GC Roundtable: TALKING TECH
With constantly changing regulations domestically and the rapid growth of new technology and business models, general counsel in the TMT sector are finding themselves working in an increasingly uncertain climate. In this feature, TMT GCs share the latest trends in this sector and their ways of tackling challenges.
ALB: Chinese regulators have published a series of cybersecurity and data protection regulations in recent months. How have or will these new regulations affect the daily work of your legal team?
Fu Tong, Vice President at JD Digits Group: the newly promulgated Cybersecurity Law and its supporting regulations and standards, and the newly released draft of the Data Security Law pose more concrete requirements towards companies on issues of data protection and the stipulation of related measures. In-house counsel should explore the specific measures to truly comply with those new laws by accumulating more knowledge and practical experiences. Meanwhile, we need to analyze the current compliance situation of our own company, in order to stipulate compliance structure in line with our infrastructure, products and institutional structure. In-house counsel should be on the same page with our tech teams by being familiar with basic IT terminology and technical solutions. We should understand what exactly our tech teams are working on and evaluate the current tech plans with the new laws, therefore to raise optimizing plans.
Jackie Long, General Counsel at Sogou Technology: 2019 was known as “the year of personal privacy and data protection”, and Internet companies – especially the ones like Sogou who sets artificial intelligence as its future strategy – are deeply affected by those new laws.
Considering the nature of our products, namely input method and search engine, Sogou’s legal team began to pay attention to personal privacy protection back in 2017. We did a few things in advance. Firstly, we organized the whole legal team to study the new laws, regulations and national standards, at the same time, we began to study the legal principles from other countries/regions - for example, Europe’s GDPR and California’s CCPA – to better equip ourselves with the knowledge concerning the latest legal trends.
Secondly, we re-organized our legal team by forming a specific team responsible for the risk control and analysis in the area of data protection and cybersecurity.
Finally, we began to stipulate and execute new data compliance systems inside the company. By working together with business teams and external lawyers, we went through all our products one by one, trying to develop specific compliance model suitable for different product. By the strong support of our management team and various different departments, we finally renewed the whole compliance systems inside the company.
Data protection and cybersecurity are matters of life or death for companies in the future. Holding this belief, our legal team tends to adopt tighter internal standards. Although internet companies are still in the stage of fighting for data, we must behave inside the circle, and we’ve already seen cases where some internet companies were required to shut down or to rectify the whole business. So for us, we need to attend our company’s need for data, meanwhile build a stable image as a lawful company.
Tai Jiangli, Legal GM, ByteDance China: China has stipulated a series of laws, regulations and national standards recently, aiming to protect citizen’s due rights and to promote the robust growth of our digital economy in the big data era. Those new moves have affected our legal team’s works in four ways:
Firstly, laws and standards like the Civil Code, Cybersecurity Law and the Information Security Technology - Personal Information Security Specification have further completed China’s information security and data protection legal system, and clarified different legal entities’ rights and obligations. Meanwhile, in-house counsel faces the challenge of transforming these new laws into practical compliance plans. By requiring our legal counsel to not only understand law, but also understand business scenarios and have thorough communications with the business teams, we now do have deeper understanding of the industry and our own products, which will benefit us a lot when trying to develop new compliance models that can contribute to the growth of our business.
Secondly, the stipulation of the national standards has positive influence on the optimization and completion of our data security compliance assessment process. In fact, the design of the compliance process is key to the efficiency and quality of our assessment work. On the basis of previous assessment, we have clarified and optimized our assessments’ details and processes.
Thirdly, since cybersecurity and data compliance is systematical work requiring multi-disciplinal background, it requires the legal team to work effectively with various departments such as the technology development and product operation teams. Our legal team has strengthened the role of the main coordinator and the “middle-end” and has been endeavouring to build a multi-departmental assessment mechanism.
Finally, the basic logic of the digital economy decides that we must reply on community wisdom to protect cyber and data security. Therefore, we’ve been participating proactively in the discussion of building industry standards and forming industry ethnics. By learning lessons from our peers and sharing our own experiences, we hope to make our own contribution to society.
