New Chinese Law on Cybersecurity Will Increase Censorship & Data Surveillance

The Chinese government passed a new set of regulations that will tighten existing policies on censorship and data surveillance. From June 1 and onward, outflow of any kind of personal and important data will be restricted and censored by key information infrastructure operators (KILO).

Network operators and internet service providers also fall under the newly proposed regulatory regime, and as a result are obligated to impose new security and data protection systems.

Ambiguity in “Personal Information”

Local authorities and lawmakers stated that “personal information” falls under the newly introduced regulatory frameworks and thus needs to be restricted. For businesses or network operators to send both online and offline personal data to recipients of China, they are required to obtain permission from the National Cyberspace Administration and State Council in a security assessment.

However, the announcement of China’s regulatory regime on cyber security became controversial after the users realized that the category of “personal information” described by the Chinese lawmakers cover virtually any kind of data ranging from personal bio metric information to financial data.

The official document reads:

“‘Personal information’ is defined as including all kinds of information, recorded electronically or through other means, that taken alone or together with other information, is sufficient to identify a natural person’s identity, including, but not limited to, natural persons’ full names, birth dates, identification numbers, personal biometric information, addresses, telephone numbers, and so forth. However, the types of information that might constitute “important data” is currently unclear.”

According to the document drafted and passed by the Chinese government, any kind of information that can be used to identify a Chinese individual falls under the regulatory framework and tightened restriction. Even the outflow of financial data will be under scrutiny as financial information can be used an important tool to identify one’s location and spending habits.

Increased Control of Network Service Providers

The document also notes that network operators or network service providers, in other words telecommunication companies, will be obligated to censor or restrict any type of data they consider as personal.

With the new regulatory framework in place, ISPs and telecommunication companies will be legally allowed to censor and observe “any system comprising computers or other information terminals and related equipment for collection, storage, transmission, exchange and processing of information.”

Websites and platforms that store personal or financial data will most likely be required by the central government to censor and restrict the flow of information, depending on the certain situations. The document emphasizes that by law, website owners or operators are considered as network operators and thus are obligated to pass on necessary information to the government.

“Some commentators are suggesting that these broad definitions could catch any business that owns and operates IT networks/infrastructure or even just websites in China,” the document read.

Inevitably, such tightening of regulations on data processing and settlement will have a large impact on various industries and companies that are hugely dependent on data storage. More importantly, the general population will be subjected to increased censorship and data restriction in the near future.

Image via Digital Trends