Who or what is Didi?

Didi, officially known as Didi Chuxing Technology co., is an online vehicle-for-hire-service. Its services include taxi-hailing, private car-hailing (including different levels of vehicles, up to premium luxury cars), bike-sharing, and van hire for freight and logistics. In China, the app — which can also be accessed via mini-programmes in the WeChat and Alipay apps — is available in Chinese and English.

Didi was founded in 2012 by Will Cheng, who remains on board as CEO. Softbank’s Vision Fund is the largest shareholder, with 21.5% ownership, followed by Uber, which retains a 12.8% stake following Didi’s acquisition of Uber’s China arm in 2016.

Is Didi popular in China?

Didi has an estimated 90% share of the ride-hailing market in China, operating in around 400 cities. According to its IPO prospectus, it has 377 million annual active users as of 2021, and 156 million average monthly active users from January to March 2021. Outside of China, Didi operates in 15 countries, including Brazil, Mexico, and Russia.

What is the background to Didi’s IPO?

Didi filed early stage IPO paperwork with the US Securities and Exchange Commission on 10 June. The filing highlighted the company’s recovery from the coronavirus pandemic, reporting a net income of RMB 196 million (£21.9 million) in Q1 2021, up from a loss of RMB 4 million (£447.7 million) the previous year.

The company completed its IPO in New York on 30 June 2021, raising $4.4 billion (£3.19 billion) at $14.14 a share (1% up from the offer price of $14), giving it a valuation of around $70 billion. By contrast, Uber’s share price dropped more than 7% on the first day of trading.

Why has Didi come under investigation?

The Cyberspace Administration of China (CAC) opened an investigation into Didi on 2 July, citing national security and cybersecurity laws to “guard against risks to national data security” and “protect the public interest.” The move was not completely out of the blue — regulators had already cautioned Didi to delay its IPO earlier in the year.

The specific security and privacy issues that led to the investigation have not been made public, although it is related to the collection and use of personal data. Didi collects data such as user location and ride duration, which is all stored on data servers in China.

While the review is ongoing, the platform is not allowed to register new users. On 4 July, Didi was ordered to remove its app from app stores and other platforms, although existing users were able to continue using the app. 

In a response on Monday, 5 July, Didi said, “The Company will strive to rectify any problems, improve its risk prevention awareness and technological capabilities, protect users’ privacy and data security, and continue to provide secure and convenient services to its users.”

The CAC also announced a similar investigation of two truck rental apps, Yunmanman and Huochebang, operated by Full Truck Alliance and Kanzhun Ltd.’s Boss Zhipin, the largest online recruitment platform in China. Both companies went public in the US earlier in 2021.

How much has Didi’s stock price dropped?

In the statement mentioned above, Didi said that it expects the app takedown to have “an adverse impact on its revenue in China.” When Wall Street reopened for trading after the Independence Day holiday on Tuesday, 6 July, shares were down more than 20% at $12, wiping billions off its market value.

Although existing users can continue to hail cars and taxis via the Didi app, anecdotal evidence from the days following the app takedown suggest longer wait times for people using the app, presumably as some drivers move to competitors such as Caocao Zhuanche and Yidao Yongche. Competing platforms such as Meituan Chuxing and Gaode Map (which aggregate services from different ride-hailing platforms) were offering deep discounts in the first week of July.

What happens next?

The cybersecurity review of Didi is likely to last at least 30 days. Since the review was announced, the State Council stated that it will tighten controls on illegal securities activities and strengthen the protection of sensitive data related to overseas listings. This may lead to long wait times for companies planning IPOs.

The post What’s happening to Didi in China? appeared first on Focus - China Britain Business Council.

China recently issued the draft Personal Information Protection Law (the “PI Law”), which, if adopted, will be the first comprehensive high-level legislation on personal information protections in China. It details the rules for collection, storage, processing, and disposal of personal information, clarifies a number of controversial issues such as security assessment for data exportation, and sets out comprehensive requirements in relation to establishing internal policies for data management. The PI Law therefore forms a solid base for further legislation on personal information protection matters.

The PI Law influences all business sectors. In particular, it will likely significantly affect the data practice of international financial institutions which already have business operations in China or are expanding their business operations into China.

Extraterritorial jurisdiction

Different from the Cyber Security Law, effective in 2017 which regulates constructions, operations, maintenance, and utilisations of networks in PRC territory, the PI Law has explicit exterritorial effect. International financial institutions which do not have a presence in China would still be subject to the PI Law in terms of collections and utilisation of personal information of people residing in China.

According to Article 3 of the PI Law, the PI Law regulates the collection, storage, utilisation, processing, transmission, provision or disclosure (collectively “handling”) outside of China of personal information about people residing in the territory of China if either of the following conditions are met: (i) the purpose of the handling is to provide goods and services to people in the territory of China; (ii) the purpose of the handling is to analyse or evaluate behaviours of people within the territory of China; and (iii) any other situation provided for by laws and regulations. China has a huge financial service market, which attracts those international financial institutions to invest in.

International financial institutions which do not have a presence in China would still be subject to the PI Law in terms of collections and utilisation of personal information of people residing in China

Meanwhile, the financial services sector has not been fully opened to foreign investment. As a result, many foreign financial institutions select to stay offshore whilst studying the China market or servicing Chinese customers by sending staff to travel to China or otherwise remotely. During the course of such remote business operations, foreign financial institutions inevitably collect and analyse personal information generated in China, which include customer identities, financial information, family structures, contact information, etc.

If the PI Law is finally adopted, the handling of personal information by these foreign financial institutions will be subject to the PI Law. Consequently, foreign financial institutions will be required to follow the data protection requirements under the PI Law.  A violation to the data protection requirements under the PI Law may result in the foreign financial institution being included in a blacklist and in a ban on cross-border transfers of personal information to it.

It may be a big challenge, especially for those financial institutions which have already developed and implemented robust data protection policies in practice, to follow the PI Law when handling the personal information.  The PI Law increases the administrative cost by imposing a “local presence” requirement on those foreign financial institutions that collect or use personal information concerning people residing in China.

The requirement is that, according to Article 52 of the PI Law, a foreign financial institution must establish a dedicated department or appoint a representative in China to take charge of data protection matters.  The data protection department and the data protection person must be filed with the government. The PI Law does not set out the criteria for such department or person. However, with respect to data protection persons working for foreign securities and fund business, the China Securities and Regulatory Commission (CSRC) may require that they maintain professional securities qualifications. This will increase administrative burdens on foreign financial institutions.