“Legislation lagging behind constantly evolving technology is quite normal for technology companies, but it doesn't mean that we can develop our businesses arbitrarily.”
- Fu Tong, JD Digits Group
ALB: TMT companies are constantly adopting new technology and new business models, and they sometimes find themselves in areas not yet covered by the current legal system. How is your legal team advising and supporting the business in these circumstances? Could you give us a few examples?
Fu: Legislation lagging behind constantly evolving technology is quite normal for technology companies, but it doesn't mean that we can develop our businesses arbitrarily. China's legal and regulatory systems are generally complete in all industries, according to which we can always find feasible ways to evaluate and predict possible legal and regulatory risks. Therefore, our legal team pays more attention to the core matters and legislative trends, and gains insight into the legislative intent.
Long: the legal uncertainty has already been a new norm for Internet companies. In addition to technological innovation, Internet companies also lead innovations in business models. The regulatory framework is trying to keep up with these innovations. I don't think there is something as an absolute legal grey zone. For example, once a lawsuit was filed against an Internet company, the court would definitely render a ruling based on multi-dimensional information, ideas, and analysis. Therefore, in-house counsel needs to have solid legal knowledge to make accurate forecasts from the legal perspective.
I can use Sogou's AI avatar function as an example. This product can produce an AI virtual image of a certain person by detecting, capturing, recognizing and simulating the image and voice of the target, which faced many legal and regulatory issues in the early stage. To respond to those issues, we first investigated the legal issues that might be involved and identified the usage of human voice as the key issue. After researches, we proposed that given the voice rights are similar to the image rights, legal risks can be avoided by requiring the target person to give an overall authorization for the use of personality rights. The newly promulgated Civil Code confirms our projection – voice rights are indeed personality rights.
Secondly, to prevent the avatar technology from being used for false publicity and fraud, we adopted three measures: labelling all Sogou avatar products with the mark "Sogou AI synthesis technology," conducting cooperation risk assessment of potential cooperation partners, and making clear agreements with our partners on the legal responsibilities related to the use of the relevant products.
In response to the possible abuse of technology in the industry, Sogou actively calls for legislation to regulate the industry. We provided Sogou CEO Wang Xiaochuan, a member of the National Committee of the Chinese People's Political Consultative Conference, with legal support in making proposals for regulating the TMT industry in the “Two Sessions” this year.
All in all, we forecast risks by closely following the legislative principles and trends, referring to academic viewpoints and basic industry standards, and studying court rulings on similar cases.
Tai: As in-house counsel of an Internet technology company, we need to take the initiative to support the development of new technologies and new business models; where there're legislative gaps, we need to be innovative on the basis of fully understanding the industry and our products, and make specific and clear plans to ensure the compliance of company's decision-making, and therefore decide the possible legal routes of and legal supports needed by our products. Internet technology companies require their in-house counsel to have strong legal expertise, and meanwhile to be able to grasp the industry practices and technological development. We need to be adoptive and willing to embrace changes, and to be self-driven to update our capabilities.
For example, in terms of rights protection, whether a 15-second short video has the originality as set forth in the copyright law is a highly controversial issue in the judicial and academic circles. If we can’t establish the nature of those artworks, we might hurt the creators and won’t be able to combat piracy. Our legal team then did researches in many aspects and demonstrated the originality of the short videos; the court finally accepted the opinion that the originality of the work is irrelevant to the length of time, and ruled that short videos within 15 seconds can be deemed as the work under the copyright law and protected by law. Users' rights and interests and the company's business development are therefore effectively protected.
Furthermore, we rely on technology to improve our work efficiency in the protection of rights. For example, a short video platform infringed upon the rights of our platform by copying and publishing plenty of short videos that were originally published on our platform. Tens of thousands of short videos were involved, which posed a great challenge for us to quickly and effectively fix the evidence. Our legal team used electronic automated evidence collection technology and finished the comparisons and fixation of evidence within three days, which would have taken a traditional notarization 4-5 months to complete. By doing this, we quickly stopped the infringement and established the legal effect of electronic evidence collection in similar rights protection cases.
