China has been eager to claim its “internet sovereignty” since the eighteenth party congress, with internet control naturally topping the central leadership’s agenda. The recently released cyber security law draft, while aiming to codify the previously scattered internet regulation policies and solidify the Cyberspace Administration’s status as the leading internet governing body, has demonstrated the country’s determination to take a more effective and concentrated approach to make cyberspace a “safe and harmonious” territory.
The draft legalises China’s use of the ‘Great Firewall’ to deny domestic citizens’ access to information the authorities deem forbidden by laws and regulations. Article 43 of the draft states that the Cyberspace Administration and relevant departments shall notify relevant organisations to adopt technological and other necessary measures to block the transmission of information that is prohibited by Chinese laws and regulations.
The draft also rationalises the internet shutdown tactics that were previously deployed during the Xinjiang riot in 2009. Article 50 of the draft promulgates the notion that in order to fulfil the need to protect national security and social public order and respond to major social security incidents, the State Council, or the governments of provinces, autonomous regions and municipalities with approval by the State Council, may take temporary measures concerning internet communication in certain regions, such as restricting it.
Furthermore, the draft imposes internet companies’ obligation to actively monitor internet users’ content and delete content that is forbidden by laws and regulations in order to prevent that information from spreading (Article 40). Failure to prevent illegal information from spreading will result in punishment including warnings, fines and even forced closure (Article 57). Law enforcement can also enlist network operators’ help for national security and criminal detection purposes (Article 23).
The draft also duplicates the stringent requirements on the real identity registration system of the NPCSC’s 2012 Decision on Strengthening Network Information Protection, according to Clement Chen, a post-doctoral fellow at the Faculty of Law, HKU. Article 20 of the draft prescribes that network operators shall require users to provide real identity information when signing service agreements to ensure the traceability of the internet content. Where users do not provide real identify information, network operators must not provide them with relevant services. Chen adds that while the draft imposes obligations to protect privacy on the ISPs, it does not impose equally comprehensive obligations on public authorities in relation to their collection and processing of personal information within the broad scope of ‘internet security maintenance’.
The draft law may cement the Cyberspace Administration’s central leadership in administering, coordinating and supervising cyberspace affairs. The Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration of Press, Publication, Radio, Film and Television may only play a subordinate role.
The Cyberspace Administration, or the Office of the Central Leading Group for Cyberspace Affairs, was set up in 2013 with the aim of enhancing China’s cyber security and informatisation strategies. Chinese President Xi Jinping has since served as its chairman and on many occasions has stressed that cyber security and informatisation are significant strategic issues critical to national security and development.
The Cyberspace Administration’s role has also been expanded from monitoring and censoring online content to evaluating and authorising the overseas storage and transfer of Chinese citizens’ personal information, based on Article 31 of the draft law. However, with the enhancement and expansion of the Cyberspace Administration’s role, it is unclear whether it will be subject to any form of supervision and oversight.
The draft law may be seen as China’s official response to both domestic and foreign criticisms of the current chaotic and inefficient internet control mechanisms. By codifying internet control policies and concentrating power in one body, China is likely to exert more aggressive posturing, with more efficiency, in governing domestic cyberspace.