China’s Draft Cyber Security Law Worries Multinationals, Internet Providers

July 9, 2015 by

China’s parliament has published a draft cyber security law that consolidates Beijing’s control over data, with potentially significant consequences for internet service providers and multinational firms doing business in the country.

The document, dated Monday but picked up by state media on Wednesday, strengthens user privacy protection from hackers and data re-sellers but elevates the government’s powers obtain records on and block dissemination of private information deemed illegal under Chinese law.

Citing the need “to safeguard national cyberspace sovereignty, security and development,” the proposed legislation will allow China to bolster its networks against threats to stability and better regulate the flow of information.

Earlier in July, China’s largely rubber stamp parliament passed a sweeping national security law that tightened government control in politics, culture, the military, the economy, technology and the environment.

But cyber security has been a particularly irksome area in relations with economic partners like the United States and the European Union, which see many recently proposed rules as unfair to foreign firms.

Joerg Wuttke, president of the European Union Chamber of Commerce in China, said the business lobby was still reviewing the draft law but that it was “worried.”

“The chief concern is that, as with many Chinese laws, the language is vague enough to make it unclear how the law will be enforced,” Wuttke said.

Under the draft law, internet service providers must store data collected within China on Chinese territory; data stored overseas for business purposes must be government-approved. Network equipment must also be approved under testing standards issued by China’s cabinet.

The government also reiterated its longstanding objective of requiring internet users to log in with their real names to services like messaging apps – though such drives have failed in the past.

The parliament said government agencies would issue additional guidelines for network security in “critical industries” such as telecoms, energy, transport, finance, national defense and military matters, and government administration.

Parliament will take feedback on the proposed legislation until early August, and it will likely undergo a series of readings and possible adjustments before being adopted.

Nicholas Bequelin, East Asia Director at Amnesty International, said the draft law would institutionalize censorship practices that were not explicitly formulated before.

Article 50, for example, would give authorities the legal power to cut area-wide internet access to maintain order in the case of “sudden” incidents, much as it did for 10 months in 2009 after nearly 200 people died in ethnic riots in Urumqi, the capital of the western region of Xinjiang.

(Additional reporting by Paul Carsten and Michael Martina; editing by Jeremy Laurence)

Related: