already started organizing a future of coming public consultation for a national data economy policy. This is very much aligned with what we see in other countries of using data, unlocking the power of data, unlocking the value of data to promote, well, economic competitiveness, better products, better business models. But also, as I said in the beginning, oriented, aimed at people-centered, development and reflecting values. So, this is the very early stage of consultations. We will soon have something published and in the press, but it has been announced already that from the industry part, and this is very important now, especially, I would say, with China as one of our main investors in Brazil, but also the just-celebrated Mercosur, our trade bloc in South America, agreement with the European Union for us to attract new business or partnerships and the data economy policy promises a lot of future, let’s say, potential and very good results as well. We have to discuss a lot of, I would say, elements that will serve as base for this data economy development. In China, for example, you have Shanghai Data Exchange and the local data exchanges all over. That is a fantastic example of how data assets can generate value even being, as I saw in Shanghai, data can be declared in the balance sheet of companies. So, this is one very good example. We will certainly take into account all international experiences. We aim at having more and more delegations traveling and learning about the experience not only of China, but also European Union and other partner countries. But I see a very positive horizon. This is, I would say, is more medium and longer term, but a very positive horizon. element as well. So in conclusion, I don’t want to extend my time, although I think we can have an extensive discussion and very productive. These three elements, the consolidation and strengthening of our National Data Authority, the coming approval of our AI law, which I mean with flexibilities to be adapted, to be in line with what we have to be prepared for, and always people-centered, with a vision of protection of vulnerable groups, rights, promotion and protection of human rights in the digital space, and our coming economic-oriented, with competitiveness, national data economy policy. I think these three levels can give a very good vision of how Brazil is moving. Of course, as a diplomat, to conclude, I would say Brazil is very active, has been very active, and will be, will continue to be very active in engaging to promote an organized order that we have to build in collaboration, government to government, government within international organizations, and I congratulate all of you for organizing and participating on events like this, where we have the opportunity to exchange and share, and including other key stakeholders, like civil society and private sector. Thank you very much, and I look forward to to participate further in the discussions and benefit from this
Tang Lei: event. Thank you. Many thanks for Mr. Chou Hsien, which provides us with a new perspective. Thanks again for all speakers of the first session. Next is the second session of roundtable discussion. Now, let’s welcome Mr. Daniel Sun, Director of Center for Technology, Robotics, Artificial Intelligence and Law Studies, National University of Singapore. Can everyone hear me? Yes, we can hear you. Thank you very much.
Daniel Seng: First, I’d like to thank Professor Wu from the Beijing Normal University for this very kind invitation, as well as the UN Internet Governance Forum and the Cyberspace Administration of China. It is a privilege to share with you Singapore’s approach towards Internet governance. And in fact, as you will hear from my presentation later, it is a fast-evolving one that is also adapting to the vicissitudes of the recent uses of the Internet and the problems that it poses. I propose to start by first outlining some basic principles that set the stage for the approach to the governance of the Internet in Singapore. First, Singapore is an open society. We have done our growth through trade, finance, multiculturalism and multilateralism. And in fact, Singapore is one of the most connected countries in the world. 93.2% of our residents have broadband and up to 166% of our population have mobile phones. I was really puzzled by this number until I realised that there are six phones amongst the four family members that I have. So this statistic is indeed true. Furthermore, we have been a firm believer in the free and open access to information, which we believe are key to education, research and innovation. So one of the underlying premises behind our concepts towards internet governance is that fundamentally don’t believe in the monitoring of user access to information. But at the same time, there has to be some minimal light touch across the board content regulation approach that has to be adopted for all information that is accessible in Singapore. So since 1996, we have regulated content providers via something called an internet code of practice. The way the internet code of practice works is that it defines a category known as prohibited materials. These are materials defined to be contrary to public interest, public morality, public order, public security and national harmony or prohibited by applicable Singapore laws in Singapore’s multicultural society. As you can see, the focus is on the fact that as a multicultural society, we have to take steps, sometimes serious ones to ensure that our multicultural society is stable and it’s not disturbed. So some of the factors taken into account in prohibiting material that can be accessed in Singapore include pornography, materials pertaining to sexual violence, materials pertaining to extreme violence or cruelty and materials that end to incite ethnic, racial or religious hatred, strife or intolerance. Having given ourselves a very broad definition of prohibited materials, in practice, our internet service providers only restrict access to about 200 mass impact websites and prevent these. websites from being accessed in Singapore. From our research, most of these prohibited websites are pornographic in nature, and others pertain to content that are harmful to Singapore’s racial or religious harmony or against national interests. As far as our internet content providers are concerned, we encourage them to exhibit or exercise self-regulation by not hosting fora and programs that contain prohibited material, and where the content pertains to news websites and political websites, we require these websites to be registered. So as you can see, the level of internet regulation for these internet content websites is largely minimal. That was until recently. In 2022, we discovered that there is a growing phenomenon where the internet websites are blurred in their usage in that we can have online communication service providers that also provide content, which are done essentially by point-to-point and point-to-multipoint communications. If I describe to you social media services for communications, such as those done by Facebook, TikTok, X, and YouTube, you understand what I mean, because many of these platforms are designed to actually communicate from individual to individual, sometimes harmful and inappropriate content. To deal with this situation, we passed a new law in 2022 called the Online Safety Miscellaneous Amendments Act to address this category of harmful and inappropriate content, which we define to include sexual content, violent content, suicide and self-harm content, cyber-bullying content, content endangering public health, and content facilitating vice and organized crimes. These platforms that I… discussed under our new laws are required to establish content rules and employ content moderation to filter out such content, especially protect children from accessing such content. Users are also empowered to report the availability of such content to the authorities and these websites are required to publish their annual online safety reports to show that they have complied with laws. The COVID incident at the turn of the decade has given rise to a new phenomenon called online falsehoods and to deal with this particular problem we had to enact one particular piece of legislation to deal with this and this is where there are online falsehoods that contain false statements of facts or misleading information that have a tendency from a public interest perspective to affect public health, safety, tranquility, public confidence, public finances, preventing ill will between different groups, preventing the influence on elections, the security of Singapore and relations with other countries. This piece of legislation that we enacted called the Protection from Online Falsehoods and Manipulation Act of 2019 or POFMA in short, is designed to allow the government to respond by issuing what are known as correction notices to counteract these posts. Companies