The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> MODERATOR: Good afternoon, distinguished guests and colleagues. I'm Professor Wu Shenkuo from Beijing University. Welcome to day zero event, legalization of Data Governance, hosted by the Bureau of Internet Laws and Regulations of Cyberspace Administration of China.
We have a deepening of globalization and digitization, the flow and literalization of data has become one of the key drivers of economic innovation and social development.
In the face of the development opportunities and secretary risks associated with massive processing and application of data, people in all regions of the world are increasingly and widely recognizing the importance of value and fair and effectiveness of data governance in promoting public well-being and sustainable development.
As well as a need for the comprehensive ecological, cultivation and beginning rule of law, safeguards for future of data governance.
This event is aiming to bring together stakeholders from government, Civil Society, technical community and the private sector to exchange insights on the current status of development and evaluation of global data applications and the data governance.
To join today to examine and judge the various important concerns and challenges in data governance in various countries and explore ways of realizing the role of law in data governance. They're beneficial to safeguarding the common values of human beings.
Now let's start the event with the first session of the keynote speech. First of all, let's welcome the Deputy Director General Tang Lei of Bureau of Internet Laws and Regulations of Cyberspace Administration.
>> TANG LEI: Distinguished guests and friends, good afternoon. Welcome to the Internet Governance Forum and to the event on the legalization of data governance. Not long ago, while extending congratulations via video to the 2024 World Internet Conference, the sitting King noted that we should see the trends of digitization, networking, and the intelligence [?] and efforts must be accelerated to promote innovative, secure, and equally safe development in cybersecurity.
Working together to assure in a brighter digital future. Today we are gathering here to discuss issues related to data governance, which are of great practical significance.
This marks the connection to the Internet and also the 30th anniversary of the beginning of China's law-based cybersecurity governance. Over the past three decades, China has committed itself to law-based cybersecurity, ensuring that the Internet develops within the confines of the law.
The legalization of data governance is an essential component of promoting the law-based cybersecurity governance and also a solid guarantee for building up China's strengths in cybersecurity.
China has consistently committed itself to place emphasis on development and security, establishing and improving the legal system for data governance.
Firstly, China has enacted the cybersecurity law, data security law, and the personal information protection law providing basic provisions for data security and personal information protection systems.
Secondly, China has released the provisions for promoting and regulating the crossbody flow of data allowing the free flow of data [?]
Thirdly, China has released the provisions on the management of automobile security and separate regulations to build the data security management systems in some key areas.
Firstly, China has issued the global initiative on data security and the global cross-border flow of data cooperation initiative. A mutually beneficial landscape for international cooperation.
In September this year, the State council of China enacted regulations on network data security management. Providing a strong legal [?] for the promoting the law for reasonable and effective utilization of network data.
Firstly, the general provisions for network data security. Secondly, the regulations further specified rules concerning personal information protection.
Thirdly, the regulations improve mechanisms for the management of important data security.
Firstly, the regulations enhance the provisions and security management of cross-border network data flows. In recent years, with the advancement of a new technologies and applications such as artificial intelligence, the volume of data has been growing rapidly, accompanied by escalating security risks, striking a balance between development and high-level security has become a common challenge all over the world.
It has become increasingly crucial to promote data governance by law-based approach. To address this, the following actions are necessary.
Firstly, improve the legal system for data governance. Establish and improve the foundation rules for data governance and address the data security challenges.
What about by the development of new technologies?
Secondly, data governance, promote the development of the system ensuring notation relationship between theory and practice.
Thirdly, international exchange and operation on the legalization of data governance create a win/win cooperation for data governance.
Colleagues, data governance is a shared challenge for countries worldwide. I encourage that all the guests here today to conduct in-depth discussions around the relevant topics, jointly discuss the legal solutions for data governance, work together to promote the legalization of global data governance, and ensure that the benefits of digital advancements are shared by people worldwide.
In closing, I wish today's event a full success. Thank you.
>> WU SHENKUO: Thank you, for the relevant experience of China. Now I give the floor to professor emeritus at the University of Aarhus, Denmark. Please.
>> WOLFGANG KLEINWACHLER: Thank you. Thank you very much and thank you for the invitation and thank you the administration of China for organizing this important workshop. I'm -- Mr. Tang Lei in his opening speech mentioned two important concepts, one is operation and cooperation. I think the whole Internet is a permanent learning process, so we know more than we knew 20 years ago and we will know a lot more in 20 years from now. So that means it's a never-ending story and it will continue.
And there is cooperation, for it means no one is able to manage all the things, you know, with one shot. So there is no silver bullet. There is no one road. There are many roads which has to be taken and the only way to manage all the forthcoming problems is by collaboration of all stakeholders in their respective roles.
