IGF 2021 – Day 4 – WS #51 A Meaningful Standard for Necessary Scope of PI Processing

The following are the outputs of the captioning taken during an IGF virtual intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> YUXIAO LI: The theme of our session is A Meaningful Standard Necessary Scope of PI Processing.

    China Foundation of Internet Society s (?) And I am the host today.

    There's a highlight of urgency for comments to tackle this process. How to strengthen the protection of personal information and regulate its governance and how to make proper use of digital data for global benefits among the challenges facing us all.

    Against the backdrop, it is a great pleasure to invite the known expert in this field to discuss how to establish a basic governance framework for the collection and the processing of information and other data and to showcase the best practice of different countries and regions.

    For us, the establishing the University of Standards for OPI.

    Now, I suggest our guest say hi to everybody because we're online and offline. Maybe raise your hand.

    Okay?

    Let's begin.

    All right. Thank you.

    Let's start our workshop. Due to the limited time, every speaker, please make sure your speech is delivered within seven minutes so that all of our guest speakers have enough time to share their opinions.

    Thank you.

    Today, we are honored to have Mr. Here with us.

    Let's welcome our guest.

   >> Good morning, good evening, and goodnight. It's an honor to be in this workshop.

    I would like to express our warm become to the participants and congratulations on this event.

    Now I will deliver my speech in Chinese.

    Currently, the COVID‑19 is still affecting the world. The international travel had not come back before based on the last year's IGF which was hosted completely online.

    This year, we're enjoying this online/offline forces showcasing the importance of the Internet in the international communication.

    Right now, it is even time in Beijing. For those offline, we have so many people joining this event, which showcases everyone's focus on the IGF as a platform and your attention to issue of PI protection.

    For China, this year is an important one that bears fruit for data governance and data security. Since this year, we've issued several regulations, including the law on data security as well as the PI protection law. We've also come out with different regulations on vehicle data security as well as different regulations on Internet security, data protection, et cetera.

    So in the process of setting up those regulations and laws, China had maintained an open attitude. We've learned the experiences from EU's GDPR and honor this bilateral and multilateral collaboration framework, we had several rounds of discussions on the dataflow across different borders, and we're setting up regulations and open to the public to solicit their opinions for both domestically and internationally so that our channel can always be open.

    China had already set up the fundamental framework for data security governance. In this way, the confidence and trust of the public has been increasing. We've also noticed that the international community are bearing fruits in terms of data governance. All of this showcased that everyone is faced with challenges and issues, and we have a need as well as a foundation to seek common grounds and to seek common solutions.

    When President Xi was attending the summit, he pointed out we could set up regulations respecting everyone's interest and willingness and establish a fair and just as well as open digital development.

    China has always put a strong focus on the international governance collaboration, and we have put forth development to enhance protection as well as data security. China has already applied to join CPTPP as well as the Digital Economy Partnership, DEPA, which showcased our resolution as well as commitment to achieve the international communication.

    IGF is a very important Internet governance platform under the UN framework. Today, we're discussing the PI protection. This is the time for the discussion, and we can play a positive role here. We are willing and open to discuss this with you, and we hope that we can have strength and collaboration in this regard.

    CAC will continue to work with different parties domestically and abroad to continue our discussion. At last, I wish this seminar a great success.

    Thank you.

      (Applause)

   >> YUXIAO LI: Now I will make a speech.

    Distinguished guests online and offline, on behalf of Cyber Security Association of China, I would like to express appreciation for the Internet Governance Forum for providing such a change platform for us. I want to share some of my insights from the following aspects.

    Reflecting on the current expectation of personal information protection in China, following enlisting rules and practice of AI applications, and deploying the establishment of protection, there are mechanisms that are collaborative and trustworthy, and the international community are engaged.

    First, let's reflect on the current situation of PI protection in China. By June this year, the number of China (?) Has reached 1 billion. With the Internet penetration reached, 17.16%. The total number of the website is 4 million, and that's from mobile application is 3 million. Whereas applications are forcing new business model and influencing almost all industry. In this way, applications have become a major force in the development of digital economy.

    However, some applications are collecting personal information beyond the scope.

    Even concerning users' access, if they refuse authorizations, which is excused false claim. This has become across program. In addition, the leakage of information is serious. According to states among the Internet users, (?) 20%.