that post these posts are required to also post the Singapore government’s correction notices to counteract the falsehoods that are contained in these posts. The advantages of such a mechanism are that because we do not go through the courts but go through a government system, the response of the government can be very fast sometimes within a matter of hours or days and the design really to combat serious falsehoods such as falsehoods arising from the COVID-19 incident and various other falsehoods claimed against against government ministers, institutions, and policies. You can find a vast majority of these correction notices targeted at Facebook content posted by users. In another recent initiative in this regard, we have enacted two additional pieces of laws to deal with the issue of harassment and online crimes. I’ll focus on the Online Criminal Harms Act of 2023, where in essence, we enacted this new piece of law to deal with online child sex exploitation, job investment, product scams, and phishing attempts. Under this new law, directions can be issued by the government authorities to various online service providers where there is a reasonable suspicion that there is some kind of online activity perpetuated on the online service providers, services, or content in furtherance of a commission of an offense. So for instance, if there is a post page that is used for phishing or other types of scams, the authorities can issue orders to the online service providers to block the content, to disable the content, or to prevent the content from being accessed by people in Singapore. Last but not least, on the issue of personal information and cybersecurity, we have, as many other countries in the world, a Personal Data Protection Act that seeks to regulate the collection, use, and disclosure of personal data by organizations, and it recognizes the rights of individuals to protect their personal data, especially in the online environment. The act also regulates the cross-border data flows that will pertain to Singapore as a trading hub and exchange of data between Singapore and other countries in the world, as well as a cybersecurity act that is designed to preemptively prevent. manage and respond to cyber security threats and incidents by also regulating owners of critical information infrastructure. So in conclusion, Singapore’s experiences in this regard have been largely as a result of our experiences from initially starting with a minimal platform for regulating content online by way of prohibited materials, but as online platforms develop and evolve into communications platforms to enable private individuals to communicate, we have to expand our concept of regulation to include harmful and inappropriate content, such as content that promotes suicide and self-harm or cyberbullying, to ensure that our masses are protected. At the same time, we have to update our laws to deal with online falsehoods and also to protect personal data and cyber security. But amongst all these regulations that are put in place, it is still very important for the government to put in place various public education measures to educate the public on both the advantages and disadvantages of accessing information online and to teach its population to be discerning in its proper use of information. So on that note, thank you very much, and I look forward to the opportunity to hear from the other speakers in our course to learn about developments around the world. Thank you.
Tang Lei: Thank you, Professor Daniel, for your wonderful words. Now I give the floor to the next speaker, Mr. He Bo, Director of Research Center for Internet Law, China Academy of Information and Communication Technology.
He Bo: Thank you. Good afternoon, everyone. I’m He Bo from China Academy. Academy of Information and Communication Technology. Thanks for the invitation of Cyberspace Administration of China. I’m so delighted to participate in today’s discussion. Just now, we have several professors mentioned that we should find out the specific issues of data governance. So today, I would like to discuss the design of legal system for data governance in the era of artificial intelligence. As we know, with the fast development of the wide application of AI technology, data has become the most important factor. When we come into the era of large language model, which also called LLM, the development of AI is shifting from being model-centric to data-centric. And data resources have become the most core and fundamental elements in the development of AI. In order to promote the health development of AI, it is particularly important to build a more suitable system. However, the breakthrough development of AI technology, as actually we know, the AIGC, has posed a huge demand for high-quality data. But the existing data governance rules and regulations have not been adjusted in time, which leading to issues such as data in and difficult to restrict the development of AI technology and industry. Facing the development needs of the new generation of AI, we should promote, adjust, and improve the relevant legal rules. Firstly, it is necessary to improve the data security rules to resolve the problem of data being unusable. During the fast development of AI, the legal use of data has become an issue that urgently needs to be resolved. Laws and regulations around the world are just now… professor from Singapore also mentioned that many laws have made clear provisions regarding data security protection, data collection, and data use. For instance, many laws prohibit any individuals or organizations from engaging in activities that endanger cybersecurity, such as stealing data online. The GDPR of the EU, among others, also has clearly defined the legal basis for processing personal data. However, with the rapid development of AI technology, issues such as the lawful use of public or available personal information have become a very important question. But the relevant rules have not been adjusted at the same time, which means the LRM may face legal problems with using data. For example, it is still unclear whether we’re using public or available personal information as a training data for LRM is legal or not. Therefore, it is recommended to further improve the system for the reasonable use of data. The mirror clarifies whether it is legal to use public personal information as training data, formulating rules, standards, and guidelines for personal information protection issues in different stages, such as the training, generation, and application of large language models. Secondly, it is essential to establish the comprehensive rules for data sharing and circulation to resolve the use of data being insufficient. Only when data circulates can value be created, and it is also an important way for LRM companies to get data. Data sharing and circulation are the key to unlocking the value of data. However, At present, we can see there are still problems in aspects such as data sharing, data training, and data openness. For example, there is a lack of effective, insensitive mechanisms for data sharing among companies, which limits the ability of small companies to access data. Many leading AI companies, they are also the traditional large Internet companies or the big platform companies. They have a large amount of data resources through their existing Internet service and they use their own data to train models, thereby they can form a competitive advantage in their development. But some AI companies restrict other small companies from accessing and using their data, which may become a barrier for start-up companies and small companies. To solve this issue of insufficient data resources, it is recommended to strengthen the policy guidance, encourage and support leading companies to open and share the valuable data. Meanwhile, it is also recommended to open and share valuable data. Thirdly, improve the quality management tools to resolve the problem of data being inefficient. Data quality directly determines the development level of AI, and high-quality data is the core for improving the accuracy, stability, and interoperability of models. High-quality data sets can help large AI models gain a deeper understanding of different concepts, semantics, and grammatical structures, which can significantly enhance the value of large models. Currently, the requirements for data quality management mainly focus on industry-solved norms, while the relevant laws and regulations don’t have much progression on data quality. data quality. To some extent, this has affected the equality and efficiency of the training of the large language models. Therefore, it is recommended to build and improve the rules for the quality management of training data, formulate data quality management standards and reframe the specific requirements for training data in terms of accuracy, objectivity and diversity. That’s all my speech. Thank you and have a nice day.