I think this is the beauty of the Internet Governance Forum, this was the beauty of the Civil Society 20 years ago. Some government wanted to have private sector leadership, others wanted governmental leadership, and the compromise was we need all stakeholders.
So the Internet and all this new achievements are not for leadership, they are for collaboration. So it means we have to work hand in hand in their respective roles. Governments are different in the private sector, technical community is different from Civil Society, but we can manage the problems of the future only if we work hand in hand.
I think this is the big message and I'm very happy that Mr. Tang Lei mentioned these two concepts, education and collaboration, as the main guidance.
As an academic person, I'm dealing with definitions, so this is the work of academics. The title of the session is legalization of data governance. So I want to ask, what is data and what is governance?
So let's start with data. 20 years ago, I was in another workshop where we said, okay, data is the starting point. That's the resource, that's the raw resource, the raw material. Data leads to information, information leads to knowledge, and in the best case, knowledge leads to wisdom.
So that's why some people said, okay, we have -- we start with the data society and we have the information society, it was some on the information society, but we have to move upwards to the knowledge society. And some people said the wisdom society. This is a little bit idealistic. But as an academic person, I think I'm allowed to think in idealistic terms.
But more complicated is the term of governance. So this is the Internet Governance Forum. I think Internet Governance was the term 20 years ago. A lot of people didn't understand what the Internet is. Is it a technical issue, political issue, economic issue, so it was very complex.
I was a member of this UN working group on Internet Governance which was tasked to propose a definition. So just to define and to enable government and other stakeholders to have an understanding what Internet Governance means.
So the definition we proposed and which is reflected in the agenda had three main elements. The first thing is Internet Governance means the involvement of all stakeholders.
What I said already. So it's not only one stakeholder approach, it's multi-stakeholder approach.
Second thing is governance means that you have to share. You have to share protocols, codes, regulations, and decision-making.
And the third thing is, we approved a layer approach. We made a differentiation between the evolution and the use of the Internet.
At this time, the technical layer, the evolution of the Internet. And the use of the Internet is related to the so-called Internet-related public policy issue.
Today, the majority of problems is on the application layer and not on the technical layer. I think a lot of the technical layer has been clear. 20 years ago it was a technical problem with political implications. Today it's a political problem with a technical component. This makes it rather different.
So what needs this governance now. I think today there's a confusion because everything is governance. We have here data governance in today's workshop. We have Internet Governance. People in the cybersecurity field speak about cyber governance. We have now AI governance. We have ICT govern unanimous. We have IoT governance for the Internet of Things.
There's a huge confusion, and what governance you mean?
So data, Internet, AI, and things like that.
So I more or less this is all the same soup. Because this is governance in the digital age. And governance in the digital age means you have to have specific solution, governance model for each of the specific issue. There's no one size fits all that you say this is the governance for the data or this is the governance for AI.
You have to identify the problem, you know, what do you want to govern, what is the subject, and then to build the governance model around the system.
And this is complicated, because in this layered system, you have on the one hand a universal set of norms and principles and codes. The technical layer, this is one world, one Internet.
But on the application layer you have 193 national jurisdictions. So we have a problem 193 sovereign nations, national jurisdictions, but one world. And I think this is a challenge that you have a contradiction you have to manage the contradiction. You cannot settle this. A settlement would mean the whole world would be ruled only by technical codes. This is an illusion.
The other alternative, the whole world would be ruled only by one country. This is also an illusion. For that means you have to find a compromise. This is the challenge.
And to meet these challenges, you need more discussion, more dialogue among all stakeholders. That's why the Internet Governance Forum is such a wonderful platform.
Thank you very much.
>> WU SHENKUO: Thank you very much Professor Kleinwachler for your wonderful speaking. Let's we have Shi Jianzhong on the Political Science and Law.
>> SHI JIANZHONG: I'm delighted to have this opportunity to visit this ancient and magnificent city, Riyadh, to attend the panel to discuss the topic that is both cutting edge, and challenging. Namely data governance.
The mission of law is to adjust socialization by allocating rights, obligations, and responsibility, even liability. Among social entities, [?] we meet in this security, justice, and efficiencies of these relations.
We have entered the digital age. The continued advancement of ITCI technology [?] digital government, digital society in the digital age. The subject identities are various relations, they're being digitalized and datafied such as nature firms and the government departments.
The behavior of the subjects are also be datalized and identified. Such as [?] firms and digital government affairs.
And it's object also being digitalized and datafied such as digital verification of the goods, services, even equipment.
In the digital age, the social relations is also being digitalized, between the firms, between governments, between firm and governments departments and all the government departments.
Consequently, in the digital age, the [?] modes by which law adjust the social relationship must be changed accordingly. Which poses new challenges and opportunities.
The challenges brought by digital intelligence technology was a law merely the need for the law to confront unprecedented new issues such as how to configure the [?] how to ensure data security, how to make the data sovereignty, how to make [?] data advances, how to protect personal privacy, how to protect digital human rights, and how to regulate data precision, transmission, disclosure, permission.
