IGF 2023 – Day 4 – Open Forum #50 Rule of Law for Data Governance – RAW

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> MODERATOR: Good morning.  Welcome to the Open Forum Rule of Law for Data Governance hosted by the Bureau of Internet laws and the Cyberspace Administration of China.  With a deepening of globalisation and digitalisation data has been one of the core driver of economic innovation and the social development.  Data application and the governance face both opportunities and challenges.  At the same time, effective data governance is essential for public benefits and the sustainable development.  This forum aims to gather different stakeholder from government civil society and the technology community as well as private sector in Asia, Africa, Europe and America to exchange insights and sidas on the current stat ‑‑ status related applications and the data governance.  To examine and assess the (?) and challenges in global data governance and explore the rule of law approach for data governance that is beneficial to the common values of humanity.  Now, let's start the forument with the first session of keynote speech.  Please remind you that each speaker can have eight minutes.  First of all, let's welcome Mr. Taun Li, Deputy Director General of Bureau of Internet Laws and the Regulations of Cyberspace Administration of China.  Please.

>> Distinguished guests, ladies and gentlemen, good morning.  Today we are gathering here in the Internet governance forum to exchange ourself on the future of digital governance for humankind.  I find it very meaningful and look forward to a constructive outcome of the forum.  Since China was fully connected to the Internet in 1994, it has committed itself to law‑based cyberspace governance, enhancing (?) the level of law‑based cyberspace governance.

China is the largest developing country and has largest number of Internet users.  We always uphold people‑centred development, and we always uphold further development of the Internet.  With a keen understanding of the extreme difficulties and complications in cyberspace governance.  China has been forward‑looking in responding to the challenges brought by new Internet technologies, applications and (?) and promoted innovation in the concept, content, approach and message of law‑based cyberspace governance.  Meanwhile, China has played an active part in international exchanges and cooperation in collaboration governance.  It's committed to build a multilateral democratic and transparent global Internet governance system together with other countries.

Distinguished guests, friends, China set out from realities to explore its approach to cyberspace regulation and governance.  Consolidating the legal system for cyberspace governance to match 2023.  China has enacted more than 140 laws on cyberspace, forming a cyber‑legislation framework by traditional legislation and cyber‑laws governing online content and the management.  Cyber‑security, information technology, and other elements.

Keeping order in a Europe‑based cyberspace, China has taken rigorous measures to ensure fair and law‑based law enforcement in cyberspace.  Strengthening enforcement in key areas of (?) to the people from moting a healthy cyber‑environment.  Promoting public awareness and competence in law‑based cyberspace governance.

China makes every effort to break new ground in the content from a means of spread legal knowledge via the Internet.  The Chinese (?) awareness and understanding of the rule of law have generally increased.  Respecting, learning abiding by and using the law is a shared understanding and a basic principle.

Increasing international exchanges and cooperation in law‑based cyberspace governance, China is fully engaged in international exchanges and cooperation in the field of law‑based governance of cyberspace.  It plays an active role in rulemaking and safeguards that international system with a united nations at its core supports the participation of all countries in global cyberspace governance on equal footing, engage in biological and multi‑logical ‑‑ bilateral and multilateral exchanges in cyberspace governance.  Increase international law enforcement and judicial cooperation on cyber‑security.  Distinguished guests, friends, the Internet benefits the whole world.  China champions the interests of the people of all countries in promoting law‑based cyberspace governance.  We stand ready to (?) colleagues from all over the world to enhance the level of law‑based cyberspace governance.  China will further improve legislation on digital governance and the endeavour to establish a little system for the protection of people's rights and interests in cyberspace, better security and (?) from regulation, deepening the inch implementation of laws and regulation in the digital field.  China will also put the law of the United Nations as a (?) into full play and have (?) international exchanges and cooperation in making (?) for intern governance for platforms like the Briggs cooperation mechanism, Shanghai corporation organisation, and the world Internet conference.

Distinguished guests, friends, facing the opportunities and the challenges brought by digitalisation, China will follow the global governance principle of achieving shared growth through convolution and the calibration and work together with the international community to ensure global digital governance is law‑based.  And that digital progress will deliver greater benefit to the people and a better world.

In the end, I'd like to conclude by wishing today's Open Forum a great success.  Thank you, all.

>> MODERATOR: Thank you, Mr. Town, for the relevant experience of China.  Now I give the floor to Neil Walsh, head of UNODC Mission and Regional Representative of Eastern Africa.

>> NEIL WALSH: Good morning, everybody.  Can I check that you can hear me okay?  Yes, you can.  Thank you.

Okay.  A very good morning to you all from Vienna in Austria where it's approaching 3:00 in the morning, and I'm in a very small hotel room.  So, it is a great pleasure to be with you all.

My name is Neil Walsh, and it's my honour to be the head of Mission and Regional Representative of the UN Office on Drugs and Crime in Eastern Africa where I'm normally based in Kenya.  My 200 staff and I cover 13 countries in East Africa and the Indian Ocean, and we deliver UNODC's effects to counter organised crime, terrorism and corruption.

I wish to express at the outset my deep thanks to the Internet governance forum, ma dearo the Internet laws and regulations of the Cyberspace Administration of China and to my dear friend and mentor President Wu Shenkuo of Normal University who I saw on camera a few moments ago.  I only wish that I could be with you all in Kyoto, but unfortunately, the dates clashed with UNODC's annual heads of Mission meeting, and I have to be here in Vienna.

