IP NEWS & CASES

Chapter VII Data Compliance of AI

Author:李文洁 张洪占 Author of Postscript: 张晓明 | UpdateTime:2022-05-07 | Hits:

Click the topic to read previous chapters:

Chapter I: Overview of AI Technology

Chapter II AI Industry Policies, All-Round Protection of Intellectual Property Rights and Patent Spplication Trends in Major Countries & Regions

Chapter III (part 1) Patent Protection of AI in China and Other Major Jurisdictions

Chapter III (part 2) Patent Protection of AI in China and Other Major Jurisdictions

Chapter IV Copyright Protection of AI

Chapter V Trade Secret Protection of AI

Chapter VI Trademark Protection of AI


Chapter VII  Data Compliance of AI


7.1 Relationship between AI and Data


7.1.1 Significance of Data in the Realization of AI Technology


One of the major advantages of AI technology is that it can process a large amount of data at high speed since the application of AI technology at the present stage is mainly to induce patterns and rules from artificially provided data through computers independently, that is, AI technology itself constructs rules and models from the provided data. However, the data provided manually in the early stage may not be complete, and AI technology also needs to continuously adjust and improve the technology based on the ever-increasing data to optimize the performance of the entire technology. Therefore, the realization of AI technology requires humans to provide a large amount of data support, and in the process of AI technology induction, it is necessary to continuously provide data to correct and improve AI technology. Of course, these data can also be used to test the performance and evaluate the advantages and disadvantages of AI technology, because the development of high-performance AI technology depends on the amount of quality data related to the research subject.


The industry generally believes that data plays a vital role for AI at the present stage. The application of AI technology relies on huge high-quality data, so both the “quality” and the “quantity” of the data are of great significance to the realization of AI technology.


7.1.2 Characteristics of Data in the Realization of AI Technology


In the process of realizing AI technology, the use of data can be divided into three stages, namely data collection, data storage and data use. To facilitate discussion, we will classify the processing, transmission, provision, disclosure and deletion of data as the use of data.


In the data collection process, it is necessary to first collect a large number of basic information related to the subject, such as image, video or audio data of personal information such as name, gender, ID number, address, personal biometric information, phone number, etc., thus forming a comprehensive tracking of the subject object. These data may be collected by AI technology developers themselves, purchased from third-party databases, or obtained through web crawler technology to meet the requirements for the minimum amount of data. At this stage, data acquisition and recording are the main tasks.


After obtaining the support of the minimum amount of data, AI technology needs to analyze the data to form a “model”, which is the use and processing of data. In this process, basic data will be analyzed to more vividly “sketch” the subject object, such as analyzing the subject object’s shopping habits, daily whereabouts, etc., involving more private personal information.


Compared with the relatively independent characteristics of the above two stages, data storage has been throughout the entire process of AI technology realization, and is involved in the collection and use of data. In practice, it is mainly necessary to guard against the intrusion of hackers and other illegal means or the vulnerability of the system itself leading to the theft, disclosure or illegal use of data information.


7.2 Data Risk in the Implementation of AI Technology


7.2.1 Risk of Infringement upon Property Rights and Interests


In order to obtain high-quality data that meets the minimum requirements, AI technology needs to invest a lot of manpower, material resources and financial resources to collect, sort out and process a large amount of data, so as to finally develop high-performance AI technology. Therefore, data is important asset for AI technology. At present, there are no clear provisions on the property rights of data in China. It is authoritatively stipulated only in Article 127 of the Civil Code that where any laws provide for the protection of data and network virtual property, such laws shall apply, beyond which there are no more specific provisions. In judicial practice, due to the restriction of the “statutory principle of property rights”, judges do not directly protect data as property rights, but protect data from the perspective of protecting property rights and interests in accordance with Article 2 of the Anti-Unfair Competition Law in cases where data itself is not explicitly defined as an independent civil right.


Article 2 of the Anti-Unfair Competition Law stipulates that businesses shall adhere to the principles of free will, equality, fairness, and good faith, as well as generally accepted business ethics, in their market transactions, which are often used as general terms for judging unfair actions. The owners of AI technology are mostly competitors in the same industry, and if they obtain the data from others unfairly through means such as “crawlers”, they may violate the provisions of this article. In judicial practice, there have been many cases involving data protection, in which data is protected in accordance with Article 2 of the Anti-Unfair Competition Law.


