IGF 2021 WS #51 A Meaningful Standard for Necessary Scope of PI Processing

    Time
    Friday, 10th December, 2021 (12:50 UTC) - Friday, 10th December, 2021 (14:20 UTC)
    Room
    Ballroom A

    Organizer 1: Ran Chen, Cyber Security Association of China
    Organizer 2: Ruixue Wu, Cyber Security Association of China
    Organizer 3: Yuxiao Li, Cybersecurity Association of China
    Organizer 4: Xiuyun Ding, China Federation of Internet Societies
    Organizer 5: Xiaobo Yang, Fuxi Institution
    Organizer 6: Chunyan Yang, China Internet Development Foundation
    Organizer 7: Yuanyuan Fan , College of Media and International Culture, Zhejiang University

    Speaker 1: Yuxiao Li, Civil Society, Asia-Pacific Group
    Speaker 2: Luca Belli, Civil Society, Latin American and Caribbean Group (GRULAC)
    Speaker 3: Hui Zhao, Civil Society, Asia-Pacific Group

    Additional Speakers

    (1) Dr. Jovan KurbalijaExecutive Director of DiploFoundation, Head of Geneva Internet Platform, former Executive Director of the Secretariat of the High Level Panel on Digital Cooperation

    (2) Prof. Dr. Xiaodong Lee, Founder & CEO of Fuxi Institution, Director of Center for Internet Governance of Tsinghua University

    Moderator

    Yuxiao Li, Civil Society, Asia-Pacific Group

    Online Moderator

    Ran Chen, Civil Society, Asia-Pacific Group

    Rapporteur

    Ruixue Wu, Civil Society, Asia-Pacific Group

    Format

    Panel - Auditorium - 90 Min

    Policy Question(s)

    Data governance and trust, globally and locally: What is needed to ensure that existing and future national and international data governance frameworks are effective in mandating the responsible and trustworthy use of data, with respect for privacy and other human rights?
    Protecting consumer rights: What regulatory approaches are/could be effective in upholding consumer rights, offering adequate remedies for rights violations, and eliminating unfair and deceptive practices from the part of Internet companies?

    Additional Policy Questions Information: 1.Data governance and trust,globally and locally:What is needed to ensure that existing and future national and international data governance frameworks are effective in mandating the responsible and trustworthy use of data, with respect for privacy and other human rights? What is the necessary scope of personal information collection & processing and how will it affect the formulation of a meaningful international standard/framework on personal information? 2.Protecting consumer rights: What regulatory approaches are/could be effective in upholding consumer rights, offering adequate remedies for rights violations, and eliminating unfair and deceptive practices from the part of Internet companies? How to overcome the challenges & risks brought by AI and other ICT technologies & applications, especially on safeguarding individuals’ rights on data and personal information?

    Nowadays, the new generation of ICT and its application represented by the Artificial Intelligence, big data, cloud computing, and the Internet of Things are developing rapidly. Meanwhile, the processes of digitalization, intellectualization and connection keep accelerating and the data has become an important factor of production in driving economic and social development. The new generation of ICT and its applications has provided new momentum and new opportunities for the development of the digital economy, while also enhancing the ability of human society to cope with risks and disasters, as shown in the combat against the COVID-19. However, the new generation of ICTs with data-driven technologies such as artificial intelligence has also brought new data governance issues to the world, and this workshop is organized to discuss solutions to the following issues and challenges: 1. How should effective data governance frameworks and rules be designed and implemented at the international and national levels in order to promote public confidence in the development of ICT technologies and applications represented by AI and to regulate the responsible collection and processing of personal information by the companies and organizations concerned? 2. The value of data lies in its flow, and there is a close link between the Internet and globalization, how to deal with the cross-border flow of data and harmonize the differences in personal information protection rules between various countries and regions? 3. What is the “meaningful international rule” for the protection of personal information? What is the "necessary scope of personal information"? How does the "necessary scope of personal information standard" provide an opportunity to establish meaningful international rules for the protection of personal information? 4. In order to protect the rights and interests of individuals, what are the most basic principles that should be followed in the collection and processing of data, especially personal information, and what are the necessary technical measures to ensure safety? 5. What measures can be taken and what roles can be played by different entities, such as governments, social organizations, enterprises, and individuals, to address the current problems of excessive collection of personal information, user profiling, precision marketing, collection of sensitive and biological information, etc. in Internet applications and services? What are the advanced practices and experiences of various countries and regions that are worth promoting?

