EN

LONGAN IP Newsletter No.10

Contents

LongAn IP News

  • LongAn was listed in the Asian Legal Business (ALB) 2021 China Regional Market Ranking: Yangtze River Delta
  • LongAn ranked 2nd in the quality list of patent applications in the lightingfield among Chinese Patent Agencies
  • Jiali Xu, the founding partner of LongAn, was elected President of Beijing Lawyers Law Research Association

LongAn Case

  • LongAn representedthe Jiuyueqiji Band and won the lawsuit of the dispute over copyright infringement of the musical work Kangding Love Song

China IP News

  • Interpretation of the Guidelines for Building a Powerful Country with Intellectual Property (2021-2035)
  • The CNIPA issued the Evaluation Report on China’s Intellectual Property Development Status in 2020

LongAn Law Study  

  • Comments on The Measures for Security Assessment of Cross-border Data Transfer (Draft for Comment)


LongAn IP News

LongAn was listed in the Asian Legal Business (ALB) 2021 China Regional Market Ranking: Yangtze River Delta

On October 21, 2021, the world-renowned legal media “Asian Legal Business” (ALB) issued the 2021 ALB China regional market ranking. Eight branches of LongAn—LongAn Shanghai, Nanjing, Suzhou, Nantong, Hangzhou, Huzhou, Yangzhou, and Wuhu were included into the list of Yangtze River Delta with their outstanding professional capabilities and comprehensive strength.

https://mp.weixin.qq.com/s/DSy15wvUge1RNSkd5NGXzQ

 

LongAn ranked 2nd in the quality list of patent applications in the lighting field among Chinese Patent Agencies

Recently, Zhichanli and IP House jointly released the Comprehensive List of Top 50 Chinese Patent Agencies in Domestic Agency Business. The list is comprehensively ranked based on the dual indexes of the quantity and quality of patent agencies. LongAn was shortlisted and ranked 2nd in the quality list of patent applications in the Chinese lighting field.

https://mp.weixin.qq.com/s/2Cg8adgWttVKZXh2UDdkng

 

Mr. Jiali Xu, the founding partner of LongAn, was elected President of Beijing Lawyers Law Research Association

In order to promote the integration of theoretical research and judicial practice, follow the law and trend of digital development, and boost the prosperous development of legal digitalization, the Beijing Lawyers Law Research Association was formally established on October 9, 2021. Approved by the Beijing Law Research Association and Beijing Judicial Bureau, Mr. Jiali Xu, the founding partner of LongAn, was elected President of the Beijing Lawyers Law Research Association through democratic elections.

https://mp.weixin.qq.com/s/-1tTzu_OXN2jjh_7wnhcgg

 

LongAn Case

LongAn represented the Jiuyueqiji Band and won the lawsuit of the dispute over copyright infringement of the musical work Kangding Love Song

Recently, Mr. Jianjun Fu and Mr. Mengjun Jiang of LongAn Beijing acted for the Jiuyueqiji Band (defendant) and won the lawsuit against Mr. Luobin Wang’s heir (plaintiff) in a dispute over copyright infringement of the musical work Kangding Love Song.

 

Kangding Love Song, also known as Paomaliuliudeshanshang, is a representative traditional folk song in the former Xikang Province. It is one of the most famous folk songs all over the world and the only Chinese song recommended by UNESCO to the world. It is reported that the plaintiff, the heir of the late famous musician Mr. Luobin Wang, claimed that Mr. Wang composed the Kangding Love Song and filed numerous lawsuits across China against multiple defendants, including the Jiuyueqiji Band, for infringing the copyright of the folk song Kangding Love Song. In this case, the plaintiff claimed that our client infringed the performing right and the right of keeping integrity of the folk song, and demanded an apology and compensation for economic losses and reasonable expenses.

 

In this case, LongAn lawyers submitted to the court a large number of publications as evidence proving that the authorship of the folk song involved was not related to Mr. Wang and that Mr. Wang did not own the copyright to the folk song. The court finally accepted the “Selected Works of Chinese Folk Songs” published by Shanghai Chinese Music Society in 1947, which constituted the contrary evidence for the plaintiff’s claim that Mr. Wang recorded and reorganized the Kangding Love Song, and rejected all of the plaintiff’s claims on the ground that the plaintiff had not proved the ownership.