Tang Lei: Thank you, Mr. He. Now, let’s turn to Mr. Zhao Jingwu as associate professor at law school of Beihang University. Please. Good afternoon, distinguished guests. It’s my honor to have the opportunity to give a
Zhao Jingwu: little speech here. I’m Zhao Jingwu from Beihang University. What I would like to talk today is a small question. It’s how to ensuring the security of cross-billion data flow through the legal instruments. Well, cross-billion data flows is not just a matter of domestic data security regulation and the commercial utilizations. But it’s also a complex issues that affect the promotion of global digital economy. Well, in recent years, we can see that more and more countries, religions and the international organizations, well, including China, have tried to explore the safe and the trustworthy model for cross-billion data flow through domestic legislations. So, however, at the same time, there are also many controversies need to be solved urgently. In this context, China has development the promoting of governance path of cross-billion data flows. However, there is a misleading in the international governance activities, which is to encourage the cross-billion data flow without restriction. Perhaps their original intention was to achieve a border and more efficiency data flow effect. But the key is they fail to understand the relationship between the security and the data flows. It’s worth mentioning that in the Article 1 of data security law in China, the government’s idea of data is to ensure data security and promoting data development and utilization. Well, in summary, it means that we should pay equal attention to the safety and the utilizations. So, we agree that when they pursue cross-border data flows without paying attention to the data security, not only fail to realize the exchange value of data, but also it’s a broadly security risk such as data linkage and theft. These kinds of situations may happen in the future. So, in the international communities, there is also a view that China follows a data controlism path, which essentially politicalize the issues of the data securities. That is because we don’t have a unified standard for the international cross-border data flows around the world, while modernization corporations always have to comply with the different domestic laws and the international agreements. So, there is no denying that the international data security and the personal privacy generally recognize the first and the primary premise for the cross-border data flows. So, furthermore, across the global, we can see that there is no country allowed cross-border data flow without any conditions. So, in most countries, domestic law put data security or national security at the first and the important part. So, what I want to emphasize is that China’s instance on the open and comprehensive governance model for cross-border data flows is not an empty word. China’s domestic law has clearly defined four categories of rules for the cross-border data flows, which include security assignment of outbound data transfer, standard contract for the cross-border transfer of personal information, and the third-party security certifications, and special rules for the personal and other species of special areas. So all above these rules are supported by the comprehensive law and regulations. So in March 2024, China issued a regulation on promoting and regulating cross-border data flows. This purpose is to formulate the regulation that further clarifies the applicable laws in the professing of cross-border data flows. And further, it’s mentioned how to promote the orders of free flows on the data. Regulating cross-border data flows, such as a lot of conditions were considered in this area. So we considered the international trade, cross-border transportation, and academic corporations, and others like manufacturing and areas. So China also released the global data cross-border flows cooperation controversy this year. So this document clarifies China’s position and how to some more useful solution to solve this kind of problems. So in order to truly and efficiently resolve the institutional conflicts, we have enhanced the trustworthiness and the confidence of multi-parties in carrying out international data cooperations. So China’s supervision system for the cross-border data flows is not just an empty word, and it’s not just simply to restrict data export. But we can see that it is also trying to make a better protect and promoting data area export. So China’s legislation has established a diverse channel for cross-border data flow, just as I mentioned before. It’s not just only trying to catering the market demands of a value industry and enterprise. So finally, I hope we can reach a consensus. that in the future, that the governance of cross-border data flow cannot ignore the data security, nor can we set too many restrictions for our securities. So this concept for the security and the utilizations, is in China data governance system is both two important part. So I think in the future, we will find a wisdom and approaching way to solve the problem of cross-border data flows. That is all I want to say, thank you. Thank you, Professor Zhao, for your wonderful insights sharing. Now I give the floor to the next speaker, Mr. Gao Huandong, Vice President of Lenovo Group, please.
