Here it is! The final text of China's Personal Information Protection Law (PIPL). A quick off-the-cuff translation below of what was changed or added to the final draft. 1/ npc.gov.cn/npc/c30834/202…
1. If personal information is used in automated decision-making [example: marketing / ad algorithms, personalized product recs] , the decision-making must be transparent, and can't be used to impose different transaction terms on different individuals. 2/
What that means in practice: Platforms can't, for example, collect data about users, and then show those users different prices based on the algorithms assumptions about the user's ability to pay. 3/
2. You must give users a way to opt-out of having their personal information used in algorithmic decision-making / marketing. 4/
3. If you process the personal info of a minor under 14, parental / guardian consent is required, and the processor has to formulate special processing rules for the personal info of minors. 5/
4. Cue the geopolitical bickering: "Personal information processors shall take necessary measures to ensure that the processing of personal information by overseas recipients meets the personal information protection standards stipulated in this law." 6/
What that means: if sending personal information to locations outside of China, the information has to be protected to the same standards the PIPL provides. 7/
That might be done several ways: 1) China could whitelist transfer to certain countries with strong personal privacy laws, 2) Companies could sign data privacy contracts with data recipients 3) International treaties could be signed. 8/
5. Data portability: if individuals want to move their data from one info processor to another, info processors have to provide means for them to do that, providing no other data laws or regulations are being broken in the process. 9/
What's interesting to me about that in the Chinese context: Regulators have been trying to lower big tech's "walled gardens" - allowing users to move data more fluidly from one ecosystem to another might serve China's anti-monopoly aims to some extent. 10/
6. "Close relatives [of the deceased] may, for their own lawful and legitimate interests, exercise the rights of access, copy, correction, deletion, etc., to the relevant personal information of the deceased unless otherwise arranged by the deceased during his lifetime." 11/
7. Mega-platforms that process lots of personal info must "Follow the principles of openness, fairness, and justice, formulate platform rules, and clarify the standards for the processing of personal information by product or service providers on the platform." 12/
8. When investigating personal info violations, gov depts may: ask questions, consult related contracts, records, and accounting, conduct on-site inspections, inspect equipment. If evidence of illegal activity, equipment and related materials may be seized. 13/
9. "If the staff of the gov department performing the personal information protection duties neglects their duties, abuses their powers, engages in malpractice for personal gain, but did not commit a crime, they shall be penalized." 14/
Let the enforcement fun begin.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
My goodness. China's cyberspace watchdog, the CAC, just published a long (and unprecedented) set of draft regulations for recommendation algorithms. The short version: they will be tightly controlled. Key points below. 1/ cac.gov.cn/2021-08/27/c_1…
Most interesting to me: Users must be provided with a convenient way to see and delete the keywords that the algorithm is using to profile them. 2/
And there are limits on the types of keywords algos can collect: "Providers ... shall not record illegal and undesirable keywords in the user points of interest or as user tags and push information content accordingly, and may not set discriminatory or biased user labels." 3/
What does "decoupling" even mean? Is there consensus around a set of metrics that would define it? Maybe I'm not talking to the right people, but no one in my industry has been able to tell me with any conviction what decoupling is, much less whether or not "it" is even possible.
Does 'decoupling' mean less trade? How much less? In what sectors exactly? Does it mean less investment? What do you mean "investment"? Does it mean keeping each other's technology out of each other's networks? What technology? What networks?
This word has bled into the global policy conversation and become a talking point with poor strategic and logical foundation. Data analysts struggle to map the ramifications, because the word itself is unclear.
Chinese regulators to off-campus education (incl edtech): "We know your stocks are falling, but tough cookies - you are putting too much pressure on parents and are detrimental to on-campus education, so we're restructuring this industry permanently." 1/12 finance.people.com.cn/n1/2021/0801/c…
Recap: Recently, China issued "Opinions on Further Reducing the Burden of Students' Homework and Off-campus Training in Compulsory Education" - a policy which effectively kneecaps the off-campus tutoring industry. 2/12
Regulators are well aware of the results: "As of the close of the market on July 27, a number of U.S.-listed Chinese concept stocks have fallen by more than 90%, and 11 companies have fallen by about 80%, with education stocks accounting for the vast majority." 3/12
New rules are coming for Chinese companies seeking to list abroad. Chinese policymakers are trying pretty hard to assure markets that Chinese companies will still be allowed to IPO overseas - but they will need to follow new rules in doing so. 1/14 finance.people.com.cn/n1/2021/0801/c…
"The 30th meeting of the Political Bureau of the CPC Central Committee proposed to improve the regulatory system for domestic enterprises listing overseas." 2/14
"This is not only a practical matter of improving relevant regulations and standardizing the behavior of relevant enterprises in response to a changing situation, but also reflects China's firm determination to promote opening up and make use of dual sources of capital." 3/14
Major news this week on China's social credit system. Best part: there's finally a (draft) official list of what types of data / records are being included in citizen, corporate, and org social credit files, and where those records come from. 1/24 ndrc.gov.cn/yjzxDownload/2…
We triangulated this last year by looking at the tech docs that describe what types of files are supported for sharing across gov-run social credit networks. We then cross-referenced that against state agencies which generate those records - but there are now more deets. 2/24
So I'm translating the draft here - all 16 record types the national government is gathering on companies, citizens, and organizations under China's social credit system - what types of records, who collects and submits them, and who they are collected on. 3/24
An opinion piece today on people.cn - The best take I've read so far on Beijing's views and motivations re: crackdown on Didi, IPOs and the move to reign in internet companies. Some key quotes below. 1/x finance.sina.com.cn/tech/2021-07-0…
Tech companies have been in an era of "barbaric growth": "The so-called end of the barbaric era means that in addition to laying down systematic rules, the rules needs to be truly implemented to maintain healthy [market] order." 2/16
"The implementation of China's cyber security review mechanism indicates that Chinese Internet companies will officially bid farewell to the barbaric growth stage." 3/16