The opportunities brought by the digital technology to raw on [?] are flattered in the fact that the digital inhabitance technology are internalized and embedded in the use of in the law and therefore empowering the legislation, law enforcement, and justice.
Achieving a higher level of a scientific legislation, strategic law enforcement, and fair justice, while seeing the opportunities that digital intelligence technology brings to law is a great challenge itself.
So we must -- we must acknowledge that in the current era of the rapid development of AI, the challenge that the digital technology posed for law outweighs the opportunities.
Now, we can find an interesting phenomena, that that is on the one hand digital intelligence to technology is creating new legal problems. On the other hand, digital intelligence technologies help the law solve problems. In other words, digital intelligence technology and the data are those objects and the tools are the rule of law.
This is a special phenomenon that data governance must be aware of. Certainly, it is important to recognise that data we discuss today differs to electronic information, that is electronic data. Compared to the other forms of information recorded such as paper-based -- such as paper-based forms.
Electronic data has several unique characteristics, such as technical characteristics of the producibility.
You cannot make characteristic of nonreliable and legal characteristics of nonexclusivity. We believe that security is the prerequisite for development, and development is [?] for security.
When it comes to the data governance, it's about both. Security in developing development -- in other words, in securing security and promoting development, not opposite. And this is no [?] sizeable contradiction.
One of the goals of data governance is securing security means in video privacy, commercial secret at the national security agencies process in developing and utilizing personal data and the government data.
In this regard, the China government has enacted the code laws such as cybersecurity laws, data security laws. Mr. Tang Lei has touched on this just now so I will not elaborate it further.
As one of the objectives of the data governance, promoting development entails effectively developing the utilizing personal data, corporate data, and government data. While protecting your individual privacy, commercial secret, and national security.
Promoting development means making use of data and digital intelligence technology to foster technology advancement, economic prosperity, social development, and well-being of the people.
From this proposal, Chinese government has also made policy and provision many laws such as the civil code. Moreover, it is a number of laws and regulations first related to the data. The Chinese government places great emphasis on fair competition in digital economy. Specifically stipulating in the antimonopoly law that undertakers shall not use data and algorithms technology, capital advantages and [?] rules to engage in monopoly laws.
We know the government had the largest amount and biggest collection of data.
It can empower digital developments to this end. They have the fair competitions of view with the antimonopoly law, which can encourage both fair and discriminative exploration and utilization of government data by all type of firms.
Using data secret, Chinese law is continuous in the system and mechanism for governance while addressing the challenges brought by digital against technology, China is actively using this technology to empower the legal system.
For example, China has not only established the specialized use in the courts, but also employs specifically those of digital intelligence technology to enable justice. Those include online mediation rules, online [?] and online courses.
That's a law justly, efficiently, and with great integrity.
In summary, it requires support of law and inseparably, therefore.
The integration of law and the digital intelligence technology can build more scientifically sound and reasonable structure and mechanism for data governance. And achieve positive interaction between higher standard data security and higher quality digital economic development.
Thank you.
>> WU SHENKUO: Thank you very much. Now let's turn to online speaker, Mr. Jose Roberto. General consulate general from the federal Republic of Brazil, Shanghai. Please.
>> Jose Roberto: Thank you very much. Can you hear me well? Had good morning from Brazilia. It's a pleasure to join this event online from far away. And I'm happy to see many familiar faces. First of all, let me thank the friends and authorities from the bureau of Internet laws and the cyberspace administration of China and the professor with whom we have a long-time collaboration. But also my fellow speakers and authorities, Mr. Tang Lei, Professor Kleinwachler and professor Jianzhong. I would like to introduce examples of how we in Brazil are working on our internal governance on the structure of our data environment and also how this will serve as a support and also a way for Brazil to contribute to international, to global governance.
And I liked very much as the Professor gave the example that, well, we have so many governances, but it's digital age -- governancing the digital age and we have several approaches.
The examples I will give I could divide in first what -- where are we coming from right now late 2024. What kind of structures we have. And then I would like to speak about, well, the consolidation of our data protection law, the LGPD and our data protection.
Also I'd like to give an example as a second Number 2 of our AI law, which is currently in fast development.
And third, our views, our current discussion for data economy policies. So just last month, we completed four years of the implementation of Brazil's national data protection authority, ANPD. ANPD is the most robust data authority and instance in Brazil.
It was created because of the provisions that we had in LGPD, our national data law, which was approved in 2021, but passed background of discussion since 2018.
Well Brazil, as you know, is one of the ten biggest economies in the world. Our population is one that stands most hours a day online. We are a leader in terms of users in all platforms, especially now with eCommerce, with a strong connection to Chinese companies as well. So we are a big data producer, but also at the same time we have in all fields of our country, let's say in agriculture, in biodiversity, and wealth. I always compare that to the Amazon Forest. We have an Amazon Forest of data of wealth.