    SDGs

    16.10
    16.6
    16.7

    Targets: Firstly, the workshop aims to improve the effectiveness, trustworthiness, and transparency of the personal information protection system. The protection of personal information is not simply a government task, but requires the participation of the whole society. Companies need to know the boundaries of personal information protection in a timely manner, and individuals need to know how their information is collected and processed. The process of collecting and processing personal information requires both individual authorization and self-regulation by enterprises, as well as supervision by the government. Therefore, improving the necessary scope of personal information collection and processing is a perfection of the personal information protection system and an innovative development of the personal information protection mechanism. Secondly, the seminar aims to enhance the representation of various subjects in policy formulation. This includes not only the participation of subjects at all levels within a country in the protection of personal information, but also the voice of countries at the world level in the protection of personal information. The right to multidimensional participation in the standard-setting process is promoted through the statements and sharing of the representatives of each country. Finally, the workshop landed on the rights of users, always emphasizing the rights of individuals to personal information. The right to personal information is a basic human right, and the possession of personal information is also fundamental human freedom. Businesses and governments are both protectors of personal information, and it is important to ensure that the standards for the necessary scope of collection and processing of personal information are transparent and more meaningful in order to protect human rights.

    Description:

    The whole title of this workshop is “A Meaningful Standard for Necessary Scope of PI Processing – A discussion based on relevant rules and practices of countries under the application of Artificial Intelligence.” With the innovative development of artificial intelligence, cloud computing, big data and the Internet of Things, various types of data, including personal information, are constantly being generated, and it has become an important element for the development of the digital economy and the driving force in social intellectualization and digitalization. However, in the collection and processing of personal information, various countries have faced some common governance issues and challenges, including the excessive collection of personal information (including sensitive and biological information), large-scale leakage of personal information, non-uniform rules for cross-border data flow, difficulties in safeguarding users' data rights, etc. The resolution of these issues is directly related to people's confidence in the future development of ICT, represented by artificial intelligence. This workshop will invite experts and representatives from government departments, industry organizations, universities and research institutes, technology communities, enterprises and other parties to sort out and analyze the risks and problems, focus on the "necessary scope of personal information collection and processing", and discuss how to establish a basic governance framework, meaningful international rules and standards for the collection and processing of personal information and other data based on the relevant rules and practices of various countries in the context of AI applications. The following is the flow of the workshop. 1. Introduction (5 minutes): The moderator introduces the background of the workshop and the topics to be discussed. 2. Keynote Speech (40 minutes): Six keynote speakers from different countries and regions will make presentations based on national practices and legislation, give their views on the construction of meaningful international rules for the protection of personal information, and discuss the necessary scope of personal information. 3. Discussion (30 minutes): Through the guidance of policy issues, participants will discuss topics on the content related to personal information protection. 4. Q&A Session (10 minutes): Guests & audience from online and on-site (Poland & Beijing) will be invited to ask questions about personal information. 5. Wrap-up (5 minutes): the moderator will conclude the workshop.

    Note: there's no preference for the time of day when the session will be held.

    Expected Outcomes

    There are three main expected outcomes of this workshop as follows. The first is to explore effective ways to address the risks and challenges that exist in the collection and processing of personal information under the application of artificial intelligence technologies. The second is to explore the definition, scope, and standards of the necessary scope of personal information for the operation of Internet applications and services, and thereby establish a baseline for the collection and processing of personal information data. The third is to explore the construction of a meaningful international common standard for the necessary scope of personal information collection and processing, and to initiate a international research working group mechanism.

    1. When the coronavirus pandemic conditions permit, the organizers will invite guests to attend the conference on-site in Poland for live interaction, and will consider: firstly, inviting keynote speakers to share on stage, with the moderator controlling the pace and guiding questions; secondly, conducting live voting via voting website and equipment to understand the level of agreement between the online and on-site audience on the views of the speakers; and thirdly, strictly controlling the speaking time to ensure the participation of each delegate and the progress of the workshop. 2. If the coronavirus pandemic conditions do not permit (cross-country travel is still severely restricted), separate on-site workshops respectively in China and Poland will be considered. The organizers will invite Chinese guests to attend as a whole and invite European guests to attend in Poland, while guests from other countries and regions will be connected via the internet to enable interaction between the two sites in Beijing and Katowice. 3. The organizers will design and produce videos, animations and posters around the theme of the workshop, which will be disseminated in a multimedia format to stimulate the thinking of the participants and the audience and create an atmosphere of joint participation. 4. Supporting Information: the moderator of this workshop will be Mr. Yuxiao Li, a prominent expert in cyber security and data governance. He was the moderator last year in IGF workshop named “Discussion on the Protection of Personal Data/Information and Privacy in the Prevention and ‎Control of COVID-19” and he has numerous experience in holding seminars and discussions. His talent falls in controlling time and pace and he is good at summarizing ideas in a very short time.