    The Chinese government has attached a great importance to data security and the PI protection. Concerning legislation and PI protection, China is a (?) But smarter (?). Over this year, the country has been committed to enhance data security and the PI protection and has made significant progress. A series of laws and regulations have been ensured in this regard, including the safeguarding Internet Society issue in 2000, which is the first legislation on personal information protection.

    The protection of networking information in 2012. The protection of PI of telecommunication and the Internet user in 2013. Cybersecurity laws in 2017 as well as (?) Data security law, personal information protection law.

    The scope of personal information for certain types of mobile Internet applications and their regulations on protecting the security of critical information structure this year.

    Other drafted regulations on the deliberation (?) Of these laws and regulations, a requirement for protection for different levels, improving the legislative system and the framework for personal protection information.

    At the same time, we have launched a program for data security and PI protection. Every year, we hold PI Protection Day during the Public City Week.

    Of this effort, encourage and motivate the general public so that our people's interest can be preserved, thanks to these joint efforts from all the parties. The regulation and  (?) Have been approved.

    China has been actively engaged in the process of PI protection. We have undertaken the work of compliance. Illegal practice of applications, this is a meaningful task. A lot of support has been provided for citizens to protect their personal information while using applications.

    Besides, (?) To jointly enhance personal information protection awareness and accountability building.

    Secondly, let's reveal that existing rules and participants of AI application at present, AI has been integrated with 5G with computing data and other technology.

    Amid the pandemic, AI has once again spoke for itself. However, the application of AI has reignited concern about data privacy protection and use of data. As more and more personal information is being collected and used in all forums, smart and enabled by AI (?) There's an increased risk of information explored and data misuse.

    Certainly in AI technology itself, the rulemaking regarding AI applications required continuously exploration and research by all stakeholders. China is highly committed to development of AI. For example, in 2018, China's National Standard Committee issued a white paper on AI standardization.

    In 2019, the new generation artificial intelligence Governance Expert Committee issued the principle of new generation of AI, developing the responsibility of AI.

    In 2020, the departments committed to the national standard (?) Recently, the recommendation of the AI has been adopted by UNESCO. There's a global regulatory framework on AI. Countries have a responsibility (?).

    CIAC has been actively involved in the field of AI, exploring the path of AI development. Last year, with the guidance and support of the CAC, the establishment of the security platform and the Intelligent Network (?) Center, we have be developing a group standard for AI security, cooperating with the universities, research institutions, companies, and other stakeholders.

    In the end, I would like to give some advice that is to establish a set of personal information protection, AI rules, and the mechanisms that are call liberate and trustworthy.

    CIAC are willing to join hands and provide services and support for building a safe cyberspace and protecting people's information.

    The global and universal rules for personal information protection (?) Stakeholders are encouraged to engage and improve (?) And the international community (?) Personal protection and AI rules and mechanisms.

    In this way, mankind can hopefully embrace a healthy, sustainable, AI future.

    So that's all for my speech.

    Thank you.

    Now, let's welcome Dr. Jovan Kurbalija, Executive Director of DiploFoundation, Head of Geneva Internet Platform, former Executive Director of the Secretariat of the High-Level Panel on Digital Cooperation of UN to deliver a speech.

    Professor, please.

   >> Jovan Kurbalija:thank you ‑‑: Thank you. I hope you can hear me well.

    I'm excited to bring the updates on privacy information or what is also called data protection. There are different terminologies that in the progress of international cooperation and activities, we will have to harmonize and discuss similar or the same things.

    It is really important to hear about major developments that are happening in China, including the data Protection Privacy Act that you accomplished, and you highlighted toward artificial intelligence and cybersecurity.

    And my intervention will be basically focusing on the questions on the main tendencies that are happening in Geneva, where I'm connecting from. And, internationally, when it comes to this issue.

    The first major tendency is a shift towards something that can be called a digital self‑determination or data determination, which is aimed at putting data in the hands and control of citizens.

    There is a Swiss initiative and others in Finland and other countries, aimed, basically, that citizens have full control of their data and that it is a precondition for economic activities for enjoyment of human rights and for human dignity and core values that should be protected.

    This is quite important. Moving data from citizens to the big, especially Big Tech, platforms that exist all over the world, and that's empowering citizens and then empowering, also, local communities, and building up local infrastructure that would ensure human‑centered approach with full respect for human dignity, culture, and local diversities, which is really important.

    Internet is an integrated system, but impact of the Internet is very often local depending on cultural and other specificity s and communities worldwide.

    This is the first point I wanted to highlight as a general tendency.