Engaged processing

Generally speaking, the PI Law permits the outsourced processing of personal information. Consequently, financial institutions can outsource to third party service providers both IT or business functions concerning personal information.

The PI Law distinguishes ‘outsource of personal information processing’ from ‘transfer of personal information due to business disposal or otherwise’; and imposes less burden on outsourcing arrangement.  According to Article 22 of the PI Law, a personal information controller is allowed to engage a third party service provider to process personal information in its possession provided that (i) the personal information controller enters into an agreement with the service provider to define the purpose of and method for the processing, the nature and categories of personal information to be processed, as well as the required security measures to protect personal information; (ii) the personal information controller supervises the personal information processing activities; (iii) the service provider only processes personal information within the scope of consents which relevant data subjects grant; and (iv) the service provider returns to the personal information controller or otherwise destroys personal information upon the completion of the processing.

A personal information controller is not required to seek data subjects’ separate consents to the outsourced processing; nor is it required to disclose the identity of the service provider. Consequently, a personal information controller can decide whether to enter into an outsourcing arrangement involving process of personal information after its collection of personal information.

At the early stage when international financial institutions enter into the Chinese market, they tend to outsource their administrative functions, IT functions, and certain ancillary business functions (eg, with respect to mutual fund business, the TA and FA functions) to manage costs and retain flexibility.  Such outsourcing arrangements will more or less involve processing of personal information. The PI Law does not impose any requirement to seek individuals’ separate consents or to disclose service providers’ identities, and thus facilitates outsourcing arrangements.

Nevertheless, in order to control the data breach risks arising from outsourcing arrangements, it would be important to enter into service agreements with service providers pursuant to legal requirements under the PI Law and to include all necessary clauses, such as the scope and restriction of the outsourced services, auditing right, confidentiality, destruction of information, prohibition on further subcontracting, etc. A well drafted service agreement will help mitigate data breaching risks arising from outsourcing arrangements and be a good defence when authorities perform regular inspections on outsourcing activities involving personal information.

Data exportation

The PI Law releases the concern that all data exports require security assessment organised by the government. As a result, foreign financial institutions would have a greater flexibility to integrate on their global platform the data generated from their business operations in China.

Restrictions on data exportation have long been a controversial topic in China. The Cyber Security Law sets out the principle that personal information and important data which critical information infrastructure (CII) operators collect or generate in China must be kept in China and that, if they are necessarily to be exported outside of China, a security assessment procedure according to relevant regulations would be required.  In order words, the Cyber Security Law only restricts the export of personal information and important data which CII operators generate or collect in China.

However, the Cyberspace Administration of China (CAC) – the country’s key regulator on cyber security matters, issued a draft Administrative Measure for Export of Personal Information and Important Data in 2017, which was later replaced by the draft Administrative Measure for Data Security and the draft Administrative Measure for Security Review of Export of Personal Information, both of which were released in 2019.  All these draft measures expanded the scope of personal information exports where security assessment is required.

Under these draft measures, all exports of personal information require security assessment, regardless of whether they are collected or generated by CII operators or of the materiality of the personal information.  These measures also require government approvals for the security assessment before exports can be implemented. Such a wide scope of application of the security assessment requirement triggers concerns that the security assessments will incur a significant administrative cost and that the delay in government approvals for the security assessments will delay the exporting process.

The PI Law relieves the concerns by narrowing down the scope of applications of the security assessment requirement. According to Articles 38 and 40 of the PI Law, an export of personal information by a CII operator or an export of personal information reaching a volume threshold to be stipulated by the CAC must undergo a security assessment procedure organised by the CAC.

With respect to all other circumstances relating to export of personal information, the exporter may select to undergo, or not to undergo, the security assessment procedure at its own discretion. If a security assessment is not selected, the exporter will be responsible for entering into an agreement with the offshore personal information receiver to ensure that the receiver meet the personal information protection standard imposed by the PI Law. In this regard, the data transfer agreement will be critically important to ensure the compliant because the exporter is responsible for the behaviours of the data receiver.

The PI Law helps clarify the requirements on data exports and relieve the concerns of multinational corporations, including, in particular, international financial institutions. International financial institutions usually desire to have extensive data integration, i.e., to process, analyse, and store information about customers and staff on a global platform which enables them to apply their operational strategies, investment models, and risk control tools consistently.  The reduction in the scope of application of the security assessment requirement offers international financial institutions greater flexibility to export and integrate data globally.

Note that the PI Law does not exclude the possibility that relevant industrial regulators may impose other conditions on data export.  For example, CSRC restricts the export of client identity data and transactional data. These restrictions will still apply despite the PI Law.

Compelled disclosure to foreign government agencies

The PI Law prohibits the disclosure to foreign government agencies of personal information collected in China. This prohibition may confront international financial institutions with the dilemma that, whilst they may be compelled to disclose personal information to foreign government agencies, they are prohibited from the disclosure by the China government.

According to Article 41 of the PI Law, unless otherwise provided for under international conventions or bilateral treaties to which China is a party, the disclosure of personal information to foreign government agencies for judicial assistance or administrative enforcement is required to be approved by the China government.

This requirement is consistent with that under the PRC Securities Law effective in March 2020, where disclosure to foreign law enforcement agencies of files and materials relating to securities business is prohibited unless such disclosure is made via a cooperative mechanism established between China and the foreign government in question (eg, the MOU between CSRC and US SEC) or otherwise approved by CSRC or other government agencies in China.  These requirements mean that the China government would have full control over the information to be disclosed to foreign government agencies.

However, the prohibition on disclosure contradicts some foreign authorities’ positions.  For example, the US congress passed the CLOUD Act in 2018, with which the US government has the power to compel companies to disclose personal information or other data in the possession of not only those companies but also their subsidiaries overseas, even if the local laws where these subsidiaries are located prohibit them from doing so. Consequently, when the US government orders a US financial institution to disclose certain personal information in the possession of its subsidiary in China and the China government disapproves such disclosure, the financial institution will (i) violate the US law, if it selects not to disclose such personal information as the US government orders; or (ii) violate the China law, if it selects to follow the order of the US government.

