Cybersecurity to be further strengthened
New wave of regulations should be introduced to help crack down on online hackers, according to industry insiders
Cybersecurity has been beefed up since tough new regulations were rolled out in the summer.
But industry insiders have insisted that more needs to be done after laws were introduced on June 1 to protect personal and sensitive information, as well as individual privacy.
Zuo Xiaodong, vice-president of the China Information Security Research Institute, has followed the process carefully since the National People's Congress adopted new legislation in November 2016.
"The law has played its role in protecting cybersecurity," he said. "The authorities have cut down on security risks by issuing related rules and regulations."
Hackers are likely to face criminal charges for leaking or selling private or sensitive information.
The new law also covers regulations relating to classified data.
They specified that key fields should be protected, such as sensitive infrastructure, public telecommunications services and the financial sector.
By August, the Cyberspace Administration of China released a set of guidelines.
The country's internet regulator made it clear that the 10 most popular apps, including Alipay, a fintech affiliate of Alibaba Group Holding Ltd, and social media giants, WeChat and Weibo, should clearly explain their privacy protection rules to users.
They are expected to better protect personal information, or data of internet users.
"Such rules are needed and can help us enforce the law effectively," Zuo said, adding that posting relevant, or supplementary regulations, should be accelerated.
"For instance, we urgently need a rule to regulate the protection of cross-border data," he added.
"And as for data sent overseas, we should have a security evaluation."
Zhou Hanhua, a researcher at the Institute of Law with the Chinese Academy of Social Sciences, echoed Zuo's opinion.
He felt the recent bout of legislation was "just the first step" in improving cybersecurity, pointing out that the country still faced some challenges.
"We need to specify how to conduct a security assessment or how to review the security of online products, or services, ready to enter the Chinese market," Zhou said.
"The review on standard procedures, I think, should be clarified," he added.
More certainly needs to be done, according to Wang Lequan, president of the China Law Society.
In his view, the foundations of cybersecurity have now been laid. But legislation still has to be agreed and announced, covering a range of other online "activities."
"Regulations on certain industries, or activities, such as those covering children and e-commerce, should be further improved quickly," Wang said.
He also called for greater communication and cooperation between online regulatory departments, companies and members of the general public to crack down on internet "offenders".
Up-to-date research on social studies of internet use would also be valuable in the fight to protect data.
Still, it is crucial the law is implemented in an orderly manner with relevant authorities working together.
"It is important to enhance awareness of security and rule of law in government departments, enterprises, social organizations, technicians and the general public," Wang said. "We must call on them to join our efforts against online offenders.
"Related legal research or studies should also be updated regularly as they are in great demand," he added.
Timeline of regulations
November 2016
・ The Standing Committee of the National People's Congress passes China's first Cybersecurity Law.
・ It allows authorities to take action against overseas individuals or organizations that harm China's interests.
June 1, 2017
・ The Cybersecurity Law comes into effect.
・ Information and important data in key fields should be protected, as well as "sensitive" infrastructure, telecommunications services and the financial sector.
・ A ban on online service providers collecting personal information from users that is irrelevant to the services they provide.
・ Personal information should be obtained in accordance with relevant laws.
August 2017
・ China's Cyberspace Administration, or CCA, adopts supplementary regulations based on the Cybersecurity Law.
・ Service providers must take responsibility for reviewing and supervising online information and forums.
・ Online forum users must be registered under their real names.
・ Internet administrators should increase supervision on online comments.
・ Illegal comments should not be published.
・ People who publish illegal comments should be named on a blacklist.
September 2017
・ CCA issues new supplementary regulations based on the Cybersecurity Law.
・ Social media and internet group chats, such as WeChat, QQ and Weibo, come under new regulations.
・ Groups that post illegal content, such as pornography, violence, terrorism-related offenses and false information, will have their accounts closed or suspended.
・ The groups' founders will have their credit ratings lowered, their management rights suspended and put on a blacklist.
October 2017
・ CCA adopts further supplementary regulations based on the Cybersecurity Law.
・ The behavior of employees working for online news service providers comes under new regulations.
・ Staff members to receive regular training.
・ Those posting improper information will be named on a blacklist.
・ While developing new internet technologies, news service providers must safeguard national security and public interest.