    The second point related to data is a question of interpretability. Let me give you a practical example. The mobile telephone, you can switch between operators by keeping your phone number and basically exploring what is the best option on the market.

    When it comes to the social media platforms all over the world, you cannot do that. You may get your data, but you cannot go now. Let me take a few examples from Facebook to Telegraph or Signal or whatever. I'm not very familiar with the Chinese platforms and others, but you may download your data from, let's say, Facebook, but you cannot bring your data and your network, which is extremely important. And then go for the best option on the market.

    Now, with the question of interoperability and truths, optimal platform is the second, I would say, big issue. It's related to self‑determination to some extent. And the sooner or later it will come on the national agenda's and the global agendas for various reasons. One is protection of the market, digital market. The other is protection of individual right to make a choice. And the third one is to protect the vibrancy of the overall social and economic situation in the country.

    It's a very simple question. Can we do in social networks what we can do in mobile telephoning? That's the bottom line.

    The third point, which is emerging ‑‑ and you alluded in your introduction and the head of international regulations from the cybersecurity Authority, there's a question of artificial intelligence.

    Data is an important part of the private information, but what really matters is the question of the wisdom and the patterns detected from the data. And on that point, we learned that UNESCO has moved, and we can expect more and more activities.

    Ultimately, here the point is how are we going to preserve cultural heritage of societies worldwide from China, Europe, United States, Latin America, which is increasingly codified through algorithms and the data.

    Ultimately, one question which will come sooner or later on the agenda, the U.S. Secretary‑General highlighted this question. Is the question: What are we going to leave to the future generation?

    In his report, our common agenda, he called countries societies worldwide to start negotiating what he called social contracts. It won't be social contracts signed on the dotted line, but it will be understanding what we expect as a society from digital technology, any particular artificial intelligence.

    What will be our role as humans? Are we going to keep the, let's say, central role in society as we've been doing the last 25 centuries, as we've done. Humans have been in the center of development. Is it going to continue? This is really an open question with especially to universal artificial intelligence.

    The second point is: Would we be able to preserve our core dignity in these developments.

    The fourth point is what are we going to pass to the next generation in terms of nature and often in terms of culture?

    How will the next generation get access to great thinkers from Chinese history? From Confucius and others and what about Aristotle in European tradition?

    This question will be coming more and more on the agenda as artificial intelligence is moving forward.

    Therefore, in brief, I wanted to make these three points, the question of digital self‑determination and empowering citizens through regulations, through business practices, to have a whole of their data, first point.

    Second point is ensuring interoperability that market and connectivity in the societies worldwide can flourish. Here, the metaphor is the simple shift from one mobile operator to the other. How can we do it ‑‑ I'm sorry ‑‑ with the social networks? Can we replicate that?

    And the third point is how to ensure regulation of artificial intelligence not only for our current generation, you in the room, us, people who are following us, how can we ensure it to the future generation? How are we going to pass to them what we got from our predecessors, in terms of culture, education, and overall culture heritage of each society worldwide but also common heritage that we have as humanity?

    Those issues are not certain, and we sometimes have to make precautionary moves to ensure that we, as a generation, deliver to the next generation what we got from the previous one.

    Thank you.

   >> YUXIAO LI: Thank you, Professor Jovan Kurbalija. We know you provided a great contribution in the research, especially of the capacity‑building framework design. Just now, you give us a very insightful speech.

    Thank you very much.

    So now let's welcome Dr. Luca Belli, professor of (?)

   >> LUCA BELLI: Thank you for letting me join this debate. Can you hear me well?

    I'm just going to share a quick presentation. I think it's good to schedule my presentation right after Jovan's presentation because I'm really going to ‑‑ I promise we have not synced our notes, but my presentation will be compatible with what Jovan said and will allow us to dig in deeper to these details, both from the Brazil’s and the Greek perspective.

    Let me know if you're seeing it.

   >> YUXIAO LI: Yes.

   >> LUCA BELLI: Excellent.

    First of all, just a couple of introductory elements. As you mentioned, I work with FGV, one of the main Brazilian academic institutions. It is now considered the third most influential ‑‑

   >> Can you please use full screen?

   >> LUCA BELLI: Yes. It is in full screen in this moment.

    Can you confirm on your hand it is in full screen.

   >> Yeah.

   >> LUCA BELLI: Wonderful.

    So my presentation will be about three main points. First, the process of analyzing the Brazilian experience, the process that allowed to reach a very modern framework. What is the substance of this framework, and then how does this compare with other frameworks in the BRICS grouping. When we speak about BRICS, we speak about Brazil, Russia, India, China, and South Africa.