    Online Participation

    Usage of IGF Official Tool.

    Key Takeaways (* deadline at the end of the session day)

    The establishment of a necessary scope for personal information collection & processing and related standards in the scenarios of AI application must be completed step by step in the process of building an international Internet governance system that is fairer, more just, and reasonable. It is supposed to be gradually accomplished by encouraging multilateral and multi-stakeholder participation and giving full play to the role of various actors.

    Call to Action (* deadline at the end of the session day)

    It is recommended that the United Nations establish people-centered global universal rules and frameworks for personal information protection and AI application, and that the UN IGF play a greater role in guiding more stakeholders to engage and jointly build collaborative, trustworthy, and international community-oriented personal information protection and AI application rules & mechanisms.

    Session Report (* deadline 9 January) - click on the ? symbol for instructions

    1. Summary of Issues Discussed

    1. The Chinese government has attached great importance to data security and personal information protection. Concerning legislation on personal information protection, China is a late starter and a smart riser. Over these years, the country has been committed to enhancing data security and personal information protection and has scored significant progress. A series of laws and regulations have been issued in this regard, including Data Security Law, Personal Information Protection Law, the Provisions on the Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications, and the Regulation on Protecting the Security of Critical Information Infrastructure in 2021. All of these laws and regulations have put forward clearer requirements for personal information protection from different levels, improving the legislative system and framework for personal information protection. Meanwhile, the international community, such as the European Union and Latin America, has also achieved new results. These practices fully demonstrate that all countries are currently facing new challenges and problems in the digital age, and that it is the consensus and new task of the international community to carry out exchanges and cooperation related to data security and personal information protection. 
    2. Data security and personal information protection have received considerable attention which are closely related to the development of digital economy in all countries. And one of its final goals should be promoting the healthy development of digital economy. The sustainable development of the digital economy calls for unified global data governance rules. We can learn from the related model of Internet governance to build an international exchange and cooperation mechanism to explore consensus on data governance.
    3. Excessive collection of personal data increases the risk of privacy leakage; deep data mining and analysis lead to the risk of data abuse; and "disguised data" generated by manipulating content of audio, video, image or text with AI technology disturb the decision-making system and cause national and social security risks.
    4. The establishment of a necessary scope for personal information collection & processing and related standards in the scenarios of AI application must be completed step by step in the process of building an international Internet governance system that is fairer, more just, and reasonable. Also it is supposed to be gradually accomplished by encouraging multilateral and multi-stakeholder participation and giving full play to the role of various actors such as governments, international organizations, Internet enterprises, technical communities, civil societies and individuals, etc.
    5. The emergence of data governance issues is closely intertwined with the development of digital economy across the globe. Hence we need to strike a balance between data security and development while acknowledging and respecting that countries have different concerns regarding data governance.

    2. Policy Recommendations or Suggestions for the Way Forward

    (1) It is recommended that the United Nations establish people-centered global universal rules and frameworks for personal information protection and AI application, and that the UN IGF play a greater role in guiding more stakeholders to engage and jointly build collaborative, trustworthy, and international community-oriented personal information protection and AI application rules & mechanisms, so as to ensure the healthy and sustainable development of the AI industry for the benefit of all mankind. 

    (2) China's practices in artificial intelligence and big data have won the unanimously approval of the experts, and countries such as Brazil are also actively promoting related processes. We suggest that countries should jointly promote the establishment of an international legal framework for cybersecurity, build globally recognized rules on data governance, set up a risk assessment mechanism, and clarify the rights of data subjects and the obligations of data processors. Moreover, the "multi-stakeholder model" for Internet governance should be referred to in establishing an international exchange and cooperation mechanism for more consensus on data governance. 

    3. Final Speakers

    (1) Moderator:

    Li Yuxiao, Secretary-General of Cyber Security Association of China

    (2) Speakers:

    Li Yuxiao, Secretary-General of Cyber Security Association of China

    Zhao Hui, Secretary-General of China Federation of Internet Societies

    Jovan Kurbalija, Executive Director of Diplo Foundation, Head of Geneva Internet Platform, Former Executive Director of the Secretariat of the High Level Panel on Digital Cooperation

    Li Xiaodong, Founder & CEO of Fuxi Institution, Professor and Director of Center for Internet Governance, Tsinghua University (THUCIG)

    Luca Belli, Professor at Fundação Getulio Vargas (FGV) Law School, Director of the Center for Technology and Society at FGV

    Shen Qiang, Director of China Internet Development Foundation, CEO of Xiamen Meiya Pico Information Co., Ltd.

    Wang Li, Senior researcher of Xi'an Jiaotong University Suzhou Information Security Law Institute