So it's our duty to organize internally and promote development and new internal governance, I would say.
But that reflects our values. So one key element that I would say even before I dip into the three examples, all discussions in Brazil are very much permeated by inclusion, so we have private sector, Civil Society is a strong player in all discussions regarding our data laws and our frameworks.
And also the need to have people at the center, the human beings at the center. As was also said, well-being and development.
So inclusion, people, human values at the center, and development and well-being. That is very much the spirit, and we can find many of these provisions at LGPD, as I said four years ago, and now with the national data protection authority.
A report, a very extensive report has just been published, it's available online, but unfortunately so far only in Portuguese. But I hope very soon in English as well. Which gives a full vision of how ANPD, our national authority, has been working.
First in giving guidance and recommendations and let's say soft norms as well to private sector and data -- data actors. I mean companies, public institutions, and others. ANPD has been working actively and has consolidated in line with other exchanges with other legal environments abroad, but has consolidated a robust set of norms and also publications for guidance for our data layers or actors.
At the same time, we have at the national data authority, improved the number of people. We are still building the capacity currently ANPD, according to the report, has 150 employees. We still don't have a career of specialized people inside the agency, but the idea is to further professionalize that.
And I would say ANPD is our main vehicle for implementation of data policies in Brazil, and also as one of its reports, we call it international data transfers or, well, very much like the cross-border -- cross-border data transfer at the center of many discussions.
This is the key platform for us to establish international cooperation.
At the same time, Number 2, we have just five days ago approved at the Senate Brazil legislation has two levels. The Senate and House of Representatives. We have just approved the new project for AI law.
This is the result of years of discussion which if we see in the timeline has increasingly absorbed and included new actors. Especially Civil Society.
Now, it has had a very strong contribution, one of the key aspects, like we say, is for example the use of copyright material for training models. Our artistic and writers associations have been very, very active and we are working -- we don't expect to have a final model. I think right now nobody can expect to have a final model. Of course because the AI environment is a fast-changing one.
But we do want to have something that reflects our values and is operational. So the AI law will now go to the House of Representatives for further codification where there might be some modification. But we will have another date protection law from 2021 that will give more robust legal framework for us internally to organize ourselves with this wealth of data but also to promote our international cooperation.
As a third level that I would like to enhance, our Ministry of Industry, and this is very much connected with all the international collaboration, has already started organizing future of coming public consultation for a national data economy policy. This is very much aligned with what we see in other countries of using data, unlocking the power of data, unlocking the value of data to promote, well, economic competitiveness, better products, better business models, but also as I said in the beginning, oriented, aimed at people-centered development.
This is the very early stage of consultations. We will soon have something published and in the press, but it's been announced already that from the industry part -- and this is very important now especially I would say with China as one of our main investors in Brazil, but also just celebrated our trade bloc in South America agreement with European Union for us to attract new business and partnerships.
And the data economy policy promises a lot of future I'd say potential and very good results as well. We have to discuss a lot of elements that will serve as base for this data economy development.
In China, for example, you have Shanghai data exchange and the local data exchanges all over. That's a fantastic example of how data assets can generate value even being as I saw in Shanghai, data can be declared in the balance sheet of companies.
So this is one very good example. We will certainly take into account all international experiences. We aim at having more and more delegations traveling and learning about the experience not only of China, but also European Union and other partner countries.
But I see a very positive horizon. This is more medium and longer term, but a very positive element as well.
So in conclusion, I don't want to extend my time, although I think we can have an extensive discussion and very productive, these three elements, the consolidation and strengthening of our national data authority, the coming approval of our AI law, which I mean with flexibilities to be adopted to be in line with what we have to be prepared for, and always people centered with a vision of protection of vulnerable groups, rights, promotion, and protection of human rights in the digital space and our coming economic oriented with competitiveness national data economy policy.
I think these three levels can give a very good vision of how Brazil is moving. Of course, as a diplomat, to conclude, I would say Brazil is very active -- has been very active and will be -- will continue to be very active in engaging to promote an organized order that we -- we have to build in collaboration government to government, government within international organizations. And I congratulations all of you for organizing and participating in events like this where we have the opportunity to exchange and share and including other key stakeholders like Civil Society and private sector.
Thank you very much and I look forward to participate further in the discussions and benefit from this event. Thank you.
>> WU SHENKUO: Many thanks for Mr. Jose which provide us with a new perspective.
Thanks again for all speakers of the first session. Next is a second session of roundtable discussion. Now let's welcome Mr. Daniel Seng, director of Center for Technology, robotics, artificial intelligence, and the law studies. National University of Singapore.
Please.