Case Analysis:

[Case 1]

Dispute over unfair competition in which “Maimai” illegally grabs and uses user information of “Sina Weibo” (see: Judgment [(2015) Hai Min (Zhi) Chu Zi No. 12602] of the People’s Court of Haidian District, Beijing and Judgment [(2016) Jing 73 Min Zhong No. 588] of the Beijing Intellectual Property Court


Fact of case

Weimeng Company is the operator of Sina Weibo, while Taoyou Technology Company and Taoyou Technology Development Company jointly operate Maimai software and Maimai website. Maimai is a mobile-based social networking application that help users find new friends and make connections with them by analyzing their Sina Weibo and address book data. From September 11, 2013 to August 15, 2014, the parties signed the Developer Agreement to carry out cooperation through the Weibo platform openAPI and agree that Maimai is only a normal user and can obtain the ID avatar, friend relationship (without friend information), tag, and gender of Sina Weibo users, and cannot obtain the occupation and education information of Sina Weibo users, but Maimai violated the Developer Agreement, so that the relevant information of a large number of Sina Weibo users who were not registered as Maimai users was also displayed in the Maimai software, and after the termination of the cooperation between the parties, Maimai still used the information of a large number of Weibo users who were not registered as Maimai users. Sina held that Maimai’s actions constituted unfair competition and thus filed a lawsuit.


Claims

1. Taoyou Technology Company and Taoyou Technology Development Company should immediately stop the four actions of unfair competition;

2. Publish a statement in a prominent position on the homepage of www.maimai.cn and in the App for 30 consecutive days to eliminate the impact;

3. Compensate Weimeng for financial losses of RMB 10 million and reasonable expenses of RMB 300,000 (reasonable expenses include attorney fee of RMB 200,000, and notarization fee and other expenses of RMB 100,000).


Summary of first-instance judgment

1. The parties have competing interests in the use of relevant users’ social networking information, etc., and have a competitive relationship;

2. The court analyzed the relationship between the data source of collaborative filtering algorithm used by Maimai and the accuracy of the calculation results shown by the evidence in this case, and accordingly judged that the non-Maimai user information in question was sourced from Sina Weibo;

3. During the cooperation period, Maimai illegally grabbed and used the occupation and education information of the Sina Weibo users in question; after the cooperation between the parties ended, Maimai failed to delete such information in time and continued to illegally use the user information of Sina Weibo in question;

4. User information can bring huge economic benefits to network platform operators. On the one hand, the scale and quality of user information reflect the activity of network platform users to a certain extent, affect the attractiveness of the network platform, so mastering more user information usually means having a larger user scale; on the other hand, user information is an important source for operators to analyze and sort out user needs, develop featured products and services, and improve user experience;

5. The subjective will of Internet application software operators to give full play to their wisdom, expand their business models, and try to attract and expand the user base as more as possible is legitimate, but they cannot illegally grab and use the user information and relationship of their competitors in a way that violates the user’s right to know;

6. Internet operators must not only legally obtain user information, but also properly protect and use the same.


Summary of second-instance judgment

1. In the identification of unfair competition involving the acquisition and use of user information on theInternet, whether to obtain users’ consent and whether to ensure users’ free choice are universally recognized business ethics. In this case, Maimai, as a market operator, shall abide by recognized business ethics, perform the obligations stipulated in the agreement between the parties, and obtain users’ consent when obtaining relevant information through the OpenAPI;

2. It is not an industry practice for Maimai to display the correspondence between the mobile phone address book and other APPs. The act of obtaining and displaying the correspondence damages the fair market competition order and the competing interests of Sina Weibo to a certain extent;

3. As data resources have become an important competitive advantage and commercial resource for Internet companies, in the Internet industry, corporate competitiveness is not only reflected in the technical equipment, but also in the scale of data it owns. Big data owners can get more data from the data they own and convert it into value. For social software, more users will attract more to register for use, and more active users will create more business opportunities and economic value. As a social media platform, Sina Weibo has 100 million monthly active users and tens of millions of average daily active users. As the operator of Sina Weibo, Weimeng owns the huge data of Sina Weibo users as its important commercial resources. User information serves as the foundation and core of social software to enhance corporate competitiveness;

4. Maimai’s act of obtaining and using the correspondence between the contacts of non-Maimai users in the mobile phone address book of Maimai users and the Sina Weibo users without the consent of the Sina Weibo users and the authorization of Sina Weibo violates the principle of good faith and recognized business ethics, undermines the operating rules of OpenAPI, harms the reasonable, orderly and fair market competition order of the Internet industry, and damages the competitive advantages and commercial resources of Sina Weibo to a certain extent, and thus constitutes an unfair competition.


