LOFTER for ipad —— 让兴趣,更有趣

点击下载 关闭

LOFTER-网易轻博

tc260

40浏览    3参与
Qingrong Zhu

PaRR Special Report•Article 5

China needs universal cyberspace legislative framework to align with US and EU

•The ultimate goal of US internet governance is freedom
•EU gives personal data same weight as personal dignity
•China will strengthen data localization in future data protection laws

China needs to create a universal legislative...

China needs universal cyberspace legislative framework to align with US and EU

•The ultimate goal of US internet governance is freedom
•EU gives personal data same weight as personal dignity
•China will strengthen data localization in future data protection laws

China needs to create a universal legislative framework and standards governing cyberspace to align with other jurisdictions including theUS and the European Union (EU), said Liu Jinrui, an associate researcher at the Institute of Law of China Law Society.

Liu acts as an informal adviser to lawmakers in relation to cybersecurity related rule making processes in China, and made the remarks at a legal conference held in Beijing recently.

Liu said that, as an originator of the internet, the US has taken the lead in internet regulation and engaged in promoting internet freedom and deregulation.

"Countries who follow in the steps of US with advanced technological development also prefer unregulated internet communications," said Liu.

However, today internet rule making is no longer dominated by one country, according to Liu.

The PRISM scandal was a watershed, Liu said, referring to disclosure of the covert surveillance program that allowed the US National Security Agency (NSA) to collect data from various internet giants.

In the wake of that scandal, the US ceded control over the Internet Corporation for Assigned Names and Numbers (ICANN), an organization responsible for the control of domain names, and transitioned the functions of the organization to the global multi-stakeholder community, Xu Ke, the executive director of the Digital Economy and Law Innovation Research Center at the University of International Business and Economics, said at the same panel. 

According to Liu, the ultimate goal of US internet governance is freedom. Restriction of the free flow of data is considered as restricting the free market and even freedom of speech and expression. In the EU, information and personal data have been given the same weight as personal dignity. "It became a human rights issue," said Liu. 

In China, data localisation, as well as security assessment of outbound data transfers specified in Article 37 of China's Cybersecurity Law(CSL), are measures adopted to ensure national security. However, "it is confusing to place the protection of personal rights and the safety measures for national security under one law," Liu added.

Facing the rise of big data, the EU has tightened its restrictions, whereas the US has loosened its grip, Liu said. "China shall make a judgment on its regulatory direction and opt for its preferred legislative model," he said. 

Xu said that data localisation was likely to become embroiled in a global "tit-for-tat" contest.

"China, US and the EU are engaged in a global contest to expand their authority in data regulation," Xu said.

Although China prefers the approach of adopting a multilateral mechanism and the participation of multi-stakeholders in global internet regulation, "China will seek to further strengthen data localization in its future data protection laws," Xu added.

by Qingrong Zhu in Beijing

* This article was included in the PaRR's Special Report: Cybersecurity & Data Privacy published on 29 August 2019. 

Qingrong Zhu

PaRR Special Report•Article 4

China's proposed cross-border data transfer rules to be 'substantially revised' after US trade negotiations

•China tightens grip on data flows as US lifts restrictions
•Trade talk aims at principle issues including data flows

The second draft of China's Information Security Technology–Guidelines for...

China's proposed cross-border data transfer rules to be 'substantially revised' after US trade negotiations

•China tightens grip on data flows as US lifts restrictions
•Trade talk aims at principle issues including data flows

The second draft of China's Information Security Technology–Guidelines for Data Cross-Border Transfer Security Assessment (the 'draft guidelines') will be "substantially revised or even completely abolished" as a foreseeable outcome of the China-US trade negotiations, according to a person familiar with the matter and a Beijing-based senior lawyer engaged in data compliance. 

The draft guidelines were designed to instruct network operators and relevant authorities to assess the purposes and security risks before an outbound transfer of personal and important data. Based on the second draft, network operators are required to ensure the legality, legitimacy and necessity of data transfer, as well as to minimize the risks of leakage, destruction, manipulation, or abuse of data after outbound transfer. 

The drafting process commenced at the beginning of 2017. The first draft was released on 27 May of the same year to solicit public opinions. Three months later, the second draft was released on 25 August for a second comment period. However, no substantial progress on the draft guidelines has been achieved since that time.

According to the person familiar with the matter, the current pause in the process of finalizing of the draft guidelines is due to the uncertainty in the ongoing trade negotiations between China and the US.

While China is tightening its grip on cross-border data transfers with security assessment demands, the US is lifting restrictions to promote free cross-border data flows, said the person familiar with the matter, referring to the United States-Mexico-Canada Agreement (USMCA) which discourages data localization and data flow restrictions with strong language.

The USMCA does not allow for prohibitions or restrictions on cross-border transfers of data including personal information (Article 19.11), or stipulating the location of computing facilities (i.e., computer servers) in a territory for business operation (Article 19.12), said the person familiar with the matter, adding that these requirements run contrary to China's approach to data regulation. 

