Rountable
Fu Tong, Jackie Long, Tai Jiangli 

面对中国互联网和科技领域不断变动的监管环境,以及企业本身在技术和商业模式上的快速发展,TMT领域的总法们发现自己要在愈发加剧的不确定性中展开工作。在本专题中,TMT领域总法将分享该领域最新动向,以及她们是如何带领团队面对挑战的。

 

ALB:中国近期颁布了一系列网络安全及信息保护法律法规、标准建议等。这些新法如何或将如何影响您所带领法务团队的工作?

京东数字科技集团副总裁傅彤:《网络安全法》及配套的法规、标准的出台,以及近期《数据安全法(草案)》征求意见稿的发布,对企业履行网络数据安全义务、落实网络数据安全保护措施提出了更明确的要求,法务需要对法规条款背后的具体安全技术措施、管理手段具有准确的理解和认识,储备网络数据安全技术相关的知识、积累实践经验,从公司自身的实际情况分析公司合规现状,提出符合公司基础设施、业务产品、组织发展需要的合规措施。法务团队需要且应能够与技术团队对话,熟悉基本的IT术语、技术方案、技术架构,了解技术团队在做什么,能够分析出当前技术方案与网络安全法规、标准要求的差距是什么,以及如何优化,这都是对法务团队提出的新要求。

搜狗科技法律部总经理龙瑾湘:2019年可以称为中国个人信息和数据安全的规整之年,这一年陆续颁布的法规对互联网公司,尤其像搜狗这种以AI作为未来发展方向的公司产生了较大影响。

搜狗法律部早在2017年就开始关注与个人信息相关的法律风险,因为我们的产品,例如输入法、搜索引擎,都和个人信息相关。所以我们提前做了几件事:第一是团队的知识升级,针对新的法律法规、规章制度、国家标准进行学习,同时参照并借鉴其他国家的法律原则、发展趋势——例如欧洲的GDPR,加州的CCPA,还有日本及其他国家的立法——来推测国内的立法和监管趋势。

接下来的问题是怎样为公司制定合规制度。我们因此做了团队的组织升级,组建了专门团队,负责个人数据和信息安全相关的风控和分析工作。

第三点,法律部启动个人信息合规制度的制定和执行。我们从输入法开始,逐步拓展到全部产品。与外部律师和业务部门的同学们一起,逐一排查产品风险,输出针对具体产品形态的定制化合规方案。随后,在公司领导的支持下,联合大数据部、业务线合规部、政府关系部、技术工程部,共同推进规则在公司内部从上到下的执行。

个人信息和数据安全未来是和企业存续息息相关的问题,基于这样的理解,法律部要做好提前布局,而且在尺度把控上要稍微严一些。虽然互联网公司目前仍处于争夺数据、“数据为王”的阶段,但是尺度必须把控好,否则如果突然间被要求关闭整改,这种风险对企业来说是难以承受的。所以我们要既能满足企业对数据应用的需求,关注到用户的隐私需求,也在外部监管层面有比较稳定的形象和输出。

北京字节跳动法务总经理邰江丽:近期我国颁布的一系列相关法律法规与国家标准,体现了国家在大数据时代保护公民合法权益,促进数字经济健康发展的价值目标,对我们法务工作的影响主要包含以下四个方面:

首先,《民法典》《网络安全法》《个人信息安全规范》等法律与国家标准,逐步完善了信息与数据安全的制度性框架,并明确了相关主体的权利义务。如何将这些法律的规定转化为可落地执行的合规实践方案,将是对法务的挑战。由于我们始终要求法务在精研法律的同时,深入产品业务的具体场景,与业务进行深度沟通,因此我们对产品及行业的理解一定程度上会更加全面深入,在后续合规落地方面对产品业务的影响也会更加积极有效。

其次,国家标准的制定与颁布,为我们进一步优化与完善数据安全合规评估流程起到了积极助推作用。合规流程的设置与布局关系到评估工作的效率与质量。我们也在原有的法务评估流程基础上,明确与优化了产品数据合规评估的细则与流程。

再次,网络与数据安全合规是跨领域、跨知识学科的系统性工作,需要法务与技术研发和产品运营等多部门有效协同。在法律与标准不断完善的背景下,我们立足自身专业能力,发挥合规评估枢纽的岗位特点,组织协同多部门,搭建与完善跨部门的协同评估机制,强化数据合规的中台能力。

最后,数据经济的底层逻辑决定了行业共治才是有效维护网络与数据安全的根本之策,因此我们也积极参与到行业相关标准讨论与行业自律的相关工作中,在吸收行业优秀合规实践的同时输出我们数据安全方面的实践探索,为社会做出应有的贡献。

“立法滞后于业务发展是科技公司面临的常态,但是这并不意味着业务可以没有规则地任性开展。”
- 傅彤,京东数科

ALB:科技公司都在不断采用新技术、推出新产品或新商业模式,但与此同时法律法规可能尚存空白。在这种情况下,您和您所带领的法务团队是如何向业务团队提供意见、支持业务发展的?是否可以举几个实例?