Judgment results

1. From the effective date of this judgment, the defendants Beijing Taoyou Tianxia Technology Co., Ltd. and Beijing Taoyou Tianxia Technology Development Co., Ltd. shall cease the acts of unfair competition in question;

2. Within thirty days from the effective date of this judgment, the defendants Beijing Taoyou Tianxia Technology Co., Ltd. and Beijing Taoyou Tianxia Technology Development Co., Ltd. shall jointly publish a statement on the unfair competition in this case on the homepages of Maimai website (www.maimai.cn) and Maimai APP for 48 consecutive hours to eliminate the impact for the plaintiff Beijing Weimeng Chuangke Network Technology Co., Ltd. (the content of the statement shall be reviewed by the court of first instance. In case of overdue non-performance, the court of first instance will publish the main content of the judgment in the relevant media according to the petition of the plaintiff, Beijing Weimeng Chuangke Network Technology Co., Ltd. at the expense of the defendants Beijing Taoyou Tianxia Technology Co., Ltd. and Beijing Taoyou Tianxia Technology Development Co., Ltd.);

3. Within ten days from the effective date of this judgment, the defendants Beijing Taoyou Tianxia Technology Co., Ltd. and Beijing Taoyou Tianxia Technology Development Co., Ltd. shall jointly compensate the plaintiff Beijing Weimeng Chuangke Network Technology Co., Ltd. for financial losses of RMB two million and reasonable expenses of RMB two hundred and eight thousand nine hundred and ninety eight;

4. Other claims of the plaintiff Beijing Weimeng Chuangke Network Technology Co., Ltd. are dismissed.

The appeal is rejected and the original judgment is sustained in the second instance.


Comment

In this case, it is determined that data constitutes an important commercial resource for and can bring huge economic value to a company, and it is emphasized that Internet operators must not only legally obtain user information, but also properly protect and use the same.


[Case 2]

Dispute over unfair competition in which “Baidu” collects user information of “dianping.com” through web crawlers (see: Judgment [(2015) Pu Min San (Zhi) Chu Zi No. 528] of the Shanghai Pudong New Area People’s Court and Judgment [(2016) Hu 73 Min Zhong No. 242] of the Shanghai Intellectual Property Court


Fact of case

Baidu collects user reviews from dianping.com (operated by Hantao), and uses the collected data in Baidu Maps and other products. When users search for catering merchants through Baidu products, the collected information from dianping.com can be seen in the search results. Therefore, dianping.com believes that Baidu’s use of crawler technology to collect and display a large number of user reviews from dianping.com in Baidu products constitutes unfair competition, and therefore files a lawsuit.


Claims

1. Baidu shall immediately cease unfair competition, that is, stop making and deleting the content involving unfair competition on the website (URL: www.baidu.com) and Baidu Maps APP operated by Baidu;

2. Jietu shall immediately cease unfair competition, that is, stop embedding and using related products and services of Baidu Maps containing infringing content on its website;

3. Baidu and Jietu shall jointly compensate Hantao for financial losses of RMB (the following currencies are the same) 90 million and Hantao’s reasonable expenses for stopping infringements of RMB 453,470;

4. Baidu and Jietu shall publish an announcement in the China Intellectual Property News, and in prominent positions on the website homepages of Baidu and Jietu for thirty consecutive days to clarify the facts and eliminate adverse influence, with the content of announcement approved by Hantao in writing.


Summary of first-instance judgment   

1. Baidu and dianping.com are almost the same in the service model of providing users with merchant information and review information, and thus have a direct competitive relationship;

2. As one of the company’s core competitive resources, dianping.com’s review information can bring the company a competitive advantage and thus has commercial value. dianping.com has paid a huge cost for its operation. In the case that it cannot obtain enough review information from its own users, Baidu uses technical means to obtain review information from websites such as dianping.com to enrich its Baidu Maps and Baidu Zhidao, which has caused damage to dianping.com;

3. The court holds that Baidu’s extensive and full-text use of the review information in question violates the recognized business ethics and principle of good faith and is thus unfair.