>> Daniel SENG: Can everyone hear me?
>> WU SHENKUO: Yes.
>> Daniel SENG: I would like to thank you Professor Wu and the IGF. It's a privilege to share with you to the Internet Governance and in effect as you will hear from my presentation later, it is a fast evolving one that is also adopting to the institutes of the recent users of the Internet and the problems that it poses.
I propose to start by first outlining some basic principles that set the stage for the approach to the governance of the Internet in Singapore.
First, Singapore is an open society. We have done our growth trade, finance, multiculturalism and multilateralism. 93.2% of our residence have broadband and up to 166% of our populations have mobile phones.
I was very positive by this number until I realized that there are six phones among the four family members. So this statistic is indeed true.
Furthermore, we have the firm believer in the free open access to information. Which we believe are key to education, research, and innovation.
We don't believe in the monitoring of user access to information, but there has to be some minimal light touch across the board that has to be adopted in Singapore.
Since 1996, we had regulated content providers via something called Internet code of practice. The way the Internet code of practice works is that it defines the category known as prohibitive materials. These are materials defined to be contrary to public interests, public polarity, public order, public security, and national harmony. Or prohibited by applicable Singapore laws in multicultural society.
The focus is on the fact of a multicultural society, we have to take steps, sometimes serious ones, to ensure that our multicultural society is stable and is not disturbed.
So some of the factors take into account in prohibiting material include pornography, sexual violence materials, materials pertaining to extreme violence or cruelty, and materials that tend to incite ethnic racial or religious hate threat strife or intolerance.
Our Internet service providers only restrict access to about 200 mass impact websites, and prevent these websites from the access in Singapore.
From our research, most of these prohibited websites are pornography in nature and others that are harmful to Singapore's racial and religious harmony or against national interests.
As far as our Internet content providers are concerned, we encourage them to exhibit or exercise self-regulation by not hosting programs that contain prohibitive material and where it pertains to news websites and political websites, we require them to be registered.
In 2022, we discovered that there is growing phenomenon where the Internet websites are blurred in the usage in that we can have online communication service providers that also provide content which are done essentially by a point-to-point and point to multiple point communications.
The social media services such as those done by Facebook, Tiktok, X, and YouTube, you understand what I mean. Because many of these platforms are designed to communicate from individual to individual, sometimes harmful and inappropriate content.
To deal with this situation, we passed a new law called the online safety miscellaneous amendments act to address category of harmful and inappropriate content, this we define to include sexual content, violent content, suicide and self-harm content, cyberbullying content endangering public health, and content facilitating buys organized crimes.
They rules will filter out such content to protect children. Users are also empowered to report the availability of such content to the authorities and these websites are required to publish their annual online safety reports to show that they're compliant with laws.
The COVID incident at the turn of the decade has given rise to a new phenomenon called online falsehoods. And to deal with this particular problem, we had one particular piece of legislation to deal with this. This is where there are online falsehoods, that contain false statements of fact or misleading information that have a tendency from a public interest perspective to affect public health, safety trance quilt, public confidence, public finances, preventing ill-will between different groups, preventing the influence of elections, the security of Singapore, and the relations with other countries.
This piece of legislation that we enacted called the protection from online falsehoods and manipulation act of 2019. And these will counteract these posts, companies that post these posts are required to also post the Singapore government's correction notices to counteract the proposals contained in these posts.
The advantages of such a mechanism are that because we do not go through the courts, we go through a government system, the response of the government can be very fast, sometimes in a matter of hours or days, and to combat serious falsehoods such as the ones arising from the COVID-19 incident and various other falsehoods claimed against government ministers, institutions, and policies.
You can find vast majority of these correction notices targeted at Facebook content hosted by user.
We have enacted two additional pieces of laws to deal with issues of harassment and online crimes. Our focus on the online criminal arms act of 2023, in essence we enacted this new piece of law to deal with online child sex exploitation, job investment, product scams, and phishing attempts.
In this law, directions can be issued by the government authorities to various online service providers where there is reasonable suspicion where there is some online activity perpetuated on the online service provider's services or content in furtherance of a commission of an offense. If there's a post page that's used or phishing or other types of scams, the authorities can issue orders to the online service providers to block the content, disable the content, or to prevent the content from being accessed by people from Singapore.
Last but not least, on the issue of personal information cybersecurity, we have, as many other countries in the world, a personal data protection act that seeks to regulate the collection, use, and disclosure of personal data by organizations and it recognises the rights of individuals to protect the personal data, especially in the online environment.
The act also regulates the cross-border data flows that will pertain to Singapore as a trading hub, in exchange for data between Singapore and other countries in the world as well as cybersecurity act that's designed to preemptively prevent, manage, and secure cybersecurity threats by regulating onus of critical information infrastructure.
