Recently, Didi's investigation triggered a heated discussion on cross-border data compliance of listed companies. In the first half of this year, domestic Internet companies flocked to US stocks, but due to a series of impacts caused by cross-border data security issues, these companies had to re-examine relevant compliance issues.
Shen Jia, a special legal expert of CGGT and consultant of Zhonglun Law Firm, believes that from the recent regulatory trend, cross-border data transmission is a compliance point that new economic enterprises should pay special attention to when listing. According to the provisions of the Network Security Law and the Data Security Law, operators of key information infrastructure, including public communications, information services, financial services and other important industries and fields, should store personal information and important data collected and generated during their operations in China, and if they need to be transmitted abroad, they should conduct security assessment in accordance with relevant regulations.
How do (quasi-) listed companies in the new economy do cross-border data compliance? Today, CGGT published an article by Jiang, Jiang, Jiang, Jiang, Jiang, Jiang, Jiang, Jiang, Jiang, Jiang, Jiang, Jiang, Jiang, Zhu and Luo of Zhonglun Law Firm, for the reference of readers concerned about cross-border data compliance.
Ask for some
China goes to the world think tank.
1. VIE architecture is a common enterprise architecture for companies listed overseas. It is suggested that enterprises should fully consider the business type and transaction structure, system, personnel and equipment settings, as well as capital and data flow, supplemented by complete internal regulations, agreements, information disclosure system and authorization arrangements in the process of building VIE architecture and actually operating business, so as to fully meet the data compliance requirements.
2. Enterprises in the new economy should also pay special attention to the intersection of data compliance and anti-monopoly compliance. The Guide to Platform Economy explicitly mentions various behavior patterns of operators using data or algorithms to exclude and restrict competition.
3. Industrial supervision policies change frequently, especially in important areas related to the national economy and people's livelihood, and relevant departments have clearly revealed the signal of strong supervision. Taking the education and transportation industries as examples, platform enterprises in related fields should pay close attention to the compliance requirements under the industry regulatory policies.
Upper guide bearing
China goes to the world think tank.
Brief introduction of the author
Lawyer Jiang
Partner in Beijing office
Business areas: anti-monopoly and competition law, transnational investment mergers and acquisitions, compliance and anti-corruption.
Characteristic industries: energy and natural resources, communication and technology, health and life sciences.
Jashin
Beijing office consultant
Business areas: anti-monopoly and competition law, trade compliance and relief, litigation and arbitration.
Li Menghan
Beijing office compliance and government supervision department
Yu Yongjia
Beijing office compliance and government supervision department
Luo
Beijing office compliance and government supervision department
On July 6th, 20021year, the general offices of the General Office of the Central Committee of the CPC and the State Council issued "Opinions on Strictly Cracking down on Securities Illegal Acts according to Law", which clearly pointed out that the current capital market "should improve relevant laws and regulations on data security, cross-border data flow and confidential information management" and "take practical measures to deal with risks and emergencies of China Stock Company". Recently, the Cyber Security Review Office of China (hereinafter referred to as "Cyber Office") has successively conducted cyber security reviews on a number of platform companies listed in the United States, and on July/July 1 2002, it issued the "Measures for Cyber Security Review (Revised Draft for Comment)", which aroused strong public and industry concern and extensive discussion on the cross-border data security supervision in China and the cross-border securities supervision policy of companies in China Stock Exchange. (Related Interpretation: Activating the Network Security Review System and Building a Data Security Firewall —— Opinions on the Measures for Network Security Review (Revised Draft for Comment) 202 1 On July 30, 2002, Gary Gensler, Chairman of the Securities and Exchange Commission (SEC) of the United States, issued a statement saying that the SEC would revise the information disclosure rules concerning the overseas listing of China enterprises and add specific ones.
In recent years, judicial and administrative law enforcement cases involving listed companies in various industries at home and abroad have emerged in an endless stream, and the risk warning notes and government supervision lists in the prospectus of related companies have become longer and longer. At the same time, the compliance of China Stock Exchange has attracted great attention from the supervision of China and the United States, and it is increasingly important for listed companies to improve the compliance level and improve the compliance system. In this context, based on past experience and observation, this paper will analyze the compliance points of listed companies in the new economic fields such as Internet platform from the aspects of network security and data compliance, anti-monopoly, anti-unfair competition and industry supervision policies, with a view to providing reference for compliance construction and compliance response of related enterprises.
