In the afternoon of October 19, the 15th lecture ofthe "Interdisciplinary Salon of Law" hosted by the China Institutefor Social-Legal Studies of Shanghai Jiao Tong University was successfully heldonline. The topic of this lecture was "Data Governance and PrivacyComputing", which was delivered by Sha Wenhao, the director of ZeroUniverse Institute. Professor Lin Xifen of Shanghai Jiao Tong University KoguanSchool of Law and Vice President of China Institute for Social-Legal Studiesthe moderator, Professor Zheng Ge of Shanghai Jiao Tong University Koguan School of Law and Associate ProfessorZhang Chen Guo of Shanghai Jiao Tong University Koguan School of Law were thepanelists, Senior Professor of Liberal Arts of Shanghai Jiao Tong Universityand President of China Institute for Social-Legal Studies, Ji Weidong, VisitingDistinguished Professor Qin Yulin of Shanghai Jiao Tong University Koguan School of Law. The lecture wasattended by more than 100 students and teachers from universities, researchinstitutions and practice departments.
Moderator Prof. Lin Xifen firstly welcomed thearrival of President Sha Wenhao and introduced him as the President of LingyaoUniverse Research Institute, who has in-depth research in data governance,industrial research and related consulting fields. He has more than 25 years ofworking experience in the consulting field, including nearly 18 years ofexperience in large scale project implementation and strategic planning and managementof multinational enterprises in Japan, and has rich research experience andinsights in the field of enterprise research, including data and informationindustry.
Before starting the lecture, President Ji Weidongexpressed his welcome and appreciation for President Sha's lecture on behalf ofthe China Institute of Law and Society. He said that both China Institute forSocial-Legal Studies and Koguan School of Law focus on interdisciplinarygovernance research of meta-universe and big data, and interdisciplinaryresearch requires a real intersection of technology and legal knowledge. At thesame time, President Ji hoped that this would be an opportunity to build aplatform of "industry-academia-research integration" through mutualcooperation, so as to further deepen the exchange between academia, science andindustry, and to explore more possibilities of cooperation in the future. Hethinks all the students and faculty members are looking forward to the contentof this lecture.
Taking the various problems brought by thecirculation of data elements in modern society as the starting point, PresidentSha Wenhao firstly introduced four important issues faced by enterprise datagovernance, including: firstly, insufficient driving force and inconspicuousbusiness value; secondly, lack of integration between systematic planning anddesign and actual practice, organization and working mechanism need to berefined; thirdly, inappropriate selection of entry point and path forimplementation and poor implementation effect; fourthly, emphasis on Fourth,the construction of standards and platform functions, the application ofscenarios is not enough. In response to these real-life issues, President Shapointed out that organizations or enterprises need to realize digitaltransformation based on agile data governance (DGOps) model, and focused on thespecific content of agile data governance (DGOps) based on intelligentoperations and maintenance (AIOps).
Secondly, President Sha Wenhao gave an in-depthanalysis of the issues related to data security. He divided digital securityinto information security, network security and data security, and focused onexplaining the content and technical framework of data security. Among them,the data security framework includes five aspects: software and hardwaresecurity, data integrity, model confidentiality, model robustness and dataprivacy. In the specific governance of data security, President Sha compareddifferent data governance models and introduced in detail the framework andcontent of intelligent data governance, especially the process of constructingdata asset management and knowledge graph.
Again, President Sha Wenhao introduced homomorphicencryption, the most critical technology to achieve privacy computing.Homomorphic encryption (HE: homomorphic encryption) is an encryption algorithmthat satisfies the nature of ciphertext homomorphic operation, i.e., after thedata is homomorphically encrypted, a specific computation is performed on theciphertext, and the result of the ciphertext computation and then thecorresponding homomorphic decryption of the plaintext is equivalent to the samecomputation performed directly on the plaintext data, so as to realize the"computable invisible" of the data. President Sha analyzed in detail the two main types of algorithms:semi-homomomorphic encryption and full homomorphic encryption.
During the lecture, President Sha talked about howto apply artificial intelligence, knowledge graph, homomorphic encryption andother technologies to legal practice, hoping to truly promote the constructionof data governance and artificial intelligence system through the exchange andcooperation with the legal community.
As a panelist, Prof. Zheng Ge expressed hisgratitude to President Sha Wenhao for his wonderful sharing. He commented ontwo main aspects: first, there are differences and complementarities betweenDean Sha's data governance based on enterprise management perspective and thedata governance based on regulatory perspective in legal academia. The formermainly refers to how enterprises manage the data they own to achieve theirpurposes and service functions to society; the latter adopts an externalregulatory mindset and focuses on the attribution of responsibility when enterprisesthat use data and control data bring harm to legal subjects. Second, how toestablish an institutional design that combines data governance of enterpriseswith data governance of law. Since both the traditional rights-based legalmodel and the command-and-control model of regulation cannot effectively playthe role of rights protection and risk control, it is necessary to adopt a morepragmatic institutional design solution of having the law set the frameworkbasic principles, transferring the corresponding principles to the controllersand controllers of data through platform responsibility, internalizing theminto their operating guidelines and operating costs, and then having thegovernment monitor and punish them from the outside.
Associate Professor Chen-Guo Zhang analyzed twoaspects of individual privacy protection in the context of specific judicialcases: first, how to legally view the user use agreements provided byplatforms, apps, etc.? The nature of the user agreement can determine the basisof the legitimacy of the data obtained by the data company or platform, whichis worthy of in-depth analysis. Second, how should the property right of databe attributed and what kind of law should be used to regulate the flow of data?In the determination and regulation of data ownership, the EU adopts theregulation through contract and property, while China adopts the competitionlaw framework to regulate. The two different regulatory paths differ in termsof specific targets and methods, and the use of law and technology to improvethe protection of personal information still requires in-depth discussion.
In the exchange session, Qin Yulin, a visitingprofessor at Koguan School of Law, pointed out that the relationship between AIand law has two aspects: on the one hand, the law mainly regulates AI to enableits healthy development; on the other hand, the law also needs to absorb andapply AI technology to establish an AI legal system. The graph database andknowledge graph mentioned by President Sha Wenhao in his lecture are importantinspirations for the construction of AI legal system.