Protection from exploitation of illegally obtained data among its highlights
China's cybersecurity law took effect on June 1, just a few weeks after the ransomware virus WannaCry hit computers around the world.
Designed to safeguard China's cyberspace sovereignty and security, the law-contrary to what some foreign observers say-is not about limiting the flow of information or hampering international trade, China's cybersecurity watchdog says.
The new law, adopted in November by the National People's Congress, China's top legislature, will better shield key information infrastructure and citizens' personal information against hackers and data thieves.
The new law says information and important data in key fields should be especially protected. Sensitive infrastructure, from public telecommunications services to the financial sector, must be carefully protected for the sake of citizens, who would suffer unnecessary losses if their personal information were leaked due to technological faults or stolen by data thieves. The 2010 cyberattack on the Natanz uranium enrichment plant in central Iran that disrupted construction is a case in point.
Another highlight of China's cybersecurity law is the ban on online service providers collecting users' personal information that is irrelevant to the service that is provided, because some of them sell it to make money illegally. It is universally agreed that citizens' personal information should be lawfully obtained with their consent and in accordance with the law. China has decided to improve its laws by following this global practice.
Online service providers, on one hand, are allowed to build their own database to store customers' information, as long as it is legally collected. On the other hand, they have a legal obligation to protect the information they collect from leaking.
In the digital economy era, customers' online and offline traces, from their shopping preferences to how they commute, can be of great value to service providers. But such data exploitation must not come at the cost of citizens' privacy, which specific provisions of the cybersecurity law are intended to protect.
In particular, the law attaches equal importance to the ownership and use of data assets, by putting citizens' individual rights before property rights. It stipulates that those who violate the provisions and infringe on personal information will face hefty fines, reflecting the country's determination to safeguard human rights and adjust to the digital age.
China's cybersecurity laws and rules are in tandem with internationally acknowledged "codes of conduct" to counter cyberattacks and are aimed at preventing potential cyber wars.
It is hoped that the United Nations will work on an international treaty on cybersecurity, and it has called on willing members to help realize it. In theory, the treaty is supposed to ban one state from using the internet to target other sovereign states, prohibit terrorists from disseminating radical literature and organizing terror attacks online and urge all signatories to rein in online viruses. Security authorities are obligated to compensate victims of cybercrimes in other countries if their mishandling of digital data is to blame for the crimes. In addition, a supervision organ under the UN should be authorized to manage the issuance of domains.
The author is a professor of law at Wuhan-based Zhongnan University of Economics and Law. The views do not necessarily reflect those of China Daily.