The impact of China's 2016 Cyber Security Law on foreign technology firms,and on China's big data and Smart City dreams

Chinese officials are increasingly turning to a policy known as Informatisation, connecting industry online, to utilise technology to improve efficiency and tackle economic developmental problems in China. However, various recent laws have made foreign technology firms uneasy about perceptions of Rule of Law in China. Will these new laws, under China's stated policy of “Network Sovereignty” (“网络主权” “wangluo zhuquan”) affect China's ability to attract foreign technology firms, talent and importantly technology transfers? Will they slow China's technology and Smart City drive? This paper focuses on the question of whether international fears of China's new Cyber Security Law are justified. In Parts I and II, the paper analyses why China needs a cyber security regime. In Parts III and IV it examines the law itself.     

China's campaign-style Internet finance governance: Causes,effects, and lessons learned for new information-based approaches to governance,

China's Internet companies and citizens are now world leaders in developing and using the Internet and related information technologies for financial transactions. Accordingly, it is important that China becomes a world leader in identifying challenges posed by Internet finance, and providing law and governance solutions to address these challenges. While the Internet and its associated technologies are now globally available, a core question is whether, and to what extent, regulatory challenges and opportunities are common across different jurisdictions, or whether they reflect local circumstances. In short, an interesting question is what can the world learn from China as it takes the lead in addressing Internet finance challenges, and what can China learn from the world as it seeks to do so?This article first identifies the landscape of China's burgeoning Internet finance market, including key technologies and services and government and nongovernment players. The article then turns to key regulatory challenges, with a focus on factors especially significant in China. The article then examines the “top down” “campaign style” approach to regulation, which is China government's initial response to emerging challenges. Following an analysis of the campaign, some suggestions are then made for future possible governance strategies. We explain how emerging “information” based and experiment-based approaches to governance are drawing on both global and Chinese experiences to harness the capabilities of the Internet and the collective energies of Internet finance enterprises and users to advance the regulation of the China Internet finance system in a way that is conducive to the public interest.     

China's stance on the Google/Motorola merger: Implications for competition in intellectual property-intensive sectors

China's merger enforcement agency approved the Google/Motorola merger with conditions. This pattern of approval is not in full accordance with that in other jurisdictions, including the United States and the European Union, which made unconditional approvals. This contradiction attracted ample criticism; some critics believe that China's policy is designed to protect domestic industry. In investigating the Chinese merger agency's decision and the basis for its decision making, this article finds that much of the criticism is groundless and misleading because the critics have failed to incorporate all elements of the global value chain of mobile intelligent terminals into their analyses. The investigation also shows that, although the decision makers are less experienced, their decisions are based on Chinese competition law and market realities. It is important for international firms to be aware of this pattern in merger analysis.     

An experimental model of regulating the sharing economy in China: The case of online car hailing

Online car hailing represents a disruptive innovation model in the sharing economy and requires a new regulatory response. China's attempts to regulate this emerging industry can be considered highly experimental model. To relieve the pressure from offline competitors and to clarify the ambiguous legal status of online car hailing, China currently enforces a strict regulatory scheme through what can be described as a central-local dual system. Questions, however, have arisen regarding the legality, proportionality and effectiveness of this approach. Moreover, the current system's choice for a segmented market strategy heavily impairs the sustainable development of the sharing economy. Therefore, the adoption of Internet-based regulations for online car hailing might create better prospects to establish a fairly competitive market as well as to further boost the ever dynamic Internet sharing economy in China.     

Online platforms and pricing: Adapting abuse of dominance assessments to the economic reality of free products

Online platforms, which are at the forefront of today's economy, are subject to intensive competition law enforcement. However, the platform business model presents challenges for the application of competition law. Most notably, they appear to offer consumers a great number of their products for free. The explanation for most of these supposedly free products is offered by two-sided market theory: consumers may not be paying, but the ‘other’ side of the market is. This other side of the market often consists of advertisers, which pay the platform for access to the consumers’ information (to target advertisements) and attention (to show the advertisements). As many of these platforms are now potentially dominant, they come within the scope of competition law's abuse of dominance provision, including the doctrines of predatory and excessive pricing. These price-based theories need to adapt to the often price-less platform business model in order to prevent competition authorities from making both type I and type II enforcement errors. At the same time, competition law enforcement needs to consider—and at times give priority to—other branches of law that address abusive behaviour concerning free products. Through the use of case studies, this article therefore suggests ways in which abuse of dominance assessments can take into account the economic reality of free products.     