The topic of today's event is the Rule of Law for Data Governance, and subjects that both the CAC and BNU are world experts in.  But these are topics of critcality, not just for the institutions I've named, not just for the People's Republic of China and the IGF, but for every nation, every business, and every person on our planet.  And in Eastern Africa, I see on a daily basis the absolute need for all of these aspects to come together.  Data governance is a broad term, and I suspect that all of us could explain it and define it in different ways based upon our experience, our education and our culture.  And as we all know, definitions in all things cyber are often very politically challenging and academically diverse.  But friends, I think we can all agree that we have a broad collective understanding of the importance of data governance in personal, national and international security.  Data, be it personally identifiable or more anomnised drives our world whether we're conscious of it or not.  Data also drives our thought processes, our desires, and our biology, whether it's the serotonin boost from a social media like or a revulsion when we see experience or think about organised crime, data is at the core of everything that we do.

And thinking about the adverts that we see every day, the data mining that drives cognitive advertising and the surprise that we all feel followed by a slightly uncomfortable sense when we realise that the new product we've been discussing with friends is suddenly across all of our social media feeds without asking or without searching consciously for it can be quite unpleasant.

Data is the product of choice for exploitation and profit, and the region of the globe that I lead for UN doc, there is a Dale clash between the desire for more data and our ability or nod to analyse and exploit it at pace.

The legislation and governance mechanisms of the raw unsegmented data, whether within one's own country of residents or nationality or beyond that is often unclear.  And from my experience, conversations and guidance from professor Wu and the CAC over the years clear to me there is much more always to be done.  And so data is at the heart of the United Nations.  It must be at the core of our decision‑making on topics as diverse as economic growth, sustainable development, and countering cyber‑crime.  And I was able to listen to the last 15 minutes of the previous session and to see some old friends like deputy assistant Secretary Allison Peters on the stage where we are discussing these matters together.

Data, when mined proportionately, lawfully, accountably and necessarily, can make the difference between an emotional response and an objective decision.  And if my role leading the UN's work in Eastern Africa, I've placed a need for routine, accurate, strategic intelligence data at the core of our business.  We can't give good country level and regional policy advice if we don't have good data.  And good data sourcing without the ability to assess, analyse and exploit it is, at best, wasted or at worst, dangerous.

Some years ago, I led the UN's policy response to cyber‑crime and my colleague led our operational programming globally.  And I can remember so many meetings and conversations when we met ministers around the world who saw cyber‑crime as a future threat.  None of us consider cyber‑crime to be a future threat now.  It is the here and now everywhere.  And just recently, a country in my region, at in Eastern Africa, suffered a devastating cyber‑attack.  It only lasted for a few hours, but the impact was significant.  Electricity failed in some regions.  Payment systems in shops failed.  The economy stalled.  This was, without doubt, a national security incident and an international security incident.

And so we need good law.  We need good policy, nationally and internationally, to create the means to assess the threat and to prosecute offenders and to hold to account those who seek to undermine development and cause harm.  And we need it now.

I'm deeply encouraged by the work being done by UN Member States under UNODC's stewardship to Craft the new cyber‑crime Convention, and the interventions of non‑governmental organisations and civil society and academia are absolutely critical in this debate as well.  This is diplomatically hard and many countries have divergent views, but most worryingly for me is the lack of involvement of countries in my region, in Eastern Africa.  The Convention work is as important for Africa as it is for Asia, Europe, and the Americas.  So, it is incumbent for all of us to create a supportive, nurturing, challenging environment for those who should engage and get the best out of this debate that are currently absent.  We need to use our collective skills to bring them and their insights, their experience and guidance to support and mentor those who are yet to step into these areas in necessary depth, because we all know that if we don't fill this space, others will.  Others who don't have our good peaceful intent at heart, others who will seek to harm and to exploit.  And that's why it's so important to talk together about the Rule of Law for Data Governance.  We need to talk to one another and, most importantly, friends, we need together aively listen to each other too.  That's what the public, the people we serve expect from us, and need from us.  This is preventive diplomacy in action.  And that is why today's event right now is so important.

So, friends, I want to thank you once again, to the IGF, to the Cyberspace Administration of China, and Normal University for inviting me to speak with you.  I really wish I could be sitting with you right now.  But most importantly, I want to say an enormous thanks to all of you who care about the topic.  It's seriousness and the consequences if we get it wrong.  So from the middle of night in Vienna, thank you for listening, and I hand it back to you in Kyoto.

>> MODERATOR: Thank you, Mr. Walsh for your wonderful sharing.  Now let's turn to professor Juanee from University of China for his speech.  Professor.