Gao Huandong: Thank you, Professor Wu. Distinguished fellow speakers, guests, ladies and gentlemen, good afternoon. I’m Gao Huandong from Lenovo Group. It’s my great pleasure and honor to participate in this forum with the theme on legalization of data governance. The year of 2024 marks the 10th anniversary of Chinese President Xi’s proposal for the strategy of building China as a great cyber state. Looking back over the past decade, the internet and the digital economy has flourished and become an important engine on social progress and economic development, both in China and around the world. We have realized that the high-quality data governance is essential to the high-quality development of the digital economy, and compliance is the foundation of data governance. Therefore, Lenovo Group has made tremendous efforts in data security and privacy protection over the last few years. Today, I would like to quickly share Lenovo’s practice in data security and privacy protection in China for further discussion with experts presented today. Lenovo China’s data security and privacy governance framework basically consists of five building blocks. One is governance structure, the second is process and guidelines, and the third is key work streams, and the fourth is how we use technology to safeguard data security and privacy. And the fifth is cultural awareness and internal education. This framework is in line with Lenovo’s strategy, smart AI for all, and it reflects our mission in data security and privacy governance, security for the future. Our first building block is so-called governance structure. Why? Simply because data security and privacy protection for a company like us has more than 1,000 employees. It’s an astonishing and a giant project. How to deal with this resource issue? We set up a Lenovo China data security and privacy protection committee as a virtual team since the end of 2021 under the leadership of the Lenovo China security committee. This virtual team has three standing sub-committees, namely data security team, privacy compliance team, and the data cross-border transport team for collective decision-making, and another one ad hoc emergency response team forming this so-called three plus one structure. The committee has adopted its bylaw and all of our operational activities are strictly in compliance with the bylaw, and the committee normally has a bi-monthly committee to discuss important issues and drive collective efforts for critical projects. Key to success of this committee is the cross-functional collaboration. Up to now, the committee has more than 200 representatives or focus, serving as ambassadors of more than 40 internal business units and functions. The committee also trained over more than 100 data compliance specialists as the frontline compliance team. And the committee has been coordinating and working closely with the China ESG Committee and AI Compliance Committee, both of which I’m also driving in China. Let’s move to the second building block, process and guidelines. Based on national legislation, administrative regulations, and a number of group policies, our committee has drafted and issued more than 40 guidelines and playbooks covering eight practical areas, for example, data cross-border transfer, data categorization and classification, and AI compliance, et cetera. The guidelines and playbooks helped us to implement detailed rules in routine data security and privacy protection governance on a daily basis. Our third building block is about five work streams of the committee, which we normally roll out annually. The first three are initiated at the forefront and will be deep-dived continuously. Among these three work streams, data inventory mapping is the cornerstone, and data cross-border transfer is the key challenge. Privacy protection is always our top priority. At the same time, we are exploring and navigating another two new work streams. One is AI data security governance, and the other is how to utilize data as an asset. These two issues are also very hot topics in this forum. The fourth building block of our data security and privacy protection governance is how to use technology. to safeguard data and privacy efficiently. I only take one example, the AI guardrail tour developed by Lenovo. This picture illustrates how this tour works in large-language model scenario. In enterprise privacy domain, the guardrail can identify more than 17 types of personal identifiable information and the sensitive personal information in order to block them from inputting to the larger-language model and protect our customers’ privacy. This tour can also realize the identification and the rejection of data on the basis of self-defined keywords. Last but not least is the culture awareness and the internal education. Lenovo has established a training program of data compliance specialists, all of whom come from the business team. The training program is a closed loop with four steps. The committee will train more than 100 specialists by providing a series of professional courses on data security governance and the five work streams of the committee. Then the specialists practice relevant rules in their daily work while they have learned in step one. Then the committee will randomly check and inspect what they have implemented in practice and provide improvement otherwise. The last step is to recognize and award those specialists who contribute significant to the committee. So what I just mentioned is the primary governance framework and the practice of Lenovo China data security and privacy protection. Again, we as a China-based multinational company and a leading technology company are very honored to have this opportunity to share our thoughts and practice. on data security and privacy governance, and our AI for All strategy. Companies’ internal data governance should be strictly in compliance with the rule of laws, both in China and other jurisdictions, to ensure the products and services we provide are secure, reliable, and trustable. We have been learning from international advanced data governance experiences and best practices on one hand. On the other hand, we will continue striving for a more rule-of-law approach, thereby contributing to the healthy and sustainable development of the global digital economy. That’s all, and thank you for listening. Thank you very much, President Gao. Now, let’s turn to Mr. Li Wen,
Li Wen: Vice President of ZTE Corporation, please. Thank you, Professor Wu. Distinguished guests and experts, good afternoon. I am Li Wen from ZTE Corporation. It is a great pleasure to share with you the practice and exploration of ZTE’s data compliance governance at this meeting. Thank you for your trust and support. In the last few years, the new generation of information technology, such as cloud computing, big data, and AI, have promoted and integrated each other. And fields like smart cities, smart transportation, and smart medical care have developed rapidly, and the human society is moving towards a better future of digital intelligence. As a global leading provider of comprehensive communication solutions since 1985 and serving customers in more than 160 countries and regions worldwide, CTE will always adhere to its vision of to enable connectivity and trust everywhere. In 2016, CTE had launched a comprehensive digital intelligence transformation from process driven to data driven, and we are dedicated to build an automated cloud-fired company with a fully cloud-based, intelligent, and lightweight workflow. Releasing the value of data is a key element of corporate innovation, development, and management in the digital intelligence era. The premise is to ensure data security and compliance. After the effect of GDPR in the EU in 2018, more than 160 countries or regions in the world have formulated data protection laws and regulations, and