    I'm the director for the Internet Society, which is the first center that's been created to discuss the impact of technology on site in Brazil almost 20 years ago. Over the past year, I've been directing this project called CyberBRICS, which analyzes policy in the BRICS.

    I will share some of the findings. I will start with the Brazilian data protection law (?) And the first point I want to stress is that having a general data protection law is very useful because it has a harmonizing effect, streamlining the data protection principles, an oversight mechanism.

    Before our General Data Protection Regulation, like the one that's been adopted in China recently, we had a very fragmented scenario in Brazil with data protection. There are already more than 40 different laws, sometimes they were contradictory.

    The law that's based on unique framework (?) The process to achieve this framework has not been very quick. It took more than 10 years to achieve a very modern framework. So, as you see here, these are the main stats that you can find first.

    The Brazil digital rights protection framework (?) After the approval of this law, a second consultation on another protection bill was launched in 2015. And then again some external events. Facebook had a scandal and the adoption of GDPR in Europe led to the political push at the internal level to approve this new bill that became our LGPD.

    This is an interesting element to be considered suitable to be a member. Then, starting from 2020, the law LGPD starts to enforce partially and fully enforced in 2021, in August. So now the law is fully enforced. Also, a new authority has been created, and, importantly, very importantly, only a couple of months ago, the Brazilian Congress created a new fundamental rights in the Brazilian Constitution, in Article V.

    You will see why this is not just what corresponds to the act.

    If you want to read the law, we have translated in English. You can read it at the mini-URL as you see here. There's a structure that you see here, so in many such elements, however, still need to be specified. So it's very important. There's a second point you want to stress. It's very good to have a law because it has a harmonizing effect. Elements of the law are vague and need specification so you need a very good regulator that can do the specification work, and you need farther work.

    So a new authority has been created, and the authority's task to oversee the law and to specify many of these elements. You see here the fundamental principles that are listed in Article VI in the law. Common to many of the other most recent frameworks around the world, the important thing ‑‑ and here is a point that I want to stress because it was mentioned before. It's not mentioned here, but in Article IV of the law, it's about (?) Self‑determination, which is pretty much the forefather of what Jovan was mentioning.

    It's law established by the German federal court as a fundamental right, and it's been integrated in the Brazilian framework as well. If we check what are the rights granted to all data subject as item Brazilian level, they are also very common to the last generation of data protection laws, including some very recent rights like the right to (?) And oversight ‑‑ sorry ‑‑ review of the automated decisions.

    So, again, two very important points. The right to data portability, what Jovan was mentioning before about (?) Or even the people the data protection law of China. De facto, in practice, it needs interobservability standards to be fully enjoyed by the users. It's not fully (?) There's a large number of urgent tasks. Let me share with you the agenda that's been published by the AMPD in January of this year, and you see the plan to start ‑‑ to start, not to have finished ‑‑ in 2021 and 2022 is already a lot. If you check the standards, which is something they could do, is not even in the agenda. So it's something that maybe will happen after 2022 as the beginning of this work.

    So there are a lot of very key elements. They're still not completely specified by regulators. The result of this is if there's a discrepancy between what the law says and what happens in reality.

    The recent data leakage use that we have witnessed almost on a weekly basis ‑‑ in January, the personal data (?) Available on the dark Net, we discovered. There's a difference between what the law says and reality.

    Other things I want the share with you, in terms of practical thinking, the Brazil Regulator has a staff of 36 people ‑‑ 36 ‑‑ which makes it very, very challenging to oversee in an efficient and effective way with 10 million individuals where data protection is an issue.

    Now, how this compares with the BRICS, the grouping I enjoy analyzing, you see the tools in the BRICS countries that you can find freely on the CyberBRICS where we compare all the main elements of the data protection framework, so the BRICS countries, and if you want to have a more complete picture, you can find it in the book we launched this year on CyberBRICS.

    We analyze five key dimensions in the BRICS.

    There's a lot of other items available. So what does our finding demonstrate? There's an increasing convergence of data protection at the BRICS level.

    The shared principle basis, on all countries, remarkably, there are individual rights, remarkably comparable (?) And also a very strong attention to international data transfers that are only possible, as Europe foresees this framework, only when a third-party processing data has an adequate level, so a level of protection authorized by the national authorities.