傅彤:立法滞后于业务发展是科技公司面临的常态,但是这并不意味着业务可以没有规则地任性开展。无论在哪个领域,我国的法律法规体系总体来说都是完备的。即便缺少对具体问题的规定,也一定能够在其总的原则之下找到可行的评估路径,预判可能存在的法律法规风险。在这种情况下,我们的法务团队会更加关注于事务本质与核心,从经验与专业的角度出发,对问题进行评估,洞悉立法本意的同时时刻关注立法动态。

龙瑾湘:所谓的法律层面的不确定性,其实是互联网公司的常态,互联网公司某种程度是在规则边缘游走,而且在技术创新之外,互联网公司可能更多引领了商业模式的创新。我认为没有绝对的法律空白,例如任何一种技术或商业模式,一旦被诉,法院一定会结合多维度的信息、理念和分析给出判决,不会因为目前没有明确的法律规定就不判了。所以对于法律的预判,是非常考验公司法务的专业基本功的。

举个例子,比如搜狗的AI分身功能,对目标人物的肖像、声音进行收集,生成AI虚拟形象,能够模拟目标人物的形象和声音。这个产品在创建初期其实面临着很多法律问题,法律部于是采用了这样的方法:第一,我们考察了产品中可能涉及的法律问题,发现最关的是声音:声音属于什么权利?如何去使用?当时法律没有规定。所以法律部对当时既有的学术观点进行了梳理,最后提出声音权应该归属于人格权,和肖像权类似,随后参照肖像权的法律规定,通过让目标人物统一授权的形式来规避法律风险。现在《民法典》出来,也认可声音权就是人格权,说明我们的预判是正确的。

第二,我们要防止分身技术的使用不当,因为它有可能会被用于虚假宣传和诈骗。法律部于是采取了三项措施:为了保护用户的知情权,我们在分身产品上标明“搜狗AI合成技术”,明确告知受众;第二是通过对潜在合作伙伴进行风险分级,来评估合作的风险,决定最后是否合作。例如和媒体合作,就会选择类似新华社这样的主流媒体;和金融机构合作,就会选择银行,而不是P2P或现金贷类的公司。第三,从责任划分入手,我们会和合作伙伴做明确约定,使用产品导致的相关法律责任由对方来自行承担。

最后,针对行业可能会出现的技术滥用,搜狗也积极呼吁立法,规范行业秩序。搜狗CEO王小川作为全国政协委员,在今年的两会中进行了规范行业秩序的提案,提出了立法建议,我们给予法律上的配合。

整体来讲,我们会紧扣立法原则、趋势,参照学术观点、行业基本尺度,研究法院的类案判决,来预判风险。

邰江丽:互联网科技公司的法务需要主动承担支持新技术、新型商业模式发展的责任,需要具备灵活运用法律知识的能力以及对产品行业的充分理解,在法律法规可能尚存空白时,创新性地为公司商业决策合规化制定具体而清晰的计划,并由此确定产品未来的法律路径和所需的法律支持。互联网科技企业对于法务的要求,不仅仅需要法律上专业过硬,对相关前沿案例与法律问题有所研究,也需要将视角扩大到对行业惯例规则和技术发展的把握,这也要求法务能够不断适应并拥抱变化,持续自我驱动,不断提升自身能力。

比如在维权工作中,15秒的短视频是否具有著作权法的独创性在司法界和学术界均有较大争议,如不能有效确定此类视频的作品属性,将严重影响平台内创作者的创作积极性,并无法从法律角度有效打击盗版侵权行为。法务着重从产品特征、内容素材选择、内容表达完整性等角度论述短视频的独创性,最终让法院接受作品的独创性与时长无关的观点,认定15秒内的短视频可构成作品,受法律保护,有效保障用户权益和业务发展。

 此外,在维权取证方式上也依托技术提高维权效率,比如某个短视频平台大规模搬运我们平台短视频内容,侵权短视频数量数以万计,海量的侵权内容对法务在维权过程中如何快速有效固定证据提出巨大挑战。在该案中,法务积极采用电子自动化取证技术,在3天内实现10万量级的短视频比对取证,完成了传统公证需要4-5个月的工作量,快速制止侵权并确立了电子取证方式在类似维权案件中证据形式的法律效力。

ALB:公司所需要的法律服务中,目前多大比例由内部律师完成,多大比例由外部律师完成?您未来将继续拓展法务团队规模吗?

