22 Nov 2023 China Legal Update – November 22, 2023
1. Digital China: National Data Bureau inaugurated for construction of data element market
National Data Bureau (“NDB”), under China’s top economic planning authority the National Development and Reform Commission (NDRC) was inaugurated on October 25, 2023. NDB is responsible for coordinating the integration, sharing, development and utilization of data resources, promoting the informatization of public services and social governance as well as the interconnection of information resources across industries and departments, pushing forward the construction of digital China and promoting digital economy and digital society. It is good news for the marketization of public data development.
NDB takes over these duties from Cyberspace Administration of China (CAC), thus, the new distribution of functions will therefore be as follows: CAC’s main responsibilities are maintaining national network security and internet information flow, while NDB will take the charge of coordinating and promoting the construction of data infrastructure systems, improving the construction of Intelligent city and digitalization of public services. The balance between data utilization and security will be another crucial issue for NDB to focus on. The priority of NDB is to build basic data systems, including aspects of data property, data transaction, data element income distribution and security governance.
Beijing as the first pilot zone of implementing data infrastructure system, List of Policies for the Pilot Zone of Beijing’s Data Infrastructure System was issued by Director of the Beijing Municipal Bureau of Economy and Information Technology on November 10, 2023. Beijing will establish a pilot mechanism in accordance with the regulatory methods that adapt to the characteristics of digital economy, establish a pilot field for comprehensive reform of data infrastructure systems and a data element aggregation area, and promote high-quality development of digital economy.
It’s worth noting that just two days before the inauguration of NDB, Beijing government issued The Beijing Municipal Chief Data Officer System Pilot Work Programme, which selected 13 municipal units for piloting, after Guangdong who is the first to pilot “CDO” (Chief Data Officer) in 2021. The implementation of CDO within government is part of the construction of Digital China, aiming to increase the efficiency of data use and to establish a structural system.
According to Beijing government, CDO is responsible for promoting the construction of digital government, strengthening data resource management, enhancing guidance and supervision capabilities, improving digital thinking literacy, and fostering the building of a talented workforce. Except for promoting data use, CDO also need to timely discover, stop and correct behaviors that violate relevant laws, regulations, guidelines, policies and any behaviors may cause significant losses, and to ensure data privacy and security.
2. Cybersecurity: Enhanced network protection for minors
On October 24, the State Council has issued the Regulations on the Network Protection of Minors(“Regulation”), which will be effective from January 1, 2024.
It’s worth noting for enterprises:
- Minor mode. Online games, online live streaming, online audio and video, online social networking and other network service providers, as well as network platform service providers with a large number of minor users shall provide minor mode and prominently remind minors of their legal rights to network protection and remedies for online infringement.
- Cyberbullying detection. It requires web product and service providers to set up and improve mechanisms for early warning, detection and response to cyberbullying.
- Automated decision-making. Providers of online products and services are expressly prohibited from commercially marketing to minors by means of automated decision-making.
- Addiction prevention. In addition to online game service providers, online live streaming, online audio and video, online social networking and other network service providers should also take measures to prevent minors from becoming addicted to their services, such as setting consumption limits, not inducing minors to participate in online activities such as fund-raising for support, polling and listing, and swiping and controlling ratings.
- Personal information audit. Personal information processors shall conduct compliance audits of their minors’ personal information processing activities every year and report the audit results to CAC, etc. in a timely manner. This obligation is newly prescribed, with further details in relation to reporting process of compliance audits to be specified in the future.
The Regulations aim to create a network environment conducive to minors, safeguard minors’ legitimate rights and interests, and provide strong legal protection for minors’ network protection.