So in conclusion, Singapore's experiences in this regard have been largely as a result of our experiences from initially starting with a minimal platform for regulating content on line by way of not permitting some materials. And they have developed into communications platforms to enable private individuals to communicate, and we have expand to include harmful inappropriate content such as content that promotes self-harm or cyberbullying, to ensure that our masses are protected.
And laws to deal with online falsehoods and also to protect personal data and cybersecurity. But it is still important for the government to put in place various public education measures to educate the public on the advantages and disadvantages of accessing information online and to teach its population to be discerning in its proper use.
So on that note, thank you very much and I look forward to the opportunity hear from the other speakers and of course to learn about developments around the world.
Thank you.
>> WU SHENKUO: Thank you, professor Daniel, for your wonderful words. Now I give the floor to the next speaker, the director of research center for economic law, information, and trade technology. Thank you.
>> Good afternoon, everyone. I'm from the China academy, information technology. We are so delighted to participate in today's discussion. We have several professors [?] of data. So today I would like to discuss the design of legal system for [?] in the era of artificial intelligence.
We know it was the fast development of the wide application of AI technology, data has become the most important factor. When we come into the arrow of Large Language Model also called AIRM. But it's shifting from the modern centric to data centric, and data resources have become the most core and fundamental elements in the development of AI. They promote the [?] of AI, it's particularly important to have a more suitable experience. However, the breakthrough development of AI technology, we know the AI [?] has posed a huge demand for high quality data.
But existing data governance rules and regulations have not been adjusted in time, which lead to issues (broken audio) restricted development of AI technology and industry. Facing the environment needs of the new generation of AI.
We should promote, adjust, and improve the relevant legal rules. Firstly, it is necessary to improve the data security rules to resolve the problem of data being unusable.
During the fast development of AI, the legal use of data has become an issue that urgently needs to be resolved. Laws and regulations, as the professor also mentioned this, meta laws have medical provisions for data protection and data use.
For instance, many laws prohibit any individual in the [?] cybersecurity such as data online. The GDPR among others have clearly defined the legal basis for processing personal data. However, with the rapid development of AI technology, issues such as unlawful use of publicly available personal information have become a very important question.
But the relevant rules have not been adjusted at the same time. Which leads -- and may face the legal problems with using data.
For example, it's still unclear whether using publicly available personal information as data for LM is legal or not. Therefore, it's recommended to further improve the system for the reasonable use of data.
The mere clarifying is it legal to use public personal information as training data. Formulating standards and guidelines for protection issues, in different stages, such as training, generation, and application of Large Language Models.
Secondly, it is essential to establish comprehensive rules for data sharing and circulation to resolve the use of data being [?]
It is also important way for LLM companies to get data. Data sharing and the circulation are the key to unlocking the value of data. However, at present we can see there are still problems in aspects be such as data sharing, data training, and data openness. For example, there's a lack of effective in sensitive mechanism for data sharing among companies, which limits the ability for -- of the small companies to access data.
Many leading AI companies, they are also the traditional large Internet company or the big platform companies, they have collected large amount of data resources through their existing Internet service and they use their own data to train the models.
Thereby, they can form a competitive advantage in their development. But some companies restrict other companies from accessing and using their data which may became a barrier for start-up companies and small companies.
So solve this issues in subject of data resources, it's recommended to strengthen the policy guidance, encourage and support leading companies to open and share valuable data. Meanwhile, it is also recommended to open and share valuable data.
Certainly, improve the quality management to resolve the problem of data being in [?]
Data quality remains the development level of AI and the high-quality data is the core for improving the accuracy, stability, and interoperability of models. High quality datasets can help large AI models gain a deep are understanding of different concepts, semantics, and grammatic structures which can significantly enhance the value of those model.
Consequently, the data management [?] many industries of social norms, written in laws and regulations doesn't have much provision to data quality.
This has affected the equality and training of the Large Language Models. Therefore, it is recommended to build and improve the rules for quality measurements for training data, formulating data standards and [?]. That's all my speech. Thank you and have a nice day.
>> WU SHENKUO: Thank you. Now to Mr. Zhao Jingwu. Please.
>> Zhao JINGWU: Good afternoon. It's my opportunity to give a little speech here. What I with like to talk today is a small question, how to ensure the security of cross-border data flow through the legal instruments.
While cross border data flows is not just a matter of the massive security regulation and the commercial utilizations, but it's also a complex issues that affect the promotion of global digital economy.
In recent years we can see that more and more countries, religions, and the international organizations, including China, have tried to export the safe and the world model for transporting data through the legislations. At the same time, there are many controversies need to be solved urgently.
China has government past in cross-border data flows. There's a misleading in the government activities, which is to encourage the cross-border data flow without restriction. Perhaps the original intention was to achieve a broader and more efficiency data flow effect. But the key is they fail to understand the relationship between the security and the date flows.