傅彤:目前超过90%的法律工作由内部团队完成,聘请外部律师的主要是需当地执业资质的海外业务、依行业惯例需律师参与的投资并购业务等。根据公司业务的不断扩展,法务支持的领域和业务规模都在不断增加,法务团队也会相应调整,在招聘新员工的同时,我们更加强调现有团队的提效和赋能。

龙瑾湘目前我们的法律工作80%由内部律师承担,此外20%——包括诉讼和更专业化的法律专项则会交给外部律师。

搜狗的法律管理工作已经走向了业务和运营的多个环节。在目前的规划中,当公司的法律风控实现常规化和系统化运作后,法律部会更有能力主动地向业务部门提供更前瞻的分析和意见。

举例来说,在开展新业务时,我们不希望业务部门“进了坑”再来寻找法律部协助,法律部可以通过总结前人经验,例如通过梳理公开的诉讼案例,来分析前人的“坑”都在哪里、如何去规避。然后把具体意见传达给业务部门。未来法律部的工作更侧重于前瞻性,而且分析和方案会更细致,减少业务的试错成本,法律团队也会随需求拓展。未来法律部不是仅完成事务性工作,还要对新的战略性产品进行提前分析和持续观测,并系统化地管理风险。

我认为法律部要做最有价值的工作,把重复性、事务性的工作外包,或者通过系统完成。未来我预测内部律师的工作比例会下降,例如到70%,但其中高价值的工作比例会上升,比如构建公司内部整体的风险管理防控体系、个人信息合规体系。未来使用外部资源的比例大概会上升到30%左右。

“其实法务团队的发展需要比产品技术发展跑得更快一点,才能更好的支持公司产品业务的创新。”
- 邰江丽,字节跳动

邰江丽:目前还没有具体统计比例,中国法务团队有一百多人,大部分法律工作是内部法务直接支持,公司法务团队有很多同事有律师工作经验。作为互联网科技公司,整体节奏会比较快,对于法务需求响应的及时性要求比较高,有时候要求当场反馈,法务会直接现场支持。此外,在产品研发的保密阶段,涉及到产品功能、数据合规及信息安全方面的法律支持,基于保密和及时性的原因,也主要由内部法务完成。其他涉及到行业调研以及部分诉讼案件的代理工作,会需要外部律师支持。

目前的法务团队规模已经较大,未来希望能从技术、系统及流程上提高人效,确保法务团队的规模和公司产品业务发展相匹配。其实法务团队的发展需要比产品技术发展跑得更快一点,才能更好的支持公司产品业务的创新。

ALB:作为一家科技公司的法务团队,您的团队使用了哪些法律科技工具?您是否对以科技辅助法务工作有某种宏观规划?

傅彤:集团内部管理方面,在传统的合同管理系统、诉讼管理系统之外,我们正在建设嵌入全业务流程的知识产权管理系统、合规管理系统,为法律合规工作提供更加智能化、可视化的信息化工具。在业务中,数科集团大量使用电子签名等技术,同时与互联网法院、仲裁机构合作建设基于区块链的司法存证系统。技术输出方面,数科集团利用自身科技优势,积极为智慧法院提供服务,如为北京市第三中级人民法院建设的以VR电子诉讼服务为核心的一站式诉讼服务中心。未来,集团将继续以大数据、人工智能、机器人、区块链等技术服务于法院的具体应用场景,提升法院智能化建设水平,为群众提供更好的服务。

另外,随着对个人信息保护日趋严格的监管要求,在为C端用户提供服务的产品中,为提升全生命周期的用户隐私安全合规管控水平,法律合规部联合研发部门开发了APP合规检测工具,自动扫描APP是否违规收集用户信息、是否违规调取用户权限以及是否嵌入了第三方的SDK等,极大提升了合规工作的效率和水平。

龙瑾湘:搜狗是一个特别注重IT系统化的公司,公司最基础的审批流都是基于自己开发的内部程序完成的,例如法律部的合同管理、专利管理、法律风险防控体系,以及法律部内部使用的法律百科。

以法律风险防控体系为例,必须通过系统的物理节点,才能真正把控住风险,单纯的书面制度推行程度有限。所以法律部一旦通过人工手段验证了某种制度的可行性,就会要求通过线上系统去完成。风险防控体系的搭建需要法律部和业务部门共同完成,一旦完成风险识别和评估打分,就把它放到系统里,形成了契约形式的落地方案,然后在执行过程中,由系统定期去发通知和核查,检查是否按照约定进行。