Summary of second-instance judgment

1. Through long-term operation, a large amount of user review information has been accumulated on the website of dianping.com, which can bring traffic to the website, and has a certain influence on consumers’ transaction decisions, making itself boast a high economic value;

2. When using information obtained by others, market entities must still follow generally accepted business ethics and use it within a relatively reasonable range;

3. Although Baidu’s innovation in business model has improved the user experience of consumers to a certain extent, and thus has a positive effect. However, Baidu uses search technology to collect and display a large amount of full-text information from dianping.com, which this court holds has exceeded the necessary limit. This act not only harms the interests of dianping.com, but may also make other market entities reluctant to invest in information collection, thereby destroying the normal industrial ecology, and exerting a certain negative impact on the order of competition.


Judgment results

1. Baidu shall immediately stop using in an improper manner the review information from dianping.com operated by Hantao as of the effective date of the judgment;

2. Baidu shall compensate Hantao for financial losses of RMB 3 million and reasonable expenses of 230,000 for stopping unfair competition within ten days as of the effective date of the judgment;

3. Other claims of Hantao are dismissed.The appeal is rejected and the original judgment is sustained in the second instance.


Comment

In this case, the court determined that data such as user review information has high economic value, clarified that the information use should follow the principle of “minimum necessity”, required market entities to follow generally accepted business ethics when using information obtained by others, and defined the judgment criteria for violation of business ethics.


In addition, data may also constitute a company’s trade secrets, which is discussed in the trade secrets section.


7.2.2 Risk of Violation of Personal Privacy


Article 111 of the Civil Code provides that the personal information of natural persons shall be protected by law. The Data Security Law also stipulates that the state protects the rights and interests of individuals and organizations related to data. At the same time, the Personal Information Protection Law stipulates that the personal information of natural persons is protected by law, and no organization or individual may infringe upon the rights and interests relating to personal information of natural persons. Most of China’s existing laws and regulations enumerate personal information. For example, Article 1034 of the Civil Code provides in the protection of personal information of natural persons that personal information refers to all kinds of information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information, including the natural person’s name, date of birth, ID number, biometric information, address, telephone number, Email, health information, whereabouts information, and others. For private information in personal information, relevant privacy regulations apply; if there are no such regulations, the regulations on the protection of personal information shall apply. Meantime, as stipulated in Article 1032, privacy is the peace of private life of a natural person and his or her private space, private activities, and private information that he or she does not want to be known to others. The article also stipulates that natural persons have the right to privacy. No organization or individual may infringe the right to privacy of others by spying, intruding, leaking, or disclosing. The Personal Information Protection Law stipulates that personal information is a variety of information related to an identified or identifiable natural person recorded electronically or by other means, excluding anonymized information.


Therefore, it can be seen that personal information, whether private or not, can be protected by the Civil Code. In addition, the protection of portrait rights and other personality rights is separately defined. For example, Article 1019 defines the protection of portrait rights; no organization or individual shall infringe upon the portrait rights of others by defaming, defacing or forging by means of information technology. Supreme People's Court has also issued the Regulations on Several Issues Concerning the Application of Law in the Trial of Civil Cases Related to the Use of Face Recognition Technology to Process Personal Information to protect the “biometric information”. We have already introduced that AI technology needs to collect a large number of personal information data such as names, certificate numbers, personal biometric information, etc. as basic support, so it is necessary to legally obtain personal information in strict accordance with the Civil Code, the Personal Information Protection Law, the Data Security LawPersonal Information Security Specification and other relevant laws, instead of using, processing or transmitting, or illegally trading, providing or disclosing the personal information of others, so as to ensure that AI technology will not infringe upon the rights and interests relating to personal information of others. Article 253-1 of the Criminal Law stipulates that those selling or providing citizens’ personal information for others in violation of relevant state regulations shall be sentenced to fixed-term imprisonment or criminal detention of less than three years, and/or a fine separately if the circumstance is serious; if the circumstance is particularly serious, they shall be sentenced to fixed-term imprisonment of more than three years but less than seven years, and a fine. Therefore, those violating the personal information of others will not only bear civil liability for infringement upon the civil rights of others, but may also bear criminal liability therefor.


