CDT-logo.png

CAC Roundup: Recommendation Algorithm Regulations, Cybersecurity Review for Overseas Listings, and Fines for Weibo and Douban

The Cyberspace Administration of China (CAC), the country’s top internet regulator, is reshaping internet and AI governance. Following the Data Security Law and Personal Information and Protection Law which went into effect late last year, the CAC and other government agencies have recently finalized a set of new regulations to help implement those laws. Their efforts demonstrate the government’s attempts to shape online opinion, safeguard national security, and “spread positive energy.” 

Guiding these regulations is the government’s broader goal to transform China’s digital economy, outlined in a new five-year plan published by the State Council on Wednesday. Among the government’s targets for 2025 is an increase of the digital economy’s share of the national GDP to 10 percent, from 7.8 percent in 2020. To fuel this expansion, the plan also aims to increase tenfold the number of Chinese households connected to gigabit broadband, and to double the number of residents registered for online government services with their real identity from 400 million to 800 million. The State Council’s plan described how data collection and governance will play key roles in developing China’s digital economy:

According to the plan, efforts will be made to accelerate the construction of the information network infrastructure, and a national-level integrated big data center system coordinating computing power, algorithms, data, and application resources.

High quality data elements will be provided.

Market entities will be encouraged to collect data in accordance with the law. Data resources processing will be improved and the data service industry will be fostered and expanded.

In addition, market-based circulation of data elements will be promoted. Furthermore, new mechanisms for the development and utilization of data elements will be developed.

[…] A sound digital economy governance system will be established with the participation of governments, platforms, enterprises, industrial organizations, and the general public, according to the circular. [Source]

This drive is accompanied by tightening regulation. The first major set of new regulations concerns recommendation algorithms. Following the release of a draft version last August, last Tuesday the CAC and three other government bodies announced the final version, which will go into effect on March 1. Tracy Qu and Jane Zhang from the South China Morning Post described some of the CAC’s goals in issuing the new regulation:

The new regulation, according to a statement from the CAC on Tuesday, seeks to address “algorithmic discrimination”, which has led to differentiated pricing of products and services. Certain internet platforms have been charging consumers extra fees based on data about these users’ spending habits.

The CAC said the new regulation also aims to put a stop to so-called content intoxication. For example, the algorithm used by Chinese short video-sharing platform Douyin, the sister app of TikTok, has been known to keep users constantly engaged with a near-endless amount of content tailored to their tastes and interests. In addition, the algorithms used on many video games are designed to keep encouraging players to spend more time and money on them.

The algorithm regulation is expected to help authorities clamp down on information recommendations, which have the potential of “shaping public opinion” or “social mobilisation”, according to the CAC.

Online news providers will be required to get a licence for their services. They are also specifically prohibited from publishing information that is not from the government’s list of approved news sources. In October last year, Beijing released its white list of 1,358 news outlets. [Source]

Big tech companies are key targets of these new regulations, since algorithms are integral to their business models. “Algorithms are a company’s deepest-held secret, their most valuable asset and letting the government dig around in there would be a problem,” according to Kendra Schaefer, a Beijing-based partner at Trivium China. Luo Meihan from Sixth Tone described how the CAC regulations aim to curb companies’ manipulation of algorithms:

Chinese tech companies use algorithm technology for a wide range of applications, from recommending content to users on e-commerce and short video platforms to offering efficient food delivery services. However, companies seeking to make higher profits have been accused of using highly manipulative algorithms to grab user attention, influence prices, and even exploit the rights of gig workers.