It may be too early to assess the practical impact of this prohibition on international financial institutions, or to suggest a resolution.  However, a well-developed information firewall between a foreign financial institution and its subsidiaries in China, as well as a well-designed managerial policy, may help segregate data generated in China from those under direct or indirect control of the foreign financial institution and thus reduce the practicability to compel the disclosure of data in the possession of such a Chinese subsidiary.

Contact the author Xun Yang from LLinks Law Offices on xun.yang@llinkslaw.com for more information on PI law

The post What does the new draft Personal Information Protection Law mean? appeared first on Focus - China Britain Business Council.

The Covid-19 crisis has undoubtedly changed the way businesses operate for good. Nowhere is this more evident than in the shift towards remote working, which is clearly here to stay.

In this rapidly changing commercial environment, businesses will need to be alert to the challenges these changes present – and the steps they can take to ensure that their valuable IP assets and trade secrets continue to be robustly protected for the future.

Here are four key areas businesses can address right now to ensure their IP and trade secrets are fit for a new era.

Employee inventions

Remote working has arguably blurred the lines between home and work life. Even in ‘normal’ times, employers can be faced with challenging questions of whether inventions or content developed by an employee can be deemed to be ‘in the course of employment’ (and therefore presumed to be owned by the employer), or beyond their work duties and owned by the employee. Accordingly, businesses should consider:

• Reviewing IP provisions in employment contracts
• Increasing training, guidance and record keeping procedures
• If in doubt, entering confirmatory assignments of IP with employees

Preserving information security

The shift to partial or complete remote working creates practical challenges for many employees. Homes are not controlled environments like an office, and there is a greater risk of IP leakage happening inadvertently through everyday employee behaviour. As such, businesses should consider the following key measures when updating remote-working policies and training procedures:

• Focus on the practicalities – employees should avoid taking calls with open windows on screen, ensure the proper disposal of confidential documentation and not work on sensitive projects in public environments.
• Provide IT equipment – supplying an encrypted and secure piece of work equipment such as a company laptop is far less risky than asking an employee to work from dual use personal/work piece of equipment, which may easily be damaged or stolen, resulting in IP leakage.
• Check the small print – ensure you have adequate Non-Disclosure Agreements in place with relevant third-party contractors to protect your trade secrets.

Who knows what?

Now is an opportune moment to review who within your business is party to certain confidential information and trade secrets. It may be the case that sensitive information has not been adequately distinguished from day to day, less sensitive information. Furthermore, it is important to question which employees really require knowledge of your organisation’s most sensitive information. Limiting and securing access to certain files is a simple, yet really effective way to enforce this and reduce the risk of any important trade secrets being inadvertently disclosed.

IT & systems risks

The diminishing role of physical offices is likely to see companies increasingly move to cloud-based storage of key documents and correspondence. We are also likely to see an increase in the usual IT threats businesses face, such as phishing. Accordingly, businesses should only be working with IT service providers with proven track records and robust systems. Whilst these risks are nothing new, the potential for substantial irrecoverable business damage has increased since the advent of the crisis. That means now is the time to consider thoroughly auditing the IT services your business uses and where necessary, providing employees with adequate training in how to utilise them. Video calls, for example, are one major new risk that businesses face given the potential myriad associated security vulnerabilities.

Certainty in an uncertain world

With such little certainty on the horizon right now, planning ahead can seem like an almost impossible task. That said, there will of course be opportunities to grasp. For UK-based companies looking to forge new commercial relationships with their Chinese counterparts, for example, the ubiquity of home working will make communication and developing new partnerships so much more straightforward.

Whatever the future holds, one thing we can be sure of is that innovation will be a key driver of recovery from the Covid-19 crisis. Now more than ever, businesses should be taking active steps to ensure their valuable intellectual property assets are adequately protected to allow them to reach their full potential over the longer term.

The post Covid-proofing your IP and trade secrets for the crisis and beyond appeared first on Focus - China Britain Business Council.

Matt Sheehan is a Fellow at the Paulson Institute’s in-house think tank. Based in the San Francisco Bay Area, he was formerly the China correspondent for The Huffington Post. His recent book “The Transpacific Experiment: How China and California Collaborate and Compete for Our Future” (Counterpoint, 2019) argued that despite sometimes rocky political relations between the US and China, deep and interdependent socioeconomic exchanges were increasing, particularly in the field of tech. Here he talks more about interdependent exchange as part of the UK and China’s tech relationship, as well as where in the tech sphere the opportunities for the UK might lie in the future.

OK, let’s start with the basics – what is the Transpacific Experiment?

MS: The Transpacific Experiment is the largest ever experiment in grassroots superpower diplomacy, and it happened in California and China over the past 12 years. For decades, US-China relations mostly happened at the highest levels of government (i.e. Nixon & Mao) and multinational corporations (Apple offshoring iPhones to China). But from 2008-2018, the real action in US-China relations shifted toward the grassroots. Record-setting numbers of Chinese students, investors, technologists, and immigrants arrived on US soil, and flagship American industries like Silicon Valley and Hollywood got deeply enmeshed in China.

For decades, US-China relations mostly happened at the highest levels of government and multinational corporations. But from 2008-2018, the real action in US-China relations shifted toward the grassroots.

This really shifted the centre of gravity in the relationship. It pulled it away from DC and Beijing and spread it across college campuses, neighbourhoods and companies around the country. This had a big impact in many parts of the US, but California was really the centre of the action, with the highest number of students, home buyers, investors, and both technological and cultural connections.

I call these interactions an “experiment” because we’d never seen this kind of deep, multi-faceted engagement between two superpower competitors, and we didn’t know how it would play out. Would those face-to-face interactions bring these countries closer together, or drive them apart? From 2008-2016 things looked promising on some fronts, but you also saw real frictions emerging at the grassroots. In the past four years, those local frictions bubbled up to the national level, and they ended up driving a huge wedge between the US and China.

In the tech competition/collaboration between the US and China, where, if anywhere does Europe and the UK sit?

Europe and the UK together are currently the other big players in the global technology ecosystem today, and as US-China relations have deteriorated, it’s put Europe in a really interesting position. There’s clearly been a major evaluation of relations with China, but European countries still haven’t embraced the really bare-knuckle and highly confrontational approach of the US. That gives Europe and the UK a new kind of leverage in dealing with both China and the US on tech issues.