Case Analysis:

[Case 1]

Guo Bing v. Hangzhou Safari Park Co., Ltd. service contract dispute (see Judgment [(2019) Zhe 0111 Min Chu No. 6971] of the Hangzhou Fuyang People’s Court and Judgment [(2020) Zhe 01 Min Zhong No. 10940 of the Hangzhou Intermediate People’s Court)


Fact of case

In April 2019, Guo Bing applied for the annual card of Hangzhou Safari Park, determined the way to enter the park by fingerprint recognition, Guo Bing and his wife left their names, ID numbers, phone numbers, etc., and recorded fingerprints and took photos. After that, Hangzhou Safari Park changed the way for annual card customers to enter the park from fingerprint recognition to face recognition, and replaced the store notice. In July and October 2019, Hangzhou Safari Park sent two text messages to Guo Bing to inform that the annual card system of the park has been upgraded to the entry mode of face recognition, the original fingerprint recognition has been cancelled, and from now on, users who have not registered for face recognition will not be able to enter the park normally. Guo Bing believed that personal biometric information is personal sensitive information, and once leaked, illegally provided or misused, it will easily endanger the personal and property safety of consumers, so he refused to activate face recognition, and filed a lawsuit upon failure of negotiation between the parties.


Claims

1. Confirm that the contents such as “activate the annual card after scanning the fingerprint” and “normally use with the annual card and fingerprint” in the notice on “Annual Card Application Procedures” of the defendant Hangzhou Safari Park are invalid; the content “cardholders must verify the annual card and fingerprints at the same time before entering the park” in the notice on “Instructions for Use of Annual Card” is invalid;

2. Confirm that the content “annual card users that haven’t activated face recognition are advised to bring the physical card to the annual card center for activation” in the SMS notice sent by the defendant Hangzhou Safari Park to the plaintiff Guo Bing on July 12, 2019 is invalid;

3. Confirm that the content “the annual card system of the park has been upgraded to the entry mode of face recognition, the original fingerprint recognition has been cancelled, and from now on, users who have not registered for face recognition will not be able to enter the park normally” in the SMS notice sent by the defendant Hangzhou Safari Park to the plaintiff Guo Bing on October 17, 2019 is invalid;

4. Confirm that the contents such as “receive the annual card after face registration” and “enter the park with the annual card and by face scanning” in the notice on “Annual Card Application Procedures” of the defendant Hangzhou Safari Park are invalid; the content “cardholders must verify the annual card and face at the same time before entering the park” in the notice on “Instructions for Use of Annual Card” is invalid;

5. Order the defendant Hangzhou Safari Park to refund the annual card fee of RMB 1,360 to the plaintiff Guo Bing;

6. Order the defendant Hangzhou Safari Park to compensate the plaintiff Guo Bing for the round-trip transportation fee of RMB 360 incurred from traveling to the defendant Hangzhou Safari Park on October 26, 2019, the round-trip transportation fee of RMB 400 incurred from traveling to the court for filing case on October 28, 2019, and other round-trip transportation expenses of RMB 400 incurred from traveling to the court for appearing in court and responding to lawsuit;

7. Order the defendant Hangzhou Safari Park to delete all personal information (including but not limited to name, ID card number, mobile phone number, photo, and fingerprint information) submitted by the plaintiff Guo Bing at the time of applying for the annual card on April 27, 2019 and using the same thereafter in the witness of a third-party technical organization, and bear the corresponding technical witness fee (subject to the actual expenditure on the date of witness);

8. The litigation costs in this case should be borne by the defendant Hangzhou Safari Park. Facts and grounds: The plaintiff Guo Bing purchased the annual card of Hangzhou Safari Park from the defendant on April 27, 2019, and paid the defendant an annual card fee of RMB 1,360. When the plaintiff applied for the annual card, the defendant made a clear undertaking on unlimited travel within the one-year validity period of the card (from April 27, 2019 to April 26, 2020).


Summary of first-instance judgment   

1. The collection and use of personal information in the consumption field is not prohibited, but the supervision and management of the personal information processing process is emphasized in laws of China, that is, the “legal, legitimate, and necessary” principles and rules of obtaining the consent of the parties need to be followed at the stage of collection of personal information; in the controlling process of information, the principle of ensuring security must be followed, and personal information shall not be leaked, sold or illegally provided for others; when personal information is infringed, business operator shall take remedial measures and bear other corresponding infringement liabilities in accordance with the law;

2. In order to better perform the service contract in question, Hangzhou Safari Park collects the information in question with the consent of the party concerned when the contract is signed and concluded, so this court holds that the collection of information other than face recognition information complies with the aforementioned “legal, legitimate, and necessary” principles stipulated by laws; in the absence of evidence proving Hangzhou Safari Park has processed personal information in violation of laws or agreements, Guo Bing’s request to order Hangzhou Safari Park to delete relevant information lacks legal basis and is thus not supported by this court;

3. When applying for the annual card, the contracting party signed a service contract regarding an entry mode of fingerprint recognition, so Hangzhou Safari Park’s collection of the face recognition information of Guo Bing and his wife exceeded the requirements of the necessary principle and was not justified.


