Legal Challenges in Digitalization and Privacy in Industry 4.0

Similar documents
Hackers in Hong Kong and the attitude of Hong Kong Courts towards hacking. David Leung, 11 November 2000

ANTIGUA AND BARBUDA THE ELECTRONIC TRANSFER OF FUNDS CRIMES ACT, 2006 ARRANGEMENT OF SECTIONS. Part 1 - Preliminary

Australasian University Safety Association 2016 Fiona Austin

THE PROCEEDS OF CRIME ACT 2002 (AS AMENDED) [EXTRACT] PART 7 MONEY LAUNDERING

DEPARTMENT OF JUSTICE CANADA MINISTÈRE DE LA JUSTICE CANADA

1. (1) This Act may be cited as the Anti-Money Laundering and Anti-Terrorism Financing (Amendment) Act 2013.

ANTI MONEY LAUNDERING ACT, 1996 (Act 8 of 1996)

OBJECTS AND REASONS. Arrangement of Sections PART II PRELIMINARY MONEY LAUNDERING

CHAPTER 308B ELECTRONIC TRANSACTIONS

I. STATEMENT OF COMMITMENT AGAINST CORRUPTION, BRIBERY & EXTORTION

COMMONWEALTH OF DOMINICA

CAYMAN ISLANDS. Supplement No. 28 published with Extraordinary Gazette No. 45 of 31st May, PROCEEDS OF CRIME LAW.

Invitation to Tender - Provision of SIM Cards for Data and Voice Services. 1 December 2017

Prohibition and Prevention of [No. 14 of 2001 Money Laundering THE PROHIBITION AND PREVENTION OF MONEY LAUNDERING BILL, 2001

IT ACT Dr.V.C.Vivekanandan Dean & Professor of Law RGSOIPL IIT Kharagpur

TURKS AND CAICOS ISLANDS THE PROCEEDS OF CRIME ORDINANCE Arrangement of Sections CONFISCATION. Interpretation for this Part. Confiscation Order

Cyber Crime & Information Security A Legislative Regime. Dr. Adrian McCullagh Information Security Institute Queensland University of Technology

CAYMAN ISLANDS. Supplement No. 36 published with Extraordinary Gazette No. 45 of 31st May, TERRORISM LAW. (2017 Revision)

BERMUDA ANTI-TERRORISM (FINANCIAL AND OTHER MEASURES) ACT : 31

The Convention on Cybercrime: A framework for legislation and international cooperation for countries of the Americas

Electronic Interactions Reform Bill

First Session Tenth Parliament Republic of Trinidad and Tobago REPUBLIC OF TRINIDAD AND TOBAGO. Act No. 11 of 2010

DATA PROTECTION LAWS OF THE WORLD. South Korea

Archival Legislation in Hong Kong Evidence Ordinance (Cap 8) and the Personal Data (Privacy) Ordinance (Cap 486)

COMMONWEALTH OF DOMINICA

SAINT VINCENT AND THE GRENADINES PROCEEDS OF CRIME AND MONEY LAUNDERING (PREVENTION) ACT 2001 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

Directors Roles & Responsibilities Dealing with Dysfunctional Boards/Crises/Emergencies November 2012

TU/e REGULATIONS FOR COMPUTER AND NETWORK USE 2012

CAYMAN ISLANDS. Supplement No. 1 published with Extraordinary Gazette No. 25 of 27th March, PROCEEDS OF CRIME LAW (2018 Revision)

KENYA GAZETTE SUPPLEMENT

Coordinated text from 10 August 2011 Version applicable from 1 September 2011

Papua New Guinea: Proceeds of Crime Act 2005

AS TABLED IN THE HOUSE OF ASSEMBLY

BERMUDA PROCEEDS OF CRIME ACT : 34

Policy Framework for the Regional Biometric Data Exchange Solution

INFORMATION TECHNOLOGY (AMENDMENT) BILL. THE MINISTER OF COMMUNICATIONS AND INFORMATION TECHNOLOGY (SHRI A. RAJA): Sir, I beg to move :

TERRORISM (SUPPRESSION OF FINANCING) ACT. Act 16 of 2002

CODE OF CONDUCT FOR MEMBERS OF SASKATOON CITY COUNCIL

1 HB By Representative Williams (P) 4 RFD: Technology and Research. 5 First Read: 13-FEB-18. Page 0

Legislative Brief The Information Technology (Amendment) Bill, 2006

Cybersecurity Counter-offensive. Asia Pacific Guide

This Act may be cited as the Mutual Assistance in Criminal and Related Matters Act 2003.