China has also established the data protection legal framework with three laws of the cybersecurity law, the data security law, and the personal information protection law at the core. Against this background, CTE attached great importance to data security and privacy, and privacy protection strictly abides by the relevant laws and regulations, and the continuous implementation of data-comprised governance and the devote to… forming a virtual circle of value creation for compliance. The construction of DTS data compliance governance system follows the risk-oriented methodology. It is based on management commitment, staffing and organizational structure, and is carried out in six aspects, including the establishment of system and rules, risk monitoring, risk assessment, personnel training, security audits, and incident response to ensure data compliance of business activities. For example, as we know, cross-border data transfer is the high-risk data processing activities. CTE is one of the first batch of the companies in China to apply for data export security assessment according with the relevant national requirement. And in early this year, 2024, we obtained the approval from the Cyberspace Administration of China for the export of the reported personal information. CTE has conducted a special audit on the implementation of its signed data transfer contract to evaluate and verify the effectiveness of the company’s cross-border data compliance program. In order to further improve the efficiency and the quality of data compliance management, DTS developed a data compliance system which integrated the Privacy Center APP, Privacy Compliance Scanning, Data Protection Impact Assessment, the Data Leakage Response, and so on. This data compliance system can display the data compliance management in real-time and dynamically and realize the data compliance management. digitization, and also to provide a practical basis for the data intelligence transformation of companies’ comprise management. CTE continues to pay attention to authoritative certification for data security and personal information protection. Currently, all related products and services have been certified by ISO-IEC 27701, 2019’s Privacy Information Management System, European ePrivacy, and U.S. Trusted Certification, which indicates that CTE has reached the international advanced level in privacy protection technology and management ability, and is able to help global customers enter the area of digital intelligence more comfortably. In recent years, China has stepped up its efforts to cultivate and build a market of data elements, which put forward high requirements for the data compliance management of enterprises, and it is necessary for enterprises to adjust the strategy and key points of data compliance management dynamically according to the change of legislation, policies, and business development. On the one hand, enterprises still need to perfect its data compliance management system continuously. On the other hand, they also need to pay more attention to the new data compliance challenges that face the digital intelligence era, such as AI training data security compliance, algorithm governance, data transaction compliance, data competition compliance, and so on. 2024 is the year of the deepening development of China’s digital economy, and also a year for ZTE’s data-comprised governance to move forward steadily. In the coming 2025, ZTE will stick to its role as the driver of the digital economy, fully promote the deep integration of data intelligence business development and data-comprised, and contribute wisdom to a better digital intelligence society. The above is my sharing today. Thank you for listening.
Tang Lei: There will be more opportunities and more chances to deepen our insights sharing in the next steps, not only for the legal system, but also for the so-called legal ecology. So thank all of you, and today we stop here. See you next time. Thank you.
Tang Lei
Speech speed
99 words per minute
Speech length
776 words
Speech time
467 seconds
China’s data governance framework emphasizes security and development
Explanation
Tang Lei outlines China’s approach to data governance, which focuses on both security and development. This framework is implemented through various laws and regulations.
Evidence
China has enacted the cybersecurity law, data security law, and personal information protection law, providing basic provisions for data security and personal information protection systems.
Major Discussion Point
Data Governance Approaches and Challenges
Agreed with
Wolfgang Kleinwächter
Shi Jainzhong
Jose Roberto de Andrade Filho
Daniel Seng
He Bo
Zhao Jingwu
Gao Huandong
Li Wen
Agreed on
Importance of data governance in the digital age
Differed with
Daniel Seng
Differed on
Approach to data governance
Wolfgang Kleinwächter
Speech speed
140 words per minute
Speech length
1082 words
Speech time
461 seconds
Multi-stakeholder collaboration is key for internet governance
Explanation
Kleinwächter emphasizes the importance of collaboration among all stakeholders in their respective roles for effective internet governance. He argues that no single entity can manage all aspects of internet governance alone.
Evidence
He cites the outcome of the World Summit on the Information Society 20 years ago as an example of this collaborative approach.
Major Discussion Point
Data Governance Approaches and Challenges
Agreed with
Jose Roberto de Andrade Filho
Zhao Jingwu
Agreed on
Need for collaboration in data governance
New technologies require updates to existing data governance rules
Explanation
Kleinwächter points out that the rapid advancement of new technologies necessitates updates to existing data governance rules. He suggests that the current governance landscape is complex and evolving.
Evidence
He mentions various forms of governance such as data governance, internet governance, cyber governance, AI governance, and ICT governance.
Major Discussion Point
Emerging Challenges in Data Governance
Agreed with
Tang Lei
Shi Jainzhong
Jose Roberto de Andrade Filho
Daniel Seng
He Bo
Zhao Jingwu
Gao Huandong
Li Wen
Agreed on
Importance of data governance in the digital age
Shi Jainzhong
Speech speed
98 words per minute
Speech length
1056 words
Speech time
642 seconds
China has enacted cybersecurity, data security and personal information protection laws
Explanation
Shi Jainzhong discusses China’s legal framework for data governance. He highlights the enactment of key laws to address various aspects of data security and protection.
Evidence
He specifically mentions the cybersecurity law, data security law, and personal information protection law as core components of China’s data protection legal framework.
Major Discussion Point
Legal Frameworks for Data Governance
José Roberto de Andrade Filho
Speech speed
112 words per minute
Speech length
1528 words
Speech time
815 seconds
Brazil is developing data protection laws and AI regulations
Explanation
Jose Roberto de Andrade Filho outlines Brazil’s efforts in developing comprehensive data protection laws and AI regulations. He emphasizes the country’s focus on creating a robust legal framework for data governance.
Evidence
He mentions the recent approval of an AI law project in the Senate and the ongoing development of a national data economy policy.
Major Discussion Point
Data Governance Approaches and Challenges
Agreed with
Tang Lei
Wolfgang Kleinwächter
Shi Jainzhong
Daniel Seng
He Bo
Zhao Jingwu
Gao Huandong
Li Wen
Agreed on
Importance of data governance in the digital age
Brazil’s data protection authority is consolidating implementation of data laws
Explanation
Andrade Filho discusses the progress of Brazil’s National Data Protection Authority (ANPD) in implementing data protection laws. He highlights the authority’s role in providing guidance and recommendations to data actors.