Compliance point 1: network security and data compliance
China's network security law, data security law and the forthcoming personal information protection law constitute the "troika" in the field of network security and data security compliance. Listed companies and companies to be listed in the new economy usually have a large amount of data in all dimensions, so we should pay special attention to the relevant requirements of network security and data compliance.
Judging from the recent regulatory trends, cross-border data transmission is a compliance point that enterprises should pay special attention to when listing. According to the provisions of the Network Security Law and the Data Security Law, operators of key information infrastructure, including public communications, information services, financial services and other important industries and fields, should store personal information and important data collected and generated during their operations in China, and if they need to be transmitted abroad, they should conduct security assessment in accordance with relevant regulations. However, there are no formal regulations or guidelines on how to conduct such safety assessments. This may have an impact on Internet companies with multiple data centers, which may need to transfer some personal data between different countries and regions. Relevant enterprises should pay close attention to the legislation and law enforcement trends in this field. In addition, the Data Security Law has clearly put forward the establishment of a data level protection system and a national core data management system: on the one hand, a stricter management system is implemented for national core data related to national security, the lifeline of the national economy, important people's livelihood and major public interests; On the other hand, relevant regions and departments will further formulate specific catalogues of important data in their own regions, departments and related industries and fields, and focus on protecting the data listed in the catalogues. After the introduction of a more detailed data classification system in the future, enterprises should do a good job in data classification according to laws and regulations, and strictly take corresponding data management and protection measures.
In terms of personal information protection, whether the relevant enterprises are listed overseas or in China, data compliance issues are likely to attract the attention of the media and the public, and will also be the focus of inquiries by regulatory authorities, including the legal compliance of data sources, data use and data-related business operations.
For example, for Internet platform enterprises with a large amount of user data, special attention should be paid to the compliance of data sources:
The source, access, authorization method and agreement of obtaining user data information, whether the authorization is clear, legal and effective, and whether the scope and use of the collected information are clearly informed when collecting user information;
Whether obtaining personal data has a clear prompt for users, whether the collected data is limited to the necessary scope, whether it only gives a general prompt for collecting user information, whether it uses data beyond the user's authorized scope, and whether it collects data directly without the authorization of other platforms;
When obtaining user authorization through user agreement, privacy policy, etc., whether the user is clearly informed of the purpose, method and scope of collecting and using information.
Compliance point 2: Anti-monopoly compliance
As a hot field, anti-monopoly compliance is becoming more and more important for compliance construction before and after listing. Since the beginning of this year, various anti-monopoly punishment decisions or rumors about domestic internet giants have had a certain impact on the stock price and market of enterprises. For example, on April 1 20265438, the State Administration of Market Supervision (hereinafter referred to as "the General Administration") made an administrative penalty decision on the monopolistic behavior of an e-commerce platform abusing its dominant market position, and imposed a fine of 4% of its sales in China in 20 19, amounting to182.28 million. (Related interpretation: the importance of anti-monopoly compliance of enterprises from the highest ticket in history) At the same time, the General Administration issued an administrative instruction to the platform, and then asked 34 Internet platform enterprises to make "compliance commitments according to law". A series of law enforcement and administrative guidance measures reflect the importance of comprehensive compliance of enterprises in the anti-monopoly field.
