From October 29 to 30, 2024, the first GDTC Global Data Technology Conference was held in Beijing. Hosted by China Future Internet Engineering Center (CFIEC), the conference brought together data technology experts, industry leaders and industry representatives from all over the world to discuss the future development trend of data technology. As the first thematic forum of the conference, the “Privacy Technology and Cross-border Data Circulation Forum” attracted many top people from industry and academia, including senior practitioners from Tencent, Jitterbug, Huawei, DDT, MasterCard and other companies, as well as experts and scholars from Southeast University, Hong Kong University of Science and Technology (Guangzhou) and other universities. They discussed in depth how to achieve privacy protection in networks, data, AI models, product services and applications through technology and engineering means, and to address the issues of transparency, trust, and security in data circulation.

Figure 1: GDTC Global Data Technology Conference site

Privacy Technology Unleashes the Potential of Data Elements

At the beginning of the forum, Liu Dong, Director of China Future Internet Engineering Center (CFIEC), firstly pointed out that privacy technology is a category of technologies, tools and solutions that help to improve the quality and usability of personal information, ensure data protection and promote data innovation, and the core objective is to solve the problem of balancing the privacy protection and the release of the value of data.

Figure 2: Opening Remarks by Liu Dong, Director of the Next Generation Internet National Engineering Center

For the industrial outlook of privacy technology and cross-border flow of data, Ms. Iao Xin, Acting Director of the Review and Administrative and Financial Affairs Department of the Personal Data Protection Bureau of the Macao SAR Government, shared with the guests the important initiatives of the Guangdong, Hong Kong and Macao Greater Bay Area for the safe and orderly flow of data across the border, and from the point of view of Macao's personal data protection agency, indicated that it will continue to gradually promote the work of the standard contract for the exit of personal information and the certification of the protection of personal information, etc., in accordance with the law. It also indicated from the perspective of Macao's personal data protection agency that it would continue to gradually promote the implementation of the standard contract for personal data exit and the certification of personal data protection in accordance with the law, and continue to optimize the docking work of the mechanism in order to achieve the compliance and efficiency, safe and orderly cross-border data flow.

Figure 3: Yao Xin, Acting Director of Review and Administrative and Financial Affairs Department of the Personal Data Protection Bureau of the Macao SAR Government, delivered an opening speech.

At the same time, supportive policies and incentives in line with the current development trend of the data industry are undoubtedly a strong driving force for the prosperous development of this industry. Xing Hua, Member of the Party Working Committee and Deputy Director of the Management Committee of Guangzhou Nansha Development Zone, said that Nansha is committed to building an internationalized business environment, vigorously developing the international data industry and creating an international data port. Focusing on the future potential of data cross-border development, he shared the construction results and future development plans of the Nansha (Guangdong, Hong Kong and Macao) Data Service Pilot Zone.

Figure 4: Speech by Xing Hua, Member of the Party Working Committee and Deputy Director of the Management Committee of Guangzhou Nansha Development Zone

The cross-border flow of data cannot be separated from the international cooperation mechanism and technical standard system. Mr. Reinhold Achatz, Chairman of the Board of Directors of the International Data Space Association (IDSA), focused on the theme of “Cutting-edge Practices of Data Space in Cross-border Flow of Data”, pointing out that the obstacles to cross-border flow of data are mainly reflected in the level of rules, in particular, the need to meet the requirements of different jurisdictions. As a distributed data circulation system based on trust, dataspace can build a dataspace ecosystem that not only guarantees data security but also facilitates cross-border data circulation by defining a policy engine and following dataspace protocol standards.

Figure 5: Keynote Speech by Reinhold Achatz, Chairman of the Board of Directors, International Data Space Association (IDSA)

Privacy Technology Supports Product and Service Innovation

In the process of digital transformation, while maximizing the value of data, it is increasingly important to improve the level of personal information protection and data security, which is not only related to the compliance operation of enterprises, but also the key to safeguarding the rights and interests of individuals and the sustainable development of the industry.

Wang Xiaoxia, Deputy General Manager of Tencent Group's Data Compliance and Privacy Protection Department, shared Tencent's advanced management solution for data compliance governance, the “Rhinoceros Privacy Platform”, which covers multiple dimensions at the management level, rules level, technology level, and application level, and features the Product Compliance Center, the Data Compliance Center, and the Specialized Compliance Center, etc., and is capable of combining Tencent's self-developed data protection and data security systems with a comprehensive compliance and rules foundation. On the basis of perfect compliance rules, Tencent's self-developed professional compliance technology is directly applied to business scenarios, thus realizing product compliance efficiency and data governance.

Figure 6: Mr. Xiaoxia Wang, Deputy General Manager of Data Compliance and Privacy Protection Department, Tencent Group, delivered a speech.