>> Thank you very much.  IY Wang: Thank you very much.  Mr. Speaker, my final panellists and my distinguished audience, it is quite an honour to have this opportunity to share some of my thoughts on data governance today.  I would like to provide a brief overview from the dual perspective of a participant in the legislative drafting process and the legal scholar in China.  I will discuss some of the consensus reached by the community of data governance and the latest progress.  They are divided into the following two sections: Personal information protection and corporate data governance.  In terms of personal information protection in China, the civil code of the People's Republic of China has taken the lead in providing (?) for personal information protection.  (?) under the right to personality section.  Since information technology has pose the new challenges for the protection of personal information, after the enactment of the civil code, the personal information protection law of the People's Republic of China has overall continued its provisions of the civil codes relevant to articles, but with most specific views, we in the existing framework, China's legislative model of dual protection for personal information through civil code and the personal information protection law exhibits several unique characteristic.  Firstly, the civil code distinguish between the right to privacy and the right to personal information protection, making the boundaries between the two clear.  Traditional privacy rights primarily address one‑to‑one infringement.  Well, personal information protection pile marginalised deals with larger scale, micro‑level infringements.  Secondly, the civil code provides a balance between the protection and out Liisation of personal information.  The personal information protection framework initially originated from the (?) of personal information by government agencies.  However, today, technology companies especially (?) platform have become the primary actors in information processing.  Therefore, personal information protection should be subject to adjustments (?) systems.  Moreover, signify code also ‑‑ civil code also places safeguarding personality rights (?) the personal information protection law together form a legal framework with Chinese contradiction in legal practise ‑‑ characteristic in legal practise.  The second topic I'd like to discuss is the civil code and the cooperate data governance in China.  In today's word, world, (?) is widely recognised (?) the way approach the legal framework of this (?).  Should (?) be discussed in the context of intellectual (?).  And emergent and the important consensus in China (?) there are many types of interests that can be associated with data, not limited the to the personal and the property interests typically associated with intellectual property.

Based on this (?), the civil code (?) including the multipart provisions in civil law as object of legal relationships.  The Chinese academic community shares the following three points of consensus of the (?) and the most important differences between data and others such as the tangible and the real property.  The first (?) that data is non‑exhaustible and able to be repeatedly utilized.  The second characteristic right when it comes to collection and the utilization, data can be collected and used in parallel among multiple actors.  The third characteristic is the complexity of the types of interests that data can carry.  It can potentially carry both personal and property interests.  They as such share the notions the (?) academia and practise is how the law allocates property interests above it.  Typical example is disputes caused by (?) in China, there are (?).  One is property rights and they resolve disputes through property rights.  The other is to excise the result (?) legality of behaviours.  However, given two models differ, they still need similar outcomes even (?) general property rights such rights are often restricted and excise is granted to either parties especially ordinary users.  Similarly, establishing legal use for relevant actions also requires the findings of boundaries of rights for different entities if.  In my personal opinion, it is inevitable to establish property rights over the monetary interests carried by (?) but the (?) rights that cooperations enjoy may vary in different contexts.

As far as I'm concerned, governments around the world share similar (?), governance practise will provide valuable reference for other jurisdictions.  This is all I have for today's forum.  Thank you very much.

>> MODERATOR: Thanks professor Wang for sharing.  With new perspective.  Next speaker, let's invite deputy chief engineer from China academia of information and the communications technology.

>> Good morning, everyone.  I'm here today to talk about China's framework of transponder data flow monument.  At present, I think it has become a key strategic resource, major countries in the regions in the world had implemented different degrees of the risks ‑‑ restrictions on the cross border data flow and have constructed their own cross‑border data flow management systems.  However, the international community has not yet formed general consensures on the specific regulatory rules of cross‑border data flow and there are mainly three models: The United States, the European Union, and the emerging countries.

China has always promoted cross‑border data flow in accordance with the law and had basically established framework based on the rule of law.  Since 2016, China has established the three ‑‑ past three legal system with cyber‑security law, data security law and the personal information protection law as a top‑level design.

And the data export security assessment measures personal information export standard (?) measures and detailed rules for the implementation of personal information protection certification as a supporting rules.

In accordance with past three legal system, China has promoted supervision and control of cross‑border data flow in an oddly manner.  In particularly, member of (?) have been formed in the security assessment of outbound data.  At the same time, China's local level has actively (?) the pilot of data outbound promoting the safe and orderly cross‑border data flow and the (?) data elements.

Next, I would like to introduce three ways of Chinese data export.  First is safety assessment.  The three + three legal system is established as a basic requirement that the data export of import data certain amount of personal information must pass a security assessment.  Secondly it's a standard contract, which is formulated by the Cyberspace Administration of China and signed by the information ‑‑ by the personal information processor and (?) recipient.  Stimulating the rights and obligations of both parties.

Third is protection certification.  Protection certification is an active in each professional institution approved by CAC, conducts comprehensive evaluation of the personal information protection and manument measures of personal information processors in accordance with regulations.  If the (?) meet the requirements the institution will issue a certification mark to the processor.

On the basis of the 3 + 3 legal system, China has further explored an innovative to promote the orderly cross‑data flow.  Recently, the state Council of China issued a special document on foreign investment.  The title is "opinions on further optimising the environment for foreign investment and increasing the efforts to attract foreign investment."

 

The document propose to explore convenient security measurement for cross‑border data flow.  We will implement requirements of the cyber‑security law, the data security law and the personal information protection law, establish a green channel for qualified foreign invest enterprise effectively carried out outbound (?) assessment between data and personal information and promote a safe, orderly and free flow of data.  On September 28th, the CAC drafted special regulations on the cross‑border data flow to solicit public opinions aiming to further promote the orderly and the free throw of data in accordance with the law.

Distinguished guests, China has always opened its door to the development as a digital economy and actively engage in international collaboration.  In the face of the development as a global digital economy, China will continue to regulate cross‑border data flow in accordance with the law and adhere to the region of building a community of shared filter for mankind and the share the dividends of digital (?) with other countries.  Thank you.

>> MODERATOR: Thank you, Mr. SHI.  Now let's welcome (?) of UNESCO, media and information literacy alliance and the past President of University of Veracruz Vienna.