We suggest that platform enterprises in the new economic field (including those adopting/planning to adopt VIE framework for overseas listing) pay special attention to the compliance requirements of centralized anti-monopoly declaration by operators. Article 18 of the Anti-monopoly Guide in the Field of Platform Economy issued by the Anti-monopoly Committee of the State Council stipulates that "the concentration of operators involved in the agreement control structure belongs to the scope of centralized anti-monopoly review of operators", and it is clear that enterprises with VIE structure should trigger the anti-monopoly declaration obligation if their turnover standards meet the standards. Since 2020, the General Administration has investigated and published more than 40 cases of administrative punishment involving VIE structure that failed to declare the concentration of operators according to law, and many well-known Internet companies in China have related cases. It is particularly noteworthy that in the field of platform economy, there has recently been a decision to prohibit centralized trading and require operators to take necessary measures to restore competition in the unreported trading market:
On July/July/2002 10, the General Administration issued an anti-monopoly review decision prohibiting the merger of two live game platforms, and explained in detail the reasons for determining that this concentration has the effect of excluding and restricting competition. This case is the first case of prohibiting the concentration of operators in the field of platform economy in China, and it is also the first case involving only domestic enterprises.
On July 24th, 20021year, the General Administration made an administrative penalty decision on an Internet platform's illegal concentration of operators, requiring the relevant operators to take necessary measures to restore market competition, including ordering the platform to take measures such as lifting the exclusive copyright, lowering the market access threshold and reshaping the relevant market competition order.
In addition, we suggest that enterprises in the new economy should pay special attention to data compliance and antitrust compliance. The Guide to Platform Economy explicitly mentions various behavior patterns of operators using data or algorithms to exclude and restrict competition. (Related Interpretation: Is it the right time for anti-monopoly of platform economy? —— Interpretation of highlights of relevant guidance draft) Such as:
Monopolistic agreements and algorithms: if the operators achieve coordinated behavior in essence through data, algorithms, platform rules or other means;
Abuse of market dominance to restrict transactions: operators restrict transactions by actually setting restrictions or obstacles in terms of platform rules, data, algorithms and technologies;
Abuse of market dominance to implement differential treatment: based on big data and algorithms, different transaction prices or other trading conditions are implemented according to the payment ability, consumption preferences and usage habits of the counterparty;
In addition, the data held by platform operators is of great significance to determine the dominant position of operators in the market. The Platform Economy Guide clearly mentions that when judging whether the relevant platform constitutes the "necessary facilities" for other operators to enter the relevant market, it is necessary to comprehensively consider the data occupied by the platform.
Under the current regulatory situation, the importance of anti-monopoly compliance goes without saying. Relevant enterprises should continue to pay attention to the regulatory dynamics in the anti-monopoly field and constantly improve the anti-monopoly compliance level.
Compliance point 3: Anti-unfair competition compliance
Anti-unfair competition compliance is another hot spot of compliance. In the Internet age, the high frequency of information dissemination shortens the time difference, and reports from competitors, complaints from consumers, complaints from professional counterfeiters and strong supervision from relevant departments will all bring considerable pressure to enterprises. Without proper planning and risk management, enterprises may not only face current operational difficulties, but also bring great obstacles to future listing. Take the listing of a strange dating APP as an example. Originally planned to be listed on June 24th, but recently announced the suspension of the IPO process of US stocks. The market generally believes that the emergency suspension of IPO is not unrelated to its previous unfair competition with a competitive APP.
There are two kinds of unfair competition behaviors in the Internet field: one is the extension of traditional unfair competition behaviors in the Internet field, such as using the Internet to carry out unfair competition behaviors such as confusion and counterfeiting, false propaganda and commercial slander, and the other is the unfair competition behaviors that are unique in the Internet field and implemented through technical means. For example, the typical unfair competition behavior "false propaganda", its relevant provisions are scattered in the Advertising Law, the Interim Measures for the Administration of Internet Advertising, the Anti-unfair Competition Law and related laws and normative documents. In the process of daily operation and preparation for listing, enterprises often lack professional knowledge on how to ensure the authenticity of propaganda and avoid the possible scope of "false propaganda", and some cases of incomplete quotation, one-sided propaganda and vague language are punished. At this time, enterprises should use professional teams to predict risks, and at the same time, combine law enforcement deviation of law enforcement personnel in different regions, release areas, coverage of people and many other factors to predict risks.