BERMUDA BERMUDA TOURISM AUTHORITY ACT : 32

Subscriber Agreement for (a) the e-id Account and (b) the Certificates within the National Electronic Identity Card

Electronic Transactions Act, Act, Act 772 ARRANGEMENT OF SECTIONS. Object and scope of the Act

c. References herein to the singular includes the plural and vice versa; and

RELEVANT NEW ZEALAND LEGISLATION

Strategic Trade 1 STRATEGIC TRADE BILL 2010

LEGAL TERMS OF USE. Ownership of Terms of Use

THE GENERAL ASSEMBLY OF PENNSYLVANIA HOUSE BILL

This Bill contains 4 Parts and seeks to provide for the prevention and punishment of electronic crimes.

SCHWARTZ & BALLEN LLP 1990 M STREET, N.W. SUITE 500 WASHINGTON, DC

PROCEEDS OF CRIME ACT

TOWNSHIP OF CLEARVIEW. TELEPHONE/INTERNET VOTING POLICIES and PROCEDURES for the 2018 ONTARIO MUNICIPAL ELECTIONS

Data, Social Media, and Users: Can We All Get Along?

SUPPLEMENTARY INFORMATION Appendix AML- (i) Amiri Decree Law No. 4 (2001)

HANDLING INVESTIGATION BY THE SFC

TELECOMMUNICATIONS AND POSTAL OFFENCES ACT

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.

DATA PROTECTION LAWS OF THE WORLD. Egypt

Singapore: Mutual Assistance In Criminal Matters Act

2007 Proceeds of Crime No.4 SAMOA

the general policy intent of the Privacy Bill and other background policy material;

Calif. Privacy Act Will Increase Data Breach Liability

Estate Agents Authority

THE MONEY LAUNDERING AND FINANCING OF TERRORISM (PREVENTION) ACT, (Act No. of 2011) I ASSENT

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

Invitation To Tender. Contract Data Analyst (May 2018)

BERMUDA VIRTUAL CURRENCY BUSINESS ACT 2018 BR/ 2018: TABLE OF CONTENTS PART 1 PRELIMINARY

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

PRIZE PROMOTIONS AROUND THE WORLD. Hong Kong

PREVENTION OF TERRORISM ACT

Legal Supplement Part C to the Trinidad and Tobago Gazette, Vol. 56, No. 52, 18th May, 2017

THE PREVENTION AND SUPPRESION OF MONEY LAUNDERING AND TERRORIST FINANCING LAWS OF 2007, 2010, 2012 AND 2013

Substantial Security Holder Disclosure. Discussion Document

CoreLogic Matrix Terms of Use & Privacy Policy

Jersey Law 8/1999 PROCEEDS OF CRIME (JERSEY) LAW 1999 ARRANGEMENT OF ARTICLES

Project on Cybercrime

BILL, Explanatory. (These notes form no part of the Bill but are intended only to indicate its general purport)

TERMS OF BUSINESS GFI GROUP ASIA/PACIFIC

No. 5 of 1992 VIRGIN ISLANDS DRUG TRAFFICKING OFFENCES ACT, 1992

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

The installation of CCTV can provide information on activities at the Water,

Advance Fee Fraud and other Fraud Related Offences Act 2006

ANTI-TERRORISM ACT, 2008 ACT 762

GUYANA. ACT No. 38 of 2009 MUTUAL ASSISTANCE IN CRIMINAL MATTERS ACT 2009

ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002]