>> JESUS LAU: Hello.  I would like to say thanks to professor Wu of Beijing Normal University and to CAC for the invitation to be part of this panel.  My paper is called naked arrests not for data, challenges and opportunities in Mexico.  Citizens in Mexico, in Latin America in general, have legal and de facto options to naked arrests.  In other words, they have the right to law to restrict a combination in cracking of the digital further steps in cyberspace.  Mexico has a sound legal framework to protect individuals' privacy.  Data protection is in turn in article 6‑16 of the Mexico Constitution as well as in the federal law of the protection of personal data held in private published in July 2010 and regulations published in December 2011.

The Mexican Rule of Law for Data Governance first set of principles in practises that ensure that data within an organisation or society is managed and governored in a fair, transparent, and consistent manner in accordance with established laws, regulations and ethical standards.

The authority responsible for data protection is the national institute of transparency, access to information and personal data protection, the current designation is INI.  INI oversees the law and has a primary focus on disclosing governmental activities, (?) and public information as well as protecting personal data, individuals' right to privacy.

INI has the authority to conduct investigations, review in section data protection, controllers, unauthorised oversee and revoke certifying enTys.  They are responsible for informing and educating national and international corporations with commercial activities in the Mexican territory about their obligations regarding the protection of personal data.  Among other responsibilities, it must issue relevant guidelines for the content in the privacy notice in cooperation with INI.  However, there are many challenges in Mexico such as data breaches, hackers targeting private data, (?) pose as significant threat.

Number two, data protection (?).  Number three, government ethics ensuring ethical and decision‑making within the government is essential.  Social media cracking.  Social media platforms are (?) for marketing purposes and sometimes this can be annoying.

Number five, limited data (?).  Many citizens lack the necessary skills to understand Internet and effective use of data.

The last challenge, in other words limited data literacy, is certainly the most important because it can help address the rest of the challenges.  Mexico looks to foster data literacy among its citizens empowering them to understand Internet and effectively use data in today's artificial intelligence‑driven world.  To address these challenges, the country number one, raise awareness.  The most importance and benefits for personal and professional development.  Number two, simplify complex data.  Develop strategies and tools to make complex data more accessible and understandable.  Number three, manage data overload, provide guidance on how to navigate and instruct meaningful insights from large datasets.  Number four, overcome (?), ensure the technology and offer training on data analysis tools.

Number five, address data quality, promote data quality techniques for cleaning and processing data.  Number six, statistical and mathematical concepts, offer (?) relevant to data analysis.

Number seven, emphasise data privacy, educate individuals and organisations on responsible data (?) and privacy compliance.  Number eight, expand the access and availability and access for all citizens.  Number eight, promote change in (?) adopt data‑driven decision‑making and foster a culture that values data.

Number ten, address control (?), provide support, resources in a conductive ‑‑ conducive culture for data literacy.  Number 11, and last, advocate time and resources, invest in training and development of data literacy skills (?) time and constraints.

Conclusion, (?) in training are both individual and organisational levels is essential.  This (?) offering courses in data and algorithmic (?) analysis, tools and resources.  Enforcing a culture that values data‑driven (?) awareness about the importance of data literacy can motivate individuals to acquire skills in making informed choices about the digital presence in cyberspace.

As a summary, according to ‑‑ the main message is that we need to offer data literacy training for our citizens.  Thank you very much for this opportunity to speak at this session.  I wish you success in the following sessions.

>> MODERATOR: Thank you, professor LAU for your wonderful words.  I give the floor to the next speaker, CRO and CFO of alley Baba Claude intelligence group.  Please.

>> Thank you.  Ladies and gentlemen, friends, good morning.  It is a great pleasure to participate this workshop and exchange ideas with you all on this topic.  Today, our lives and the work are (?) like never before.  Indeed, data as a factor of protection has emerged as (?) for economic development.  Chinese President Xi Jinping stated we need to build a data economy with data as a key factor, boost the integrated development of the data economies.  And the further integrated Internet, big data and other facial intelligence with a real economy, as one of the earliest Internet companies in China, Ali Baba has benefited from the Internet technology and from opportunities all for the (?) times.  It is from this standpoint that we wish to share our experience in the field of data governance.  Data is a key factor of the digital economy.  Ali Baba and sentec enterprise starting with e‑commerce has empowered (?) and the products to meet the (?) in China.  Since its establishment, Ali Baba has played an integral part in establishing connections between more towns and the consumers throughout data.  This data have made commercial operations matter, information more transparent, and the adjustment of supply and demand structure more efficient.

It has also served dataset we help build a system in transsections.  They Ali Baba serves 1.3 billion consumers worldwide, and we work to continuously create greater value for customers and civil society.

In 2009, the first line of code was written for Ali Baba cloud's self‑developed cloud operation system.  After 14 years of tireless efforts, our data‑centric cloud computing platform has grown into a front‑runner worldwide.  In the a of cloud computing, both individuals (?) enjoys the benefits of the data economy.  MiHaYu is a gaming company that took shape at the Shanghai university in 2011.  It began to utilize Ali Baba cloud computing service when there was there were only eight staffers in the company.  As of June 2023, the net profit of this young company reached nearly 2.27 billion US dollars.  It is fair to say that MiHaYu is a true data enterprise.  Its success is micro‑come of this era in which numerous innovative enterprises and Ali Baba cloud are futurely reinforcing.  The value of data is unlimited, not only for business but also for public services.  There is Asia games yin han Jo that just closed earlier this week.  For example, cloud computing supported three core systems, game management systems, results distribution systems and game support systems.  Ali Baba cloud also enabled the seamless integration of these core systems, and proved the intelligent applications such as procasting and even communications.