The person familiar with the matter said the divergence between China and the US on cross-border data transfer is one of the "important issues of principle," referring to a statement made by China's Vice Premier Liu He on 11 May. At the time, Liu said: "While cooperation is the only right choice for China and the US, Beijing will not yield on important issues of principle".

The real purpose behind the trade talks is to negotiate principles issues, Wang Xinkui, chairman of Shanghai WTO Affairs Consultation Centre, said during a digital economy and trade seminar at Shanghai Academy of Science recently.

Speaking to members of international organizations and global experts, Wang said that current debate on tariffs are "a means but not (an) end." China's restrictions on free flow of business data and location of computing facilities, as well as requirements of safety assessments, are borne out of necessity of China's development and public policy, Wang said, adding that these restrictions are relevant to the topic of foreign access to China's cloud computing markets, which will be discussed in future negotiations. 

In addition, the person familiar with the matter said that personal data and important data will be treated differently; while regulations on personal information will be aligned with international practices, important data will fall into a distinct category in which Chinese regulators will insist on sovereignty. 

The Cyberspace Administration of China (CAC) declined to comment.

by Qingrong Zhu in Beijing

* This article was included in the PaRR's Special Report: Cybersecurity & Data Privacy published on 29 August 2019. 

Qingrong Zhu

PaRR Special Report•Article 2

China's data security rules raise worries on privacy of correspondence

•Latest amendments ensure privacy and safety of correspondence
•Article 25 may violate constitutional rights and Legislation Law
•Increasing compliance duties harm small- and mid-sized companies

Draft Data Security Administrative...

China's data security rules raise worries on privacy of correspondence

•Latest amendments ensure privacy and safety of correspondence
•Article 25 may violate constitutional rights and Legislation Law
•Increasing compliance duties harm small- and mid-sized companies

Draft Data Security Administrative Measures ('draft measures'), released on 28 May by the Cyberspace Administration of China (CAC) for a month-long public comment period, have raised concerns over infringement of freedom and privacy of correspondence protected in China's Constitution, a number of academics said during a data legal governance event hosted in Beijing recently. 

As departmental rules, the draft measures should adhere to the Constitution and the Legislation Law and be in line with other domestic laws, in order to ensure their legality, said a law professor.

However, once it is effective Article 25 of the draft measures could jeopardize citizens' freedom and privacy of correspondence protected by Article 40 of the Constitution, said a second law professor.

Article 25 calls for network operators to take measures not simply to remind users to be responsible for their online activities and strengthen self-discipline, but also to include the information releaser's account details or permanent user identification within the original information for other users to share the items. There is no exclusion, moreover, for private communications on social media from the application scenarios within the Article.

Attaching warning notices within private conversations on social media could spark controversy over surveillance of correspondence, said the second law professor, highlighting that the Constitution allows only public security or prosecution authorities such surveillance powers under the law, to adopt procedures to investigate communications for the purposes of national security or criminal investigation. 

Violating the constitutional rights of freedom of correspondence will make Chinese tech companies easily fall prey to foreign regulators and hamper their overseas markets, echoed the first professor, adding that the labelling requirement was initially designed to prevent defamation, especially on messaging and social media apps.

In addition, the provision could result in reduction of dataflows, which will have a far-reaching influence on the development and prosperity of the internet industry, the first professor added.

Article 25 lacks clarity on the liability for sharing misinformation; it is unclear whether the users who share items will bear the same responsibility as the originator, said a researcher of a government thinktank. According to the researcher, the labelling requirement could become an additional burden for tech companies involving content regulation, such as blocking accounts that posted illegal information.

The first professor told the seminar that the CAC is aware of the concerns over privacy of correspondence. He said as far as he knew the latest amended version of Article 25 stipulates social network operators need to take measures to "ensure the privacy and safety of individuals' correspondence", and "automatically attach the user's account identification to the original or initial information of the user post in public on social media.”

The second professor expressed further concern over the "information identification" requirement in the recommended national standard 'Information security technology – Specification for the management of information identification on social networking platform' ('Specification'), which was released on 1 February this year by the National Information Security Standardization Technical Committee (TC260) for public consultation until 18 March.

Article 5.1 of the Specification calls for social network platforms to generate a unique identification containing details including user code, information code, and published time, for information that users post on the platforms. This requirement will impair citizens' rights and expand the scope of platforms' duties which is prohibited by Article 80 of the Legislation Law, the second professor said. Article 80 stipulates that without legal basis from the laws, or administrative regulations, decisions or orders issued by theState Council, any departmental regulation must not impair the rights or expand the scope of duties of any citizens, legal persons, or organizations. 

Although Article 25 was designed to tackle defamation on messaging and social network apps, the necessity of addressing the issue with a regulatory provision remains questionable, a legal counsel from a tech giant said.

Since the draft measure applies to all network operators, increasing compliance duties will bring unintended consequences to the internet industry, and especially for the development of small- and mid-sized companies, said a third law professor.

by Qingrong Zhu in Beijing

* This article was included in the PaRR's Special Report: Cybersecurity & Data Privacy published on 29 August 2019. 

LOFTER

让兴趣,更有趣

简单随性的记录
丰富多彩的内容
让生活更加充实

下载移动端
关注最新消息