actions to be taken by issuers like us, we face uncertainties as to whether these additional procedures can be completed by us timely, or at all, which may subject us to government enforcement actions and investigations, fines, penalties, suspension of our noncompliant operations, or removal of our app from the relevant application stores, and materially and adversely affect our business and results of operations. As of the date of this annual report, we have not been involved in any formal investigations on cybersecurity review made by the Cyberspace Administration of China on such basis.
In general, compliance with the existing PRC laws and regulations, as well as additional laws and regulations that PRC regulatory bodies may enact in the future, related to data security and personal information protection, may be costly and result in additional expenses to us, and subject us to negative publicity, which could harm our reputation and business operations. There are also uncertainties with respect to how such laws and regulations will be implemented and interpreted in practice.
We have been taking and will continue to take reasonable measures to comply with such laws, regulations, announcement and provisions; however, as the laws, regulations, announcement and provisions are relatively new, it remains uncertain how these announcements and provisions will be implemented. We cannot assure you we can adapt our operations to it in a timely manner. Evolving interpretations of such laws, regulations, announcements and provisions or any future regulatory changes might impose additional restrictions on us generating and processing personal and behavioral data. We may be subject to additional regulations, laws and policies adopted by the PRC government to apply more stringent social and ethical standards in data privacy resulting from the increased global focus on this area. To the extent that we need to alter our business model or practices to adapt to these announcement and provisions and future regulations, laws and policies, we could incur additional expenses. In addition, there are relevant laws and regulations in Hong Kong regarding data protection, such as the Personal Data (Privacy) Ordinance and the Unsolicited Electronic Messages Ordinance which impose protocols and obligations regarding the handling of personal data including that, among other things, (i) personal data shall be collected for a lawful purpose, necessary and not excessive, (ii) personal data shall be collected by means that are lawful and fair in the circumstances of the case, (iii) the person from whom personal data is collected is informed of the purpose of collecting the data, and (iv) personal data shall not be used for any new purpose which is not or is unrelated to the original purpose when collecting the data, unless with the data subject’s express and voluntary consent. Although as of the date of this annual report we do not conduct any business operations in Hong Kong and we believe that the laws and regulations in Hong Kong regarding data protection do not have a material impact on our business, if we access data in Hong Kong in the future, we may be required to incur additional cost to ensure our compliance with such laws and regulations, and any violation could result in a material adverse impact on our business, reputation and results of operations.
Any failure, or perceived failure, by us, or by our third-party partners, to maintain the security of our user data or to comply with applicable privacy, cybersecurity, data security and personal information protection laws, regulations, policies, contractual provisions, industry standards, and other requirements, may result in civil or regulatory liability, including governmental or data protection authority enforcement actions and investigations, fines, penalties, enforcement orders requiring us to cease operating in a certain way, litigation, or adverse publicity, and may require us to expend significant resources in responding to and defending allegations and claims. Moreover, claims or allegations that we have failed to adequately protect our users’ data, or otherwise violated applicable privacy, cybersecurity, data security and personal information protection laws, regulations, policies, contractual provisions, industry standards, or other requirements, may result in damage to our reputation and a loss of confidence in us by students, teachers, parents or our partners, potentially causing us to lose product subscriptions, school partners, content providers, other business partners and revenues, which could have a material adverse effect on our business, financial condition and results of operations.
If third-party education materials publishers and partners refuse to grant us intellectual property rights to educational content on acceptable terms or terminate their agreements with us, or if we are unable to adequately protect their educational content rights, our business could be adversely affected.
We may rely on licenses from third-party education materials publishers and partners to distribute digital education textbook content to our school partners, teachers and students and to develop our other education products and services. The contracts or arrangements with most publishers and partners are typically subject to renewal every one to three years and thus the long-term availability of such digital content is affected by potential future changes. If we are unable to secure and maintain the rights to distribute, or otherwise use, the digital content upon terms that are