With technical support of Ali Baba cloud, we can (?) event became the firstation game on the cloud ‑‑ Asian game on the cloud.

As an Asian Chinese says it (?) without norms or standards.  With a reputive development of a data economy, data has played a vital role in promoting economic and social development.  However, it has also posed challenges to the protection of personal information, intellectual property rights and network and data security.  In the cyberspace, therefore, promoting law‑based data (?).  We believe effective (?) will be better to facilitate data flow.  Likewise, the free and secure flow of data within the framework of rule of law will give full play to the strengths of data as a factor of protection.  On the one hand, as a unique factor of production, data can be utilized repeatedly by different apparent since their inclusiveness.  On the other hand, data can generate different value in different scenarios as the generation and utilization various stakeholders (?) effect.  For this reason, Ali Baba cloud has vacated the whole process management of data throughout their life cycle.  Looking ahead, we look ‑‑ we would like to continue to participate in efforts to advance the rule of law in regard to data governance in the state of ecosystem.  We face both opportunities and challenges in the area of AI.  AI is one of most innovative cutting‑edge data technology in the world.  As a high‑tech Internet enterprise, Ali Baba cloud launched a large language model in 2019 and is the latest iteration it was made available to the public recently.  In the future, we will launch different partnership programmes and the endeavour to create more enterprise‑specific models to ensure that every industry can better share the fruits of intelligent development.

In the new era of intelligence development, we as a benefiters of the advancing AI face certain risks and confusion.  In response, the Cyberspace Administration of China together with six other authorities joined in July the measures for the administration of generative AI service.  The first of its kind globally.  It provides a definite legal environment and basis for the development of AI in China.  In line with regulation, Ali Baba then released management system for risk review, introducing three principles of responsibility AI namely availability, reliability, and credibility.

We hold that AI technology should serve as the interest of humanity, be advanced and staple and the protect personal privacy and the data security.  Here, we would like to make three proposals.  First, establishing high‑quality university public.  Second, developing standard system and the precaution system of data security for opposing discrimination, safeguarding the rights and the interests of women and children.  And third, actively carrying out the international exchanges and cooperation in the field of data governance to promote global norms in this regard.  Thank you.

>> MODERATOR: Thank you.  Thanks again for all speakers of the first session.  Next second session round the table.  The moderator is my colleague Wu Shenkuo.

>> WU SHENKUO: Thank you very much, professor.  Let's move on to the second session of the roundtable session.  Please remind you that each speaker can have 7 minutes.  Firstly, let's welcome Mr. Thank you.  Yu, Director of the research centre of China academic of Information and Communications Technology.  Please.

>> Thank you, Mr. Wu.  Distinguished guests, friends, good morning.  First of all, please allow me to say hello by Japanese.  (Speaking Japanese) this is the first time for me to be here in Kyoto.  This is the nice city and beautiful place.  More importantly, it is my great honour to speak at this forum.  I am Fung Yu.  Which refers to CASAT, a think tank in China engaged in research related to the (?) of network.  Now I'm in charge of the Internet law research centre.  My centre mainly started the issues related to network legislature and has participated in several important legislation in China.

At the think tank, we carry out some basic research, especially on carting age legal issues.  As we all know, the current digitalisation of our word is one of the key treats of the 21st Century and it is fundamentally changing the way we live and work.  Digital economy is developing rapidly.  The Internet is now an indispensable global public good.  We need new laws and regulations to govern the cyberspace.

Mr. Taun Li has given an overview of the China's cyber‑law system, which is very impressive.  Meanwhile, digital economy is driven by data.  So I think data law is absolutely an important part in this system.  The issue of data legislation is widely Kearned by all ‑‑ concerned by all countries in the world.  In China, we generally divide it into three aspects: Data security, personal information protection, and data value.  First data security means to use legal measures to ensure the effective use of data without affecting national security and social stability.

To reach this goal, we need to make data classification and protect different types of data by different means.  It covers many factors, but in which the issue of cross‑border data flows is very critical.

This topic has been explained in great detail, so I will not repeat it.

Second, peril information protection can be said to be the fumal rule saying that developing of the digital economy, and most countries are faced with contradiction between personal information protection and personal information utilization.  The European Union wants to balance them by the famous GDPR, and many countries have developed their own personal information protection laws with reference to the EU approach.

China has a long history of personal information protection practises, and in 2021 adopted China's personal information protection law, which provides a China he's plan for the protection and usage of personal information.

Last, is the issue of data value.  This is quite essential for the digital economy, but there is not ‑‑ there are no proper solution to this problem.  And China is actively starting and exploring it.  China has taken the lead in recognizing that data plays a fundamental role in the development of the digital economy.  And encourages it to give full play to essential role.  However, many people are still deeply discussing the issue of data rights, hoping to determine the ownership of data through a legal framework to further realise the value of data.

Distinguished guests, friends, I believe that data governance is an issue which needs to be started for a long time in the background of digital economy.  I hope that countries around the world can work together to make progress, especially through discussions under the framework of the United Nations and other international mechanisms.

So as to jointly improve the level of data governance and share the benefits of the digital economy development.  Thank you for listening.