    So this has led me to pen this paper on data protection in the BRICS countries with convergence for legal (?) It's free again on the website. There's a Chinese version available, if you want.

    And here is my last point, with which I would like to conclude, is that this key point of preserving data privacy and using it as a fundamental dimension of the securities of (?) Is something that's been consistently stressed over the past eight years, at least, by the BRICS leaders and became more prominent at the last BRICS meeting.

    What is very interesting, as you see here ‑‑ and that will be my last point ‑‑ that the BRICS leaders finally crushed the (?) And mentioned the need to enhance cooperation to the adoption of BRICS legal frameworks on cybersecurity to enhance this cooperation and this harmonization at the interlateral level.

    So I hope this was useful. I'm really available to any kind of questions or observations you may have. All the material I've shared is free and available online. I will be more than happy to share it with you after the conversation.

   >> YUXIAO LI: Thank you very much for your speech, Professor Luca Belli.

    Now, let's welcome Professor Xiaodong Lee, Founder & CEO of Fuxi Institution, Director of Center for Internet Governance of Tsinghua University .

    

   >> XIAODONG LEE: It's my great honor to meet you.

    IGF is a global platform and the framework of the United Nations related to government issues.

    Against the backdrop of a lack of unified data governance rules across the global, it's necessary to have such a constructive discussion.

    The institution is an international and independent think tank and research institute.

    Data governance has always been our focus and research area. Today, I would like to share with you some of my observations and thoughts.

    First, data security and personal information protection have received considerable attention which are closely related to the digital economy in all countries, in all economies. One of the primary goals should be promoting the development of digital economy. It's become an important engine for economic growth, especially when the real economy has been affected by the pandemic.

    Statistics show that the economy has encountered for more than 16% of the GPD in developing countries. For example, Germany, UK, and United States.

    And especially China was close to 40%. I think that's a very big achievement after the ‑‑ more than half a century of the Internet development itself.

    While enjoying the benefit of data, we have, indeed, encountered some problems, such as data leakage, excessive collection of personal information and data abuse. We have public trust in the digital age. Therefore, major countries have stressed regulation and supervision with data security.

    Focus has been placed on data collection, and it's one of the key factors but necessary to ensure security as well as the free flow and effective use of data. Security should serve to promote development, which is a basic precondition.

    Second, as many countries and regions carry out protection and have different priorities, they would fully communicate and learn from each other on the basis of mutual respect and understanding.

    Since countries and regions start the process of digitalization at different times, they are at different stage of the digital economy and the social development and have different level of data governance. Meanwhile there's different backgrounds and social cognition.

    So the focus and level of governance practice will be different. For example, the GDPR focuses on strengthening individuals' control over the data while at the same time try to create a unified digital market to affect the free flow of data within the EU.

    The United States, however, had been focusing on industrial interests. Data protection is promoted by different states, and its cross‑board flow (?).

    China's legislation on data has entered a peak period. It's not only an established comprehensive framework but established data as a factor of production. Data governance is a new topic for the whole world, and we cannot just determine which one is better or which one is worse. The excellent experience of all countries is worth studying and learning.

    The sustainable development of the (?) Calls for unified data governance rules. We can learn to build an international exchange and cooperation mechanism to explore on data governance.

    Data, as a resource, is attracting attention from all countries, all economies. The number of countries and regions implementing data localization storage is increasing. And the threshold of cross‑border data transformation is also on the rise, which will weaken the development of the digital economy in the long run.

    Cross‑border dataflow, compared to the 10% of the (?) From 2009 to 2018, according to the research. The restriction on data will lead to lower output, lower productivities, and higher downstream for price. Data needs to flow to maximize its value. (?) Establishment that conforms to the (?) In most countries.

    Due to the data itself, the stakeholders may be generated in each life cycle. Therefore, we believe the modesty of Internet governance can be used in reference to rulemaking in order to fully utilize the rule of modern stakeholders.

    It is only in this way, I suppose, we come up with meaningful rules that do make sense. Many institutions and organizations (?) China and abroad recently express their confusion and concern over data governance in communication with our own nation.

    We also wish to stress in the international exchanges and cooperation about the digital economy and data management with our institute.

    The related institutions actively promote the work from the perspective, as independent research institute.

    Today's workshop is attended from scholars from Europe and Brazil as well as online participants from other countries and regions. I sincerely welcome you to join our work and sessions. We can, together, make contributions to the development of global digital economy and the exploration of data governance rules.

That's all.

    Thank you.

