China's parliament publishes draft cybersecurity law

China has published a draft cybersecurity law, laying out guidelines for improving an area viewed as a national security priority.
China has published a draft cybersecurity law, laying out guidelines for improving an area viewed as a national security priority. PHOTO: REUTERS

BEIJING (REUTERS) - China’s parliament has published a draft cybersecurity law that consolidates Beijing’s control over data, with potentially significant consequences for internet service providers and multinational firms doing business in the country.

The document, dated Monday but picked up by state media on Wednesday, strengthens user privacy protection from hackers and data resellers but simultaneously elevates the government’s powers to access, obtain records and block dissemination of private information deemed illegal under Chinese law.

The law has been under discussion in China for months.

Citing the need “to safeguard national cyberspace sovereignty, security and development,” the proposed legislation is a milestone in China’s effort to bolster its network against threats to the country’s stability.

It will also enable the government to better regulate the flow of information in China.

Earlier in July, China’s largely rubber stamp parliament passed a sweeping national security law that tightened government control in politics, culture, the military, the economy, technology and the environment.

But cybersecurity has been a particularly irksome area in relations with economic partners like the United States, which sees many recently proposed rules as burdensome or unfair to Silicon Valley firms.

Under the draft law, internet service providers must store data collected within China on Chinese territory; data stored overseas for business purposes must be government-approved. Network equipment must also be approved under testing standards issued by China’s cabinet.

The government also reiterated its longstanding objective of requiring internet users to log in with their real names to services like messaging apps – though such drives have failed in the past.

The parliament said government agencies would issue additional guidelines for network security in “critical industries” such as telecoms, energy, transport, finance, national defence and military matters, government administration and other sensitive fields.

Parliament will take feedback on the proposed legislation until Aug 5.