European countries still haven’t embraced the bare-knuckle and highly confrontational approach of the US. That gives Europe and the UK a new kind of leverage in dealing with both China and the US on tech issues.

Right now China is looking around and realising doors are closing on its tech companies in many parts of the world. As much as President Xi is driving a techno-nationalist agenda, I think there’s also a real recognition that China still relies on advanced countries for crucial parts of its tech stack, especially semiconductors and research partnerships. That opens the door for Europe and the UK to use its leverage to try and exact meaningful concessions from China on certain fronts, such as greater access for companies like Ericsson to China’s 5G market.

But, while doing that, these countries have to keep a close eye both on their own national security interests, and also try to limit any potential fallout with the US over engagement with China.

Tech has become very Balkanised very quickly. As you say in your book, is it inevitable that American companies will lay claim to the US, Europe, and most developed countries, while Chinese companies will end up owning their home market and exerting influence across large swaths of the developing world?

Two years ago, I think there was a strong case for those respective spheres of influence. But the past two years have been a real roller coaster, and a lot has changed in just the past four months.

First, the emergence of TikTok proved that Chinese apps could rise to the top in countries around the world, including the US. At the same time, a large number of Chinese apps were gaining on their US peers developing countries, and had overtaken US apps in downloads in India. That looked very promising for Chinese companies, but it really unraveled over just the last few months. After a border clash in June, India banned TikTok along with hundreds of other Chinese apps. Just weeks later, the White House began talking about blocking TikTok, forcing TikTok into negotiations to sell its US business off.

On the surface, this looks great for US companies like Facebook, who were very anxious about Chinese competitors. But at the same time, I think there are real dangers ahead for US companies abroad. This urge to block foreign competitors from one’s own tech markets is gaining real traction worldwide. Right now China is in the crosshairs, but don’t be surprised if those crosshairs are turned on US apps in the future.

With governments (US, UK, France, India, Canada etc) rejecting Huawei and suspicious of other Chinese tech firms, does this mean that there is little to no future for cooperation between China and the West in the technology sphere?

I don’t see Huawei as the death knell for collaboration between China and the West. The connections between these tech ecosystems were really deep and multi-faceted for years, with flows of people, money and research knitting them together. Over the past four years those investment ties have been severed, and there’s a lot more pressure put on Chinese technologists in the US as well.

But academic researchers still fiercely defend the open and international nature of their work, and so I don’t see those ties getting fully severed. You’ll see less direct commercial interactions, but you also see people in the West paying much more attention to Chinese tech, trying to learn from its successes and avoid pitfalls like the expansion of China’s surveillance state.

In your conclusion, you seem perhaps more optimistic than most that a new, younger generation of innovators both in China and in America/Europe may find ways to cooperate. That was written in 2019 – how are you feeling in autumn 2020?

Things have really deteriorated faster and more dramatically than I and most people foresaw. It looked like that deterioration might have slowed up after the Phase I trade deal was signed in January, but that was immediately followed by Covid and things went into freefall. Things are more tense than ever at the national level, and those actions have put a lot of new constraints on what people do at the more grassroots level.

But at the same time, you still see people at the local level in both countries recognising that the other side has something important to bring to the table. California continues to lead the way in working with China on climate change, and in computer science labs at Stanford and Berkeley you still have Chinese, American and other international students working together every day. These grassroots interactions are not going back to the kind of free-for-all we saw before 2018, but they are still planting a lot of seeds that will shape things for decades to come.

But hey, I’m an optimist by nature, and there’s still plenty of time for things to get way worse.

What’s your prediction for US-China relations over the next year or so?

The US election is clearly the biggest variable in this equation. The fundamental dynamic of the two countries won’t change next year, but the election could shape just how volatile that dynamic is.

China will always see the US as attempting to stifle its rise, but how aggressively China responds to that will depend in part on what they see coming out of the US

Regardless of that outcome in the US, I think China is beginning to realise what a big hole they’ve dug themselves in to internationally. We’ll see attempts to mend fences with other countries, and just turn down the temperature in US-China relations. I think we’ll see both countries essentially take a breather while they formulate a longer-term strategy for dealing with each other.

Going forward, China will always see the US as attempting to stifle its rise, but how aggressively China responds to that will depend in part on what they see coming out of the US. On the US side, you see a mirror of that situation. China is now fundamentally seen as a formidable rival, but how you deal with that rival depends a lot on their actions.

Over the next year, both sides will start to feel each other out, looking for points of leverage and piecing together a medium-term strategy for this new landscape.

The post Grassroots collaborations between China and the US aren’t completely doomed, explains Matt Sheehan, but they may provide an opening for the UK appeared first on Focus - China Britain Business Council.

It’s very obvious and easy to criticise its all-seeing Social Credit System and wide use of facial recognition. There’s little doubt that Chinese citizens are always being watched and monitored, and that there’s a well enforced punishment and reward system in place to enforce it.

So far so Orwellian. But in fact, speak to many Chinese citizens and they will tell you that the cost of paying for their coffee with a smile or being able to fast track the ticket line on Beijing’s subway with facial recognition payments outweighs any civil liberty issues that may be infringed.

On the other end of the spectrum is Germany – where digitally, it still feels like 1998. Official confirmations are sent by fax and the news headlines extoll the dangers of the internet. Germany is a generation behind the UK and two behind China when it comes to mobile shopping and payments. Their own recent history of state spying is an obvious reason for their paranoia but the desire for privacy is holding them back.

In the UK, we enjoy the benefits of AI and are among the most forward thinking of nations when it comes to online shopping and banking. But Brits are still against the roll out of ID cards and the recent discovery of (Chinese designed) facial recognition cameras being used in London was met with heavy criticism. So when the British media look at China’s AI and software developments it is done very much through our own lens and the prism of such judgements.

Even the oldest generations in China have lived with state observation all their lives and so the digitalisation of the surveillance state is a technological rather than ideological change. The difference is now that their dangan files are stored in the cloud rather than brown envelopes, and its CCTV cameras rather than their neighbours who keep tabs on them. For most Chinese people, the state’s intrusion in their private life is regarded as a protection measure – from violent crime, from terrorism, from fraud, from social unrest – and, although it might not be acceptable to say it, it works.