   >> YUXIAO LI: Thank you, Dr. Lee.

    Let's welcome, Professor Shen.

   >> Distinguished delegates, colleagues, ladies and gentlemen, good morning, good afternoon, and good evening.

    I'm from (?) Information Company, and I am very pleased to be invited to attend this forum.

    My topic is to strike a balance between (?) And digital safety. In recent years, the strategic technology leading up to the future has become an important engine in digitization, application, and the smart technology application.

    As the skyrocketing of the data and also the improvement of calculation capacity as well as the application of deep learning, the AI technology has been largely promoted but, at the same time, it's brought about some brand‑new challenge. In the application of the scenarios, the AI technology, because of its technology nature and the society nature as well as the dependence on data and the wide use ‑‑ a series of data safety risks, including the overcollection of personal data and the leakage of privacy has been posed.

    There may be a leading to abuse of resources, and the AI technology may be used to deeply counterfeit data. That has been emphasized. We need to analyze and prevent the potential risks posed by the development of AI to safeguard people's rights and their national safety and to ensure that the artificial intelligence can be safe, reliable, and controllable.

    The whole world has (?) Forward‑looking researchers and precaution against the safety and risks. I think we need to strength technician full aspects of work. First, we should (?) The safety protection of AI product and assistive data. We need to analyze the trend of technology and industry development. We need to stress the R&D of AI data safety technology and build a dynamic AI R&D application assessment mechanism centering on the company risk certainty, explainability, and the potential economic impacts. We need to develop some systematic assessment and testing to promote the safety certification of AI and assess the safety of AI product and system.

    The second, we need to establish a sound, open, and transparent AI technology data safety and monitoring system. We need to assess the impact of AI on national safety and data protection. We need to improve a safety protection system, and we need to have the whole process supervision over the design of AI algorithm, development of products, and the application of outcomes.

    Third, we need to establish an ethical (?) Of the applicable AI technology. We need to strengthen international exchanges and dialogues and jointly make the AI ethical rules and frameworks. We need to strengthen the whole process legislation so that we can avoid any ethnicity issues, if possible, and to establish the laws and regulations across different steps, including the collection, storage, and usage of AI‑related data, and we also need to avoid data abuse biases and infringement of personal privacy.

    We need to deepen the research of the issues of AI ethics so that we can provide this correct guidance in society, build a positive development environment to strengthen the laws and regulations trainings for researchers as well as step up the penalty level on the acts that data abuse infringement (?) So we can develop the (?) Related to the safety and development of AI.

    Thank you so much.

    Let's welcome Li Wang.

   >> Li WANG: Good morning. I'm Li Wang.

   >> Sorry. We cannot share the screen.

    Hello. Please give the floor to the speaker now.

    Thank you.

   >> SHEN: The speaker needs the presentation.

   >> LI Wang: That's great. (Laughter).

    So it's my honor to be here to share some of my opinions about protecting privacy in an AI‑driven world.

    So with the record development of Internet, the incorporation of privacy protection, it is increasingly recognized that more and more countries and organizations have in place laws and regulations to protect the privacy.

    California's online Privacy Protection Act and others, the U.S. is considering a single principle protection that (?) Our data act.

    China introduced a personal protection law this year.

    In 1990, (?) Minimum guarantees to give counterguidance when needing to personalize the computer data. Today, we need to rethink the privacy protection legislation since AI is impacting our society, our life, and our economy.

    The current threat from AI have been discussed a lot, including collection of personal data, how to handle the sensitivity of data, and how to ensure data security. But AI itself, also our tech surfaced (?) Adversarial posted great risks to AI. The new threat activates the precision to destroy the integrated and privacy.

    AI is a complicated system, even without any malicious attack. (?) Still exists. We also need to foresee the future on AI while AI‑centric decision-making replaced human‑centric decision-making. What should we do when we're facing the chaos of machine‑to‑machine escalation?

    Below are my suggestions.

    The first thing in the technical era, we need to protect technology, establish the risk assessment mechanism, share our best‑practice emergency response.

    In the governance, ethics is core. Data, algorithms, technology, performance, they should all be considered. More and more stakeholders should do contribution.

    Meanwhile, interdisciplinary cooperation is necessary.

    Finally about laws and regulations, national laws and regulations should be expected, and countries need to cooperate to set up international legal framework while accelerating the AI progress.

    That's all of my presentation.

    Thank you.

   >> YUXIAO LI: Thank you very much.

    Now, let's welcome Hui Zhao.