ALB: How much of your legal work is done internally today versus through outside counsel? Are you looking to build out your team further?
Fu: Over 90 percent of the legal work is done by in-house lawyers. External lawyers are employed for handling overseas businesses, and investment and M&A projects. Our legal team will be adjusted in line with the company's business expansion. We'll emphasize the efficiency and empowerment of the existing team while recruiting new members.
Long: 80 percent of the legal work is undertaken by our in-house lawyers, while the other 20%, including litigation and certain projects, is handled by external lawyers.
According to the current plan, the legal department will provide business departments with more forward-looking analysis and opinions when the company's legal risk control has become routine and systematic.
For example, when the company launches a new line of business, we hope that the legal department could help the business department avoid risks by drawing on the previous experiences, for example by sorting up previous cases, we can provide detailed error-avoiding suggestions to the others. The legal department will focus on forward-looking work and reducing the cost of trial and error in the business. In addition to routine work, we'll conduct early analysis and continuous observation of new strategic products, and systematically manage the risks.
"I think the growth of in-house team should even be faster than that of the product, only in this way can we better support the company’s innovation."
- Tai Jiangli, ByteDance
I think the legal team should take up more value-adding works in the future and outsource paperwork and repeatable works. I predict that the percentage of legal work undertaken by us will be reduced to 70 percent or so, with the focus on high-value work such as the construction of the company's overall risk management prevention and control system and personal information compliance system. The other 30 percent will be outsourced to external lawyers and services.
Tai: We currently don't have a specific proportion. The legal team of ByteDance China has a headcount of more than 100 people, handling most of the legal work for the company, and lots of us have experiences working as lawyers before. Internet technology company has rather rapid working rhythm and usually requires in-house counsel to respond timely, even on-site. Besides, considering that during the confidentiality stage of product development, legal supports related to product functions, data compliance and information security are also confidential, and therefore need to be handled in house. We usually seek the support of external lawyers for work related to industry researches and some litigation cases.
Given the relatively large size of our legal team now, we hope to improve efficiency and productivity from technology, system and process aspects in order to better support the company's product and business innovation. Frankly, I think the growth of in-house team should even be faster than that of the product, only in this way can we better support the company’s innovation.
ALB: As the legal team within a tech company, how would you describe your own approach to using legal technology? What kind of roadmap have you created?
Fu: In terms of internal management of the group, in addition to the traditional contract and litigation management systems, we're building an intellectual property management system and a compliance management system embedded in the entire business process to provide more intelligent and visualized information tools for legal compliance work. JD Digits Group also uses many other technologies such as electronic signatures, and meanwhile cooperates with Internet courts and arbitration institutions to build a blockchain-based evidence preservation system. The group will continue to serve the specific application scenarios of the courts with technologies such as big data, artificial intelligence, robots, and blockchain, to help improve the intelligent construction of the courts.
Furthermore, the legal department and R&D department jointly developed an App compliance testing tool to improve user privacy protection and compliance management when providing services to individual consumers, so as to meet the increasingly stringent regulatory requirements on personal information protection.
Long: Sogou uses legal technology in all its basic review processes. At the legal department, we have tools for contract management, patent management, legal risk prevention system, and our legal encyclopedia used within the legal department.
For example, the legal risk prevention and control system is jointly built by the legal department and business departments, which is integrated into the company's intranet system to regularly check automatically whether the projects are carried out according to provisions and to send out notifications if necessary.
Our contract management system includes functions such as reviewing templates, text one-click comparison and OCR. We have also introduced an enterprise credit platform which would alert the business team when signing doubtable partners.
We also set up our own legal encyclopedia as the intellectual assets of the legal department, which includes all the legal risk points, legal analysis, litigation cases, operation guidelines, etc. We hope that in the future, the legal encyclopedia system can help us with the legal analysis of new products and business departments' consultation, and enables us to complete risk assessments and propose solutions faster.
