The Standing Committee of the National People’s Congress, China’s top legislature approved the new Cybersecurity Law on November 7, which was created for reasons of national security and to curb internet fraud. It will take effect in June 2017.
Overseas criticism has come from the multinational business community and international human rights groups, both of which take issue with the law’s national security agenda.
Rights groups criticize the law for furthering government online censorship and restricting freedom of speech. The provisions prohibit “online activities that attempt to overthrow the socialist system, split the nation, undermine national unity,” and “activities including inciting ethnic hatred, discrimination and spreading violence and obscene information.” Rights groups say the language of the law, like that of many other Chinese regulations regarding national sovereignty and security, is vague, lacks clarity and gives enforcement bodies excessive discretionary power.
Passage of the law follows several high-profile cases of criminal prosecution for online commentaries posted by Chinese citizens, including former human rights lawyer Pu Zhiqiang, whose Weibo entries resulted in his disbarment and a suspended jail term.
Global technology giants are also unhappy with the law’s national security provisions, which include a requirement that companies store data collected from Chinese users in local servers. In addition, employees in certain posts are subject to background checks, and if data needs to be transferred overseas for business purposes, companies must pass a security evaluation.
The business community has strongly opposed these provisions: In August, more than 40 business groups from the U.S., Europe and Japan wrote to Prime Minister Li Keqiang, urging that the draft be amended to ensure that foreign companies receive equal market opportunities. Foreign companies fear that storing information in China could potentially jeopardize their business interests, putting their intellectual property and product security at risk. And they say the provisions may inadvertently benefit homegrown Chinese Internet and technology companies such as Alibaba Group Holding Ltd. and Huawei Technologies Co.
The less controversial goal of the law is to protect individuals from the country’s increasingly rampant incidence of cybercrime. The law came about following two recent tragedies that enraged the nation: In August, 18-year-old high school graduate Xu Yuyu from Shandong province died from a heart attack after giving all $1,575 of her college tuition to a scammer claiming to be a government official. The scammer had bought her personal information from an Internet hacker. In an almost identical case, a 20-year-old college student in the same province suffered a fatal heart attack after losing $318 in an Internet scam.
The government hopes that the new cybersecurity law, which comes with hefty fines, will help curb such scams. Violators of the personal information protection provisions will face fines of up to $148,000 or 10 times their profits.
Anna Zhang writes for The Asian Lawyer, an ALM sibling of this newsletter, in which this article originally appeared. She can be reached at firstname.lastname@example.org.
The views expressed in the article are those of the authors and not necessarily the views of their clients or other attorneys in their firm.