   >> HUI ZHAO: I would like to thank you for your participation in this workshop. I'm very pleased to have this opportunity to discuss with you the scope and standards of the collection and processing of personal information as well as the use and practices considering AI in different countries.

    Nowadays, the Internet and related technologies are facing revolutionary transform, information gathering technologies based on big data, AI, and algorithms have become an important variable in systems and (?) For social governance, effectively impacting social and other activities.

    It is both obligated and necessary for worldwide governments, companies, NGOs, and the technology communities to keep perfecting rules and practices regarding application of AI from technological advances, individual rights, privacy protection, and the morality and ethics perspective.

    So better respond to the common concerns for all countries over data and the privacy protection, we believe the following principles must be followed when determining the essential scope, technical, and legal standards of gathering and the possessing personal information.

    First, we must always adhere to the principle that the pursuit of technological advances and application should take in the (?) As a prerequisite (?) And the misuse or infringe on the rights and freedom in cyberspace.

    There are societies in China that are actively cooperating with the Chinese government regarding rules and recollections, such as the Information Protection Law.

    Since collecting and using personal data are inevitable, CFSS advocate and promote the Internet companies and the related professionals to protect personal information, maintain authority, and the social impact of their own industry, and a system for overseeing personal privacy protection.

    Secondly, to establish the necessary scope and the relevant standards of personal information collection and the processing for AI application use.

    We must build a fairer and more equitable global system for Internet governance speaking to multilateral participation and give full play to the role of governments, international organizations, the Internet companies, technology communities, NGOs, and the individuals.

    CFS are giving full play to these advantages and use as an NGO. Actively (?) And Internet companies to uphold the principle of sovereignty. (?)

    Third, to establish the necessary scope and the relevant standards of personal information and processing for AI application use. We must speak to rights and obligation and set a more transparent relationship mode between the Internet platforms and the users.

    And government supervision is proven to (?) And sacrificing the privacy of Internet users.

    An important link between the government and the Internet industry, CFS continues to support Internet organizations and companies to establish and improve codes of practice of the industry and the self‑discipline mechanisms for personal information protection.

    Moreover, CFSS will constantly strengthen the self‑discipline in the industry.

    The Internet also puts individuals at risk of personal information being collected and linked and used by criminal activities.

    I hope we can reach a consensus and enjoy the convenience of the Internet while avoiding the harms caused by the illegal use of personal data.

    That's all for today.

    Thank you very much.

   >> YUXIAO LI: Thank you very much.

    Thank you to all of our guest speakers, again, for all of their presentations.

    Next, we will move to the question‑and‑answer section. If you have any questions of our guest speakers, please feel free to propose your question. We will choose three of them to discuss.

    So now we invite questions. Let's control discussion time for each question within three minutes.

    Shall we?

    Firstly, I want to ask some offline participants to share your idea. Okay?

    Okay. First is from (?).

      (Off microphone)

   >> YUXIAO LI: Okay.

   >> Hello. So I'm from China Lab. My name is Lee (?). My question is: Since the outbreak of COVID‑19, data had played a very important role in fighting the pandemic. Next February, China will host the winter Olympic Games. So I wanted to ask if you think in different countries, in Asia, Europe, America, and different countries, what is an experience from preventing the pandemic that we can learn from? How can we find a balance between the information production as well as data security and being connected overall?

   >> SHEN: So you have two questions. The first is the experience of European countries and the USA and other countries, and, also, the second question is how to strike a balance between the data ‑‑ the interconnectivity and data protection.

    About the first question, I think let's take the Tokyo 2020 Games as an example in July because this is very recent. And, also, it also has the same scenario with the Olympic Winter Games. We have found some data from the Internet that talked about the 2020 games ‑‑ actually, the pandemic situation in Japan in July, the new cases, the newly reported cases (?) The highest was the 15,000 newly reported cases on one day.

    But during the Tokyo 2020 games, the stakeholders, there were about 42,000 stakeholders entering Japan, but among them, only 150 were tested positive later.

    So only about 0.4%. Actually, their countermeasures of COVID‑19 is not new to China. One of them is the closed (?) Management, actually. We're very familiar with that. They have the PCR test every day. And this has been some very routine in the big events in China.

    And this is to early detection, early discovery, identification, of those cases. And, second, it's the restriction of the activity.

    There are about 750 events, competitions, during the Tokyo 2021 games, but only 26 of them allow on‑site spectators, only accounting for 7.5%.