>> WU SHENKUO: Thank you very much, Mr. Truck for your wonderful point of view.  Now I give the floor to SAKA Director of European centre for international political economy.  Please.

>> Special Coordinator HOSUK Li‑MAKIYAMA: THANK YOU FOR THIS INVITATION TO MAKE THIS VERY BRIEF INTERVENTION AND as a legal scholar that has studied global governs governance of data governance for 15 years, I'm very honoured to open my observation on this very typical topic on the rule of law because despite all the self‑evident cycle and developmental benefits that we have heard today in this panel as well as in other forums of IGF, it is well understood that the cross‑border data flows has raised many important questions regarding rule of law and especially in the context of international law and when the Internet and the data economy emerged two decades ago, the primary question used to be and it's to some degree still is whether we can avoid Internet becoming a legal void jurisdictional par moanious if you like, and to date which I think this concern has pretty much been addressed and the issue has been less about determine determinational and legal forum as was believed, as very often the legal questions around new innovation tend to be very, very different that we mentioned them at the onset.  And many jurisdictions have actually expanded their reach and the legal basis with some form of (?).  Many speakers already commended the EU GDPR as a model or a template for many laws that have followed, and I think EU GPD GDPR is a good authority as it's based on the citizenship or residency of the data subject rather than the object which is the case in many other laws, and it has also established a practise of jurisdiction based on the citizenship or the passport or the physical placement of the data subject, which has ‑‑ (?) and the ecosystem turned out to be more insulated perhaps than it was believed.  We have seen that due to cultural and linguistical reasons, Internet has actually much more local flavour than we expect them to have.

And due to the delivery of the data economy, which is so contingent on fiscal continume, for example, local payment systems, banking and ‑‑ or physical delivery of the transsection, we can also see that there's a natural tendency where these jurisdictional question have been resolved.

And despite the use of the issue associated with cross‑border compliance and enforcement have actually been quite moderate, and to some extent, it is thanks we have seen, for example, under the COE, the Convention on cyber‑crime, but first and foremost it is notable how basic liability principles or contract or criminal law have actually applied equally online as well as offline in Europe and many other jurisdictions.  And increasingly, online services are also subject to various types of licensing and notification requirements, meaning that actually the jurisdictional question has been resolved and also the rule of law has been territorialised at onset.  And if that is the development we have seen in the past to first two decades of the digital economy where we have seen the evolution but legal doctrine which is based on personal information and data management that we know today, it can also see that the current evolution in terms of rule of law on the Internet is quite progressive where we have seen qualification of in many instances laws and executive decision and codification has also led to more legal clarity as more and more laws are actually transparent and actually written down rather than executed as Executive Orders, we see that there is an improvement of the rule of law.  However not all actors may necessarily share the desirability of this clarity or these outcomes that the laws have enabled.  So, for example, if I just would take an example from Europe once again, Europe has introduced a digital services act, digital markets act and data act or EU cloud services scheme, which all have shifted the investigative ex‑post legislation, for example antitrust enforcement, ex anti‑approach through regulations rather than investigations.  And elsewhere we see cyber‑security laws that have provided more legal priority with clearer legal basis distinguished in different cases and practises.  And once again, better clarity is always desirable and ‑‑ but some may simply disagree with the rules.

We still see issues with national treatment, so critics say that the EU laws are very arbitrary thresholds of what high‑risk practises entail and therefore it is very selective in its legal scope.  And in fact, many thresholds are naturally ambiguous and subjective.

I think there was a disruption in my connection, but I'll try again.  As I was saying, many thresholds that are naturally ambiguous are subjective, and that's basically the nature of the Internet law itself.

And it is foreseen that case law will provide further clarity on these issues, and but given the dynamism of the legal systems on ‑‑ of Internet law as a subject, the question is whether we will be required to change the legal framework and update them before any case that actually einvolves.  This is the risks of governing fast‑paced technology, which we all have to live with.

And this basically leads to a final point here that there is a universal problem where enforcement ages have a national disadvantage in understanding the current practises and ‑‑ but not necessarily enforcing their rules.  Transparency, of course, is synonymous with accountability and I think the current trend shows user patents rather than mitigating actual potential risks associated with data flow or inadequate infiercement and I think that IGF hosts of this year, Japan, has taken significant steps here for the global community by taking the initiative for the institutional arrangement under the G7 on the DFT which will enable governments to study issues and causality and best practises for better data governance.

And to basically wrap up, history and the future of cross‑border governance of data flows has been characterised by friction of obligations rather than perceived conflict of laws or values.  Different legal system are founded on different societal values, and despite these differences, it is evident that the (?) outcomes in their digital economy and try to address similar issues.  And however, these are ‑‑ may have very different commercial consequences if you look at the individual companies.  A foreign disruptor in one country is actually incumbent and national champion in another country.  Some objectives of policy create very different winners and losers.  This is not necessarily a product of diverging values or objectives.  And (?) can only be resolved through mutual cooperation and ‑‑ such as mutual legal assistant treaties and many of the privacy laws have built‑in transfer mechanisms.  MCC has been mentioned several times under the course of this path, but also adequacy decision and these mechanisms for expedited data sharing can enhance collaboration amongst agencies.  However, enforcement can only be guaranteed by governments, not by private actors.  And this is an understanding which is the basis of the European model and many other legal model we see across Asia.