KENYA MARITIME AUTHORITY ACT

NATIONAL IDENTITY MANAGEMENT COMMISSION ACT

Statutory Frameworks. Safeguarding and Prevent. 1. Safeguarding

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6

Law Enforcement Legislation Amendment (Public Safety) Act 2005 No 119

WTO Research Workshop on BLOCKCHAIN

LEGAL NOTICE. Company Name: PIKOLINOS USA, CORP. Company Registration Number: P U.S. Employer Identification Number (EIN):

PROCEEDS OF CRIME (JERSEY) LAW 1999

TERMS OF USE. 1. Background

MONEY LAUNDERING AND PROCEEDS OF CRIME ACT 2000

NATIONAL IDENTITY MANAGEMENT COMMISSION ACT

The LTE Group. Anti-Bribery Policy Produced by. The LTE Group. LTEG anti-bribery policy v4 06/2016

CRIMINAL INVESTIGATIONS AND TECHNOLOGY: PROTECTING DATA AND RIGHTS

Transcription:

1

Legal Challenges in Digitalization and Privacy in Industry 4.0 Dominic Wai, Partner, ONC Lawyers 23 June 2017 HKPC This presentation is not an exhaustive treatment of the area of law discussed and cannot be relied upon as legal advice. No responsibility for any loss occasioned to any person acting or refrain from acting as a result of the materials and contents of this presentation is accepted by ONC Lawyers. 2

Legal Challenges in Digitalization and Privacy in Industry 4.0 Industry 4.0 Convergence of Physical Digital Biological What about this? Physical + Digital + Biological + Legal? 3

Legal Challenges in Digitalization and Privacy in Industry 4.0 E-commerce and IoT Big Data Speed Smart things Convergence and combination Scale and impact lightning speed How do we define or categorize things? Is it a car, camera, refrigerator, printer or a computer? Or a little bit of each? A hybrid? 4

Legal Challenges in Digitalization and Privacy in Industry 4.0 What about the processes? A service provider or a platform? Service/platform Matching drivers, cars and passengers Matching home owners and tourists Crowdfunding; P2P lending Legislation s.52 of the Road Traffic Ordinance (Cap 374) hire car permit Hotel and Guesthouse Accommodation Ordinance (Cap 349) Collective investment scheme (Securities and Futures Ordinance)(Cap 571); Money Lenders Ordinance (Cap 163) 5

Legal Challenges in Digitalization and Privacy in Industry 4.0 Prevention of Copyright Piracy Ordinance (Cap 544) s31c: (1) Any person who, without lawful authority or reasonable excuse, has in his possession in a place of public entertainment [e.g. cinema] any video recording equipment commits an offence. (3) For the purposes of subsection (1), a person has lawful authority to possess video recording equipment in a place of public entertainment if the manager of the place, or any person authorized in that behalf by the manager, expressly consents to that possession. 6

Legal Challenges in Digitalization and Privacy in Industry 4.0 "video recording equipment" ( 攝錄器材 ) means any device that is capable of making a recording, on any medium, from which a moving image may by any means be produced or that may enable such recordings to be made, either in the same place at which it is used, or by electronic or other transmission at another place. Does it include a smartphone? Do you bring your smartphones to cinemas to watch a movie? Do you have the cinema manager s express consent? Any lawful authority or reasonable excuse? 7

Legal Challenges in Digitalization and Privacy in Industry 4.0 S161 of Crimes Ordinance (Cap 200): (1) Any person who obtains access to a computer- (a) with intent to commit an offence; (b) with a dishonest intent to deceive; (c) with a view to dishonest gain for himself or another; or (d) with a dishonest intent to cause loss to another, whether on the same occasion as he obtains such access or on any future occasion, commits an offence. No definition of what is a computer. A smart X? X can be anything: car, refrigerator, camera, light bulbs etc A banana? 8

Legal Challenges in Digitalization and Privacy in Industry 4.0 How to define? Can it be defined? Cloud Drones A.I. Bitcoin, cryptocurrency, distributed ledger technology Forceful browsing; Web scraping; SQL Injections; Field Manipulation; Cross-site scripting; Command Injection; Bots; Cookie manipulation; Brute Force Attacks; Parameter Tampering; Zero-day attacks Cybersecurity Rule of Law Certainty of the law Affects rights 9