Mr. Ruxin Huang from the Information Security Department of Beijing Xiaogang Technology (DDT) introduced how DDT has achieved three major efficacies, namely, “Innovation in Data Collection and Processing”, “Improvement of User Interface and Experience”, and “Cross-platform Data Sharing and Cooperation” through the application of personal information protection technology. Cross-platform data sharing and cooperation”. In particular, the DDT Privacy Computing Platform can complete a series of processes from data integration, exploration and analysis, to joint computing, multi-party modeling, and assisted decision-making under the premise of protecting the privacy and security of data, solving the dilemma of not being able to securely utilize the data of all parties when collaborating with cross-users.

Figure 7: Mr. Huang Ruxin from the Information Security Department of Beijing Xiaogang Technology (DDT) delivered a speech

Mr. Fu Tianfu, Chief Security Architect, Huawei Terminal BG, systematically demonstrated how HarmonyOS enables data protection based on native data security capabilities and applies it to business practices in 2B and 2C scenarios. He mentioned that based on the Harmony StarShield security architecture, HarmonyOS can manage data in a compliant, efficient and secure manner based on data classification hierarchy, ensure that files can only be accessed by the intended recipients based on data deferral control, and become a key data security pedestal based on the data encryption risk feature of data leakage prevention (DLP) architecture.

Figure 8: Huawei Terminal BG, Chief Security Architect Fu Tianfu delivered a speech

Ms. Manli Zhu, Data Protection Officer, MasterCard China, presented MasterCard's sandbox application practices for privacy-enhancing technologies, pointing out that a sandbox is a framework or environment that allows for real-time testing of technologies, services, and business models in the marketplace with real consumers, while benefiting from lax or flexible regulatory requirements, which can facilitate relevant deployment of digital technologies. In the privacy-enhancing technology sandbox project of the regulator, Singapore's Infocomm Media Development Authority (IMDA), MasterCard carried out a set of proof-of-concepts for the use of third-party-provided Fully Homomorphic Encryption (FHE) to share financial crime information across different countries while complying with the relevant legislative requirements of each country, validated to have a positive impact in terms of data cross-border and localization, data protection and more.

Figure 9: MasterCard's Data Protection Officer for China, Manli Zhu, delivers a speech

Privacy Technology Guides the Orderly Flow of Data Across Borders

In the current complex and changing data environment and highly interconnected world, privacy technology has not only become a key path to protect basic personal information, but also an important bridge to support multinational enterprises to realize seamless cooperation.

Mr. Chen Shixiang, Director of China Cybersecurity Examination, Certification and Market Supervision Big Data Center, suggested that certification is an internationally accepted practice to support data regulation and an institutional tool for cross-border data transmission. Standardization is the key to establishing a global certification cooperation mechanism, increasing the number of certificates and the strength of their acceptance, and the consensus of all parties on privacy technology will be very helpful for the application of the certification system on the ground.

Figure 10: Chen Shixiang, Director of China's Big Data Center for Cybersecurity Review, Certification and Market Supervision, delivers a speech

Dr. Tang Qifeng, General Manager of Shanghai Data Exchange, focused on privacy computing and data transactions, pointing out that privacy computing is a key technology for data security in data transactions, especially in the scenario of cross-border data transactions, privacy computing can realize cross-domain cooperation of multi-source data through coordinated computing on the premise that the original data is not out of the domain, and it can be widely used in application scenarios such as cross-border trade and customs joint wind control, retail data compliant outbound utilization, joint modeling of car networking data, cross-border mutual recognition of health code data and other application scenarios.

Figure 11: Mr. Tang Qifeng, General Manager of Shanghai Data Exchange, delivered a speech.

Ms. Lang Peipei, Chief Expert of Beijing International Big Data Exchange, shared the practices of a German medical device company's data hosting space and a Hong Kong personal credit company's data verification space through the technical support of data exit by BeiData, pointing out that attribute cipher has the advantage of one-to-many, which can realize access control while encrypting, and access control gateway is no longer needed.

Figure 12: Mr. Pepe Lang, Chief Expert of Beijing International Big Data Exchange, delivered a speech.

Mr. Zhou Chenwei from the Network Security Research Center of the China National Institute of Electronic Technology Standardization (CNIET) explained the national standard for anonymization of personal information in detail, including the development of the standard text, the main content and the dilemmas, etc., and mentioned that the next step would be to focus on the direction of standardization of anonymization in the context of typical data circulation and utilization scenarios, such as financial risks, intelligent travel, model training, and healthcare.

Figure 13: Zhou Chenwei from Network Security Research Center of China National Institute of Electronic Technology Standardization (CNIET) delivered a speech.

Zhang Hanzhuo, Deputy Director of CFIEC, shared in detail the data cross-border infrastructure architecture with IPv6 high-speed data network as the cornerstone and IDS as the core, pointing out that new technologies such as IPv6 and IDS are used to build a cross-border data transmission network and to provide fine-grained data management and control capabilities of global interconnection and interoperability. He further introduced the practical application cases of IPv6 cross-border data space network and its potential application in medical data and other fields.