再例如合同审核,除了审核模板、定制化开发等基础动作,我们还加入了文本一键比对、OCR等技术模块,引入了企业信用平台,对于合同相对方,直接通过信用平台进行合作方预警,尽量提高整个系统的智能化水平。

此外还有法律百科,最初目的是把律师的专业知识积累为一个部门的智慧资产,把我们过去评估过的全部法律风险点、法律分析、诉讼案例、操作指引等内容按结构化标签输入到系统里,大家共同检索、编辑、共享。法律百科最终想达到的状态是:当新产品产生,业务部门来咨询其存在什么风险,我们就可以把新产品拆分成几个法律关键词,直接由系统输出相关的法律分析、诉讼、解决方案记录,就能更快地完成风险评估和提出解决方案。

未来我们希望把法律百科和公司的财务、人力等信息打通,形成一个更全面的风险评估工具。

邰江丽:字节跳动公司通过效率工程部的系统工具提高内部工作效率,法务部通过自己的法务系统,支撑公司建立以法律风险防控为核心目标的落地,构建以人员、制度、知识、流程建设为基础的高效化、规范化法律事务和合规管理体系,为公司产品业务的合规发展保驾护航。

此外,我们的法律知识中心以及内部培训系统也在持续迭代优化,同步建设公司内部法律专业人才体系化成长系统,完成企业法务能力模型、知识图谱及学习成长体系、培训及知识沉淀管理机制,在确保法律服务质量的前提下不断提高效率。

科技对法务工作的支持是显而易见的,未来希望能够通过科技手段系统化地建立企业法务合规管理的生态圈,整合相关资源,连通在线公证机构、电子签和区块链存证机构,律师律所服务平台、智能硬件和内容服务供应商等,便利确权维权及纠纷解决,提升企业法务合规管理能力。建立企业法务合规管理的整体解决方案、管理经验和标准化产品,向公司和行业输出合规最佳实践和法律服务产品。

ALB:在参与公司做出商业决策和制定发展规划方面,您和您所带领的法务团队扮演着怎样的角色?您如何规划提升法务团队在整个公司中的参与度与重要性?

傅彤:对于大多业务而言,“法”和“规”都是抽象、陌生的。法务团队要做的不是提要求、摆规定,而是要作为法律专业人士钻进业务中去,了解业务的真实诉求、客观限制。我们扮演的是“参与者”而不是“评判者”。我们会积极参与到项目的交易结构设计、流程梳理中去,将法律法规的要求随着业务的诉求转化为可行的产品方案。这其中的关键,还是要走进业务中去,切实了解了业务,结合法律人的专业知识,法务团队的建议才更能被人信服、更有分量。

龙瑾湘:搜狗法律部目前分为五个组,其中一个是BP(商业伙伴)组,我们要求从项目一开始就和业务伙伴在一起,BP律师起到更重要的作用。当然,这也和法律部本身的能力有关,如果内部律师不仅懂法律,还能用商业语言去对接业务,那么业务部门也愿意让法律部提前介入;假如你一出面就谈风险,业务就会在风险阶段才想到你。所以我要求团队真的贴近业务,学习业务语言和逻辑,甚至财务知识,这样其他部门才会觉得法律部能助力,才愿意更早、更多让我们参与到项目中。

法律部发展分三个阶段:事务型法务、管理型法务、战略型法务。真正达到战略型的团队并不多,这是我们前进的方向。

“法律部现在法律建议的采纳率已经达到80%以上。”
- 龙瑾湘,搜狗科技 

我认为最关键的还是提高自身能力,并且适时让公司认可法律部带来的价值。目前搜狗法律部更多扮演的是战略规划和决策的执行者,当公司制定了新战略和规划,法律部就会相应做出法律层面的预备。例如公司的战略是发展智能硬件、数字家庭医生,并为输入法制定新的发展规划,管理型法务通过紧密联系业务,很快能够明白自己的角色,就不用再等业务部门分工。

以智能硬件为例,法律部会把和智能及传统硬件相关的几千件诉讼案例全部梳理出来,甄别出强相关的几百件,分类归纳,看看之前的纠纷争议点有哪些、法院是如何处理的,并倒推出业务部门在整个链条中面临的风险点。随后我们会拿这份清单去和业务部门交流,这样做的好处是,首先,业务部门和法律部对业务的整体风险有全面视角,并且可预判风险,做出防范措施;其次,业务部门在具体对外谈判和对内业务规划流程中会更有针对性;最后,法律部会根据适用的情形来完善合同和交易文件,做好保证金和证据的获取,不会再狼狈应对之后的问题,形成执行闭环。