Evidence
He mentions that ANPD has been operational for four years and has published an extensive report on its activities.
Major Discussion Point
Legal Frameworks for Data Governance
Agreed with
Wolfgang Kleinwächter
Zhao Jingwu
Agreed on
Need for collaboration in data governance
Daniel Seng
Speech speed
132 words per minute
Speech length
1449 words
Speech time
654 seconds
Singapore uses a light-touch approach to content regulation
Explanation
Daniel Seng describes Singapore’s approach to internet content regulation as minimal and light-touch. He explains that while Singapore is an open society, it maintains some level of content regulation to ensure stability in its multicultural society.
Evidence
He mentions that internet service providers only restrict access to about 200 mass impact websites, mostly pornographic in nature.
Major Discussion Point
Data Governance Approaches and Challenges
Differed with
Tang Lei
Differed on
Approach to data governance
Singapore has laws addressing online safety, falsehoods and criminal harms
Explanation
Seng outlines Singapore’s legal framework for addressing various online issues. He discusses recent laws enacted to deal with harmful content, online falsehoods, and online criminal activities.
Evidence
He mentions the Online Safety Miscellaneous Amendments Act of 2022, the Protection from Online Falsehoods and Manipulation Act of 2019, and the Online Criminal Harms Act of 2023.
Major Discussion Point
Legal Frameworks for Data Governance
Agreed with
Tang Lei
Wolfgang Kleinwächter
Shi Jainzhong
Jose Roberto de Andrade Filho
He Bo
Zhao Jingwu
Gao Huandong
Li Wen
Agreed on
Importance of data governance in the digital age
He Bo
Speech speed
127 words per minute
Speech length
837 words
Speech time
395 seconds
Data quality management is crucial for AI development
Explanation
He Bo emphasizes the importance of data quality management in AI development. He argues that high-quality data is essential for improving the accuracy, stability, and interoperability of AI models.
Evidence
He suggests building and improving rules for the quality management of training data and formulating data quality management standards.
Major Discussion Point
Data Governance Approaches and Challenges
Agreed with
Tang Lei
Wolfgang Kleinwächter
Shi Jainzhong
Jose Roberto de Andrade Filho
Daniel Seng
Zhao Jingwu
Gao Huandong
Li Wen
Agreed on
Importance of data governance in the digital age
AI development is shifting from model-centric to data-centric approaches
Explanation
He Bo discusses the shift in AI development from being model-centric to data-centric. He argues that data resources have become the most core and fundamental elements in AI development, particularly with the advent of large language models.
Evidence
He mentions the emergence of AIGC (AI-generated content) and the increasing demand for high-quality data in AI development.
Major Discussion Point
Emerging Challenges in Data Governance
Zhao Jingwu
Speech speed
139 words per minute
Speech length
826 words
Speech time
354 seconds
Cross-border data flows require balancing security and utilization
Explanation
Zhao Jingwu discusses the need to balance data security and utilization in cross-border data flows. He argues that China’s approach to cross-border data flows emphasizes both security and development.
Evidence
He mentions China’s regulation on promoting and regulating cross-border data flows issued in March 2024.
Major Discussion Point
Data Governance Approaches and Challenges
Agreed with
Tang Lei
Wolfgang Kleinwächter
Shi Jainzhong
Jose Roberto de Andrade Filho
Daniel Seng
He Bo
Gao Huandong
Li Wen
Agreed on
Importance of data governance in the digital age
Cross-border data flows pose complex regulatory challenges
Explanation
Zhao Jingwu highlights the complexity of regulating cross-border data flows. He argues that there is no unified standard for international cross-border data flows, leading to challenges for multinational corporations.
Evidence
He mentions that most countries prioritize data security or national security in their domestic laws regarding cross-border data flows.
Major Discussion Point
Emerging Challenges in Data Governance
Agreed with
Wolfgang Kleinwächter
Jose Roberto de Andrade Filho
Agreed on
Need for collaboration in data governance
Gao Huandong
Speech speed
127 words per minute
Speech length
1010 words
Speech time
476 seconds
Lenovo has implemented a comprehensive data security and privacy framework
Explanation
Gao Huandong outlines Lenovo’s data security and privacy governance framework. He explains that the framework consists of five building blocks to ensure comprehensive data protection and compliance.
Evidence
He describes the five building blocks: governance structure, process and guidelines, key work streams, technology safeguards, and cultural awareness and internal education.
Major Discussion Point
Corporate Data Governance Practices
Agreed with
Tang Lei
Wolfgang Kleinwächter
Shi Jainzhong
Jose Roberto de Andrade Filho
Daniel Seng
He Bo
Zhao Jingwu
Li Wen
Agreed on
Importance of data governance in the digital age
Li Wen
Speech speed
103 words per minute
Speech length
779 words
Speech time
450 seconds
ZTE has developed a data compliance system to improve efficiency
Explanation
Li Wen discusses ZTE’s efforts in developing a data compliance system. He explains that this system integrates various data protection and privacy management tools to improve efficiency and quality of data compliance management.
Evidence
He mentions that the system includes features such as Privacy Center APP, Privacy Compliance Scanning, Data Protection Impact Assessment, and Data Leakage Response.
