IGF 2019 OF #18 Personal Information Protection

Description

It is proposed to invite government officials, representatives of international organizations and enterprises, scholars to discuss issues on personal information protection, to call on the whole world joining hands to focus on to protect the legal right and interest of everyone. In this forum, we will fully exchange international experience, discuss practical solutions, strengthen international cooperation and jointly maintain cyberspace security. At the same time, we will introduce China’s achievements on personal information protection, expound our ideas on personal information protection, put forward China’s plans and contribute Chinese wisdom for personal information protection. (1) Provide in-depth exchanges on experiences and practices of personal information protection. (2) Discuss measures of personal information protection such as policies, laws and regulations, as well as technologies, and promote international cooperation and governance. (3) Initiate a proposal for personal information protection to further promote the construction of a trustful and sound network environment. (4) Promote and improve the legislation of personal information protection, raise the awareness of internet users, governments, enterprises and all the other stakeholders on personal information protection.

Organizers

Bureau of Policy and Regulations, Cyberspace Administration of China

Speakers

1. Gu Haiyan, General Counsel of Legal Department, Sina.com Technology(China)CO.,Ltd

2. Liu Canhua, Assistant Professor of  Institute of Law, Chinese Academy of Social Sciences

3. Liu Jian, Senior Legal Director of MeituanDianping

4. MarlenaJankowska-Augustyn, Assistant Professor of Department of Private and Private International Law, Faculty of Law and Administration at University of Silesia in Katowice

5. Tanja Boehm, Director of Corporate, External, and Legal Affairs, Microsoft Germany

6. Zhou Hui, Deputy Secretary-General of China Cyber and Information Law Society

7. Zhang Jiyu, Associate Professor of Law School, Executive Director of Law and Technology Institute, Renmin University of China

Online Moderator

Li Min

SDGs

GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals

1. Key Policy Questions and Expectations

1. Protection and the commercial use of personal information.

2. AI and the protection of personal information.

3. The international rule of personal data protection. 

2. Summary of Issues Discussed

There was broad support for the view that legislation is an efficient way to enforce the online protection for personal information. Speakers from Germany and China introduced legislation and shared experience about the online protection of personal information.

Some participates introduced the draft of the Personality Rights Section of the Civil Code of China, suggesting to distinguish between privacy and personal information and maintain the openness of personality right system, including the openness of privacy and personal information. Some compared the legal definition of data in different countries. Some proposed that there are three general principles of commercial use of data:principle of user consent and transparency, principle of data security, principle of creating commercial interests and values.

Participators agreed that GDPR is an important step forward in protecting privacy rights not only in Europe but also around the world, and GDPR compliance matters. Some participators emphasized the importance of managing user’s data in accordance with the law of the land. Some discussed the Data Subject Rights according to GDPR, including the right to know what data is being collected, the right to correct the data, the right to delete the data and the right to take it somewhere else. Some believed that the key requirement of GDPR for companies includes three aspects: the duty to inform data subject, the duty to remove data and the duty of data breach notification. Some argued that it is necessary to extend the rights that are at the heart of GDPR to all of customers worldwide.

3. Policy Recommendations or Suggestions for the Way Forward

Openness of the personality interest system is essential for the new era protection of information; only the multiple measures of regulation could solve new problems.

Presenters suggested that the law, or the new regulations, should promote the openness of the personality interests system. From the perspective of historical development, the type and specific content of personality rights have gradually enriched with the economic and social development and have been confirmed by law. Modern society has entered an era of Internet and big data, and the development of science and technology is changing with each passing day. This has also led to the emergence of many new types of personalities which should be protected by law. Presenters recommended that the definition of privacy and the scope of protection of personal information needs to evolve from a purely static model to a dynamically determined model to cope with the new problems that may arise in the future with new developments in technology or its application. It was recommended that the government should cooperate with the business companies to protect the rights of personal information, and ensure that legal rules related to online protection of personal information are effectively observed and enforced.

4. Other Initiatives Addressing the Session Issues

Presenters from two companies shared their successful experience with regard to data protection. Below is the summary of their practice:

1) Six key privacy principles:

  • Control: To put users in control of their privacy with easy-to-use tools and clear choices.
  • Transparency: To be transparent about data collection and use so users can make informed decisions.
  • Security: To protect the data through strong security and encryption.
  • Strong legal protections: To respect users’ local privacy laws and fight for legal protection of their privacy as a fundamental human right.
  • No content-based targeting: Not using users’ email, chat, files or other personal content to target ads to them.
  • Benefits to you: When collecting data, Microsoft will use it to benefit the users and to make their experiences better.

2) Improve from three aspects:

In technology aspect, complete technical tools and privacy protection specialization, such as pseudonymization, data access permission system, data secure risk monitoring system, finding sensitive data, data leak-proof, data encryption etc.

In regulations aspect, build a data sorting and classifying system, and set up rules of data security management process.

In management aspect, set access control mechanism, making sure that only authorized staff could reach client’s personal information.

5. Making Progress for Tackled Issues

To strengthen the online protection of personal information, the presenters had shared their experiences and pointed out that we are facing an updated version of cyberspace and it is necessary for all stakeholders to work together. In the new era protection of information, there are four main changes as to the cyberspace. First is the fast development of cyberspace itself, i.e., integrating internet, mobile networks, IoT, block chains, big data, AI and etc. The others are the integration of cyberspace and real space, the increasing popularity of artificial intelligence algorithms, and the digitalization of social economy, people's behavior and everything. To deal with these changes, personal information protection has to be promoted through the mix of multiple regulatory modalities including norms, market, law, policy, technology and etc.

6. Estimated Participation

There were around 60 participants attended this forum in Convention Hall I-C in person and 95 paricipants online. There were nearly 30 women present this forum onsite.

7. Reflection to Gender Issues

There were no gender issues for this forum.