China to launch cybersecurity law despite foreign concerns
China will implement a controversial cybersecurity law tomorrow despite concerns from foreign firms worried about its impact on their ability to do business in the world’s second largest economy. Passed last November, the law is largely aimed at protecting China’s networks and private user information at a time when the recent WannaCry ransomware attack showed any country can be vulnerable to cyber threats.
But companies have pleaded with the government to delay the legislation’s implementation amid concerns about unclear provisions and how the law would affect personal information and cloud computing. The government appears to still be scrambling to finalize the rules.
Just two weeks ago, Zhao Zeliang, director of the cybersecurity bureau, gathered some 200 representatives from foreign and domestic companies and industry associations at the new headquarters of the Cybersecurity Administration of China (CAC) in Beijing. The May 19 discussion centred on a draft of the rules for transferring personal data overseas, participants told AFP.
Attendees received an updated version of the document, as well as Zhao’s assurance that regulators would remove some of the language that had received strong objections, they said.
The new document, obtained by AFP, removed a contentious requirement for companies to store customers’ personal data in China.
‘Headaches for companies’
But concerns remain. “The regulator is unprepared to enforce the law” and it is “very unlikely” anything will happen on June 1, said one participant, who asked for anonymity to discuss the sensitive issue. That impression was only strengthened a few days after the meeting, when authorities issued 21 new draft documents describing national standards on topics from cloud computing to financial data, noting they would be available for public comment until July 7.
More new drafts, including detailed guidelines on crossborder data transfers, were published Saturday. It is “crystal clear that the regulatory regime is evolving and does not simply switch on like a light June 1”, said Graham Webster, an expert on Sino-US relations at Yale Law School.
Beijing, he said, is “wrestling with legitimate challenges that every country faces, and ... much of the caution and ambiguity comes from a desire to get things right.” But the process is causing “headaches for companies, Chinese and foreign alike”.
Protecting ‘national honor’
China already has some of the world’s tightest controls over web content, protected by what is called “The Great Firewall”, but even some of its universities and petrol stations were hit by the global ransomware attack in May. The draft cybersecurity rules provided at the CAC meeting address only one part of the sweeping law. —AFP