The government's idea of data is releasing data security and promoting data development and utilization. Well in summary, it means we should pay equal attention to the safety and utilizations.
So we agree that when they pursued the cross-border data flows without paying attention to security not only failed to release the exchange value of data, but also provide security risks such as data linkage and theft.
These situations may happen in the future. So in the international communities there is also a view that China follows a data controlism path which is essentially political issues of the data securities. That is because we don't have a unified standard for the international cross-border flows around the world.
Modernization cooperations always have to comply with the different domestic laws and the international agreements. So there is no denying that the international data security and the personal privacy generally recognized the first and the priority premise for cross-border data flows.
Furthermore, across the globe we can see that there's no country allowed for supporting data flow without any convictions. In most countries, they put data security or national security at the first and the important part.
So what I want to emphasize is that China is instant on the open and comprehensive government's model for cross-border data flows, China has created four categories for data flows which include security [?] outbound data transfer, standard contract for the cross-border transfer of personal information, and the third-party security certifications and the rules for the personal and other species of special areas.
So all about these rules are supported by the comprehensive law and regulations. So in March 2024, China issued the regulation promoting and regulating cross-border data flow. This purpose is to formulating the regulation and further clarifies the applicable laws and it's mentioned how to promote others of free flows on the data.
Regulating transporting data flows and others were considered in this area. We considered transporting transportation and others like manufacturing areas. So China also released global data cross-border data flows and this is some more useful solution to solve these problems.
In order to truly and efficiently resolve the institutional conflicts, we have in hand the confidence of multiparties in carrying out the data [?]
The data flow is not just empty words and it's not just simply restrict data, but we can see that it's also tried to make a better protect and promoting data area experts. So China regulations established diverse channel for cross-border data flow, just as mentioned before. It's not just only tried to [?] the market demands on the enterprise.
The governance of the data flow cannot ignore the data security, nor can they set too many restrictions for securities. So this concept for the security and the utilizations is in China data government system is also two important parts.
I think in the future maybe we'll find reason and approaching way to solve the problem of cross-border data flows.
That's all I want to say. Thank you.
>> WU SHENKUO: Thank you. Now I give the floor to the next speaker, Gao Huandong.
>> GAO HUANDONG: Thank you, Professor Wu.
Distinguished speakers, guests good afternoon. It's my great pleasure to participate in this forum of data governance. The year of 2024 marks the tenth anniversary of Chinese president Xi's proposal. It has flourished and become an important engine on social progress and economic development both in China and around the world.
We have realized that the high-quality data governance is essential to the high-quality data argument of the digital economy. And the compliance is the foundation of data governance. Therefore, the group has made tremendous efforts over the last few years in data security.
Today I would like to share Lenovo's progress with experts presented today. Lenovo's China data privacy governance framework basically consists of five building blocks. One is governance structure. The second is process and guidelines. And the third is key work streams. And the fourth is how we use technology to safeguard technology and privacy. And the fifth is culture awareness and internal education.
This framework is in line with Lenovo's strategy, smart AI for all, and reflects our mission in data security and privacy governance. Security for the future.
Our first building block is so-called governance structure. Why? Simply because data's security and privacy protection for a company like ours has more than 1,000 systems, it's astonishing and a giant project. How to deal with this issue, we set up a China data security and privacy protection committee since the end of 2021 and the leadership of China and the China security committee.
This team has three standing committees, namely data security team, privacy compliance team, and data cross-border transfer team for collective decision-making.
And another one ad-hoc emergency response team forming the so-called three plus one structure.
The committee has adopted its bylaw and all of our operational activities are strictly in compliance with the bylaw, and the committee normally has a bimonthly committee to discuss important issues and drive collective efforts for critical projects.
Key to success of this committee is the cross-functional collaboration. After now, the committee has more than 200 representatives or vocals serving as ambassadors of more than 40 internal business needs and functions.
The committee also trained our more than 100 data compliance specialists as the frontline compliance team. And the committee has been coordinating and awarding closely with China the USG committee and AI compliance committee. Both of which I'm also driving in China.
Let's move to the second building block. Process and deadlines. Based on national legislation, administrative regulations and the approval policies, our committee drafted more than four guidelines covering eight practical areas. Data cross-border transfer, data categorization and classification, and AI compliance, et cetera.
The guidelines and books help to us implement detailed rules in routine data security privacy protection. The governance on databases.
Our third building block is about five work streams of the committee, which we normally roll out annually. The first three are initiated at the forefront and will be deep dived continuously.
Among the three working streams, data mapping is the cornerstone and data transfer is the challenge. Privacy is our top priority. At the same time, we're exploring and navigating another two new work streams. One is AI data security governance and the other is how to utilize data as an asset.
These two issues are also very hot topics in this forum. The fourth building block of our data security and privacy protection governance is how to use technology to safeguard data and privacy efficiently.