Since 2020, many Internet companies have been caught in an anti-unfair competition investigation by the regulatory authorities. On February 8, 20021year, the General Administration made an administrative penalty decision on a brand sales platform, which was found to disturb the fair competition market order and fined 3 million yuan. This case fully shows that the iteration and development of Internet business model has spawned more different types of unfair competition behaviors, and the diversification of data collection and application methods has also made competition behaviors more hidden and complicated. With the increasingly strict law enforcement situation, Internet industry operators should adopt reasonable and appropriate compliance concepts to build a compliance system.
Compliance point 4: Changes and compliance of industrial regulatory policies.
Since the beginning of this year, industrial supervision policies have changed frequently, especially in important areas related to the national economy and people's livelihood, and relevant departments have clearly revealed the signal of strong supervision. Taking the education and transportation industries as examples, platform enterprises in related fields should pay close attention to the compliance requirements under the industry regulatory policies.
Recently, enterprises in the transportation field have been closely watched by the regulatory authorities. On July 30th, 20021year, the second plenary meeting of the Inter-Ministerial Joint Conference on Collaborative Supervision of New Transportation Format was held, which reviewed the Opinions on Strengthening the Protection of the Rights and Interests of Employees in New Transportation Format, proposed to optimize the supervision framework, accelerated the realization of full chain supervision before and after the event, especially strengthened anti-monopoly supervision and anti-unfair competition, and investigated and dealt with the monopolistic, excluded and restricted competition behaviors of online car-hailing platforms according to law. In addition, the aforementioned cyber security review initiated by the Internet Office on a travel service platform also fully demonstrates that transportation enterprises (especially those on the new Internet economic platform) should pay special attention to the key points of industry supervision policies. One of the particularities of the transportation industry is that the related Internet platform enterprises will inevitably master a large number of related data such as freight, urban traffic, users and drivers, and should pay special attention to the compliance requirements related to data security. For example, a large amount of data in the transportation industry may be listed in the important data directory, and the Data Security Law clearly puts forward a number of data security protection obligations for the processing activities of important data, including:
The processor of important data shall designate the person in charge of data security and the management organization;
Important data processors shall regularly conduct risk assessment on their data processing activities in accordance with regulations, and submit risk assessment reports to relevant competent departments;
Conduct network security review on data processing activities that affect or may affect national security;
The exit safety management of important data collected and generated by key information infrastructure operators in China shall comply with the provisions of relevant laws and regulations.
Similarly, the education industry is also a key regulatory industry in the field of people's livelihood. Since the beginning of this year, major online education platforms have faced strong supervision from the General Administration and the Ministry of Education:
At the beginning of May, the General Administration organized local market supervision departments to set up a task force. After the key inspection of 15 off-campus training institutions, it was found that there were illegal acts of false propaganda or price fraud, and fines were imposed respectively, totaling more than 36 million yuan.
On June 15, the Ministry of Education issued the Notice on Establishing the Supervision Department of Off-campus Education and Training, announcing the establishment of the Supervision Department of Off-campus Education and Training to undertake the management of off-campus education and training for primary and secondary school students (including kindergarten children), party building guidance, and policy formulation.
Recently, the General Offices of the General Office of the Central Committee of the CPC and the State Council issued the Opinions on Further Reducing Students' Homework Burden and Off-campus Training Burden in Compulsory Education, which put forward higher compliance requirements for Internet platform companies in the education industry.
Under the heavy pressure of the industry, online education platforms and off-campus training institutions should do a good job in business license filing, institutional filing review and compliance publicity, and fully comply with the relevant requirements of laws and regulations in terms of qualified teachers, information security and fee supervision.
In addition, Article 18 of the Measures for the Administration of Initial Public Offering and Listing (revised in 2020) requires the issuer to have no major illegal acts during the reporting period. In principle, any act that is given a certain amount of administrative punishment by the relevant administrative organs can be regarded as a major illegal act (that is, "violation of laws and administrative regulations on industry and commerce, taxation, land, environmental protection, customs, etc. in the last 36 months, and the circumstances are serious", unless the punishment enforcement organ determines that the act is not a major illegal act and makes a reasonable explanation according to law. Therefore, enterprises and intermediaries should also carefully grasp the audit scale of "major violations". For example, for platform enterprises, major administrative penalties in network security and data compliance, anti-monopoly and anti-unfair competition are not completely excluded from the category of "major violations", which also inspires relevant enterprises to pay full attention to all aspects of compliance construction and system improvement before starting the listing plan.
