China Issues New Internet Rules to Prevent ‘Data Exporting’

June 18, 2019 Updated: June 18, 2019

The Chinese regime is unveiling new internet regulations that could further restrict citizens’ access to foreign websites, potentially preventing them from even sending emails to foreign accounts, according to experts.

The Cyberspace Administration is the central government’s chief agency for internet censorship. The agency published a statement on June 13, in which it asked Chinese citizens to offer feedback about a newly proposed regulation on controlling how personal data is transmitted outside China.

New Rules

The new regulation, called “Evaluating the Safety of Exporting Personal Data,” defines personal data as information such as name, birthdate, ID number, biometrics information, home address, and telephone number, according to state-run media Xinhua.

The draft law states that all internet service providers (ISP) must apply for an evaluation from their local cyberspace administration provincial office before exporting users’ personal data. Meanwhile, the ISP is required to store records of how personal data is exported for at least five years.

The evaluation would determine whether the ISP or the data recipient has leaked data to someone that is not the intended recipient, or other such “data abuse”; whether the ISP or the data recipient has the capability to protect the personal data, and so on.

The announcement did not clearly define what was “data exporting,” but encouraged all individuals and organizations to report any offending ISPs who are suspected of exporting personal data without the local cyberspace administration’s approval.

Unlike laws, which are approved by China’s rubber-stamp legislature, regulations proposed by central agencies often first go through a draft phase in which, on paper, the public can review and make suggestions—before the rules are finalized.

But Chinese netizens complained that they could not log into the opinion collection system of China’s Justice Ministry, where the Cyberspace Administration said they would gather citizen feedback on the new rules.

Netizens’ Concerns

Many netizens expressed worries that these rules would further control and restrict their access. China already has a firewall in place in which many foreign websites and platforms such as Facebook, Twitter, and YouTube, are blocked.

China’s state-run Global Times ran a June 14 story trying to refute the netizen chit-chat about how the new rules would ban internet users from accessing all foreign websites.

The Global Times explained that the rule was seeking to protect the security of people’s personal data by controlling ISPs’ exports, and that the regulation would not impact on any individual users.

But netizens were not convinced.

“An unclear law is the most powerful weapon for the authorities to suppress people, because it can be arbitrarily interpreted according to authorities’ needs,” netizen Sunny Zhang commented on Twitter.

“I think the law wants to prohibit people from registering accounts on any overseas platforms or websites,” netizen Rain Season posted on Twitter.

“As an IT engineer, I can’t even understand the draft well. My understanding is that the regulation is trying to ban data transfers overseas, which means all internet companies must set their data servers inside China,” netizen Tuyoshi said on Twitter.

In November 2016, China’s rubber-stamp legislature approved an Internet Security Law that requires all internet users to register with their real name, ID number, and telephone number. In addition, the law requires that all data must be stored within China, including foreign companies operating in the country must also store data on servers located inside China. U.S. tech giant Apple, for example, transferred all iCloud data for their Chinese users to servers located in Guizhou Province, managed by a Chinese state-owned company with links to the military.

Many foreign companies have complained that this new law has strictly limited their business operations, while leaving their data vulnerable to hacking by authorities.

Meanwhile, Chinese netizens complained that their private user data was being stored and monitored by Chinese internet companies to comply with the authorities’ censorship rules.

Purpose of the Rule

Gu He, a Chinese internet observer, told the Chinese-language Epoch Times on June 17 that the new rules could indicate that the Chinese regime was further isolating its internet from the rest of the world.

“It’s a method that helps [the Chinese regime] create a whitelist, which is more powerful than a blacklist. Blacklist is adding untrustworthy entities to a banned list. Whitelist means that only those on the whitelist can access an open internet.”

Gu explained that current ISPs already have the ability to record users’ entire browser history, and even read users’ passwords for all their log-ins. Once the new rules are executed, the authorities would able to know netizens’ activities immediately from the ISPs, Gu said, furthering the internet monitoring apparatus.

Yang Zhi, a U.S.-based China affairs commentator, told the Chinese-language Epoch Times that the new rules could prevent foreign companies from transferring their data stored on local servers out of China, “because once cloud computing data can be transferred freely with other countries, the Chinese regime can’t maintain its control.”

Last year, China’s Ministry of Public Security launched new rules that would allow any official within the security apparatus to enter ISPs’ premises, computer mainframe rooms, and any other workspace, for the purpose of carrying out an inspection. The officials can look up and make copies of any information relevant to the inspection, and can dispense punishment for any behavior that they deem to be illegal.