Major Discussion Point
Corporate Data Governance Practices
Agreed with
Tang Lei
Wolfgang Kleinwächter
Shi Jainzhong
Jose Roberto de Andrade Filho
Daniel Seng
He Bo
Zhao Jingwu
Gao Huandong
Agreed on
Importance of data governance in the digital age
Agreements
Agreement Points
Importance of data governance in the digital age
Tang Lei
Wolfgang Kleinwächter
Shi Jainzhong
Jose Roberto de Andrade Filho
Daniel Seng
He Bo
Zhao Jingwu
Gao Huandong
Li Wen
China’s data governance framework emphasizes security and development
New technologies require updates to existing data governance rules
Brazil is developing data protection laws and AI regulations
Singapore has laws addressing online safety, falsehoods and criminal harms
Data quality management is crucial for AI development
Cross-border data flows require balancing security and utilization
Lenovo has implemented a comprehensive data security and privacy framework
ZTE has developed a data compliance system to improve efficiency
All speakers emphasized the importance of data governance in the digital age, highlighting the need for comprehensive legal frameworks, balancing security and development, and addressing emerging challenges.
Need for collaboration in data governance
Wolfgang Kleinwächter
Jose Roberto de Andrade Filho
Zhao Jingwu
Multi-stakeholder collaboration is key for internet governance
Brazil’s data protection authority is consolidating implementation of data laws
Cross-border data flows pose complex regulatory challenges
These speakers emphasized the importance of collaboration among various stakeholders, including governments, private sector, and civil society, in addressing data governance challenges.
Similar Viewpoints
Both speakers highlighted China’s comprehensive approach to data governance, emphasizing the enactment of key laws to address various aspects of data security and protection.
Tang Lei
Shi Jainzhong
China’s data governance framework emphasizes security and development
China has enacted cybersecurity, data security and personal information protection laws
Both speakers from major Chinese technology companies discussed their organizations’ efforts to implement comprehensive data governance and compliance systems.
Gao Huandong
Li Wen
Lenovo has implemented a comprehensive data security and privacy framework
ZTE has developed a data compliance system to improve efficiency
Unexpected Consensus
Balancing data utilization and security
Tang Lei
Zhao Jingwu
He Bo
China’s data governance framework emphasizes security and development
Cross-border data flows require balancing security and utilization
Data quality management is crucial for AI development
Despite representing different sectors (government, academia, and industry), these speakers all emphasized the need to balance data utilization for development with ensuring data security, showing a surprising alignment across different stakeholders.
Overall Assessment
Summary
The speakers generally agreed on the importance of comprehensive data governance frameworks, the need to balance security and development, and the challenges posed by emerging technologies and cross-border data flows.
Consensus level
There was a high level of consensus among the speakers on the fundamental importance of data governance. This consensus suggests a growing recognition of the critical role of data in the digital economy and the need for robust governance frameworks. However, specific approaches and priorities varied somewhat between different countries and organizations, indicating that while there is agreement on the importance of the issue, there may still be divergence in implementation strategies.
Differences
Different Viewpoints
Approach to data governance
Tang Lei
Daniel Seng
China’s data governance framework emphasizes security and development
Singapore uses a light-touch approach to content regulation
While China emphasizes a comprehensive framework balancing security and development, Singapore adopts a more minimal, light-touch approach to content regulation.
Unexpected Differences
Overall Assessment
summary
The main areas of disagreement revolve around the specific approaches to data governance, with variations in emphasis on security, development, and regulation across different countries.
difference_level
The level of disagreement among the speakers appears to be moderate. While there are differences in approaches and emphases, there is a general consensus on the importance of data governance and the need to address emerging challenges. These differences reflect the diverse regulatory landscapes and priorities of different countries, which may complicate efforts to establish global standards for data governance.
Partial Agreements
Partial Agreements
Both speakers agree on the importance of collaboration and balance in data governance, but Kleinwächter emphasizes multi-stakeholder involvement, while Zhao focuses specifically on balancing security and utilization in cross-border data flows.
Wolfgang Kleinwähter
Zhao Jingwu
Multi-stakeholder collaboration is key for internet governance
Cross-border data flows require balancing security and utilization
Similar Viewpoints
Both speakers highlighted China’s comprehensive approach to data governance, emphasizing the enactment of key laws to address various aspects of data security and protection.
Tang Lei
Shi Jainzhong
China’s data governance framework emphasizes security and development
China has enacted cybersecurity, data security and personal information protection laws
Both speakers from major Chinese technology companies discussed their organizations’ efforts to implement comprehensive data governance and compliance systems.
Gao Huandong
Li Wen
Lenovo has implemented a comprehensive data security and privacy framework
ZTE has developed a data compliance system to improve efficiency
Takeaways
Key Takeaways
Data governance requires balancing security and development/utilization
Multi-stakeholder collaboration is crucial for effective internet and data governance
Countries are developing and refining legal frameworks for data protection, AI regulation, and cross-border data flows
Corporate data governance practices are becoming more comprehensive, with frameworks addressing security, privacy, and compliance
Emerging technologies like AI are creating new challenges for data governance that require updates to existing rules
Cross-border data flows pose complex regulatory challenges that require international cooperation
Resolutions and Action Items
None identified
Unresolved Issues
How to effectively regulate AI training data and algorithms
Balancing data security requirements with the need for cross-border data flows
Addressing potential monopolization of data by large tech companies
Harmonizing different national approaches to data governance internationally
Suggested Compromises
Light-touch content regulation combined with self-regulation by internet companies
Balancing data security requirements with mechanisms to promote data sharing and circulation
Developing flexible AI regulations that can adapt to rapidly changing technology
Thought Provoking Comments
Governance in the digital age means you have to have a specific solution, governance model, for each of the specific issues. There is no one-size-fits-all that you say this is the governance for the data or this is the governance for AI. You have to identify the problem. What do you want to govern? What is the subject? And then to build the governance model around the system.
speaker
Wolfgang Kleinwächter
reason
This comment challenges the notion of a universal governance model and emphasizes the need for tailored approaches to different digital issues. It’s insightful because it recognizes the complexity and diversity of digital governance challenges.
impact
This comment shifted the discussion towards a more nuanced understanding of governance in the digital age, encouraging participants to consider specific solutions for different aspects of digital technology rather than seeking a one-size-fits-all approach.