This month’s introduction of a new ruling that demands face scans of customers registering mobile phones is described as another infringement of the liberties of the individual. But this is just another element of China’s requirement that all internet users use real-name identities. Of course, this allows the state to quell subversive voices but it also reduces identity fraud, cyber-crime and ‘spreading rumours’ – China’s name for what is increasingly known as fake news in the west.

Last month, China also made it illegal to anonymously create deep fakes – using AI to create fake video or audio – something the US is considering also. Is this another infringement on free speech or is China ahead of the curve when it comes to cutting out fake news in an era where technology moves faster than policy?

The trust in both British and American democracy is being rapidly dismantled as fake news, brazen lies and intentionally created misinformation is spread on social media by anonymous voices. And it’s not just Russian bots that are tearing apart the fabric of Western society but keyboard warriors who hide behind internet anonymity and are fearless of repercussions.

Lord O’Neill noted how China is watching the evolution of the Western democratic system and doesn’t really like what it sees. We have to be cautious about presuming that China’s 1.3 billion citizens are unhappy with the current political status quo in China, he says, and who are we to tell them what to do as we struggle to find the way through our own political quagmire.

The post China’s relationship with privacy is a complex one and not always east to understand appeared first on Focus - China Britain Business Council.

What is China’s Social Credit System?

Back in 2014, the government of China announced a plan to implement a social credit rating system and started rolling out pilot programmes across the country with aims for national implementation by 2020.

Since that launch there have been many articles, reports and even entire books written about the Orwellian nature of this pervasive system that it is claimed, would be monitoring resident’s social activities, human interactions and online behaviour, as well as their economic habits and spending power.

The basic concept is that data will be collected from multiple public and government sources to create a social profile of an individual citizen. Each individual start with 1,000 points, with points added for being a positive member of society and deducted if they do not contribute as positively.

Why is it needed?

The SCS is a way to show how trustworthy an individual is (or business but more on that later). This will benefit mortgage brokers, insurers and banks who might be looking to loan money or provide credit. It might also show whether a person is a suitable employee, a valuable addition to a team or even a suitable partner for marriage. For many individuals who have lived outside the traditional financial system, it will be a way to access credit, insurance and loans that previously inaccessible to them.

Punishment and reward

The purpose of the SCS is to be able to provide those who contribute positively (for example, pay their bills on time) with rewards, such as better mortgage or insurance rates. Their children might be more readily accepted to better schools and they might be offered better housing. Those with low results might find borrowing money very difficult and could even be restricted from buying air and train tickets. It has been reported that 9 million people have already been barred from buying air tickets due to having a poor social credit rating. Those with higher scores will be able to bypass a lot of the red tape or fees that a person with a lower score might encounter when applying for a loan for example.

Tracking 4 streams

The SCS comprises of four main components that cover ‘administrative affairs, commercial activities, social behaviour and the judicial system.’ There are 30 different ratings, over 300 rating requirements that cover corporate compliance (for businesses) and individual behaviour (for individuals).

1. Administrative affairs

Existing government records (including individual personal records called Dangan that the government holds on individuals, and residency permits known as Hukou) have been traditionally held on paper. As these digitise they allow information on individuals to be found more efficiently.

China’s network of an estimated 170 million CCTV cameras fitted with facial recognition software means that people can be found in minutes and their movements documented.

Hospital and health records, as well as military, employment and information regarding tax payments and social insurances can also be found in this section.

2. Commercial activities

Private companies, especially e-commerce sites have vast amounts of big data and personal data on their customers and shoppers. These enterprises can not only monitor the type of products people buy but their credit ratings or ratings by other buyers and sellers. Chinese companies collect this data in the same way eBay ranks sellers based on their shipping or payment speeds. Western sites like Amazon also have ratings of their customers based on how often they return items.

The Sesame Credit Loyalty System, owned by Ant Financial is a private business owned by Alibaba Group that tracks information on individuals such as their credit card payments, loan repayments and other financial information to create a credit rating in a similar way to companies such as Experian in the UK. Ant Financial has stated that they do not share information with the government without the consent of their customers.

3. Social behaviour

Social behaviour is based on how often they might donate to charity (good) or how often they play computer games online (bad). It is thought that points can be gained from being patriotic online or lost for being critical of the state on social media, chat rooms or other public forums.

It is unclear how much data is being collected but activists say histories of web searches, private messages and even dating history could all be hoovered up in the future.

4. The judicial system

Social behaviour is based on how often they might donate to charity (good) or how often they play computer games online (bad). It is thought that points can be gained from being patriotic online or lost for being critical of the state on social media, chat rooms or other public forums.

It is unclear how much data is being collected but activists say histories of web searches, private messages and even dating history could all be hoovered up in the future.

Myth-busting

The data is all joined up
In theory, data collection is easier to access in China than in the West. Mark Tanner of China Skinny says that Chinese people tend to value convenience over privacy. With fewer data privacy laws in China than Europe, it has been easier in the past for organisations and businesses to access and share data. However, the concept of open data is less established in China than the UK, with data sharing between government departments far less common than is generally assumed by many media commentators.

Ant Financial, who currently own Sesame Credit Loyalty System and have 400 million users – the most comprehensive financial and commercial rating system – claim they do not share their data with the government. Whether true or not, without a history of high-street banking that includes direct debits, private credit cards and myriad other financial data that is held by Western financial institutes, there simply isn’t that much data out there. Companies like Ant Financial say that they are ‘consent only’ and won’t share information with third parties.

CBBC’s Mark Hedley also explains that creating a single unified national database represents a massive technical and administrative challenge for the Chinese government. It is far more likely that databases will exist at a provincial, city or event district level. There are also questions as to how willing different departments will be to sharing of sensitive with other government agencies, which is likely to slow the development of a comprehensive SCS system.

The people doesn’t care about privacy

Facial recognition software has been helpful in catching criminals in China but that doesn’t mean the people of China are comfortable with their data being captured and shared. The Ministry of Education recently said it plans to curb the use of facial recognition in schools and universities for monitoring student attention and real-time concentration levels,. “We need to be very careful when it comes to students’ personal information,” said Lei Chaozi, director of science and technology at China’s Ministry of Education. “Don’t collect it if it’s not necessary. And try to collect as little as possible if we have to.”

How this affects businesses

Businesses. as well as individuals, are being given credit scores, which will also have punishments and rewards. Information including court decisions, payroll data, environmental records, copyright violations, even how many employees are members of the Communist Party will grade companies from 1 for excellent to 4 for poor. Lower scores would lead to investigations, the possibility of frozen bank accounts, limitations on local employees’ movement and other punishments.