我们现在法律建议的采纳率已经达到80%以上。一是法律部提供的是量化的建议,例如目前的产品形态会有百分之多少的被诉概率、被诉后可能的判赔额是多少。业务部门可以通过收益核算来决定是否采纳法律部的意见。此外我们还会提供非常具体的方案,比如如果面临诉讼,法官通常会考虑哪个关键点,产品其他地方不用改,只改这个点就可以,所以业务部门更愿意配合。

现实中,在产品上线前同步法务是很难做到的,我们法律部当时也做了很多公司内部的公关工作,并通过一些具体的实施策略,让大家知道法律部真正能助力业务的健康发展。与业务部门的合作多了,真正能解决问题了,业务部门自然会有更多的信任。

我们的目标还是控风险和促发展,达到法务和业务的平衡融合。通过把法律管理嵌入公司运营的各个环节,并且通过系统实现。抓主要产品、核心资产,提供更前瞻的法律预备,实现公司快速和持续发展,这样法律部的重要性就能够提升。

邰江丽:关于如何提升参与度和重要性,我们法务团队为各个产品配备法务BP,成为有法律专业技能的Business Partner。传统上法务是一个在法律条款内提供服务的岗位,但互联网科技公司,法务除为公司日常营运提供必要全面法律支持外,还需要有创新的思维去思考产品及商业实践问题。互联网公司法务会从产品产生商业创意之始就介入提供法律服务,并深入商业过程的每个环节,包括产品设计和推广的各个流程,在满足合规要求的前提下,用产品和商业的思维去给出符合产品及商业发展的法律建议。

此外,互联网科技公司的法务还必须具备洞察与创新的能力,互联网法务的法律支持不能仅停留在具体问题层面,还需储备完整法律知识体系,熟练掌握相关执法裁判尺度,不断深入前沿问题研究,并对相关法律知识有足够的了解和敏锐度,对未来监管措施有前瞻性预判,积极与互联网治理各方主体保持沟通,思考如何在法律规定的框架内应用法律解决问题;在缺乏法律适用时,如何通过法律基础理论去解释说明新业务模式遇到的法律问题,进行规制创新,保护新型商业模式。

互联网科技公司对产品及商业合规的重要性认知比较好,特别是在新的商业模式和产品研发过程中,合规流程更是不可或缺。法务在提供法律建议时不仅要定义合规原则,还要建立具体政策、治理结构、权责框架和员工培训,将合规制度转化为有效行动,带动整个产品相关合规部门的强力协作,跟进合规执行并不断动态迭代优化提高公司整体合规水平。


GC Roundtable: TALKING TECH

With constantly changing regulations domestically and the rapid growth of new technology and business models, general counsel in the TMT sector are finding themselves working in an increasingly uncertain climate. In this feature, TMT GCs share the latest trends in this sector and their ways of tackling challenges.

 

ALB: Chinese regulators have published a series of cybersecurity and data protection regulations in recent months. How have or will these new regulations affect the daily work of your legal team?

Fu Tong, Vice President at JD Digits Group: the newly promulgated Cybersecurity Law and its supporting regulations and standards, and the newly released draft of the Data Security Law pose more concrete requirements towards companies on issues of data protection and the stipulation of related measures. In-house counsel should explore the specific measures to truly comply with those new laws by accumulating more knowledge and practical experiences. Meanwhile, we need to analyze the current compliance situation of our own company, in order to stipulate compliance structure in line with our infrastructure, products and institutional structure. In-house counsel should be on the same page with our tech teams by being familiar with basic IT terminology and technical solutions. We should understand what exactly our tech teams are working on and evaluate the current tech plans with the new laws, therefore to raise optimizing plans.

Jackie Long, General Counsel at Sogou Technology: 2019 was known as “the year of personal privacy and data protection”, and Internet companies – especially the ones like Sogou who sets artificial intelligence as its future strategy – are deeply affected by those new laws.

Considering the nature of our products, namely input method and search engine, Sogou’s legal team began to pay attention to personal privacy protection back in 2017. We did a few things in advance. Firstly, we organized the whole legal team to study the new laws, regulations and national standards, at the same time, we began to study the legal principles from other countries/regions - for example, Europe’s GDPR and California’s CCPA – to better equip ourselves with the knowledge concerning the latest legal trends.

Secondly, we re-organized our legal team by forming a specific team responsible for the risk control and analysis in the area of data protection and cybersecurity.

Finally, we began to stipulate and execute new data compliance systems inside the company. By working together with business teams and external lawyers, we went through all our products one by one, trying to develop specific compliance model suitable for different product. By the strong support of our management team and various different departments, we finally renewed the whole compliance systems inside the company.

