Irish Data Protection Commissioner Helen Dixon said in an interview last year that the regulator had launched 16 investigations, all targeting large technology companies, including Twitter, Apple, LinkedIn, WhatsApp and Instagram.

It is reported that the legal basis for this order comes from the European Court of Justice ruling in 2015, which invalidated the US-EU data transfer agreement. The EU Supreme Court believes that Europe has no practical and effective way to challenge the US government’s surveillance behavior.

The EU has always attached great importance to the privacy of its citizens. As early as April 2016, the European Union promulgated the "General Data Protection Program" (GDPR). It is called the most stringent data protection law in history.

In March 2018, the New York Times and the British Observer (the Sunday edition of the British Guardian) jointly exposed that more than 50 million user information data on Facebook were leaked by a company called Cambridge Analytica. , used to push advertisements to target audiences in the 2016 US presidential election, thereby influencing the election results, which caused an uproar around the world.

So what does Ireland's attack on Facebook show? Does it mean that data privacy and security have risen to the international strategic level? Prior to this, the United States has continued to launch attacks on China's ByteDance company, pressing every step of the way, and the core also involves the issue of data security and protection. Does it also mean that this will affect the data cross-border activities of all cross-border Internet companies, and they need to redesign their own data infrastructure?

Data security has become a national strategy

In this regard, Zhang Yingchun of Lighttree Technology, an innovative company in the field of multi-party secure computing, believes that data security and data sovereignty countries are stepping up legislation (including China's data security law draft), which has shown that all countries are aware that data security is closely related to national security.

As early as 2018, the Standing Committee of the Thirteenth National People's Congress announced legislative plans (116 pieces in total), among which the "Data Security Law of the People's Republic of China" was included in the first category of projects.

In April 2020, the "Opinions of the Central Committee of the Communist Party of China and the State Council on Building a More Complete System and Mechanism for the Market-oriented Allocation of Factors" (referred to as "Opinions") was announced. major factors of production.

text

In July 2020, the "Data Security Law of the People's Republic of China (Draft)" was published on the website of the National Congress of the People's Republic of China, proposing that the state will implement hierarchical and classified protection of data, and that data activities must fulfill data security protection obligations and assume social responsibilities.

With today's complex and ever-changing globalization situation, the strategic position of data privacy and security has further increased. Trump's criticism of TikTok is also because of data, including the Irish Data Commission's order against Facebook, which is also committed to protecting citizens' data privacy.

On September 26 last year, the United Nations Conference on Trade and Development (UNCTAD) released the 2019 Trade and Development Report, which pointed out that financial turmoil and economic polarization have become features of the era of hyperglobalization. In addition, in 2020, the epidemic will hit the world on a large scale, and the situation will become more complex and changeable.

So what should be the data security strategy in the new situation? Zhang Yingchun believes that the follow-up development challenge is how to achieve global interconnection under the premise of respecting the data security of various countries. According to the current domestic discussions on data security and data openness, the domestic thinking and progress should be in the lead, similar to the "double cycle".

On September 8 this year, the website of the Chinese Ministry of Foreign Affairs released a "Global Data Security Initiative". The initiative calls on all countries to uphold the principle of equal emphasis on development and security, and balance the relationship between technological progress, economic development and protection of national security and social public interests, and welcomes global information technology companies to support the initiative.

secondary title

Enterprise cross-border data activities welcome new changes

Regarding the turmoil caused by the Irish Data Protection Commission ordering Facebook to suspend the transmission of data of EU users to the United States, it is reminiscent of the recent Bytedance TikTok incident.

On August 28, the Ministry of Commerce and the Ministry of Science and Technology adjusted and released the "Catalogue of Technologies Prohibited and Restricted from Exporting in China", adding 23 new technology items that restrict exports; according to the "Regulations of the People's Republic of China on the Administration of Technology Import and Technology, whether it is trade or investment or other methods, must strictly abide by the "Regulations of the People's Republic of China on the Administration of Technology Import and Export". Among them, the export of restricted technology must apply for a technology export license from the provincial commercial department and obtain approval. It can carry out substantive negotiations with foreign countries and sign technology export contracts.

The "Management Regulations" mean that TikTok's related technology export business must be licensed.

Therefore, what seems to be a sanction incident is actually a war on data security.

Dr. Ran Yang from PlatON said that for cross-border companies, if they want to comply with the ruling of the EU Supreme Court on data security, it means that their own data infrastructure must be redesigned. "The design is not for distribution, but for segmenting and storing data about European users."

As early as December 2000, the U.S. Department of Commerce established a data safe harbor agreement with the European Union. Under this agreement, companies that collect personal data notify individuals that their data has been collected, and the company can pass on the information to third parties.

However, in October 2015, the European Court of Justice ruled that the "Safe Harbor Agreement" signed by Europe and the United States on the automatic exchange of data in 2000 was invalid. In the future, U.S. Internet technology companies will be subject to legal restrictions on sending the collected data of European citizens to the United States.

Subsequently, in April 2016, the European Union promulgated the "General Data Protection Program" (GDPR) for short. GDPR clearly limits personal privacy data. jurisdiction.

That is to say, no matter where the institution is located, as long as it provides products, services or monitors relevant behaviors to EU data subjects, or processes and holds personal data of data subjects residing in the EU, it will be regulated by the GDPR Act.

The consequences of non-compliance with Xin's data privacy regulations are severe sanctions and huge fines, with a maximum ceiling of 20 million euros or 4% of global annual operating revenue in the previous fiscal year, whichever is greater.

This kind of high-pressure policy of completely fragmenting data is subverting the global Internet services we are currently familiar with.

Not only that, information recommendation and user modeling require a large amount of cross-domain data and models, so can these models of cross-border enterprises subject to the Act provide cross-domain forecasting services?

In 2016, Li Fenghua, deputy chief engineer of the Institute of Information Engineering, Chinese Academy of Sciences, proposed the concept of privacy computing.

The so-called privacy computing is a computing theory and method for the protection of the entire life cycle of private information. It is a computable model and axiom of privacy measurement, privacy leakage cost, privacy protection, and privacy analysis complexity when the ownership, management, and use rights of private information are separated. system.

To put it simply, it is a set of methods to protect privacy from the aspects of data generation, collection, storage, analysis, utilization, and destruction. Privacy computing is also a "compliance" business: the stricter the supervision of privacy data in various countries, the greater the development prospects of the privacy computing industry.

text

The opinions contained in the article represent only the author's own

and does not constitute investment advice

Please pay attention to investment risks