So, impetus comes from Harmonisation, alignment and laws and especially on data protection privacy and security rather than establishing a common international standard or voluntary or trusted global frame works.  And I think we see that the equivalent decisions and other fundamental mechanisms are actually 100 per cent legal in their nature.  Trust is a matter of question between governments and people, but it does not necessarily relate to the data.  It's a function of equivalence rather than between two jurisdiction rather than a function of trust and here's where many open data advocates tend to talk ‑‑ prefer to talk about trust rather than equivalence between tween laws.  Though it may be fictionary conflict that we see around trust where we see, as once again that many agencies around the world are actually working towards similar goals, despite having very different societal backgrounds.

Thank you so much, and I'll pass the word back to the panel.

>> WU SHENKUO: Okay.  Thank you very much for the interesting sharing.

Next we have misWang Wang from research institute.  Please.

>> Good morning, everyone.  I'm from research institute which is a research platform focussing public policies and digital economy.  I'm very honoured to participate in the IGF data governance forum.  I guess that everyone must be impressed by the extraordinary accomplishments that China has achieved just as Taun Li deputy Director introduced to us.  Now I would like to share the China's personal information protection from the perspective of corporate compliance practises.

First, I would like to share some interesting findings.  So, for the purpose of corporate compliance, the research institute compared the provisions of China's personal information protection law referred as PIPL, promoted in 2021 with the European Union's general data protection regulation as you know, that's GDPR.  Through comparing these two laws, we found some interesting findings.

The first, China's PIPL is fully integrated with the international general of personal information protection represented by GDPR.  In terms of legislative model, China's PIPL adopted a globally model which is very comprehensive and universal legislative model.  That is applicable to all sectors, not only to private sector, but also in public sector.

And third, in terms of the law's content, specifically, the PIPL introduces a basic rules including the legal basis of data processing, the rights of data subjects, the obligations of data controllers, and data processors.

Finally, in terms of strictness of rules, China's PIPL is basically matches the EU GDPR standard.  In some aspects, China's PIPL is even more stringent than GDPR.  So, as we conclude there still some difference between the PIPL and the GDPR, but in generally speaking, the China's PIPL is highly compatible with international legislation standard.  The strict PIPL in line with international standards, we will bring full benefits to the healthy development of platform companies such as Tencent.  Companies will fully embrace the implementation of law with a positive attitude.  It is constructive to help the industrial industry to build trust through legal system protection.  As you know, rebuilding consumer's confidence and security trust is one of the core issues in the digital society.

We believe the legal system itself undoubtedly plays an important role in now.  As data processing scenarios become more complex, data flows between different institutions increase dramatically through the legal system, (?) find the legal responsibilities of different market players in different aspects of data processing is very constructive to accept ‑‑ to establish data protection ecosystem.

So, based on our business, Tencent relies on systemic tools to implement data privacy compliance work.  Tencent is one of the earliest Internet companies in China to explore personal information protection and data compliance.  We emphasise technology itself to empower privacy protection.  We have developed the (?) platform to establish comprehensive technical capabilities to facilitate our service to fully comply with the privacy protection requirements.

In addition, Tencent continues to development privacy technologies such as federated learning, trusted computing, and a secure multipart computing, to explore more technical solutions for personal information protection in the whole life cycle of digital service.

In the practise of implementation of the PIPL, Tencent continues to improve products transparency giving our users more choice and control and provide one‑stop privacy solutions for our users.

Beside that, we have established an integrated response and processing mechanism to ensure that users' personal information rights requests are responded in a timely and effective way.

So, in a concluding, just as we advocated of technology for good, we hope that our products and services themselves tried to take advantage of technology to do good and build up the consumer's trust.  That's all.  Thank you for listening.

>> WU SHENKUO: Thank you for your sharing.  Now, let's welcome Mr. Zho Vice President of Ali Baba cloud intelligence group.

>> Thank you, ladies and gentlemen, friends.  Good morning, everyone.  It's my honour to participate in workshop in Rule of Law for Data Governance and share my ideas on this topic with all of you.  The Chinese Government has always adhered to the principle of governing the Internet in accordance with law to promote the (?) and orderly development of the Internet.

The rule of law on the Internet is not only an important way of digital governance but also an important outcome of digital civilisation of advancement.  Ali Baba has done a lot of work in data governance in line with national laws and the regulations as well as international initiatives.

Practise of Ali Baba cloud in data governance, Ali Baba cloud intelligent groups has been committed to the cloud best data governance for years, relying on self‑developed system which privacy clients from more than 200 countries and regions worldwide with cloud services such as computing, storage, networking, data processing, and a security protection.  The group has explored a complete state of (?) for data governance.  In terms of compliance governance, as a company that provides cloud computings services for the public, Ali Baba cloud has worked to improve data compliance governance and has become a cloud service provider with the best qualification in Asia as well as an industrial leader in protecting data security and privacy of cloud computing.

As early as 2013, Ali Baba cloud passed ISO 27 found and CSA star certification and a letter passed PCI DSS certification in the financial field.  In terms of technical guarantees, Ali Baba cloud continues to strengthen technical guarantees for data governance of the cloud platform.

First, Ali Baba cloud has classified various types of data on the cloud and ensured data security in the usage entry and exit and other situations by taking advantage of technologies and stepping up operation and maintenance system.

Second, Ali Baba cloud has established where functioning disaster recovery system and redundant systems for cloud computing, networking, storage of data.  Several disaster recovery systems has been built such as active in the same city, backup data in other cities in case of disaster, multi‑backup in multiple cities, two places and three centres and so on.

