Abstract: Frequent data breaches has accelerated privacy protection legislation, yet the strong regulatory trend has in turn caused the scarcity of legitimately-usable data. Under the data-as-production-factor strategy, mainstream CompTech such as privacy-preserving computation and SaaS platform could help to release the data potential in an orderly and compliant manner in-between untrusted entities through the "decentralization" of outcome calculating, model training and hardware defensing, but may also give rise to the generalization and alienation of traditional problems. Due to the deep reconstruction of the data processing mode, trust maintenance scattered across every level of law, target correction, defect remedy, rights protection and compulsory anonymization methods all malfunctioned in CompTech scenarios. In order to balance the legal interests of each subject, future legislation should aim to build a dynamic regulatory system that adapts to changes through the collaboration between macro policies, community regulation, technology structure and the competition between actors. The bottom line of such an adaptable legal framework is to eliminate the risks from the blind spots in complex data processing scenarios and to give full consideration to the utility needs of data productivity, so as to ensure the compliance of the CompTech itself.

Keywords: CompTech; privacy-preserving computation; low code; personal information protection; security compliance; artificial intelligence

Author:Tang Linyao, an assistant research fellow at CASS Institute of Law

Source: 1 (2022) Oriental Law.