I only take one example. The AI guardrail tool developed by Lenovo. This picture illustrates how this tool works in Large Language Model scenario.
In enterprise, privacy domain, the guardrail can identify more than 17 types of personal identifiable information and the sensitive personal information. In order to block them from inputting to the Large Language Model and protect our customers' privacy, this tool can also realize that identification of self-identifying keywords.
Last but not least is the culture awareness and internal education. Lenovo has established a training program of data compliance specialists all of whom come from the business team. The training program is a closed loop with four steps. The committee will train more than 100 specialist by providing a series of professional causes on data security governance and five work streams of the committee.
Then the specialists practice relevant rules in the daily work while they have learned Step 1.
Then the committee will randomly check and inspect what they have implemented in practice and provide improvement otherwise. The last step is to recognise and award those specialist to contribute significantly to the committee.
What I just mentioned is the framework and privacy protection. We as a China-based company and leading company are very happy to have this opportunity to share our thoughts and practice on data security and practice dominance and our AI for all strategy.
Companies internal data dominance should be strictly in compliance with rules of laws both in China and other jurisdictions to ensure the products and services we provided are secure, reliable, and trustable.
We have been learning from international advanced data dominance experiences and the best practice on one hand, and on the other hand, we will continue striving for rule of law approach, thereby contributing to a healthy and sustainable development of a global economy. That's all and I thank you for listening.
Thank you.
>> WU SHENKUO: Thank you very much.
Now let's turn to the vice president of the ZTE corporation.
>> Li Wen: Thank you. Good afternoon. I am Li Wen from ZTE corporation. It is a great pleasure to share with you the practice and the [?] of the data governance at this meeting. Thank you for your trust and support.
In the last few years the new generation of technology such as cloud computing, big data and AI have promote and integrated each other. And it feels like smart cities, smart transportation and smart medical care have [?] and human society is moving towards a better future of the digital intelligence.
As a global provider of comprehensive communications solutions since 1985 and more than 160 countries and regions worldwide, ZTE are always at the [?] to enable connectivity and trust everywhere.
In 2016, ZTE had launched comprehensive digital transformation from process driven to data driven and we are dedicated to building 40 cloud-based intelligent and lightweight workflow.
Releasing the data, the key element of [?] innovation, in the digital intelligence era, the premise is to ensure that data security and the [?] after the effective GDPI in 2018, more than 160 countries in the world have formulated data protection laws and regulations.
And China has also established the data protection legal framework with three laws of the cybersecurity law, the data security law, and the personal information protection law at their core.
Against this background, ZTE consider great important -- okay? Against this background, ZTE attached great importance to data security and the progress protection, strictly abide by the laws and regulations and the continuous implement data compliance governance and devote to forming a virtual stakeholder of video creation for compromise.
It follows the risk warranted [?] is based on commitment, and organizational structure. And it's carried out in six steps, including the establishment of system and rules, risk monitoring, risk assessment, personnel training, security audits, and incident response to ensure data comprised of business activities.
Data transfer is a high-risk activities. ZTE is one of the first companies in China to apply for data experts assessment according with national requirement.
And earlier this year, 2024, we obtained the approval from the Cyberspace Administration of China for the export of the reported personnel information. ZTE has conducted a special audit on the implementation of the signed data transfer contract to [?] verify the effectiveness of the data program.
In order to further improve the efficiency and quality of data [?] data compliance system which integrated the [?] data protection impact assessment, data response, and so on, this data compliance system can display the data in real time and dynamically and realize the data compliance digitization and the data intelligence transformation of company's compliance management.
[?] for data security and personal information protection, [?] have been satisfied -- certified by ISO, IAS 27701 2019 information management system. European privacy and U.S. trust certification which indicate that ZTE has the international advanced layer in privacy protection, technology, and management ability and is able to help global customers enter the area of the digital intelligence more comfortable.
Now, in recent years, China had stepped up its efforts and build the market of data element which put forward high requirement for the data compliance management of enterprise. And it is necessary for enterprise to adjust the [?]. And the key point of the data compliance. Managed dynamically according to the legislation and business development.
On the one hand, enterprise still needs to [?] management system continues. On will -- on the other hand, need to face [?] in the digital intelligence era such as AI training, data security compliance.
Data competition compliance, and so on.
2024 is the year of the development of China's digital economy, and also a year for data compliance comrades to move forward steadily.
In the coming 2025, [?] fully promote the deep integration of data development and compliance and contribute with them to a better digital against society.
Thank you for listening.
>> WU SHENKUO: Thank you. And thank all the speakers of this event. This is not a final session there are is the beginning, and I think we can have more possibility and more chance to deepen our insights sharing these next steps. Not only for the legal system, but also for the so-called legal ecology. So today we stop here. See you next time.
Thank you.