China’s central economic planning agency announced in September that it had completed a first evaluation of 33 million businesses.

According to a recent EU report, China recently announced the creation of an ‘unreliable entity list’, causing companies to worry that the SCS might be used as a retaliatory tool in international trade disputes. In addition, businesses are also concerned about the vast amount of data demanded of foreign companies, particularly regarding technical details and IP-related information.

And, although as previously mentioned, a unified database does not currently exist, by the end of this year it is expected that the databases will start to join up.

The report states that the Chinese government is currently working together with a consortium of private companies, including Taiji Computer, Huawei, Alibaba, and Tencent, on a national database, which will enable integration of the various local databases. The platform, called Internet+ Monitoring System, is scheduled to go online in the last quarter of 2019. Companies will also receive a Uniform Social Credit Code, which will serve as a unique identifier for businesses and individuals.

Companies will be ranked on every aspect of corporate activity including IP protection and R&D through tax compliance, to public relations and public statements by key managers. Possible penalties for companies with a low credit score include higher inspection rates, targeted audits, a negative impact on approvals, licensing, and government tenders, as well as public shaming and travel restrictions for key personnel.

For companies that commit serious offenses they will be blacklisted, whilst those who have outstanding ratings will be put on a red list. For example, in the first half of 2019 blacklisted companies in China, had a 98.12 percent inspection rate compared to just 0.5 percent of entities on the Red List.

“Foreign businesses are indeed concerned about the reach and impact of the Social Credit System and confusing reports have often exacerbated rather than allayed worries. More importantly, recent changes to data security rules in both China and the EU have led to Catch-22 situation of contradicting regulations and overlapping jurisdictions. Here better coordination and more transparency is urgently needed,” explains CBBC’s Torsten Weller.

Although the positives are expected to outweigh the negatives for companies complying with national laws. Having more joined up databases will reduce red tape throughout the system and also speed up delays causes when trying to operate from province to province.

China has struggled to get companies to follow the law, it has been report that competing government departments have previously allowed violations of various environmental and labour laws in a bid to meet economic targets. It is thought that the business SCS will mean more companies will be forced to adhere to the existing laws that previously have been flouted leading to more positive social and environmental business practices.

The post Social Credit System explained appeared first on Focus - China Britain Business Council.

Artificial Intelligence (AI) has already infiltrated so much of our lives. The targeted ads that pop up on social media, the recommendations to buy products online, the suggestions on our TV streaming services and even the apps that help us find dates – it’s already there. And whether we’re trying to get a new mortgage or better car insurance it is AI algorithms that are making those decisions.

Computers are being embedded into more items we buy, from clothes to food packaging as well as cars, phones and watches. By 2035 it is thought that over a trillion computers will be connected – talking to each other to make our lives cheaper, easier and safer.

The data that is collected by all of these computers allows them to act faster and smarter and become more targeted to fulfil the needs of the individual. Fitness trackers are not only helping medical practitioners and researchers learn more about exercise, sleep and eating patterns but police have also used them to track burglars and find murderers. Fears over data collection or hacking of connected cars or human implants are not unfounded but predicting the future challenges is never easy. One thing is for sure, big data and AI is creating the Internet 2.0 as the Internet of Things (IOT) increasingly connects more and more of our daily encounter and experiences.

China is the second-largest global artificial intelligence market after the U.S. The market was estimated to have reached £3.9 billion in 2018 and is expected to reach £8 billion by 2020. China has one of the fastest growing AI markets in the world, being expected to grow 45.5 percent between 2015 and 2020.

China is widely seen as standing to make the greatest productivity gains from AI of any country. PwC estimates that AI has the potential to provide a 26 percent boost to GDP by 2030, and McKinsey predicted that workplace automation AI could add 0.8 to 1.4 percentage points to GDP growth annually, estimating that as many as half of all jobs in China could be automated by 2055.

China’s central government has been very supportive of AI companies, providing R&D grants, tax breaks, office space and frequently investment. As well as well-funded universities producing thousands of highly skilled programmers, there is also plenty of government investment and investment from China’s major tech companies. Not to mention the significant sums of private money from Venture Capital and Private Equity firms who are also jumping into China’s tech and AI sector with glee.

One obvious factor that has led to China’s AI dominance is its huge population that has created an unparalleled depth of data. The hundreds of millions of users of shopping on sites like Taobao and using social media platforms like WeChat has given private companies the ability to generate new value from vast quantities of data. The government too, has used facial recognition software combined with personal identification to be able to use AI to keep track of individuals and catch wanted criminals.

The debate around data privacy and AI ethics is alive and kicking. It has been argued that Chinese citizens value the convenience and personalisation that AI provides over personal data privacy. The recent publication of the Beijing Principles, a code of ethics to ensure the development of ‘human-centric’ AI, highlights a growing awareness of these difficult ethical issues.

The use of personal data for China’s Social Credit System has been the cause of some controversy but mostly from Western media outlets rather than people in China who argue that it brings more positives than negatives.

The use of AI will only grow as companies from all sectors look at how they can incorporate the technology to reduce labour costs, improve efficiency and target customers more directly.

Sectors

There are any number of sectors that will benefit from the growth in AI technologies. Britain has a significant number of global enterprises such as BP, Rolls Royce, AstraZeneca, Shell, BAE Systems and Jaguar Landrover who are actively developing and adopting AI. The UK also has a diverse mix of online, luxury and high-street retail brands with consumers being some of the earliest adopters of digital tech in the world.

Britain already is home to more than 50 companies using AI in the healthcare sector, working on the development of medical imaging, disease diagnostics, drug discovery, digital health monitoring, and chatbots. The UK’s vibrant Education Tech sector has also been thriving with more than 69 AI Ed-Tech companies working in the UK on task automation (including plagiarism detection), student analytics, teacher monitoring, personalised content, and interactive solutions such as robots).

Challenges

The ethics of AI is still a major challenge for the industry. As CBBC’s Torsten Weller explains “Codes of principles written in the west tend to focus on fairness, transparency, individual rights, privacy and accountability. Chinese AI ethicists prioritise values that are open, inclusive and adaptive, adding up to “great compassion and deep harmony” – collective good rather than individual rights.” China’s much discusses Social Credit System (SCS) is an excellent example of this.