Figure 14: Mr. Zhang Hanzhuo, Deputy Director of CFIEC, delivered a speech

Privacy Technology Helps AI Innovation and Governance

Currently, AI has become an important engine leading a new round of global industrial revolution, and its application and innovation need to be combined with an effective governance framework to ensure sustainable development.

Mr. Tian Shen, Head of Data Compliance at Jitterbug Group, suggests that privacy computing technology can be used in training data compliance efforts by enabling staged anonymization. Staged anonymization refers to the anonymization of the data processing process and calculation results rather than the pursuit of anonymization of the entire life cycle of data processing, which can effectively address data compliance and privacy protection issues such as the basis of legitimacy and the security risks of data processing in the process of training and pushing AI models.

Figure 15: Mr. Tian Shen, Head of Data Compliance, Jitterbug Group, delivered a speech

Ms. Zhang Xiangtuo, Head of Data Privacy Team of Xiaomi's Legal Department, brought AI compliance ideas under the development of new technologies, suggesting that as competition in the AI field becomes more and more intense, enterprises are facing more complex legal and policy changes. She introduced that Xiaomi Group's Trusted AI Governance Framework follows globally accepted principles, focusing on four aspects: minimum necessary, transparent and controllable, respecting ethics, and safe and reliable, and is committed to realizing people-centered trusted AI.

Figure 16: Ms. Zhang Xiangtuo, Data Privacy Team Leader, Xiaomi Legal Department

Mr. Yi Zhang, Advisor of the International Association of Privacy Professionals (IAPP), shared his views on Privacy Enhancing Technologies (PETs), pointing out that PETs can obtain relatively high usability from data and minimize the need for data collection and processing, and can be applied to typical scenarios such as sensitive data processing activities in special scenarios such as financial and medical care, cross-border data transmission, AI training data, etc. He suggested that there is still a discrepancy in the perception of this topic at the legal level between China, the US and Europe. He suggested that there is still a discrepancy between China, the U.S. and Europe on the legal level of privacy enhancement technology, and that participants from various countries should have more exchanges and dialogues on this topic in order to improve the expectability of the law.

Figure 17: Mr. Zhang Yi, Advisor of International Association of Privacy Professionals (IAPP), delivered a speech

Ms. Haitang Wang, General Manager of Eco-Development Department of ZeroOneWorld, focused on big model innovation, pointing out that data privacy security runs through the whole cycle of innovation of big model training, deployment and operation. In particular, big model training is essentially to compress the effective information of the world into the model, and the quantity and quality of the data determines the quality of the model. In this regard, she proposed that Zero One Everything is committed to establishing a data security technology system covering data collection, cleaning, labeling, management and other aspects to improve the security capabilities of big model innovation.

Figure 18: Ms. Haitang Wang, General Manager of Zero2Everything Eco-Development Department, delivering a speech

Privacy Technology's Innovative Development and Global Application Have Great Prospects

Regarding the innovative development and global application of privacy technology, four experts from academia and innovators had a lively and in-depth discussion.

Moderated by Hong Yanqing, a member of the National Cybersecurity Standard Committee, Prof. Cheng Guang, Dean of the School of Cybersecurity, Southeast University, discussed the privacy challenges faced when globally sharing network traffic sample data, and put forward two ideas to solve the problem: firstly, researching on de-privatization methods of network traffic data; and secondly, globally working together to formulate standards and protocols for data sharing. Dr. He Xinlei, Assistant Professor at the Hong Kong University of Science and Technology (Guangzhou), discussed the role of privacy technology in the field of trusted AI, especially the privacy protection during the training and use of large models. He emphasized the importance of model security, including ensuring that model performance is consistent with human values and preventing malicious questions and anomalous behavior. Mr. Zhang Renzhuo, CEO of Beijing Shangyin Technology Co., Ltd. emphasized that privacy technology, as a brand new technology system, is inevitable, and while restricting the use of data, it is essentially designed to promote the use of data collection and sharing and exchange, and is the “traffic law” for the release of the value of data, and enterprises need to internally land on the privacy technology and improve the management capability, engineering capability and technical capability. Enterprises need to implement privacy technology internally and improve their management, engineering and technical capabilities. Prof. Hong Yanqing concluded that the meaning of privacy technology is much broader than privacy enhancement technology, and that the introduction of privacy technology can guide technology to be good and provide better products and services for users.

Figure 19: Lively Sharing and Discussion among the Participating Guests

After three hours of intensive and fruitful discussions and sharing, this “Privacy Technology and Cross-border Data Circulation Forum” came to a successful conclusion. At the forum, experts from competent organizations, industry and academia shared and discussed how privacy technology can improve data governance, data protection, data compliance management and AI governance, which not only promoted understanding and trust among various fields, but also laid the foundation for reaching a consensus on technical standards and industrial policy framework. As summarized by the moderator of this forum, Prof. Hong Yanqing, the potential contained in the field of privacy science and technology is huge, and its value is difficult to quantify. In the future, with the advancement of technology and the joint efforts of people from all walks of life, a new era of more transparent, trustworthy and secure “data-AI” will come.