 

The main difficulties of this case are as follows:

  1. The folk song involved is old, and it’s difficult to collect the historical publicationsand it is impossible to verify whether the authorshipis properly identified;
  2. The plaintiff and the defendant have both provided a large number of evidence related to the authorshipof the folk song involved such as publications, CDs, performance records, etc.;
  3. The professionaldetermination of copyright infringement of musical worksas well as the modification and adaptation of tunes often require experts’ appraisal.

 

We believe that such typical cases will accumulate experience for LongAn in right protection in similar cases in the future.

https://mp.weixin.qq.com/s/gmLFG3-JMCeg2Cn_gJAACg

 

China IP News

Interpretation of the Guidelines for Building a Powerful Country with Intellectual Property (2021-2035)

Recently, the Central Committee of the CPC and the State Council (PRC) jointly issued the Guidelines for Building a Powerful Country with Intellectual Property (2021-2035) (hereinafter referred to as the Guidelines), which deployed China’s IP development strategy for the next 15 years.

The Guidelines regards new technologies, new industries, new business formats, and new models as the key concerns of the intellectual property protection system, and proposed improvements in the following five areas which indicate the direction for the development of China’s IP in the next 15 years.

(1) Expansion of the objects of IP.

(2) The possibility to empower data.

(3) The algorithmic IP protection rules should be studied and improved.

(4) The ownership of artificial intelligence products should be determined urgently.

(5) The Internet IP protection system should be improved.

https://www.cnipa.gov.cn/art/2021/10/16/art_53_170807.html

 

The CNIPA issued the Evaluation Report on China’s Intellectual Property Development Status in 2020

The Intellectual Property Development Research Center of the CNIPA assessed and studied China’s intellectual property development in 2020, and recently issued the Evaluation Report on China’s Intellectual Property Development Status in 2020.

 

According to statistics, since the implementation of the Outlines of China Intellectual Property Strategy (hereinafter referred to as the Outlines), the comprehensive strength of China’s intellectual property has achieved a rapid leap. In 2020, the China intellectual property comprehensive development index increased from the base value of 100 in 2010 to 304.7, with an average annual growth rate of 11.8%.

 

From the perspective of regional evaluation, the score of intellectual property comprehensive development index of Guangdong, Jiangsu, Beijing, Shanghai, Zhejiang and Shandong ranked in the top six in 2020, with Guangdong, Jiangsu and Beijing all exceeding 80 points. In 2020, the comprehensive intellectual property development index of various regions across China showed the development feature of the eastern region being superior to that of the central and western regions. There are 8 places with a comprehensive intellectual property development index of 60 points or above in the eastern regions, and 2 places in the central and northeastern regions with a score of 60 or above, 1 place in the western region with a score of 60 or above.

 

From the perspective of international comparison, China’s intellectual property development level has rapidly jumped from 17th in 2015 to 8th in the world ranking in 2019, and the total index score of intellectual property development increased from 67.08 points in 2018 to 69.15 points in 2019. In 2019, China’s intellectual property competence, performance, and environmental index ranked 5th, 5th and 23rd in the world respectively. Compared with the previous year, the score of China’s intellectual property environment index increased by 3.44% year-on-year.

 

LongAn Law Study 

 

Comments on The Measures for Security Assessment of Cross-border Data Transfer (Draft for Comment)

 

By Zhang Bo and Miao Kai

 

On October 29, 2021, the Cyberspace Administration of China issued The Measures for Security Assessment of Cross-border Data Transfer (Draft for Comment) (Measures for Assessment),which intends to specify Security Assessments under the Cybersecurity Law of the People’s Republic of China (Cybersecurity Law), the Data Security Law of the People’s Republic of China (Data Security Law), the Personal Information Protection Law of the People’s Republic of China (Personal Information Protection Law), and other laws and regulations.

 

As stipulated by the Measures for Assessment, data processors shall conduct security assessment under the following two circumstances: first, to provide abroad any important data collected and generated in their business operation within the territory of the People’s Republic of China; second, to provide abroad any personal information for which security assessment is required pursuant to the law. The security assessment shall adhere to the combination of ex-ante assessment and ongoing supervision, and the combination of risk self-assessment and security assessment.

 

  1. Self-Assessment

 

Among the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law in effect, only the Data Security Law stipulates risk assessments. As stipulated in Article 30 of the Data Security Law, those handling important data shall, in accordance with relevant provisions, periodically conduct risk assessments for their data handling activities, and submit a risk assessment report to the relevant competent authority. The risk assessment report shall include the categories and quantities of important data handled by the said organization, how data are handled, the data security risks faced and their countermeasures.