As with many sectors in China, it is still culture and communication that are the most significant barriers to greater two-way collaboration between the UK and China. “Working in a cross-cultural environment is complicated, and often leads misunderstandings,” says one Chinese company operating in the UK. “The ethnography of the UK market also needs to be considered, and whether it is possible to attract local customers in the UK for a particular service or product. The practicality and design of the operating page of the system needs to be in line with the local aesthetic and habits,” it says.

The importance of local knowledge varies between industry verticals. Some sectors, such as healthcare and autonomous driving, are perceived to be more challenging for non-UK market entrants than other sectors, largely due the localised nature of these markets (in terms of laws, infrastructure, standards and compliance).

“The UK and China are very different environments,” explains Harry Davies from Tech Nation. “For example, it’s all well-being a healthcare AI company in but understanding how the NHS works is another thing, and very difficult unless you have a footing in this particular environment.”

Several Chinese companies consider the UK to be a more open environment than China in terms of technology adoption. Some industries in China are still seen as lagging in terms of deploying AI-based technologies, taking a cost rather than value approach to adopting new technologies. This has led to a great adoption of hardware technologies over companies supplying AI software, analytics and consultancy (a core strength for the UK).

“There are many business opportunities in China, but I think UK companies are more likely to recognize the value of technology and know-how, whereas Chinese enterprises focus more on production costs and budget,” says Cai Zhonglun of Sigma Squares Tech. “Generally speaking, Chinese enterprises haven’t fully recognised the value of digitisation and intelligent manufacturing technologies – they still haven’t changed their basic mindset. They are more likely to buy equipment than software if they can’t see the huge benefits with their own eyes.”

Differences in laws, regulations and data access issues were also identified as key barriers for greater two-way collaboration. GDPR and data protection rules are seen as a major barrier for Chinese AI companies selling services to UK consumers or businesses. There is also a growing awareness of the importance of relationships with government at a national/regional level, and the importance of managing corporate reputation when entering the UK market.

For British companies looking to enter the Chinese market: “Language and culture is probably the biggest blocker as well as unfamiliarity with the legal system,” says Simon Spier of techUK “Fear of the unknown and some concern about IP has also probably put some companies off the market.”

Access and availability of data was seen as being particular challenge for UK-based companies operating in China. Some companies have had to localise their entire cloud data hosting structure in order to comply with Chinese regulations. Other companies have opted to license their technologies to local partners or find ways to ensure data remains in China. Other UK companies complain that the restricted access to government controlled data has prevented them from providing some services to clients in mainland China.

But whilst there might be some kinks in the road the paths are being laid and it won’t be long before everyone is connected.

The post The UK-China Artificial Intelligence pact appeared first on Focus - China Britain Business Council.

Located in the remote land-locked mountains of Southwest China is Guizhou – one of China’s poorest provinces. Of its 38 million inhabitants, 36 percent are ethnic minorities, living in villages dotted across the mountainous landscape, where their lifestyle has barely changed for centuries.

Although rich in natural resources (it has the fifth largest coal reserves in China and abundant minerals reserves such as silica, optical crystals, phosphorus and gold) Guizhou’s economy is ranked just 25^th out of China’s 31 provinces.  It is somewhat surprising then that the province is fast becoming the China’s centre for big data and is attracting billions of dollars of investment from some of the world’s biggest tech companies.

In 2014 the Guizhou government first revealed that it was “investing heavily in the emerging technology sector; in a variety of contexts such as crime prevention, epidemic studies, research evaluation, business analysis, legal citation, and traffic management.” The region, it said, would be looking to develop the big data industry. It held its first big data expo shortly afterwards, attracting companies like Foxconn, Dell and Qualcomm.

A year later in 2015, it opened a big data pilot zone, to create “a platform for sharing data between government departments” and, by 2016, the Guizhou government was using the term Big Data Valley to promote the region. And it seemed to work. In July last year, Apple announced it had built a massive data centre in the region and would migrate all its Chinese users’ information and storage space to the new facility. This came following the introduction of a new law on June 1 that required all foreign companies to store data on China based servers. Guizhou seemed like the right place at the right time.

Apple announced it had built a massive data centre in the region and would migrate all its Chinese users’ information and storage space to the new facility

Tencent founder Pony Ma announced earlier this year that the company is digging caves in the mountains of Guizhou where it plans to hold its servers too. With average temperatures at a mild 15 degrees centigrade, and cool air blowing between the mountains, the region’s climate is perfect for holding big servers. Furthermore, the local government also offers a good deal on its already cheap and abundant hydroelectricity to energy guzzling companies. For many companies that are moving into AI and cloud computing and need to store massive amounts of data, the Guizhou offer is hard to refuse.

Xi Jinping is also a personal supporter of making Guizhou a tech hu

Xi Jinping is also a personal supporter of making Guizhou a tech hub. One of his protégés, Chen Miner, was Party head of Guizhou until last year and the technological investment, Xi says, will go a long way to alleviate poverty in the region. China’s Go West policy, launched in 2006 to encourage business and industry to move to poorer, inland provinces, also makes Guizhou a promising area for this kind of investment.

Last month, CBBC organised the UK-China Big Data collaboration, which saw delegates from some of the two countries biggest tech companies visit the region whilst China also opened its first virtual reality (VR) theme park near Guizhou earlier this year. This features 35 virtual attractions that allow visitors to ride rollercoasters and experience rides through the lens of virtual reality. It seems Guizhou is only just getting the party started.

Key Industries:

• Healthcare
• Tourism
• Agriculture
• Technology
• Mining

Contact:

Guoyu Du
Chief Representative, Chongqing
China-Britain Business Council Chongqing
Tel: +86 23 63808670
Email: guoyu.du@cbbc.org.cn

The post The cool mountains, cheap power and government support are making Guizhou the tech centre of China appeared first on Focus - China Britain Business Council.

Facial-recognition technology is central to the current Artificial Intelligence (AI) boom taking place in China. In recent months, three of the country’s vision-based solution start-ups have attained ‘unicorn’ status, with market valuation of at least USD $1 billion. No other country can claim to have a single one. The tech giants Baidu, Alibaba and Tencent (collectively known as BAT), are also heavily promoting facial recognition software on their respective platforms.