Data protection and cybersecurity are matters of life or death for companies in the future. Holding this belief, our legal team tends to adopt tighter internal standards. Although internet companies are still in the stage of fighting for data, we must behave inside the circle, and we’ve already seen cases where some internet companies were required to shut down or to rectify the whole business. So for us, we need to attend our company’s need for data, meanwhile build a stable image as a lawful company.

Tai Jiangli, Legal GM, ByteDance China: China has stipulated a series of laws, regulations and national standards recently, aiming to protect citizen’s due rights and to promote the robust growth of our digital economy in the big data era. Those new moves have affected our legal team’s works in four ways:

Firstly, laws and standards like the Civil Code, Cybersecurity Law and the Information Security Technology - Personal Information Security Specification have further completed China’s information security and data protection legal system, and clarified different legal entities’ rights and obligations. Meanwhile, in-house counsel faces the challenge of transforming these new laws into practical compliance plans. By requiring our legal counsel to not only understand law, but also understand business scenarios and have thorough communications with the business teams, we now do have deeper understanding of the industry and our own products, which will benefit us a lot when trying to develop new compliance models that can contribute to the growth of our business.

Secondly, the stipulation of the national standards has positive influence on the optimization and completion of our data security compliance assessment process. In fact, the design of the compliance process is key to the efficiency and quality of our assessment work. On the basis of previous assessment, we have clarified and optimized our assessments’ details and processes.

Thirdly, since cybersecurity and data compliance is systematical work requiring multi-disciplinal background, it requires the legal team to work effectively with various departments such as the technology development and product operation teams. Our legal team has strengthened the role of the main coordinator and the “middle-end” and has been endeavouring to build a multi-departmental assessment mechanism.

Finally, the basic logic of the digital economy decides that we must reply on community wisdom to protect cyber and data security. Therefore, we’ve been participating proactively in the discussion of building industry standards and forming industry ethnics. By learning lessons from our peers and sharing our own experiences, we hope to make our own contribution to society.

“Legislation lagging behind constantly evolving technology is quite normal for technology companies, but it doesn't mean that we can develop our businesses arbitrarily.”
- Fu Tong, JD Digits Group

ALB: TMT companies are constantly adopting new technology and new business models, and they sometimes find themselves in areas not yet covered by the current legal system. How is your legal team advising and supporting the business in these circumstances? Could you give us a few examples?

Fu: Legislation lagging behind constantly evolving technology is quite normal for technology companies, but it doesn't mean that we can develop our businesses arbitrarily. China's legal and regulatory systems are generally complete in all industries, according to which we can always find feasible ways to evaluate and predict possible legal and regulatory risks. Therefore, our legal team pays more attention to the core matters and legislative trends, and gains insight into the legislative intent.

Long: the legal uncertainty has already been a new norm for Internet companies. In addition to technological innovation, Internet companies also lead innovations in business models. The regulatory framework is trying to keep up with these innovations. I don't think there is something as an absolute legal grey zone. For example, once a lawsuit was filed against an Internet company, the court would definitely render a ruling based on multi-dimensional information, ideas, and analysis. Therefore, in-house counsel needs to have solid legal knowledge to make accurate forecasts from the legal perspective.

I can use Sogou's AI avatar function as an example. This product can produce an AI virtual image of a certain person by detecting, capturing, recognizing and simulating the image and voice of the target, which faced many legal and regulatory issues in the early stage. To respond to those issues, we first investigated the legal issues that might be involved and identified the usage of human voice as the key issue. After researches, we proposed that given the voice rights are similar to the image rights, legal risks can be avoided by requiring the target person to give an overall authorization for the use of personality rights. The newly promulgated Civil Code confirms our projection – voice rights are indeed personality rights. 

Secondly, to prevent the avatar technology from being used for false publicity and fraud, we adopted three measures: labelling all Sogou avatar products with the mark "Sogou AI synthesis technology," conducting cooperation risk assessment of potential cooperation partners, and making clear agreements with our partners on the legal responsibilities related to the use of the relevant products.

In response to the possible abuse of technology in the industry, Sogou actively calls for legislation to regulate the industry. We provided Sogou CEO Wang Xiaochuan, a member of the National Committee of the Chinese People's Political Consultative Conference, with legal support in making proposals for regulating the TMT industry in the “Two Sessions” this year.

All in all, we forecast risks by closely following the legislative principles and trends, referring to academic viewpoints and basic industry standards, and studying court rulings on similar cases.

