The Cyberspace Administration of China recently published the draft Regulations on Network Eco-governance for public consultation. The regulations apply to the actions of network information content producers, network information content service platforms and network information content service users, which are prohibited from producing illegal or harmful information.
The California legislature recently debated several amendments to the California Consumer Privacy Act, eventually passing five bills which now await the governor's signature. Collectively, these bills do not provide the sweeping changes sought by businesses. Instead, the amendments make minor tweaks and postpone for one year some of the more challenging requirements. The passed bills address a range of topics, including providing for a partial, temporary one-year exception for applicant and employee data.
The draft Civil Code was recently submitted to the Standing Committee of the 13th National People's Congress for a third reading. Compared with the first and second drafts, the third draft expands the scope of the definition of 'personal information' to cover email addresses and location information.
Following the General Data Protection Regulation's (GDPR's) entry into force, the legislature asked the Data Protection Authority to review and update the so-called 'general authorisations' that it issued to allow the processing of sensitive data in the absence of the data subject's consent. Drawing on Article 9 of the GDPR, the Data Protection Authority subsequently issued Provision 146/2019, which sets out the requirements for processing special categories of data in employment relationships.
The final version of the Provisions on the Cyber Protection of Personal Information of Children recently came into effect. According to the provisions, network operators must formulate separate rules and user agreements to protect children's personal information and designate a dedicated person to oversee the protection of such information.
In view of the media industry's ostensibly democratic and political role, the Federal Council has decided to adopt effective and feasible support measures. These measures will be implemented by adapting existing laws and incorporating online media into the scope of the Federal Act on Radio and Television. However, the plan to create a new Electronic Media Act has been abandoned.
The Ministry of Industry and Information Technology and nine other authorities recently published the Guiding Opinions on Strengthening Industrial Internet Safety in the context of establishing China's industrial internet security guarantee system. According to the opinions, the industrial internet security guarantee system should be established by the end of 2020 and be a sound and reliable mechanism by 2025.
From Facebook's 'thumbs up' to Reddit's 'upvote' and Instagram's and Tik-Tok's 'likes', so-called 'vanity metrics' used by social media platforms are ubiquitous. For these platforms, it is important to consider the impact that shifting engagement trends might have on user-generated content in the context of online harms. Platforms should therefore examine what can be done to improve self-regulation (eg, removing 'addictive' structures such as visual metrics) to ensure that the online world is a supportive place.
The Unfair Competition Prevention Act was recently amended to afford new legal protection to Big Data. Although this new legal protection is expected to increase data use, in order to qualify as protected data, data must be managed accordingly. Thus, all parties which use Big Data in their business should review their management systems, internal rules and agreements regarding the handling of data in order to ensure that such data can fall under the definition of protected data set out in the act.
As the economy becomes increasingly data focused, telecoms markets across the Middle East are changing considerably. The policy framework has not always kept pace with this rapid change, and aspects of telecoms regulations are now outdated. However, personal data protection and public-private partnership (PPP) laws are starting to affect telecoms contracts and investments. Specifically, PPP laws are enabling recourse to alternative dispute resolution methods, including arbitration.
The New York governor recently signed into law a pair of bills establishing new requirements for businesses that process certain personal information relating to New York residents. The changes include expanding the scope of information covered by New York's data breach notification law and defining 'breaches' to include incidents involving unauthorised access to covered information, even where the information is not acquired.
The new Telecommunications Act, which enters into force in June 2022, will replace the conventional Type I and II telecom licence categories (ie, facility-based and service-based operators, respectively) which were adopted in 1996 with a more liberal approach and give the National Communications Commission more scope with regard to spectrum management and licensing.
The National Communications Commission (NCC) recently published the final draft of its 5G spectrum auction rules. As part of the upcoming 5G spectrum auction, the NCC aims to publish an amendment to the existing Regulations for Administration of Mobile Broadband Businesses by the end of August 2019 and accept bids in September 2019. The auction for mobile broadband business licences operating in the 3.5GHz, 28GHz and 1,800MHz bands will commence in December 2019.
The administration recently issued its National Development Plan 2019-2024, which – despite the previous administration's plans – does not mention cybersecurity. Although there are still hopes that cybersecurity will be addressed in the soon-to-be-released Communications and Transports Sectorial Programme 2019-2024, it appears that the present administration has no intention of implementing a cybersecurity strategy.
The Cyberspace Administration of China recently released the Cybersecurity Review Measures (Draft for Comment). According to the draft, where an operator of critical information infrastructure purchases a network product or service, it must make an ex ante assessment of the potential security risks that could emerge once the product or service is put into operation and produce a security report accordingly.
With a view to balancing private sector interests and the protection of individual rights, in 2015 the legislature decided that personal data collected through the remote monitoring of employees can be used for disciplinary purposes if employers provide employees with information regarding the scope and purpose of said processing. A recent case established what type of remote monitoring is permitted in the absence of providing the required data protection information.
The Cyberspace Administration of China recently issued the Administrative Measures for Data Security (Draft for Comment), which include rules on the collection, storage, transfer, processing and use of data in China via websites, as well as data protection and management. Among other things, the draft measures encourage network operators that collect personal information through websites, apps and other products to formulate specific rules regarding the collection and use of such information.
The Supreme Court of the Canton of Zurich recently clarified that employers must clearly regulate the private use of work communication devices, as well as any related control mechanisms. Further, data processing such as verifying WhatsApp chat messages – even if the information is stored on a work mobile phone – must be done in accordance with the more restrictive Article 328b of the Code of Obligations.
In a long-awaited decision, the Supreme Court was expected to provide greater clarity on the extent to which litigants can challenge the Federal Communications Commission's Telephone Consumer Protection Act interpretations in private litigation. However, instead of deciding that issue, the court vacated the Fourth Circuit's ruling and remanded the case for further development.