As mentioned above, the Opinions particularly emphasize the "zero tolerance requirement" for securities crimes, which echoes the Securities Law revised in 20 19 and the Criminal Law Amendment (XI) promulgated in 2020, and reflects the strong supervision trend under the full implementation of the registration system reform. Article 20 of the Opinions also emphasizes that strengthening the supervision of China Stock Exchange requires taking effective measures to deal with corporate risks and emergencies of China Stock Exchange and promoting the construction of relevant supervision systems. Relevant enterprises should pay attention to the dynamic changes of regulatory policies. No matter whether it is listed in China or overseas, listed companies in new economic fields such as Internet platforms should strengthen compliance construction and risk prevention of violations, and create value through compliance.
Precautions:
[1] See: Opinions on Severely Cracking down on Illegal Securities Activities in accordance with the Law issued by the General Office of the Central Committee at/zdgz/202107/t20210706 _ 523196. shtml。
[2] See: Announcement of Network Security Review Office on Launching Network Security Review on Didi Chuxing, and the address is/2021-07/02/c _1626811521665438. Announcement of the Network Security Audit Office on carrying out network security audit on "Man Man", "Truck Gang" and "BOSS Direct Employment". Visit address:/2021-07/05/c _1627071328950274.htm.
[3] See the investor protection statement related to China's recent development, and visit the address:/xw/ZJ/202104/t202104/kloc-0 _ 327702.html.
[7] See: Limited merger of Company A and Company B is prohibited by the General Administration of Market Supervision at the address of/332525.html/xw/ZJ/202107/t202107/kloc-0 _.
[8] See: The General Administration of Market Supervision ordered a holding company to revoke the exclusive copyright of online music according to law, and visit the address:/xw/ZJ/202107/t20210724 _ 333016.html.
[9] official website, the Shanghai Higher People's Court, showed that other unfair competition disputes between Company U and Company S were filed on April 202 1, and Company U demanded compensation of 26.93 million yuan and applied to the court for property preservation. On may 1 1, company s submitted its prospectus to the us securities and exchange commission and applied for listing on Nasdaq. On may 2 1 day, the court froze s company 26.93 million yuan and decided to open the court session on June 29 at the end of the month.
[10] (2) misleading, deceiving or forcing users to modify, close or uninstall network products or services legally provided by other operators; (3) Malicious incompatibility with network products or services legally provided by other operators; (four) other acts that hinder or destroy the normal operation of network products or services provided by other operators according to law.
[1 1] See: the decision of the General Administration of Market Supervision on administrative punishment for unfair competition of a brand sales company, and its address is/nsjg/jjjjzj/202102/t 202102/kloc-0 _ 326097.html. Unfair competition behavior includes: developing and using inspection system to obtain the information of brand operators who are sold in the company and other companies at the same time; Utilize the technical means provided by supplier platform system, intelligent networking engine and operation center. By influencing user selection, limiting current, shielding, and taking goods off the shelves. , reduce the consumption attention, traffic and trading opportunities of brand operators, limit the sales channels of brand operators, and hinder and undermine the normal operation of online products and services legally provided by brand operators and other operators.
[12] See: 202 1 Second Plenary Session of the Inter-Ministerial Joint Conference on Collaborative Supervision of New Transportation Forms, and visit address:/jiaodongyaowen/202107/t20210730 _ 361.
[13] See: The General Administration of Market Supervision held a special press conference on strengthening the market supervision of off-campus training institutions. The visit address is/xw/xwfbt/202106/t20210601_ 330032.html.
[14] See the Notice of the General Office of the Ministry of Education on Establishing the Supervision Department of Off-campus Education and Training at/srcsite/A04/S7051/202106/t20215 _ 533.
[15] See: the General Office of the Central Committee of the CPC's opinion on further reducing the burden of students' homework and off-campus training in compulsory education * * *, and the address is/jyb _ xgk/moe _1777/moe _1778/202108.
Source: Zhonglun Vision