Mystery shopping: demand-side phenomena in markets for personal plight legal services

ABSTRACT

“Personal plight” is the sector of the legal services industry in which the clients are individuals, and the legal needs arise from disputes. This article proposes that competition among personal plight law firms is suppressed by three demand-side phenomena. First, consumers confront high search costs. Identifying competing law firms willing and able to provide the needed services often requires significant expenditure of temporal and psychological resources. Second, comparable price and quality information about firms is scarce for consumers. Both of these factors impede comparison shopping and reduce competitive pressure on firms. A third competition-suppressing factor is observed in tort legal service markets, where offerings are typically priced on a contingency basis. Contingency fees have relatively low salience to consumers, and this reduces consumers’ willingness to negotiate and comparison-shop on the basis of price. This analysis is supported by the author’s empirical research with Ontario personal plight lawyers as well as the existing literature. The article concludes by suggesting possible consequences of this analysis for regulatory policy.     

试论汽车消费者知情权保护

消费者知情权在现代消费者权益体系中处于基础性地位,是消费者实现其他权利的前提。面对当前汽车消费过程中收费项目繁多、收费依据不明等收费问题,汽车消费者知情权存在行使与救济双重困境。对此,立法方面应对《消费者权益保护法》中知情权的内涵作进一步细化;司法方面应充分考虑交易过程中消费者的弱势地位,构建权利义务双重保护模式,以求汽车经营者与消费者之间的实质公平;政府相关部门可通过设立专门机构、落实信息披露义务加强对汽车销售领域的行政监管;行业协会应发挥作用,构建行业信用体系,畅通信息交互渠道,以实现社会共治背景下的多方位保护汽车消费者知情权。     

iCLIC Data Mining and Data Sharing workshop: The present and future of data mining and data sharing in the EU

Held at Southampton University's Highfield campus and hosted by iCLIC, an interdisciplinary core on Law, the Internet and Culture, the Data Mining and Data Sharing workshop brought together attendees and speakers from industry, government, academia and a range of disciplines alike. The workshop comprised two sessions, each with a keynote and an associated panel. The first session was chaired by Eleonora Rosati and dealt with copyright and database rights, data mining and data sharing. The second session, chaired by Sophie Stalla-Bourdillon, focussed on data protection, data mining and data sharing. The following report covers both sessions, associated panel discussions and the subsequent question and answer sessions.     

论企业数据权益的法律保护——基于数据法律性质的分析

在互联网与大数据时代,数据已经成为企业的重要资产,对企业数据权益应当进行合理保护。但对企业数据不宜进行绝对化与排他性的财产权保护,因为此种保护违背数据的基本特征——数据并不具有排他性与竞争性。保护企业数据权益应当以促进数据共享为目标,企业数据的合理保护应当有利于促进数据共享。对企业数据应当进行类型化与场景化保护。对于非公开的企业数据,应当提供商业秘密保护;对于半公开的数据库数据,应当提供类似欧盟的数据库特殊权利保护;对于公开的网络平台数据,应当采取竞争法保护,避免恶性搭便车行为。法律还应当为企业主动公开的数据提供特殊类型的保护,允许企业设置白名单与黑名单。此外,法律也应当协调保护个人数据与企业数据,在优先保护个人数据的前提下,实现个人数据隐私期待与企业数据权益的共赢。     

Normative challenges of identification in the Internet of Things: Privacy,profiling, discrimination,and the GDPR