Summary of second-instance judgment

1. The collection and use of personal information in the consumption field is not prohibited, but the supervision and management of the personal information processing process is emphasized in laws of China, that is, the “legal, legitimate, and necessary” principles and rules of obtaining the consent of the parties need to be followed at the stage of collection of personal information; in the controlling process of information, the principle of ensuring security must be followed, and personal information shall not be leaked, sold or illegally provided for others; when personal information is infringed, business operator shall take remedial measures and bear other corresponding infringement liabilities in accordance with the law;

2. In order to better perform the service contract in question, Hangzhou Safari Park collects the information in question with the consent of the party concerned when the contract is signed and concluded, so this court holds that the collection of information other than face recognition information complies with the aforementioned “legal, legitimate, and necessary” principles stipulated by laws; in the absence of evidence proving Hangzhou Safari Park has processed personal information in violation of laws or agreements, Guo Bing’s request to order Hangzhou Safari Park to delete relevant information lacks legal basis and is thus not supported by this court;

3. When applying for the annual card, the contracting party signed a service contract regarding an entry mode of fingerprint recognition, so Hangzhou Safari Park’s collection of the face recognition information of Guo Bing and his wife exceeded the requirements of the necessary principle and was not justified.


Judgment results

1. The defendant Hangzhou Safari Park Co., Ltd. shall compensate the plaintiff Guo Bing for the loss of contract interests and transportation expenses totaling RMB 1,038, which shall be paid off within ten days from the effective date of this judgment.

2. Within ten days from the effective date of this judgment, the defendant Hangzhou Safari Park Co., Ltd. shall delete the facial feature information including photos submitted by the plaintiff Guo Bing when he applied for the fingerprint-based annual card.

3. Other claims of the plaintiff Guo Bing are dismissed.

Second-instance judgment:

1. Uphold items 1 and 2 of the first-instance judgment;

2. Revoke item 3 of the first-instance judgment;

3. Within ten days from the effective date of this judgment, Hangzhou Safari Park Co., Ltd. shall delete the fingerprint recognition information submitted by the plaintiff Guo Bing when he applied for the fingerprint-based annual card.

4. Other claims of Guo Bing are dismissed.


Comment

Although this case is a service contract dispute, it is called China’s “first face recognition case” since it involves face recognition information, which defines the obligations and standards for collecting, using and keeping personal biometric information, emphasizes the importance of personal biometric information, and promotes the awareness of citizens to protect personal information.


7.2.3 Risk of Endangering National Security


The Data Security Law clearly stipulates that China implements a big data strategy, promotes the construction of data infrastructure, and encourages and supports the innovative application of data in various industries and fields; and China supports the development and utilization of data to improve the intelligence level of public services. Meantime, it also defines that data related to national security, the lifeline of the national economy, important people’s livelihood, and major public interests belongs to national core data.


The data collected in AI technology not only contains personal information, but may also involve data in areas such as finance, energy, transportation, telecommunications, public security, genetic resources, etc. Meantime, the “model” of AI technology may also generate data in areas such as finance, transportation and telecommunications through personal information; for example, the application of AI technology in cancer diagnosis requires the transmission of patients’ living habits, images, occupation and other background information in the early stage, which may involve important data in the field of genetics or biology, so an improper use or disclosure may also endanger national security.


Where the relevant act is serious, it may even constitute a crime. Article 111 of the Criminal Law provides that whoever steals, secretly gathers, purchases, or illegally provides state secrets or intelligence for an organization, institution, or personnel outside the country is to be sentenced from not less than five years to not more than 10 years of fixed-term imprisonment; when circumstances are particularly serious, he is to be sentenced to not less than 10 years of fixed- term imprisonment, or life sentence; and when circumstances are relatively minor, he is to be sentenced to not more than five years of fixed-term imprisonment, criminal detention, control, or deprivation of political rights. This is especially a reminder that in the implementation of AI technology, more attention should be paid to the risk of endangering national security when cross-border use of data is involved.


