The March 1, 2022 Groundbreaking Chinese legislation has entered into force that aims to regulate the algorithms used by Chinese tech companies for profiling and content recommendation activities.
New Chinese privacy law, which Italian companies working with China should know about
Between privacy and IT
The discipline (is a Regulation issued by the China’s Cyberspace Administration (CAC)) is at the crossroads between privacy, antitrust and IT law, with the Chinese legislator regulating the effects of these algorithms on users’ lives and web experience on the one hand, and on the other imposing greater transparency for operators and ultimately, enforces a “fair” use of algorithms in a competitive market.
Cybersecurity: What is the defense-in-depth approach and how to implement it?
It goes without saying that this new innovation further complicates the already fragmented Chinese regulatory framework in terms of the right to privacy, which is already a “victim” of the overlaps between the discipline of cybersecurity and the discipline of personal data protection, with the three giants constituted by the Cybersecurity Act (CSL – of paramount importance), Data Security Act (DSL – entered into force on September 1, 2021) and Personal Information Protection Act (PIPL – entered into force on November 1, 2021) and numerous detailed, mandatory or optional rules.
This vertical complexity of legislation is associated with the horizontal complexity of various local disciplinessuch as the legislation for the protection of personal data adopted in Shenzhen of January 1, which, although it purports to be a detailed declension of the Data Security Law, actually involves even more complexity in the already unequal Chinese regulatory context of the sector.
The main news
The main innovations of the Chinese discipline that came into force last March, the so-called “Algorithm Regulation“, are as follows:
- the algorithms used to profile and recommend content to users must be used in accordance with the law and without endangering national security;
- Algorithms cannot be used to evade government control or for anti-competitive purposes.
- services that use algorithms to recommend content, services or products to their users must not provide unauthorized information and they must not spread fake news;
- the use of recommendation algorithms must be accompanied by a transparent information users as to the basic principles, the purpose and the main mechanisms with which the algorithms operate (the discipline seems stricter, at least according to the letter of the law, compared to the European one that distinguishes the information charges limiting the most incisive those for high risk artificial intelligence);
- users should be able to “control” the algorithm by selecting and deselecting i marking on which the provider is based to profile the users of its service and also to be able to exclude in toto recommendation services through algorithms;
- special attention is given by legislation to the “safe use” of the algorithm in if the user is elderlyprotecting you and protecting you from fraud, but also in case the user is a smallercausing the algorithm to promote benefit of contenti for the health of body and mind.
The legislation also prescribes a series of requirements regarding the technical measures and management systems of the algorithms used, paying attention to technological ethics and the protection of data and user information security.
Chinese legislation also requires the adoption of anti-fraud measures in the telecommunications sector and emergency response mechanisms for security incidents.
are then planned mandatory code review mechanisms on the basis of the algorithm, to be carried out frequently, both with regard to the functioning of the algorithm and with regard to the moderation of “illegal and unwanted” content
In particular, the discipline focuses on “illegal” content prescribe the same they must be stopped immediately and their propagation must be avoided.also reporting the incident that occurred directly to the Cyberspace Administration of China.
The algorithm and “positive energies”
Also interesting is the provision that requires B2C IT service providers to use promote traditional values and spread”positive energies“.
The legislation speaks of promoting “algorithms for good“, Algorithms aimed at the common good that do not induce consumers to excesses or unbridled consumerism.
The provisions of the new legislation also include the usual rules regarding the protection of national security, to be understood in the broad expansion of the concept that is proper to the law of the People’s Republic.
The effectiveness of legislation
The course is intended for all operators who use algorithms for functions such as content generation, selection or synthesis, content recommendation, profiling, content retrieval and filtering or planning and decision making to provide end users with content and/or or information.
In fact, the main recipients of this discipline are the large Chinese providers of online services such as Byte Dance (the company behind TikTok and its Chinese counterpart Douyin) and tencent (the company that owns WeChat, the leading messaging service – and more – in China).
However, a gradual approach would have been more suitable depending on the size of the company using the algorithm and its nature (the latter choice followed by the EU in the proposed Artificial Intelligence Law), but evidently Beijing is counting on selective discipline enforcement and in the limited extent of sanctions (which, if imposed on a large company, echo on the Chinese web, if imposed on a small company, they have no repercussions).
Clearly the law applies also for foreign companies operating in China directly or indirectly addressing those who, in accordance with community regulations, would define consumers. These companies cannot expect special treatment from controllers and will face the difficult challenge of use “explainable” and defensible algorithms in front of Chinese controllerwithout being able to “hide” an essential technological part of its activities because it is kept in the homeland.
Baidu also specifies that it has installed an independent system to control the information used for the personalization service by the user, which allows it to refuse the personalization of recommendations by clicking an “x” in the margin of the personalized content and/or defining preferences to reject the personalization by standard.
Baidu’s new disclosure is undoubtedly interesting because it attests to the reactivity of Chinese web giants to Beijing’s dictates, and also because it betrays a still immature approach to privacy in China, with Baidu providing information that is still vague at some points, for example where states that the data from which the company derives its personalized recommendations includes “other information related to user behavior“Or where the company explains that it could collect data relating to the user’s device (e.g. screen size, type of device and software used, data that normally contributes to browser fingerprint to uniquely identify a subject) to offer him personalized content (always allowing the user of Baidu maps to opt out, but it is difficult to think that the average user understands the real extent of this intrusion on his privacy to offer him content and personalized offers).
As usual, when it comes to Chinese regulations, the reduced amount of fines is staggering, this time ranging from a minimum of 10,000 yuan to a maximum of 100,000 yuan (we’re talking fines between €1,500 and €15,000).
If these numbers are certainly not capable of frightening the Chinese tech giants, we must not forget that in the Middle Kingdom politics precedes the law and if the party’s choice is to make a decisive change in terms of algorithm transparency, then of course financial penalties will be the least of the problems for the country’s tech giants that flout Beijing’s guidelines.
Another element that should cause concern among the web giants based in the Celestial Empire is what concerns the investigation methods for investigating violations. It is evident, in fact, that in order to verify whether or not an algorithm complies with the discipline provided for by the new legislation, a truly invasive control operation will be necessary and potentially harmful to the commercial interests of the sanctioned subjects, obliged to expose industrial secrets.
Perspectives for the future
Even with the legislation on algorithms, the Chinese government offers a political program before a regulatory program progressive and increasingly structured interference in the technology sector.
The legislation promoted by Beijing contains those typical traits of Chinese legislation of recent years, which accompany a modern discipline in tune with the Western one, some peculiar traits, a choice for an instrumental use of legislation and for a educational/moral use of technology and law.
The Chinese Communist Party government has clearly outlined in recent years, and presumably will continue to do so in the future, its suspicious of the country’s IT giantscensuring opaque behaviors aimed at more liberal capitalism, disapproved of by the population.
In this way, however, the Chinese government strategically brings public opinion to its side in a battle that actually puts the most insidious actors in an industry that is inherently dangerous for Beijing under strict control (because it could create spaces of freedom invisible to the government). . ).
May 25, 2022 – 2:30 pm
Cybersecurity 360Summit: New Strategies, New Threats and New Defenses!
@ALL RIGHTS RESERVED