In the digital age, the social relations are also being digitalized and datafied, such as between individuals, between firms, between individuals and firms, between individuals and governments, between firms and government departments, and among the government departments at center.
speaker
Shi Jainzhong
reason
This comment provides a comprehensive view of how digitalization is transforming various social relationships. It’s thought-provoking because it highlights the pervasive impact of digital technology on all aspects of society.
impact
This observation broadened the scope of the discussion, encouraging participants to consider the wide-ranging implications of digitalization on social structures and relationships, beyond just technical or legal aspects.
We have to discuss a lot of, I would say, elements that will serve as base for this data economy development. In China, for example, you have Shanghai Data Exchange and the local data exchanges all over. That is a fantastic example of how data assets can generate value even being, as I saw in Shanghai, data can be declared in the balance sheet of companies.
speaker
Jose Roberto de Andrade Filho
reason
This comment introduces the concept of data as an economic asset and provides a concrete example of how this is being implemented in China. It’s insightful because it bridges theoretical discussions about data governance with practical economic applications.
impact
This comment shifted the discussion towards more practical considerations of data governance, particularly in terms of economic value and business practices. It encouraged participants to think about the tangible impacts of data policies on economic development.
To solve this issue of insufficient data resources, it is recommended to strengthen the policy guidance, encourage and support leading companies to open and share the valuable data. Meanwhile, it is also recommended to open and share valuable data.
speaker
He Bo
reason
This comment addresses a key challenge in AI development – access to data – and proposes a solution that involves collaboration between large and small companies. It’s thought-provoking because it suggests a shift in how data is viewed and shared in the AI industry.
impact
This comment introduced a new perspective on data sharing and collaboration in the AI industry, encouraging participants to consider policy solutions that could foster innovation while addressing data access inequalities.
Overall Assessment
These key comments shaped the discussion by broadening its scope from purely legal or technical considerations to encompass social, economic, and practical aspects of data governance. They encouraged a more nuanced and multifaceted approach to understanding the challenges and opportunities of the digital age, emphasizing the need for tailored solutions, consideration of social impacts, economic potential of data, and collaborative approaches to data sharing. The discussion evolved from theoretical frameworks to more concrete examples and practical policy considerations, reflecting the complex and rapidly evolving nature of data governance in the digital era.
Follow-up Questions
How can we strike a balance between high-quality development and high-level security in data governance?
speaker
Tang Lei
explanation
This is important as it addresses the core challenge of promoting data utilization while ensuring data security, which is crucial for sustainable development in the digital age.
How can we improve the legal system for data governance to address new challenges brought by emerging technologies?
speaker
Tang Lei
explanation
This is crucial for ensuring that legal frameworks keep pace with rapid technological advancements, particularly in areas like AI and big data.
How can we strengthen international exchanges and cooperation on the legalization of data governance?
speaker
Tang Lei
explanation
This is important for creating a globally coordinated approach to data governance, which is essential in an interconnected digital world.
How can we define and differentiate between various types of governance (data, internet, AI, cyber, etc.) in the digital age?
speaker
Wolfgang Kleinwächter
explanation
This is important for clarifying the scope and boundaries of different governance areas, which can help in developing more targeted and effective policies.
How can we manage the contradiction between the need for universal norms and the existence of 193 national jurisdictions in data governance?
speaker
Wolfgang Kleinwächter
explanation
This is crucial for addressing the challenge of creating global standards while respecting national sovereignty in the digital realm.
How can we configure rights related to data in the digital age?
speaker
Shi Jainzhong
explanation
This is important for establishing clear legal frameworks around data ownership, use, and protection in the evolving digital landscape.
How can we ensure fair competition in the digital economy, particularly regarding the use of data and algorithms?
speaker
Shi Jainzhong
explanation
This is crucial for preventing monopolistic behaviors and ensuring a level playing field in the data-driven economy.
How can we develop a national data economy policy that balances economic competitiveness with people-centered development?
speaker
Jose Roberto de Andrade Filho
explanation
This is important for harnessing the economic potential of data while ensuring that the benefits are distributed equitably and align with societal values.
How can we improve mechanisms for data sharing among companies, particularly to benefit smaller companies and startups?
speaker
He Bo
explanation
This is crucial for fostering innovation and preventing data monopolies in the AI and tech industries.
How can we establish comprehensive rules for data quality management, particularly for AI training data?
speaker
He Bo
explanation
This is important for ensuring the accuracy, objectivity, and diversity of data used in AI development, which directly impacts the quality and fairness of AI systems.
How can we ensure the security of cross-border data flows while promoting necessary data exchange for global digital economy development?
speaker
Zhao Jingwu
explanation
This is crucial for balancing national security concerns with the need for international data flows in an increasingly interconnected global economy.
How can companies effectively implement data compliance governance systems that adapt to rapidly changing legislation and business environments?
speaker
Li Wen
explanation
This is important for ensuring that businesses can maintain compliance while remaining agile in a fast-evolving regulatory landscape.
Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.
Related event

Internet Governance Forum 2024
15 Dec 2024 06:30h - 19 Dec 2024 13:30h
Riyadh, Saudi Arabia and online