Tai: As in-house counsel of an Internet technology company, we need to take the initiative to support the development of new technologies and new business models; where there're legislative gaps, we need to be innovative on the basis of fully understanding the industry and our products, and make specific and clear plans to ensure the compliance of company's decision-making, and therefore decide the possible legal routes of and legal supports needed by our products. Internet technology companies require their in-house counsel to have strong legal expertise, and meanwhile to be able to grasp the industry practices and technological development. We need to be adoptive and willing to embrace changes, and to be self-driven to update our capabilities.

For example, in terms of rights protection, whether a 15-second short video has the originality as set forth in the copyright law is a highly controversial issue in the judicial and academic circles. If we can’t establish the nature of those artworks, we might hurt the creators and won’t be able to combat piracy. Our legal team then did researches in many aspects and demonstrated the originality of the short videos; the court finally accepted the opinion that the originality of the work is irrelevant to the length of time, and ruled that short videos within 15 seconds can be deemed as the work under the copyright law and protected by law. Users' rights and interests and the company's business development are therefore effectively protected.

Furthermore, we rely on technology to improve our work efficiency in the protection of rights. For example, a short video platform infringed upon the rights of our platform by copying and publishing plenty of short videos that were originally published on our platform. Tens of thousands of short videos were involved, which posed a great challenge for us to quickly and effectively fix the evidence. Our legal team used electronic automated evidence collection technology and finished the comparisons and fixation of evidence within three days, which would have taken a traditional notarization 4-5 months to complete. By doing this, we quickly stopped the infringement and established the legal effect of electronic evidence collection in similar rights protection cases.

ALB: How much of your legal work is done internally today versus through outside counsel? Are you looking to build out your team further?

Fu: Over 90 percent of the legal work is done by in-house lawyers. External lawyers are employed for handling overseas businesses, and investment and M&A projects. Our legal team will be adjusted in line with the company's business expansion. We'll emphasize the efficiency and empowerment of the existing team while recruiting new members.

Long: 80 percent of the legal work is undertaken by our in-house lawyers, while the other 20%, including litigation and certain projects, is handled by external lawyers.

According to the current plan, the legal department will provide business departments with more forward-looking analysis and opinions when the company's legal risk control has become routine and systematic.

For example, when the company launches a new line of business, we hope that the legal department could help the business department avoid risks by drawing on the previous experiences, for example by sorting up previous cases, we can provide detailed error-avoiding suggestions to the others. The legal department will focus on forward-looking work and reducing the cost of trial and error in the business. In addition to routine work, we'll conduct early analysis and continuous observation of new strategic products, and systematically manage the risks.

"I think the growth of in-house team should even be faster than that of the product, only in this way can we better support the company’s innovation."
- Tai Jiangli, ByteDance

I think the legal team should take up more value-adding works in the future and outsource paperwork and repeatable works. I predict that the percentage of legal work undertaken by us will be reduced to 70 percent or so, with the focus on high-value work such as the construction of the company's overall risk management prevention and control system and personal information compliance system. The other 30 percent will be outsourced to external lawyers and services.

Tai: We currently don't have a specific proportion. The legal team of ByteDance China has a headcount of more than 100 people, handling most of the legal work for the company, and lots of us have experiences working as lawyers before. Internet technology company has rather rapid working rhythm and usually requires in-house counsel to respond timely, even on-site. Besides, considering that during the confidentiality stage of product development, legal supports related to product functions, data compliance and information security are also confidential, and therefore need to be handled in house. We usually seek the support of external lawyers for work related to industry researches and some litigation cases.

Given the relatively large size of our legal team now, we hope to improve efficiency and productivity from technology, system and process aspects in order to better support the company's product and business innovation. Frankly, I think the growth of in-house team should even be faster than that of the product, only in this way can we better support the company’s innovation.

ALB: As the legal team within a tech company, how would you describe your own approach to using legal technology? What kind of roadmap have you created?

Fu: In terms of internal management of the group, in addition to the traditional contract and litigation management systems, we're building an intellectual property management system and a compliance management system embedded in the entire business process to provide more intelligent and visualized information tools for legal compliance work. JD Digits Group also uses many other technologies such as electronic signatures, and meanwhile cooperates with Internet courts and arbitration institutions to build a blockchain-based evidence preservation system. The group will continue to serve the specific application scenarios of the courts with technologies such as big data, artificial intelligence, robots, and blockchain, to help improve the intelligent construction of the courts.

Furthermore, the legal department and R&D department jointly developed an App compliance testing tool to improve user privacy protection and compliance management when providing services to individual consumers, so as to meet the increasingly stringent regulatory requirements on personal information protection.

