China has formulated its new cybersecurity law that will
come into force on June 1, 2017. Dubbed “Golden Shield”, it regulates internet
access and data traffic which will be within the domain "order and
security of the cyberspace" legislation. In short, information will be censored
as it was before. That being said, the exact scope, impact and extend of the
new law is not entirely clear. All in all, the new cybersecurity law encompasses
79 articles which you can read here.
The new law consist of seven chapters containing rules and
regulations for two types of data, namely regulations for the protection of
personal data, and regulations for the protection of critical information
infrastructures. To clarify, critical information infrastructure relates to
data connected with energy, transport, water supply, finance, public service
and e-government infrastructures.
The new law determines that the hardware or software of
foreign companies relating to critical infrastructures must be examined
beforehand by Chinese officials conducting security audits. It is unclear if
such audits would also include the disclosure of source codes. This is a major
concern, since China has shown in the past that it has a keen interest in
looking at source codes of foreign companies such as Apple.
Furthermore, the new law mandates that personal data and
other important critical information infrastructure data must be stored within
the Chinese territory. Internet users are also required to register with their
real name. This means that Internet providers or providers of messenger
services may not allow users who use an alias or screen name to register.
According to the new law, denying or revoking a license may result
in penalties. In addition, the Ministry of Public Security may, in the event of
suspected threats to the critical information infrastructure, freeze the
accounts and other assets of foreign companies or persons.
Amnesty
International mentioned in its annual report of 2016 that China for the
first time conducted an internet security assessment of internet law. The law
originally focused on maintaining national security and the social order. It
provides for the possibility of prohibiting the use of Internet by individuals
and groups, when such use would impact national security. As a result, freedom
of expression and privacy could be restricted.
To read the full law in English, click here.
The English translation is courtesy of China Law Translate.
