Stephen*
Following the approval of the GDPR by the European Union in 2016 to improve protection for personal data and privacy, China also stepped up with a regulation for the cyberspace. However, it adopts a considerably different approach from the European legislation by focusing on cybersecurity and national interests instead.
The Cybersecurity Act of the People’s Republic of China was put in place in June 2017, with the aim of building a safer cyberspace and protecting national and social interests. The Act contains provisions regulating network information security, such as Article 40, which states that the confidentiality of users’ information and privacy shall be respected. However, these provisions seem to be powerless by the records of China’s enforcement. The Chinese government itself requires private corporations such as the popular social media platform WeChat to share data, while the platform can gain access to the users’ private messages and contacts [1]. This is already a constant breach of privacy by the State itself, showing that there is reason to believe the Act to be ineffective to protect privacy, contrary to its initially stated aim.
As presented in Article 24, users must provide real identity information to network operators to gain access to the Internet and correlated services. Such requirement is associated with the network identity credibility system that is in place in China. Instead of offering protection to network users, the measure is arguably invasive to them, thus antagonistic to the integrity and confidentiality principle upheld by GDPR.
Following on, Article 28 states that network operators are obliged to cooperate with the Cyberspace Administration of China (CAC) and local authorities. The rule allows the overruling of government institutions and national interests over private corporations and data protection, rendering Article 24 and the entire Chapter IV on Network Information Security ineffective if not useless. By invoking Article 28, privacy would be annulled and overturned in the name of national interests, which involve not only cybersecurity purposes but also demonstrations of subversion to the national regime (as prescribed in Article 12). As a result, online dissidents are further vulnerable to being persecuted by the State. Related to this is an increased level of self-censorship as individuals can be tracked down easily and persecuted for their opinions, exacerbating an echo-chambered society marked by repression.
In March 2020, the Provisions on Ecological Governance of Network Information Content came into force. Amid the outbreak of Covid-19 in January, control over cyberspace and cybersecurity became ultimate priorities, having the “dissemination of disinformation” as one of its main concerns. The public was outraged by the Chinese government’s ineffective measures to control the spread of the coronavirus and its attempts to cover up the outbreak. Critics toward the State made by dissidents had wide-spread support. The arrest of Li Wenliang, the whistleblower who exposed government authorities for covering up the coronavirus outbreak, just added fuel to the fire. The Provisions could be regarded as an act of damage control by the State to prevent the spread of dissents that could harm the reign of the Chinese Communist Party (CCP) in the long run.
The Provisions have asserted China’s long-lasting intention to tighten freedom of speech and to strengthen social control. According to Article 6, any content inciting hatred or damage toward the Chinese State’s and the CCP’s reputation is to be removed and prosecuted. Dissidents or separatist groups in Hong Kong and Xinjiang have also been classified as cases of domestic terrorism by the Chinese government, which could be used as another means to oppress ethnic minorities. Website operators belonging to the ethnic group of Uyghurs had been previously imprisoned for endangering state security in 2009 after the Urumqi riots despite only publishing news using the Uyghur language [2]. These riots constituted a watershed for the development of mass surveillance perpetrated by the Chinese State, as facial surveillance and online censorship were implemented and heightened to the current levels [3].
The Cybersecurity Act and the Provisions enacted in China upheld State and national interests as their priorities, pursuing the status quo’s maintenance by collaborating with network operators to expand mass surveillance onto the Internet. Despite the wordings of the Cybersecurity Act and the Provisions that entail cyberspace improvement and the provision of a freer environment for Chinese users, the approach is entirely different from the one in enshrined in GDPR. Its European counterpart advocates individuals’ rights and privacy protection with a detailed and precise mechanism.
The Internet could be a free public space for all to speak their mind, but it has been under constant threats and restrictions in authoritative countries like China. Dissidents in China cannot voice their opinions, or else they are subject to facing severe consequences for just speaking their thoughts. By expressing our perspectives on social policies and raising awareness, we can still help those under constant surveillance and protect cyberspace from being curtailed at the same time. Otherwise, the mass surveillance Orwellian state can end up becoming our new reality.
*This text is authored under the pseudonymous of Stephen.
Footnotes
[1] Davison, N., 2012. WeChat: the Chinese social media app that has dissidents worried. The Guardian, [online] Available at: <https://www.theguardian.com/world/2012/dec/07/wechat-chinese-social-media-app> [Accessed 18 December 2020].
[2] Griffiths, J., 2019. The Great Firewall Of China: How To Build And Control An Alternative Version Of The Internet. London: Zed.
[3] Handley, E., 2019. How China’s mass detention of Uyghur Muslims stemmed from the 2009 Urumqi riots. ABC News, [online] Available at: <https://www.abc.net.au/news/2019-07-05/china-xinjiang-urumqi-riots-10th-anniversary-uyghur-muslims/11270320> [Accessed on 18 December 2020].
Cybersecurity Act of People’s Republic of China (2017)
Article 5
The State takes measures for monitoring, preventing, and handling cybersecurity risks and threats arising both within and without the mainland territory of the People’s Republic of China. The State protects critical information infrastructure against attacks, intrusions, interference, and destruction; the State punishes unlawful and criminal cyber activities in accordance with the law, preserving the security and order of cyberspace.
Article 12
The State protects the rights of citizens, legal persons, and other organizations to use networks in accordance with the law; it promotes widespread network access, raises the level of network services, provides secure and convenient network services to society, and guarantees the lawful, orderly, and free circulation of network information.
Article 24
Network operators handling network access and domain name registration services for users, handling stationary or mobile phone network access, or providing users with information publication or instant messaging services, shall require users to provide real identity information when signing agreements with users or confirming the provision of services. Where users do not provide real identity information, network operators must not provide them with relevant services. The State implements a network identity credibility strategy and supports research and development of secure and convenient electronic identity authentication technologies, promoting reciprocal acceptance among different electronic identity authentication methods.
Article 28
Network operators shall provide technical support and assistance to public security organs and national security organs that are safeguarding national security and investigating criminal activities in accordance with the law.
Article 40
Network operators shall strictly maintain the confidentiality of user information they collect, and establish and complete user information protection systems.
Quebra de Página
Provisions on Ecological Governance of Network Information Content (2020)
Article 3
The national department for internet Information is responsible for overall planning and coordination of the governance of the online information content ecosystem and related oversight and management efforts nationwide, and each relevant regulatory department is to complete efforts on the governance of the online information content ecosystem based on their respective duties.
Local internet information departments are responsible for the overall planning and coordination of the governance of the online information content ecosystem and related oversight and management efforts in the corresponding administrative region, and each relevant local regulatory department is to complete efforts on the governance of the online information content ecosystem within the corresponding administrative region, based on their respective duties.
Article 6
Online information content producers must not make, reproduce, or publish illegal information that contains the following content:
(1) Content opposing the basic principles set forth in the Constitution;
(2) Content endangering national security, divulging state secrets, subverting the national regime, and destroying national unity;
(3) Content harming the nation’s honor and interests;
(4) Content distorting, vilifying, defiling, or denying the deeds and spirit of heroes and martyrs; or harming the names, images, reputations, and honor of heroes and martyrs through insult, defamation, or other such means;
(5) Content advocating terrorism or extremism, or inciting the commission of terrorist or extremist activities;
(6) Content inciting ethnic hatred or ethnic discrimination, or undermining ethnic unity;
(7) Content undermining the nation’s policy on religions, or promoting cults and superstitions;
(8) Dissemination of rumors, disrupting economic or social order;
(9) Disseminating obscenity, sex, gambling, violence, murder, terror, or instigating crime;
(10) Content insulting or defaming others, or infringing other persons’ honor, privacy, or other lawful rights and interests;
(11) Other content prohibited by laws or administrative regulations.