In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user's devices with unique identities, and provide seamless and linked up services. At the same time, profiling methods based on linked records can reveal unexpected details about users' identity and private life, which can conflict with privacy rights and lead to economic, social, and other forms of discriminatory treatment. A balance must be struck between identification and access control required for the IoT to function and user rights to privacy and identity. Striking this balance is not an easy task because of weaknesses in cybersecurity and anonymisation techniques. The EU General Data Protection Regulation (GDPR), set to come into force in May 2018, may provide essential guidance to achieve a fair balance between the interests of IoT providers and users. Through a review of academic and policy literature, this paper maps the inherent tension between privacy and identifiability in the IoT. It focuses on four challenges: (1) profiling, inference, and discrimination; (2) control and context-sensitive sharing of identity; (3) consent and uncertainty; and (4) honesty, trust, and transparency. The paper will then examine the extent to which several standards defined in the GDPR will provide meaningful protection for privacy and control over identity for users of IoT. The paper concludes that in order to minimise the privacy impact of the conflicts between data protection principles and identification in the IoT, GDPR standards urgently require further specification and implementation into the design and deployment of IoT technologies.     

反垄断法视野中消费者利益保护问题的新思考

世界上大多数国家或地区的反垄断法都把保护消费者利益作为自身的立法目的之一,但是在传统理论和实践中,消费者利益的概念基本上是经济学意义上的消费者福利;反垄断法对消费者的保护被认为是保护竞争产生的间接结果,因此只是一种间接保护。固然应该重视并发挥反垄断法间接保护消费者利益的功能,但也同样应该重视反垄断法理论和实践中出现的加强对消费者利益直接保护的趋势;对消费者利益的直接保护认识,为探讨消费者获得损害赔偿救济奠定了基础。对消费者利益保护理论与实践的转变问题进行新思考。     

The Chinese Social Credit System: A Model for Other Countries?

Many countries know financial consumer credit ratings, and recent years have also seen a proliferation of rating systems in relation to online platforms and in the ‘sharing economy’, such as eBay, Uber and Airbnb. In the view of many Western observers, however, the emerging Chinese Social Credit System indicates a paradigm shift compared to these former rating systems as it aims for a comprehensive and uniform social rating based on penalty and award mechanisms. By contrast, this article suggests that the evolving forms of the Chinese system should be seen as a specific instance of a wider phenomenon. Thus, it develops a framework that compares different rating systems by reference to their drafters, users, aims, scoring systems, application, use of algorithms, enforcement and accountability; it identifies shortcomings of both low and high interventionist rating systems; and it discusses a range of regulatory approaches and emerging issues that law makers should consider.     

The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify

This article offers an interdisciplinary analysis of the General Data Protection Regulation (GDPR) in the context of electronic identification schemes. Gov.UK Verify, the UK Government's electronic identification scheme, and its compatibility with some important aspects of EU data protection law are reviewed. An in-depth examination of Gov.UK Verify's architecture and the most significant constituent elements of both the Data Protection Directive and the imminent GDPR – notably the legitimising grounds for the processing of personal data and the doctrine of joint controllership – highlight several flaws inherent in the Gov.UK Verify's development and mode of operation. This article advances the argument that Gov.UK Verify is incompatible with some major substantive provisions of the EU Data Protection Framework. It also provides some general insight as to how to interpret the requirement of a legitimate legal basis and the doctrine of joint controllership. It ultimately suggests that the choice of the appropriate legal basis should depend upon a holistic approach to the relationship between the actors involved in the processing activities.     

论消费者及消费者保护在经济法中的地位——“以人为本”理念与经济法主体和体系的新思考

“以人为本”理念和科学发展观的提出,为经济法的进一步发展提供了良好的契机。经济法的主体可以概括为消费者、经营者和管理者;消费者是经济法主体的核心。消费者的保护需要经济法,经济法是消费者保护的主要法律部门。我国应以消费者保护为中心,构造经济法的体系。     

Funds sharing regulation in the context of the sharing economy: Understanding the logic of China's P2P lending regulation