The new policy requires service providers to publicly disclose the fundamentals and mechanism of their recommendation algorithms and allow users to easily turn off the service. The directive also bans companies from practices that may cause internet addiction among minors as well as price discrimination based on customers’ preferences and purchase habits, while requiring them to offer safe algorithmic recommendation services for the elderly. [Source]

Another major set of regulations apply to Chinese companies that list on overseas stock exchanges. Last week, the CAC and 12 other regulatory bodies announced that starting on February 15 they would implement new rules requiring platform operators with data on more than one million users to undergo cybersecurity reviews before listing abroad. Should the CAC deem their listing a threat to national security, the companies will then be prohibited from listing. Brenda Goh and Josh Horwitz from Reuters reported on the motivation behind the new rules and their scope of application:

“With stock market listings there is a risk that key information infrastructure, core data, important data or a large amount of personal information could be impacted, controlled or maliciously used by foreign governments,” said the CAC in a statement, reiterating a concern flagged in July when the changes were first proposed.

[…] Alex Roberts, who tracks data policy at law firm Linklaters in Shanghai, said the new rules appeared to have shrunk the scope of the companies likely to be affected by the changes, as compared to the proposal made in July.

“The most significant change in these cybersecurity review measures seems to be the narrowing of the review’s application to only critical information providers, data processors that may impact national security, or platform operators holding over 1 million individuals’ personal data,” said Roberts.

Based on the rules, however, it was still not clear which types of companies would be affected, he added. [Source]

Whether the cybersecurity review would apply to Hong Kong was unclear under the original draft of the regulation released in July of last year. In November, the CAC clarified that companies listing in Hong Kong would have to undergo a cybersecurity review if the sale of their shares could affect national security. In this final version of the regulations, however, there is no mention of Hong Kong. Xinmei Shen from the South China Morning Post described how analysts interpreted this omission as exempting Hong Kong listings from review

Internet platforms operators with more than 1 million users in China must go through a cybersecurity review before they apply to “foreign” regulators to raise funds through IPOs, the Cyberspace Administration of China (CAC) said.

The regulation did not mention Hong Kong, a special administrative region (SAR) that is not considered a “foreign” authority under China’s “one country, two systems” governance arrangement. That means IPOs by Chinese technology companies will be exempted from the review, according to an article on the Chinese blog Xiaobei Talks Security, a cybersecurity policy-themed blog started by a group of cybersecurity lawyers and scholars.

“The policy is clear now; the document only proposed requirements for IPOs in foreign markets without mentioning Hong Kong, which means cybersecurity reviews are not required for companies going public in Hong Kong,” according to the article. [Source]

Last July, the CAC disrupted Didi’s US$4.4 billion IPO on the New York Stock Exchange, accusing the company of having failed to mitigate the national security risks of its overseas listing and subsequently pulling Didi’s app from app stores. Under pressure from the Chinese government, Didi has since pivoted from New York to Hong Kong, along with numerous other Chinese companies in a series of “homecoming listings.” Weibo is one such company that listed in Hong Kong last year, but this has not shielded it from regulatory scrutiny. Shortly after it went public, as Liza Lin reported for The Wall Street Journal, Weibo was fined millions of dollars by the CAC for spreading “illegal information” on its platform:

The Cyberspace Administration of China said on Tuesday that Twitter-like Weibo had been ordered to pay a penalty of 3 million yuan, the equivalent of about $471,000, for disseminating “illegal information” in severe violation of regulations including the country’s cybersecurity law and its law governing the protection of minors.

The internet regulator said its Beijing office had separately fined Weibo more than 40 times for violations over the first 11 months of the year, resulting in a total penalties equal to $2.2 million.

Weibo said the company accepts the penalty and will start to implement corrective measures, including cleaning up soft pornography and misleading marketing content. The platform had 511 million monthly active users as of September 2020, the most recent number available on the company’s website. [Source]

In early December, the CAC fined Douban US$235,000 for “unlawful” release of information and demanded “immediate rectifications” from the company, without giving further details or reasons. Days later, regulators removed Douban and 105 other apps from app stores, citing “excessive collection of personal information.” Last year, the CAC penalized Douban 20 times and Weibo 44 times. The latest fines come only weeks Chinese tennis star Peng Shuai posted her allegation of sexual assault against China’s former vice-premier Zhang Gaoli, which was heavily discussed on both platforms before being quickly censored. 

Leave a Comment