Ransomware Your company s computers have been hit by ransomware and the files have been encrypted and the criminals ask for a ransom to be paid in Bitcoins for decrypting the files To have access to the files, Bitcoins were bought and paid and the files were decrypted Any issues or risks? Any reporting or notification requirement? 10

Legal Challenges in Digitalization and Privacy in Industry 4.0 S.25(1) of Organized and Serious Crimes Ordinance (Cap 455)( OSCO ) A person commits an offence if:- 1. Knowing or having reasonable grounds to believe that any property in whole or in part directly or indirectly represents any person s proceeds of an indictable offence; and 2. Deals with the property 11

Legal Challenges in Digitalization and Privacy in Industry 4.0 Indictable offence Includes conduct which would constitute an indictable offence if it had occurred in HK (s.25(4) of OSCO) The place where the indictable offence occurred is irrelevant! 12

Legal Challenges in Digitalization and Privacy in Industry 4.0 Dealing (s.2 of DTRPO and OSCO) 1. Receiving or acquiring the property 2. Concealing or disguising the property 3. Disposing of or converting the property 4. Bringing into or removing from HK the property 5. Using the property to borrow money or as security 13

Legal Challenges in Digitalization and Privacy in Industry 4.0 a person's proceeds of organized crime are- (i) any payments or other rewards received by him at any time in connection with the commission of one or more organized crimes; (ii) any property derived or realised, directly or indirectly, by him from any of the payments or other rewards; and (iii) any pecuniary advantage obtained in connection with the commission of one or more organized crimes 14

Legal Challenges in Digitalization and Privacy in Industry 4.0 S.25A(1) of OSCO Any person who knows or suspects that 1. Any property a. In whole or in part directly or indirectly represents any person s proceeds of; b. Was used in connection with; or c. Is intended to be used in connection with an indictable offence 2. Disclose that knowledge or suspicion, together with the relevant information to the authorized officer Timing of disclosure: as soon as it is reasonable for him to do so 15

Legal Challenges in Digitalization and Privacy in Industry 4.0 Failure to report Punishment Imprisonment of 3 months Fine of HK$50,000 (s.25a(7) of OSCO) 16

Legal Challenges in Digitalization and Privacy in Industry 4.0 Bitcoin is it a property? OSCO property includes both movable and immovable property within the meaning of s3 of the IGCO. IGCO property includes (a) money, goods, choses in action and land; and Obligations, easements and every description of estate, interest and profit, present or future, vested or contingent, arising out of or incident to property as defined in paragraph (a) immovable property means Land, whether covered by water or not; Any estate, right, interest or easement in or over any land; and Things attached to land or permanently fastened to anything attached to land 17

Legal Challenges in Digitalization and Privacy in Industry 4.0 Cryptocurrency US Court in 2016 for the purpose of a bankruptcy case treats bitcoin as a kind of intangible personal property. US IRS treats bitcoin as property for tax purposes. Dealing? Reporting? 18

Legal Challenges in Digitalization and Privacy in Industry 4.0 Challenge to privacy Focus Mainly on Business Privacy by design? Where is the data stored? What would happen if the data is lost? Who is liable? 19

Legal Challenges in Digitalization and Privacy in Industry 4.0 Cross border transfer of personal data s.33 of PDPO Still no indication when it will come into force PRC Cybersecurity Law 1 June 2017 Data localization rule: imposed an obligation on operators of Critical Information Infrastructure (CII) to store personal information and other important data collected and generated during operations within China. 20

21 Legal Challenges in Digitalization and Privacy in Industry 4.0 Requires CII operators and Network Operators to undertake security assessment before transferring such data abroad

Legal Challenges in Digitalization and Privacy in Industry 4.0 PRC Cybersecurity Law Personal information is defined as including: All kinds of information, recorded electronically or through other means which is sufficient to identify a natural person s identity, including but not limited to: Full names Birth dates Identification numbers Personal biometric information Addresses Telephone numbers 22