Third, in terms of infrastructure, Ali Baba cloud has established security compose over data with regard to its storage encryption, transmission encryption and cross‑control ensuring data security of multi‑tenancy in cloud computing.

As for the policies part, Ali Baba cloud took the lead in launching a data security initiative in 2015 stating that a customer's assets, cloud computing platforms cannot be used for other purposes.  Rather, platforms have the obligation to help protect the privacy, integrity and availability of client (?).

The initiative also heard that cloud computing platforms should provide a privacy and a data protection framework and a scheme for cloud users.

In 2021, Ali Baba cloud released the data security and the privacy protection white paper, which introduces the best practise of Ali Baba applying cloud computing to safeguarding better security.  Efforts in security protection involve physical security, data storage, networks transmission, computing security, as well as backup and disaster recovery.

Data governance for the large language model, LLM: Recently, Ali Baba cloud officially launched our LLM.  This is a next‑generation model for enterprise users.  It can understand complex instructions, engage in multi‑round dialogue, right‑copy, understand multi‑model inputs, and support multi‑able languages.  So it can be applied in, for example, planning office administration, shopping, recommendation and home design to help customers raise efficiency of their work and services.

What's more, enterprises can build their own LLM models by 2027 to develop more enterprise level applications.

We believe that data governance for LLM determines the scope and the depth of LMs application.  Therefore, R&D and application of AI have always been pursued under the guidance of principles of availability, arrivability, credibility, and controlability in Ali Baba cloud.

That's all.  Thank you.

>> WU SHENKUO: Thank you for your profound insight.

Now, I would like to give the floor to Mr. Yu, professor of university.  Please.

>> Thank you, professor Wu.  Good morning, everyone.  It's my honour to have opportunity to share my thought speech here.  I'm calling from the university.  What I would like to talk today is a simple issues is how the issuing of security of corresponding data flow through the legal internments.  In modern society, the economic and (?) data has become crucial element of national development of digital economy.  The combination of traditional and digital business has changed to a (?) model of the real economy.  As well the businessic condition of international digital economy development.  So cross‑border data flow is not just a matter of da massca data regulation and the commercial utilization, but also a complex issue that in fact the promoting of global digital economy.

In recent years, we can see that more and more countries, regions and international organisations in China has tried to export safe and transverse model for transporting data flow through domestic and international treaties.  However, at the same time, there are also many controversial needs to be solved urgently.  In this context, we can see that China has actively promoting the governance (?) cross‑data flow.  However, here is a misleading in the international government's activities which is to encourage the cross‑border data flow without restrictions.  But perhaps their original intention was to achieve a border and the more efficiency data flow effects but the key is they failed to understand the relationship between the data security and data flow.  Now, it's worth mentioning that in the article 1 of the data security law in China, the government's idea of data is to ensure data security and to promote data development and utilization.  In summary, it means pay equal attention to safety and utilization.

So, we agree that pursue cross‑border data flow without paying attention to data security is not only fail to realise the value of data but also breeds security risk such as data linkage and theft, leading the reduction of the economy value of data resources.  So, in the international community, there is a real of China follow the data control path which is essentially politicalised, the issue of data security.  That is because we don't have a unified standard for the international corresponding data flow around the world.  Multi‑relational cooperation always have comply with different domestic laws and the international agreement.

So, there's no denying that the national state of security and the citizens' personal privacy are generally recognised primers for cross‑border data flow.  Furthermore, across the global, there's no country allowed cross‑border data flow without any condiction.  And the more country domestic law put data security and national security as a first place.

So, what I want to emphasise is China isn't on an open and cooperative governance model for corresponding data flow.  It's not an (?).  China's domestic law has created four categories of rules for cross‑border data flow, which includes (?) data transfer, standard contract for the cross‑boarding data transfer and the rules for special areas.  So, all above these rules are supported by the corresponding laws and the regulations.

Moreover, a few days ago, Chinese regulator authorities just released the regulation regulating and facilitating the cross‑border data flow.  There's a draft for comments.  This further refined China's governance framework for cross‑border data flow and the response practical issues with social general concern.  For example, the draft clarified that the outbounding data transfer does not require security assignment, standard contract also security certificate occasions, the non‑(?) such as international trades, academic, corresponding and market influence activities.  So Chinese supervision systems for cross‑border data flow is not simply to restrict data export but to better protect and promoting data exports.

So Chinese legislation has established DRC ‑‑ diverse channels for various industrial and enterprise.  But also in line with international rules on the cross‑border data flow.

So all of these help multinational enterprise to solve practical problems for repeating the compliance, multiple compliance, even (?) compliance the processing of outbounding data transfer.

Further, I hope we have reached a consensus that the governments of governance of data especially the cross‑border data flow cannot ignore data security, nor can it set too many restrictions for security.  The concept of a security and utilization coexistence in China data governance system often China approaching to solve the problem of cross‑border data flow.  That is all I wanted to say.  Thank you.  Thank you, professor Wu.

>> WU SHENKUO: Thank you, professor, for your wonderful words.  Due to time limitation, we have to conclude this forum.  We hope to have more in‑depth exchange and discussions in the future.  Once again, we would like to thank all guests and friends for your efforts to contribute to this Open Forum.  We also would like to thank you in IGF for providing us with a most relevant dialogue platform.  This Open Forum is concluded here.  We invite all of you to have a photo group here.  Thank you.

(Applause)

(Session concluded)