7.3 Data Compliance Suggestions in the Implementation of AI Technology


7.3.1 Legal Collection of Evidences based on the Principle of “Minimum, Necessity”


Do not collect personal information excessively, obtain the full authorization of the right holder when collecting data, ensure that personal information is collected by lawful means, do not illegally steal others’ information, otherwise, the criminal liability may be borne due to violation of the provisions on the “crime of illegally obtaining citizens’ personal information” set forth in the Criminal Law. At the same time, try to remove personal information or personal privacy from legally obtained data, so that the data used is not identifiable or related to individuals, so as to avoid infringing upon the rights and interests relating to personal information. The Personal Information Protection Law has revised and improved the personal information processing rules, requiring that the collection of personal information should be limited to the minimum scope for the purpose of processing, and personal information should not be collected excessively. Meantime, the Personal Information Protection Law recognizes the personal information of minors under the age of 14 as sensitive personal information. The collection of data of minors under the age of 14 requires the consent of their guardians, the establishment of special information protection rules, and the compliance with the Law of the People’s Republic of China on the Protection of Minors, Provisions on the Cyber Protection of Children’s Personal Information and other regulations.


7.3.2 Taking Necessary Measures to Prevent Improper Leakage


In accordance with Article 1038 of the Civil Code, the Personal Information Protection Law and the Cyber Security Law, take technical measures and other necessary measures during use and storage to ensure the security of personal information and prevent information leakage, tampering or loss, and do not illegally sell or illegally provide others with personal information, otherwise, the criminal liability may be borne due to violation of the provisions of the Criminal Law.


7.3.3 Complying with the Principle of Open Processing


Article 1034 of the Civil Code stipulates the restrictions on the processing of personal information, and Article 1037 stipulates the right of decision on personal information of natural persons. Chapter IV of the Personal Information Protection Law stipulates the rights of individuals in the processing of personal information, defines that individuals have the right to know, the right to decide on the processing of and the right to request deletion of their personal information, and improves the provisions on the protection of the personal information of the deceased. In the entire process of data collection, processing, and use, it is also necessary to comply with the principle of open processing, strictly follow such principle to ensure that the data subject is informed, and ensure that individuals have the right to control data by granting the rights to delete, modify, restrict processing, and portability of personal information.


Postscript


With the benefit of the development of three basic elements of the artificial intelligence field, namely, the computing power, the data and the algorithm under the Moore's law, the artificial intelligence technology becomes a strategic technology for leading a new round of technological revolution and industrial change. Under the drive of new theories and new technologies, for example mobile internet, big data, super-computing, sensor networks, brain science, etc., the artificial intelligence develops rapidly and presents the new characteristics such as deep learning, cross-border fusion, man-machine cooperation, group intelligence openness, autonomous control and the like, which is exerting great and profound influence on the aspects such as economic development, social progress, international political and economic situation and the like.


With the coming of the artificial intelligence era, a plurality of brand new subjects are brought into the field of intellectual property protection. How are the subject of intellectual property associated with artificial intelligence techniques defined within the framework of existing intellectual property systems? Which branches of the artificial intelligence technique belong to which rights objects? How does the innovative body of artificial intelligence select and acquire the appropriate rights forms in a stereoscopic scheme for intellectual property protection? How to apply the acquired relevant intellectual property rights while avoiding the risk of possible infringement of intellectual property rights? And how can artificial intelligence techniques be developed and deployed legally and conformably within the legal systems? What are the differences in the related patent practices of the artificial intelligence technology in the main jurisdictions of China, US, Europe, Japan, and Korea? The above concerns of the innovative body of the artificial intelligence industry and the intellectual property practitioners all involved in this report and it is desirable to provide beneficial inspirations to the readers.


Under the current global economic integration trend, the intellectual property rights may exceed the tangible assets to become the key factors for promoting economic development, and the protection of the intellectual property rights also becomes an inevitable trend of scientific and technological competition. The intellectual property law is deemed as a constitution of the property world and can promote harmony of the intellectual property world and even the joint development of global economy and technology. What intellectual property law is needed is a problem to be considered in the artificial intelligence era. The global legal professionals and intellectual property practitioners have worked extensively and deeply around this problem, which has also become the basis of the report. For the intellectual property protection of artificial intelligence, we have taken a great step, however, everything may just start.