Government support has undoubtedly helped, with last year’s State Council proposal underlining plans to transform the market into a US $150 billion industry by 2030.[1] The technology is also already being applied to the country’s extensive internal security network, further increasing its value to Beijing. However, it is in the retail, payment and e-commerce sectors that the technology’s potential may reap the most rewards.

One of several major companies leading the Chinese facial-recognition movement is SenseTime. The firm’s innovative computer vision and deep-learning technology software has led to over 400 partnerships with domestic and foreign companies from sectors as wide-ranging as surveillance, autonomous vehicles and retail, whilst attracting sufficient investment to ensure its status as the world’s highest-valued AI start-up.

The application of SenseTime’s software in brick-and-mortar retailers such as Suning, one of China’s largest electronics providers, has helped develop what is being labelled ‘Smart Retail’. Facial-scanning software can efficiently gather data related to age, gender, and mood from in-store shoppers, helping the retailer adapt their marketing and customer service strategies accordingly. “By providing our software, we can help retailers develop their own applications,” a company spokesperson told FOCUS.

The tech has also allowed non-traditional players to enter the ‘Smart Retail’ market by creating unstaffed, cashless stores. In-store at one of BingoBox’s 158 Chinese outlets, items are identified via cameras utilising sophisticated image recognition technology and purchased using the customer’s Alipay or WePay app. Similar methods have also been employed by Tencent, which launched its own unstaffed and cashless store last year, as well as start-ups such as TakeGo and Fxbox.

Alibaba has gone one step further. Having already entered the market with 2016’s ‘Tao Café’, the tech giant last September collaborated with KFC by introducing a ‘smile to pay’ service. Integrated within the company’s Alipay payment app, customers are scanned and required to smile to confirm their payment.

KFC’s smile to pay service, required customers to smile to confirm their payment

Elsewhere, Shenzhen-based start-up Malong Technologies has found great success applying deep-learning AI technology to product analysis. By processing petabytes of data, the equivalent to the entire photo catalogue currently stored on Facebook, Malong’s AI has achieved human-level analytical precision that can be applied to the retail and e-commerce sectors as well as in manufacturing and security.

For e-commerce giants such as Alibaba and JD.com, the technology provides much-needed additional protection for consumers against fraud and counterfeit. By analysing product images, AI bots are able to spot cheap knock-offs and fakes and notify both the customer and platform provider before any damage is done.

Not satisfied with already possessing the world’s most developed e-commerce environment, as well as a rapidly growing retail industry, innovation provided by AI will further boost China’s economic standing. The impact is already evident with Alibaba’s record-making US $25 billion ‘Singles Day’ sales being attributed to the use of AI in customer service and marketing. It is therefore perhaps unsurprising that a recent PwC report estimated that, by 2030, AI could boost Chinese GDP by up to 26 percent.

Opportunities within the market are not limited or restricted solely to Chinese firms, and, with a burgeoning AI industry, UK companies may also stand to benefit. For Mark Hedley, CBBC’s Senior Director for ICT, Britain is in position to become a key partner in AI with China: “The UK’s recently announced AI Sector Deal looks set to sustain the growth of the sector. This links directly with China’s own plans to use AI technologies as a key growth driver, creating new opportunities for collaboration between the two countries”.

This readiness for cooperation is reflected by the upcoming UK mission to Guiyang that, for Hedley, “represents the best in British innovation, including healthcare AI, machine learning, video analytics, cybersecurity and more. Building on 2017’s UK-China Big Data Collaboration, the delegation will help cement UK-China ties in innovation”.

However, while UK firms such as Deepmind, Babylon and Benevelont.AI have already had a major impact on the global AI scene benefitting from the scientific resources Britain possesses,[9] China has its own unique attraction for foreign start-ups. This is a point raised by David Bian, the Strategic Alliance Manager at the UK multinational company ARM’s Shenzhen base. “While innovation and R&D is strong in the UK, China provides the opportunity for application,” Bian states. “In addition, the Shenzhen government is very efficient when it comes to innovation. Things are being updated all the time, faster than in the UK.”

ARM’s own Accelerator and AI Ecosystem Consortium (AIEC), have provided one such opportunity for growth by providing both Chinese and foreign AI start-ups with resources. BAT, in their position as ‘national champions’ have also established platforms that promote cooperation and competition in the field and access to the companies’ massive pools of data.

UK companies may also be in the advantageous position to provide what some Chinese facial and vocal recognition companies lack – a variety of data. “Current drawbacks for us include the lack of difference between faces and languages occurring in Chinese realtime data,” a SenseTime spokesperson stated. “There definitely lies an opportunity for UK companies to collaborate to improve our respective capabilities.”

While innovation and R&D is strong in the UK, China provides the opportunity for application

However, the AI industry carries with it perhaps more concern over Intellectual Property (IP) leakage than almost any other, with Chinese companies especially cautious. Any UK company seeking Joint Venture or market entry opportunities must take this into account.

As facial recognition technology becomes increasingly advanced, worries over data protection have grown, with recent events at Facebook and Cambridge Analytica emphasising concerns. While China has established previously non-existent Data Protection and Cybersecurity Laws, they are, at best, a work in progress, with major issues related to clarity and regulatory responsibility threatening to put prospective UK partners off from entering the market.

The definition of ‘personal information (sensitive)’ and ‘important data’ in this context is particularly troublesome and something Bian alludes to: “BAT [and others] are only collecting unsensitive data, although what constitutes sensitive and unsensitive may be slightly different in China and abroad”.

This remains the key concern, and the schism partitioning data attitudes may be set to widen as the EU’s General Data Protection Regulation (GDPR), coming into force in May of this year, explicitly labels biometric data, the key source of China’s ‘Smart Retail’ revolution, ‘sensitive’ in the realm of retail and e-commerce. This may have a direct influence on how AI technology develops in China and the West.

China’s impressive growth has been built on the back of detailed roadmaps designed to deliver commercial success and AI is no exception. Supported by huge pools of biometric data, the major BAT tech firms have created a platform and network to innovate the already well-developed retail and e-commerce industries. While concerns surrounding data protection and privacy rights remain, Chinese enthusiasm for vision-based AI solutions threatens to leave the West behind. UK tech companies, backed by ambitious new government plans, would provide the perfect partner with which to take the next step.

The post Facial recognition software is used across China’s retail sector but what about privacy laws? appeared first on Focus - China Britain Business Council.