Long: Sogou uses legal technology in all its basic review processes. At the legal department, we have tools for contract management, patent management, legal risk prevention system, and our legal encyclopedia used within the legal department.

For example, the legal risk prevention and control system is jointly built by the legal department and business departments, which is integrated into the company's intranet system to regularly check automatically whether the projects are carried out according to provisions and to send out notifications if necessary.

Our contract management system includes functions such as reviewing templates, text one-click comparison and OCR. We have also introduced an enterprise credit platform which would alert the business team when signing doubtable partners.

We also set up our own legal encyclopedia as the intellectual assets of the legal department, which includes all the legal risk points, legal analysis, litigation cases, operation guidelines, etc. We hope that in the future, the legal encyclopedia system can help us with the legal analysis of new products and business departments' consultation, and enables us to complete risk assessments and propose solutions faster.

In the future, we hope to connect the legal encyclopedia with the company's financial and human resources information to form a more comprehensive risk assessment tool.

Tai: At ByteDance, we use the system tools of the efficiency engineering department to improve internal work efficiency. The legal department has established a management system for legal affairs and compliance based on personnel, system, knowledge, and process construction, to support realizing the company's core objectives of legal risk prevention and control.

Besides, our legal knowledge centre and internal training system are also evolving. We are now building the talent growth system inside the company, and are completing the in-house counsel’s capability model, knowledge graph, study system, and training and knowledge management mechanisms, aiming to continuously improve work efficiency while ensuring legal service quality.

Technology has been supporting the legal team’s works in an obvious way. In the future, we hope to systematically establish an ecosystem of corporate legal compliance management through technological means, integrate relevant resources by connecting online notary institutions, electronic signatures and blockchain-based evidence preservation institutions, lawyers and law firms platforms, and smart hardware and content service providers, to facilitate dispute resolution, and enhance the company's legal compliance management capabilities. We also hope the whole company and the whole industry could benefit from our “one step” and comprehensive compliance solutions.

ALB: How important is your legal team when it comes to helping the company make business decisions and mapping strategy going forward? What is your plan to increase the team’s profile within the broader business?

Fu: For business departments, "laws" and "regulations" are abstract and unfamiliar ideas. The role the legal department should play is a "participant", not a "judge" – to get involved in business operations and try to understand the real needs of the business departments. We'll actively participate in designing the transaction structure and process, and transform the requirements of laws and regulations into viable product solutions according to business requirements.

Long: Sogou's legal department now has five teams, one of which is the BP (business partner) team. We require BP lawyers to work together with the business department from the beginning of a project. Our BP lawyers would learn the business language and logic, and even financial knowledge, to gain the trust of other departments so that other departments would like us to get more involved in their projects at earlier phases.

It is commonly understood now that the development of the legal department is divided into three stages: transaction-related, management-related, and strategy-related. The last one is surely our goal.

"Now more than 80 percent of our legal advice is adopted by our company."
- Jackie Long, Sogou Technology 

I think the most important thing is to improve our capabilities so that the company will recognize the value brought by the legal department. For example, the company's strategy is to develop smart hardware and digital family doctor, and to formulate new development plans for Sogou Input. Through close contact with the business departments, a management-related legal department can quickly understand its role without waiting for the business departments to set tasks.

Now more than 80 percent of our legal advice is adopted by our company. Our advice includes quantified information related advice such as the probability of being sued in terms of the current product form and the possible amount of compensation after being sued; and some very specific solutions, such as which part of a product needs to be changed because it is the key consideration for the judge in previous cases.

To be frank, it’s pretty hard for the legal team to be involved in the early stages of the business, so we did many “public relations” works inside the company as well. And by working closely with the business departments, we have gained their trust, and they know that the legal department can really help with the robust development of business.

Tai: We equip each product with a legal business partner to increase our participation and importance in business. In-house counsel was traditional understood as a post to provide services within the legal systems, but in Internet technology companies, in-house counsel should also think innovatively about product nature and business practices. A legal BP is deeply involved in each link of the entire business process, from product design to product promotion, and gives legal advice conducive to product and business development on the premise of meeting compliance requirements.

In addition, in-house counsel of Internet technology companies must train to have forward-looking ability to foresee future regulatory measures; in the absence of applicable laws, we should be able to explain the legal issues related to the implementation of new business models by referring to basic legal theories, and carry out innovation to protect and ensure the compliance of new business models.

Internet technology companies generally have better understanding of the importance of product and business compliance. In addition to giving legal advice concerning the compliance principles, in-house counsel must help to establish specific policies and governance structure, and give training to employees to ensure the company's overall compliance.

 

To contact the editorial team, please email ALBEditor@thomsonreuters.com