Unauthorized stock trading Hacking of internet trading accounts is the most serious cybersecurity risk faced by internet brokers in Hong Kong, said Mr Ashley Alder, the SFC s Chief Executive Officer. "If you ask regulators in the industry what is the number one threat, not surprisingly it s all about cyber attacks," "We've seen that happen not only in banking but also at brokers in Hong Kong, in particular recent attacks to do with basically hijacking share trading accounts." - Ashley Alder, CEO of the SFC and chairman of the International Organization of Securities Commissions, said in a speech to the local legislature Reuters, Feb 2017 23

Unauthorized stock trading On 8 May 2017, SFC launched a 2-month consultation on proposals to reduce and mitigate hacking risks associated with internet trading For the 18 months ended 31 March 2017,12 licensed corporations (LCs) reported 27 cybersecurity incidents, most of which involved hackers gaining access to customers internet-based trading accounts with securities brokers resulting in unauthorised trades totalling more than $110 million when some others involved DDoS attacks targeting their websites accompanied by threats of extortion. 24

Unauthorized stock trading Hacking incidents and potential root causes The hacking incidents reported by licensed internet brokers remain under Police investigation. However, the Police shared case studies suggesting that hackers used compromised internet trading accounts to carry out a pump-and-dump scheme which could lead to substantial financial losses. Such schemes typically follow these steps: (a) Hackers first gain control of clients internet trading accounts (hacked accounts) which enables them to log into the accounts legitimately to effect unauthorised transactions; (b) Hackers then employ people to open other internet trading accounts to accumulate penny stocks; 25

Unauthorized stock trading (c) Using the cash in the hacked accounts, or cash raised by selling off existing stock holdings in the hacked accounts, hackers then buy these penny stocks in order to pump up their stock prices; and (d) After the prices of the penny stocks go up, hackers off-load them and make a profit, leaving the owners of the hacked accounts to suffer significant losses. 26

Unauthorized stock trading SFC s proposal in the consultation: Propose to incorporate new guidelines which set out baseline cybersecurity requirements for internet brokers to address hacking risks and vulnerabilities and to clarify expected standards of cybersecurity controls. Key proposed requirements include 2-factor authentication for clients system login and prompt notification to clients of certain activities in their internet trading accounts. 27

Unauthorized stock trading In addition, the SFC proposes to expand the scope of cybersecurity-related regulatory principles and requirements which now apply to electronic trading of securities and futures on exchanges to cover the internet trading of securities which are not listed or traded on an exchange. This includes authorised unit trusts and mutual funds because they are subject to the same hacking risks. The SFC also proposes to update the definition of internet trading to clarify that an internet-based trading facility may be accessed through a computer, mobile phone or other electronic device. 28

Legal Challenges in Digitalization and Privacy in Industry 4.0 Lightning speed vs nonlightning speed Business vs Rights Usage vs Understanding/Definitions Old vs New Humans? 29

What advice do you have for people writing laws? Kay Firth-Butterfield: Well I think the advice to lawyers is that very soon, you will be receiving... You will see those cases coming across your desk, and you need to get up to speed around artificial intelligence. And, what's going on in artificial intelligence now, I think just going back to that job creation thing, there are going to be a lot of jobs around, so we're not going to kill all the lawyers by automating them just yet because we are going to see experts needed in court. For example, instead of cross-examining a driver, we might have to cross-examine an algorithm, a.k.a. an expert on the system. If you are in any business, you need to be looking at what AI can do for you, and what the impact of AI will be on your business. So there are two pieces of that because I genuinely believe that AI will change everything. And if you don't start looking now, you will be too far behind. ZDNet 30 Jan 2017 http://www.zdnet.com/article/artificial-intelligence-legal-ethical-and-policy-issues/ 30

THANK YOU 31 May 2017 ONC Lawyers 2017. All right reserved

Dominic Wai Partner of ONC Lawyers 19/F., Three Exchange Square, 8 Connaught Place, Central, Hong Kong. Tel.: 3906 9649 Mobile: 9385 6984 Email : dominic.wai@onc.hk 32 June 2017 ONC Lawyers 2017. All right reserved

33

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback