CHINA: first 100 days of Cybersecurity Law sees active enforcement and more guidelines, but still uncertainties
Carolyn Bigg of DLA Piper writes:
Almost 100 days have passed since the new PRC Cybersecurity Law came into force. While the enforcement environment is becoming clearer – and shows data protection and cyber security in China is a real risk to be taken seriously – most of the new guidelines published to try to add meat to the bones of the new law are unfortunately still in draft; and there are still major uncertainties around who is a KIIO, and how and when network operators can transfer data overseas.
Key developments over the Summer include:
• Actual enforcement action: as widely reported in the press, there has been a flurry of enforcement activity by the CAC under the new Cybersecurity Law, including very high profile investigations into some of the biggest online platforms in China, as well as enforcement notices being issued at a local level. This has been alongside the ongoing crackdown on illegal VPN use, meaning a very busy Summer for the regulators. It reinforces our predictions that the combination of an organised, proactive regulator – alongside greater regulatory engagement through assessment, certification and whistleblowing mechanisms in the new law – means the enforcement risk in China is now much higher, and the new law cannot be ignored.
• Draft KIIO regulations: the CAC published for consultation its draft Regulations on Protection of Critical Information Infrastructure Security on 10 July 2017. Some of the key draft proposals include:
Read more on Privacy Matters.
In developments elsewhere, Mark Young of Covington & Burling writes that the UK government is proposing a cybersecurity law with serious fines. A published consultation The consultation
includes a proposal to fine firms that fail to implement “appropriate and proportionate security measures” up to EUR 20 million or 4% of global turnover (whichever is greater).
Read more on InsidePrivacy.
Wondering how our own cybersecurity is progressing? I found it outrageous that President Trump recently congratulated Finland on its cybersecurity program and suggested that we would be right up there with them soon when the reality is that more than 1/4 of President Trump’s advisors recently resigned en masse, citing, in part, the President’s lack of attention to serious national security matters involving cybersecurity. Gah…..