 

While Article 5 of the Measures for Assessment stipulates that, a data processor shall, before providing any data overseas, conduct an ex-ante self-assessment of the risks of cross-border data transfer, regardless of whether the data provided overseas are “important data”.

 

In accordance with Article 6 of the Measures for Assessment, a report on the self-risk assessment of cross-border data transfer shall be submitted when applying for security assessment. It can be seen that a security assessment involves an ex-ante self-assessment of the risks.

 

When providing data overseas, attention shall be given to the following matters in the self-assessment of the risks:

 

(1) whether the purpose, range, method and other aspects regarding the cross-border data transfer and the data processing of overseas recipient are lawful, legitimate and necessary;

(2) the quantity, range, variety and sensitivity of data to be provided overseas, and the risks that the cross-border data transfer may pose on the national security, public interests and the legal rights and interests of individuals and organizations;

(3) whether the administrative and technical measures and capability of the data processor are sufficient for preventing data leakage, data damage and other risks;

(4) whether the responsibilities and obligations assumed by the overseas recipient and its administrative and technical measures and capability to perform such responsibilities and obligations are sufficient for guaranteeing the security of the data to be provided overseas;

(5) whether the data may be leaked, damaged, tampered with, abused or subject to other risks after being provided overseas and re-transferred, and whether the individuals have well-established channels to safeguard the rights and interests in their personal information;

(6) whether the relevant contract on cross-border data transfer concluded with the oversea receiving party fully stipulates the responsibilities for and obligations in data security protection.

 

  1. Security Assessment Circumstances

 

Both Article 37 of the Cybersecurity Law, and Article 36, 38 and 40 of the Personal Information Protection Law mention “security assessments”. As provided in the Measures for Assessment, when providing data overseas, security assessments shall be applied under the following circumstances:

 

(1) Any personal information and important data collected and generated by an operator of critical information infrastructure is involved;

(2) The data to be provided overseas contains any important data;(3) Any personal information will be provided overseas by a personal information processor who has processed the personal information of one million individuals or above;(4) The personal information of more than 100,000 individuals or the sensitive personal information of more than 10,000 individuals has been provided overseas on a cumulative basis;(5) Other circumstances where the security assessment is required as prescribed by the Cyberspace Administration of China.

 

In Regulations on the Security Protection of Critical Information Infrastructure implemented on September 1, 2021, the “critical information infrastructure” refers to the key network facilities and information systems in important industries and areas such as public telecommunication and information service, energy, transport, water conservancy, finance, public service, e-government and science and technology industry for national defense, which may seriously endanger the national security, national economy, people’s livelihood and public welfare once they are subject to any destruction, loss of function or data leakage.

 

The Cybersecurity Law, the Data Security Law and the Personal Information Protection Law offer no definition of “important data”. Article 21 of the Data Security Law stipulates that, each region and department shall, in accordance with the classified and graded data protection system, determine the specific catalogue for important data for the respective region and department, and in relevant industries and areas, and undertake special protection for the data included in the catalogue.

 

The 2021 national recommended standard “Information Security Technology-Guidelines for the Identification of Important Data” is still in the drafting process. In the national recommended standard “Information Security Technology- Guidelines for the Data Transmitted Overseas Security Assessment (Draft for Comment)” issued on August 25, 2017, “important data” refers to the data collected and generated by relevant organizations, institutions and individuals in China that do not involve State secrets but are closely related to national security, economic development and public interest (including original data and derived data), the specific scope of which is specified in the Appendix A. The Draft for Comment has not yet been formally approved.

 

The Personal Information Protection Law has clear definitions on both personal information and sensitive personal information. For those companies who provide personal information overseas, it is necessary to pay attention to the cumulative calculation of the personal information under the above-mentioned circumstance 4. Once the corresponding number of people is reached, a security assessment should be applied.