“Sharing economy” is an umbrella term that encompasses a wide range of digital platform-based activities that includes P2P lending and other forms of internet-based lending. The core aim of the sharing economy is to leverage the utilization of idle capacity. P2P lending can not only be used to leverage small amounts of money on the lender's side, but also be used to promote financial democracy and inclusion both on the lender and borrower's sides. P2P lending regulation, therefore, should place an emphasis on the utilization of dead money and promotion of financial democracy. This article scrutinizes the regulation of P2P lending in China. The existing regulatory system for P2P lending in China is built upon rules and regulations that have been designed solely with traditional brokers in mind. The article contends that the rigid rules placed on lending platforms limited their ability to maintain their roles as brokers and, in turn, heavily endangered the commercial sustainability of P2P platforms, thereby harming the sharing economy's openness and inclusivity. Additionally, the article argues that the fact that there is no limit on the amount a lender can invest poses a threat to the notions of leveraging idle money and financial inclusivity. The closed-ended P2P lending regime in China would cause some chilling effects to financial innovation in the P2P lending industry, and in a wider sense, the rising FinTech sector. Regulators in China need to cope with these challenges in a flexible but pragmatic manner, and particularly make use of the benefits the sharing economy may bring to the Chinese economy more broadly.     

Radical Transactionalism: Legal Consciousness,Diverse Economies,and the Sharing Economy

This article proposes an original theoretical approach to the analysis of community‐level action for sustainability, focusing on its troubled relationship to the sharing economy. Through a conversation between scholarship on legal consciousness and diverse economies, it shows how struggles over transactional legality are a neglected site of activism for sustainability. Recognizing the diversity of economic life and forms of law illuminates what we call ‘radical transactionalism': the creative redeployment of legal techniques and practices relating to risk management, organizational form, and the allocation of contractual and property rights in order to further the purpose of internalizing social and ecological values into the heart of economic exchange. By viewing sharing‐economy initiatives ‘beyond Airbnb and Uber’ as sites of radical transactionalism, legal building blocks of property and capital can be reimagined and reconfigured, helping to construct a shared infrastructure for the exercise of collective agency in response to disadvantage sustained by law.     

For privacy's sake: Consumer “opt outs” for smart meters

When balancing consumer privacy and data protection rights with the important societal benefits to be obtained from smart meters, should consumers be allowed to opt out? If so, what should a smart meter opt out mechanism look like? Further, may consumers be charged additional fees for the privilege of opting out without violating their privacy and data protection rights? The EU/U.S. comparative law analysis provided in this paper aims to help energy suppliers and regulators craft opt out mechanisms to protect individual privacy and data protection rights while also achieving important societal benefits from smart meters.     

Are ‘pseudonymised’ data always personal data? Implications of the GDPR for administrative data research in the UK

There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could constitute the unconsented disclosure of identifiable information.Instead, however, we argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. The definition of pseudonymisation under the GDPR is not intended to determine whether data are personal data; indeed it is clear that all data falling within this definition are personal data. Rather, it is Recital 26 and its requirement of a ‘means reasonably likely to be used’ which remains the relevant test as to whether data are personal. This leaves open the possibility that data which have been ‘pseudonymised’ in the conventional sense of key-coding can still be rendered anonymous. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party. We explain how, with reference to the data environment factors as set out in the UK Anonymisation Network's Anonymisation Decision-Making Framework.     

Law enforcement access to personal data originally collected by private parties: Missing data subjects' safeguards in directive 2016/680?

Access by law enforcement authorities to personal data initially collected by private parties for commercial or operational purposes is very common, as shown by the transparency reports of new technology companies on law enforcement requests. From a data protection perspective, the scenario of law enforcement access is not necessarily well taken into account. The adoption of the new data protection framework offers the opportunity to assess whether the new ‘police’ Directive, which regulates the processing of personal data for law enforcement purposes, offers sufficient safeguards to individuals. To make this assessment, provisions contained in Directive 2016/680 are tested against the standards established by the ECJ in Digital Rights Ireland and Tele2 Sverige on the retention of data and their further access and use by police authorities. The analysis reveals that Directive 2016/680 does not contain the safeguards identified in the case law. The paper further assesses the role and efficiency of the principle of purpose limitation as a safeguard against repurposing in a law enforcement context. Last, solutions to overcome the shortcomings of Directive 2016/680 are examined in conclusion.