China adopts cybersecurity law to protect national security, citizens' rights
Xinhua, November 8, 2016 Adjust font size:
China's top legislature on Monday adopted a cybersecurity law to safeguard sovereignty on cyberspace, national security and the rights of citizens.
The government will take measures to "monitor, defend and handle cybersecurity risks and threats originating from within the country or overseas sources, protecting key information infrastructure from attack,intrusion, disturbance and damage," the law states.
Efforts will also be made to punish criminal activities online and safeguard the order and security of cyberspace.
Individual users and organizations are not allowed to jeopardize security on the Internet or use it to "damage national security, honor and interests," according to the provisions.
Online activities that attempt to overthrow the socialist system, split the nation, undermine national unity, advocate terrorism and extremism are all prohibited, according to the provisions, which also forbid activities including inciting ethnic hatred, discrimination and spreading violence and obscene information.
The law was passed at the bimonthly session of the National People's Congress (NPC) Standing Committee, which concluded Monday, after a third reading.
According to the provisions, temporary measures including network communications control can be taken upon the decision or approval of the State Council in response to incidents that threaten public security.
The law obliges network operators to assist public security and national security organs in activities including safeguarding national security and investigating crimes.
It also mandates network operators to identify their clients when handling businesses, including network accessing and services that provide information.
PROTECTING KEY INFORMATION INFRASTRUCTURE
The law demands better protective measures for important industries, including public communications and information services, energy, transportation, finance and e-government services.
The operators of key information infrastructure must set up a special organ for security responsibility, the provisions state, adding that the background of the head of the organ as well as workers in key posts should be examined.
"The operators of such infrastructures are obliged to locally store data and personal information collected and produced by their services in China," according to the law.
If they need to provide the data and information for overseas use due to business needs, a security evaluation must be carried out, it adds.
The law also allows police and other law enforcement agents to take necessary measures, including the freezing of assets, against overseas individuals or organizations that "attack, intrude, interfere with or sabotage the nation's key information infrastructure."
It complies with international conventions for nations to protect their key information infrastructure, said Zuo Xiaodong, vice president of the China Information Security Research Institute, a government think tank.
Calling the provisions both necessary and timely, Zuo said safeguarding the key information infrastructure protected economic, social and national security.
According to 2014 data from the Cyberspace Administration of China, China has been a victim of cyber-attacks. More than 10,000 websites are tampered with every month, and about 80 percent of government websites suffered attacks, mainly originating in the United States.
SAFEGUARDING PERSONAL INFORMATION
Network operators are not allowed to leak, change or damage the personal information they gather, and are not permitted to offer personal information to others without consent of the persons involved, the provisions said.
Operators are obliged to take measures to ensure the personal information they collect is secure, the law stipulates.
Those who violate the provisions and infringe on personal information will face fines of up to one million yuan (about 148,000 U.S. dollars), according to the law, which adds that if illegal activities have led to profits, violators will face fines of up to 10 times their earnings.
Similar penalties will be given to those who steal or sell other people's personal information illegally, according to the provisions.
The law criminalizes websites that facilitate online fraud.
The manufacturing and selling of illegal or "controlled products" online is also prohibited, according to the legislation.
Wang Sixin, professor of law with the Communication University of China, said the provisions would play a positive role in protecting the personal information of the public, as it not only clarified the responsibilities of Internet service providers and operators, but also promised heavy penalties for trading personal information.
According to the Internet Society of China, about 84 percent of Internet users in the country say that they have been affected by personal information leaks. The number of Internet users in China hit 710 million in June this year.