Companies with an online presence in China may be surprised to learn that algorithmic features of their websites and online services may not comply with newly effective rules. The Cyberspace Administration of China's Internet Information Service Algorithmic Recommendation Management Provisions (provisions), adopted in January 2022, took effect on March 1.
A Summary of the Provisions
The scope of "algorithmic recommendation technology" subject to the provisions is quite expansive. Within its ambit are website features and online services that use algorithms to:
- create content ("generative or synthetic-type");
- make personalized recommendations;
- rank or select information;
- search or filter content;
- dispatch service providers; or
- otherwise provide information to users.
Those website features and online services must comply with a variety of new requirements, some of which are rather nebulous. Penalties for unrectified or grave violations can include fines between 10,000 and 100,000 yuan (approximately US$1,580-$15,800).
Provisions Related to Public Morality and Order
The provisions impose various obligations on algorithmic recommendation service providers to uphold public morality and order. Companies must use algorithms "in the direction of good" and not in activities detrimental to "national security and the social public interest" or "upsetting the economic and social order." They must regularly ensure that their algorithm models do not violate "ethics and morals, such as by leading users to addiction or excessive consumption." To those ends, the provisions mandate that businesses "vigorously present" information that comports with "mainstream value orientation."
Companies also must delete and terminate the transmission of unlawful information when discovered and report such unlawful information to the authorities. Nor may they use unlawful information as keywords for user interests or as tags for recommending content.
In addition, "providers of algorithmic recommendation services with public opinion properties or having social mobilization capabilities" must register through the Internet Information Service Algorithm Filing System and conduct security assessments.
Cyber-Management Practices
Good cyber-management practices are now mandatory. Among other practices, companies must establish systems for testing their algorithms (including ongoing testing), reviewing the ethical implications of their technology, protecting cybersecurity and responding to incidents, securing data and personal information, and countering fraud. Companies also must have "mechanisms for manual intervention and autonomous user choice;" in other words, there must be ways for humans to override the algorithmic results. Providers must explain how their algorithms work—and are encouraged to do so in a way that is transparent and understandable to users of their websites and services.
Competition and Consumer Protection
Anticompetitive uses of algorithms are proscribed. In addition, the provisions include a number of consumer (and worker) protections:
Manipulation and Deception: Algorithmically generated or synthetic content must be identified as such. "Fake news" is banned. So are many other types of deception and manipulation: "Algorithmic recommendation service providers may not use algorithms to falsely register users, illegally trade accounts, or manipulate user accounts; or for false likes, comments, reshares, etc. They may not use algorithms to shield information, over-recommend, manipulate topic lists or search result rankings, or control hot search terms or selections and other such interventions in information presentation; or to carry out acts influencing online public opinion, or evading supervision and management."
Targeted Recommendations: Companies must give users the right to opt out of targeted recommendations based on their personal characteristics and to choose or delete the "user tags" associated with them in company databases.
Minors and the Elderly: The provisions impose special obligations to protect minors and the elderly. When serving minors, providers must shield them against online harms, including inducements to unsafe or immoral actions. Of particular note to social media and gaming platforms, algorithms must not foster children's online addiction. Online information providers serving kids also have a duty to develop recommendation models that highlight information beneficial to their physical and mental health.
Similarly, algorithmic services provided to the elderly must be suited to their needs and vulnerabilities, including with respect to cybersecurity and fraud prevention.
Gig Workers: Algorithmic services provided to gig workers must protect workers' interests such as their rights to pay and certain benefits.
Prices, Terms, and Conditions: Providers of consumer goods and services may not use algorithms to engage in unreasonable price discrimination or other "differentiated treatment in trading conditions" based on "consumers' tendencies, trading habits and other such characteristics."
Customer Service: The provisions mandate "convenient and efficient" customer service for complaints about the algorithms' results.
The Broader Context
The provisions are part of a rapidly rising tide of AI regulation in China and around the world. The Cyberspace Administration of China is finalizing another regulation—this one on algorithmically created content, including technologies such as virtual reality, text generation, text-to-speech, and "deep fakes." The European Parliament and Council of the European Union are considering the comprehensive AI Act proposed last year by the European Commission. The U.S. Federal Trade Commission is considering a rulemaking "to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination." The White House Office of Science and Technology Policy has begun work on an "AI Bill of Rights." These efforts are on top of the restrictions on automated decision-making included in the GDPR and various U.S. state privacy laws.
It is too early to say whether these varying efforts ultimately will produce regulatory harmony or dissonance across jurisdictions. In the meantime, however, companies can take practical steps to stay ahead of the curve.
* * * * *
Reprinted with permission from the March 24, 2022 of CORPORATE COUNSEL © 2022 ALM Media Properties, LLC. All rights reserved. Further duplication without permission is prohibited.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