    So these are very interesting new rules of the games. For example, during the tennis games, the athletes are not allowed to blow the ball by mouth, and their hand and mouth are not allowed to touch the able, et cetera. These are some interesting new rules.

    A third experience is the epidemiological research and survey. In this aspect, the data connectivity has actually played an important role. They used the two mobile apps to record people's activity track, to track the close contacts. When people open ‑‑ turn on the Bluetooth. If a lot of people gather together for more than 15 minutes, this app will record this activity, and if one of these people are tested positive, other people will receive some notice.

    So I think this is what we can learn from Tokyo. But, actually, part of these measures have been adopted in China. And the second question is about how to strike a balance between interconnectivity and information protection. I think the COVID‑19 is actually an emergency in terms of public health.

    Actually, we have some legal foundation to collect personal information like the infectious disease prediction and control (?) Et cetera, but we still need to follow, observe, related laws and regulations, but first is to minimize the collection information, and the second is some passive questions. Like people can only use yes or no to answer those questions.

    The regional purpose of this big data is to protect the public rights rather than infringe on personal rights. So we use some smart technology like tracing people's activity, et cetera.

    For example, in China, we use many programs to trace people's activity in the past 14 days, but this can only show which city you have been in, and this only shows the cities, rather than very specific address.

    And the implementation of data safety and law is actually, first, to ensure the effective protection, and the second is the legitimate usage of the data.

    So on one hand, we need implementation of safety protection measures to prevent the theft of this data.

    And, second, it's to ensure that the utilization of data is legitimate.

    So, actually, observing the laws and regulations is the precondition, and there are two principles. The first is necessity, and the minimization, and the second is, for example, if some people have tested positive and some people have been identified as close contact, when we release their information, we need to hide some sensitive information.

    So this is how we try to strike a balance between the interconnectivity and safety.

   >> YUXIAO LI: Thank you.

    So next, who is offline here?

    Okay. Please.

   >> AUDIENCE MEMBER: Okay. Distinguished guests, my question is faced with the actually transborder flow of the data, how we can have close border management of this data, and what kind of technology can be applied to such trends, such cross‑border data flow?

   >> Xiaodong: Everybody wants to get the data from others, but they don't want the share the data with others. I think it's very ridiculous. It's a paradox. But how to do that? Not only for the individual but as a country.

    So how to avoid the data silo is very important. So, as I mentioned, we need policy and technology. For policy leader, we need a platform to build the global rules to be adopted by every economy.

    But know there is no international platform to do that. So that's why we hope we will build a global commission on data governance that is focused on the data security and personal information protection.

    There was so much technology mentioned by so many people. I want to mention an area. One is the privacy (?) Multiple computing. It was mentioned by other people.

    The social link data which was proposed by (?) Lee, also called the father of the Internet. Know that the framework is not perfect, but it is very useful and very constructive, this notion to protect the data.

    The second is identify the system, which relies on the (?) It's the unique system (?)

    I think it's most important on how to identify the data in a unique namespace and to protect the ownership of the data and then to encourage people to share the data because the openness and sharing is the key spirit of the Internet.

    That's my answer.

    Thank you.

   >> YUXIAO LI: Thank you, Shen.

    Due to the limited time, that's all for the Q‑and‑A section.

    Thank you, all, for your participation.

    In the era of the digital economy (?) Is integrated into everyday life. More people have been thinking from the (?) Birthed by the technology progress. It's the proceeding risks of personal information leakage. With the workshop, we hope we can jointly discuss how to build a meaningful standard for necessary scope of PI protection, and the thing about (?) Especially during the pandemic. We need to classify the rights and responsibilities of the actors and the relationship between them while continuing to strengthen awareness, capacity building, and the (?) Of responsibility of each player.

    To this end, we call on all stakeholders to strengthen their responsibility, further enhance communication and cooperation, and (?) Practice of COVID‑19 prevention and control.

    Working together for our digital future guarantees security of our personal information. As previously mentioned, it is recommended for global universal rules for protection and the UN IGF encourages stakeholders to engage and build a safe (?) Trustworthy (?) Personal information protection and the AI rules and mechanisms.

    With a concentrated effort, we are making some difference in the field of personal information protection and AI (?). Hopefully, we will embrace a healthy, sustainable AI future and (?) Our information is protected.

    Thank you, all, again for your active participation. I look forward to meeting you again next year.

    Thank you, all.

    Thank you.

   >> JOVAN KURBALIJA: Thank you.