In the future, we hope to connect the legal encyclopedia with the company's financial and human resources information to form a more comprehensive risk assessment tool.
Tai: At ByteDance, we use the system tools of the efficiency engineering department to improve internal work efficiency. The legal department has established a management system for legal affairs and compliance based on personnel, system, knowledge, and process construction, to support realizing the company's core objectives of legal risk prevention and control.
Besides, our legal knowledge centre and internal training system are also evolving. We are now building the talent growth system inside the company, and are completing the in-house counsel’s capability model, knowledge graph, study system, and training and knowledge management mechanisms, aiming to continuously improve work efficiency while ensuring legal service quality.
Technology has been supporting the legal team’s works in an obvious way. In the future, we hope to systematically establish an ecosystem of corporate legal compliance management through technological means, integrate relevant resources by connecting online notary institutions, electronic signatures and blockchain-based evidence preservation institutions, lawyers and law firms platforms, and smart hardware and content service providers, to facilitate dispute resolution, and enhance the company's legal compliance management capabilities. We also hope the whole company and the whole industry could benefit from our “one step” and comprehensive compliance solutions.
ALB: How important is your legal team when it comes to helping the company make business decisions and mapping strategy going forward? What is your plan to increase the team’s profile within the broader business?
Fu: For business departments, "laws" and "regulations" are abstract and unfamiliar ideas. The role the legal department should play is a "participant", not a "judge" – to get involved in business operations and try to understand the real needs of the business departments. We'll actively participate in designing the transaction structure and process, and transform the requirements of laws and regulations into viable product solutions according to business requirements.
Long: Sogou's legal department now has five teams, one of which is the BP (business partner) team. We require BP lawyers to work together with the business department from the beginning of a project. Our BP lawyers would learn the business language and logic, and even financial knowledge, to gain the trust of other departments so that other departments would like us to get more involved in their projects at earlier phases.
It is commonly understood now that the development of the legal department is divided into three stages: transaction-related, management-related, and strategy-related. The last one is surely our goal.
"Now more than 80 percent of our legal advice is adopted by our company."
- Jackie Long, Sogou Technology
I think the most important thing is to improve our capabilities so that the company will recognize the value brought by the legal department. For example, the company's strategy is to develop smart hardware and digital family doctor, and to formulate new development plans for Sogou Input. Through close contact with the business departments, a management-related legal department can quickly understand its role without waiting for the business departments to set tasks.
Now more than 80 percent of our legal advice is adopted by our company. Our advice includes quantified information related advice such as the probability of being sued in terms of the current product form and the possible amount of compensation after being sued; and some very specific solutions, such as which part of a product needs to be changed because it is the key consideration for the judge in previous cases.
To be frank, it’s pretty hard for the legal team to be involved in the early stages of the business, so we did many “public relations” works inside the company as well. And by working closely with the business departments, we have gained their trust, and they know that the legal department can really help with the robust development of business.
Tai: We equip each product with a legal business partner to increase our participation and importance in business. In-house counsel was traditional understood as a post to provide services within the legal systems, but in Internet technology companies, in-house counsel should also think innovatively about product nature and business practices. A legal BP is deeply involved in each link of the entire business process, from product design to product promotion, and gives legal advice conducive to product and business development on the premise of meeting compliance requirements.
In addition, in-house counsel of Internet technology companies must train to have forward-looking ability to foresee future regulatory measures; in the absence of applicable laws, we should be able to explain the legal issues related to the implementation of new business models by referring to basic legal theories, and carry out innovation to protect and ensure the compliance of new business models.
Internet technology companies generally have better understanding of the importance of product and business compliance. In addition to giving legal advice concerning the compliance principles, in-house counsel must help to establish specific policies and governance structure, and give training to employees to ensure the company's overall compliance.
To contact the editorial team, please email ALBEditor@thomsonreuters.com.