A statute to protect country’s cyberspace
China’s cyber security law came into effect on June 1, just a few weeks after the ransomware virus Wannacry hit computers across the world. Designed to safeguard China’s cyberspace sovereignty and security, the law, contrary to what some foreign observers say, is not about limiting the flow of information or hampering international trade, the cyber security watchdog said recently.
The new law, adopted by the National People’s Congress, China’s top legislature, in November, will better shield key information infrastructure and citizens’ personal information against hackers and data thieves.
The new law says information and important data in key fields should be especially protected. “Sensitive” infrastructure, from public telecommunications services to the financial sector, must be carefully protected for the sake of citizens, who would suffer unnecessary losses if their personal information is leaked due to technological faults or stolen by data thieves. The 2010 cyberattack on the Natanz uranium enrichment plant in central Iran that disrupted the construction is a case in point.
Another highlight of China’s cyber security law is the ban on online service providers collecting users’ personal information irrelevant to the service, because some of them sell it to make money illegally. It is universally agreed that citizens’ personal information should be lawfully obtained with their consent and in accordance with relevant laws. China has decided to improve its laws by following this global practice.
Online service providers, on the one hand, are allowed to build their own database to store customers’ information, as long as it is legally collected. On the other hand, they have the legal obligation to protect the information they collect from leaking.
In the era of digital economy, customers’ online and offline traces, from their shopping preferences to how they commute, can be of great value to service providers. But such data exploitation must not come at the cost of citizens’ privacy, which specific provisions of the cyber security law vow to protect.
In particular, the law attaches equal importance to the ownership and use of data assets, by putting citizens’ individual rights before property rights. It stipulates that those who violate the provisions and infringe on personal information face hefty fines, reflecting the country’s determination to safeguard human rights and adjust to the digital age.
China’s cyber security laws and rules are in tandem with internationally acknowledged “codes of conduct” to counter cyberattacks and aimed at preventing potential cyber wars.
It is hoped that the United Nations will work on an international treaty on cyber security and has called on willing members to help realize it. In theory, the treaty is supposed to ban one state from using the internet to target other sovereign states, prohibit terrorists from disseminating radical literature and organizing terror attacks online, and urge all signatories to rein in online viruses. Security authorities are obligated to compensate victims of cyber crimes in other countries if their mishandling of digital data is to blame for the crimes. Besides, a supervision organ under the UN should be authorized to manage the issuance of domains.