 

  1. The Content of Security Assessment

 

The important contents of security assessment are as follows:

 

(1) whether the purpose, range, method and other aspects regarding the cross-border data transfer are lawful, legitimate and necessary;

(2) how will the security protection law and the cybersecurity environment of the country or region where the overseas recipient is located impact the security of the data to be provided overseas;

(3) whether the data protection capability of the overseas recipient can conform to the laws and administrative regulations of the People’s Republic of China and meet statutory national standards;

(4) the quantity, range, type, variety and sensitivity of the data to be provided overseas, and the risks of being leaked, tampered with, lost, damaged, relocated, illegally obtained or illegally used during and after the cross-border data transfer;

(5) whether the data security and the rights and interests in personal information can be fully and effectively guaranteed;

(6) whether the responsibilities for and obligations in data security protection are fully stipulated in the contract concluded by and between the data processor and the overseas recipient;

(7) the compliance with China’s laws, administrative regulations and departmental rules;

(8) other matters for which the security assessment is required as deemed by the Cyberspace Administration of China.

 

Whether the contract between the aforementioned data processor and the overseas recipient fully stipulates the responsibility of data security protection, the following content needs to be considered:

 

(1) the purpose, method and range regarding the cross-border data transfer, and the purpose, method and other aspects regarding the data processing by the overseas recipient;

(2) the place and period for storage of the data overseas, and the treatment measures for such data upon expiry of its storage period, completion of the agreed purpose or termination of the contract;

(3) the constraint provisions restricting the overseas recipient from re-transferring the data that has been provided overseas to other organizations and individuals;

(4) the security measures to be adopted in the event that any material change occurs in the actual control or business scope of the overseas recipient, or that the legal environment of the country and region where the overseas recipient is located has changed so that it is difficult to safeguard data security;

(5) the provisions specifying the liability for the breach of any data security protection obligation, as well as the provisions on dispute settlement, which shall be binding and enforceable;

(6) the emergency response measures to be adopted in case of any data leakage risk, and the well-established channels for individuals to safeguard the rights and interests in their personal information.

 

At present, the State Cyberspace Administration has not yet issued a standard contract for cross-border provision of personal information under Paragraph 1 (3) of Article 38 of the Personal Information Protection Law. At this stage, it is recommended to carefully provide personal information overseas. If you really need to provide it, you should refer to the contents of the contract between the data processor and the overseas recipient, sign a contract with the overseas recipient, clearly stipulate the rights and obligations of both parties, and strengthen the responsibility of the overseas recipient to protect the personal information.

 

4.The Procedure of Security Assessment

 

Processing department: through the provincial network information department where the data processor is located, apply with the national network information department for security assessment of cross-border data transfer.

Application materials: declaration form, self-assessment report of cross-border data transfer risks, contract between the data processor and the overseas recipient or other legally effective documents, and other materials required for security assessment.

 

Acceptance and approval: The Cyberspace Administration of China shall determine whether to accept the assessment within 7 working days from the date of receipt of the application materials and provide written feedback.

 

Assessment department: After the national cybersecurity and informatization department accepts the application, it will arrange for the industry authorities, relevant departments of the State Council, provincial cybersecurity and informatization departments, and specialized agencies to conduct security assessments. For the export of important data, the Cyberspace Administration of China shall solicit opinions from relevant industry authorities.

 

Assessment time limit: 45 working days from the date of issuance of the acceptance notice to the date of assessment completion and provision of written feedback. If the situation is complicated or additional materials are required, it can be extended appropriately, but generally no more than 60 working days.

 

Assessment validity period: 2 years. If the subject needs to continue data export activities after the expiration date, it must reapply for the assessment within 60 working days before the expiration date.

 

Re-assessment:

(1) The purpose, method, range, and type of cross-border data transfer, and the use and method of data processing by overseas recipients have changed, or the overseas retention period of personal information and important data has been extended;

(2) Changes in the legal environment of the country or region where the overseas recipient is located, changes in the actual control of the data processor or the overseas recipient and changes in the contract between the data processor and the overseas recipient may affect the security of cross-border data transfer;

(3) There are other situations that affect the security of cross-border data transfer.

 

5.Conclusion

 

With the successive implementation of the three basic laws—Cybersecurity Law, Data Security Law and Personal Information Protection Law, China is establishing an increasingly improved security legal system. The Measures for Assessment further refines the relevant regulations. The comment solicitation for the Measures for Assessment has been closed as of November 28, 2021, and the official draft is expected to be published shortly after the comment solicitation. Those who violate the Measures for Assessment shall be subject to penalties under the Cybersecurity Law, Data Security Law and Personal Information Protection Law and other laws and regulations, and those who commit a crime shall be held criminally responsible in accordance with the law. Therefore, we recommend that relevant companies pay attention to and strengthen their own data compliance construction.

 

 

 

 

For more detailed information, please follow us: