China looks to increase penalties under its cybersecurity law

China looks to increase penalties under its cybersecurity law

BEIJING: China’s cyberspace regulator on Wednesday (Sep 14) proposed a series of amendments to the country’s cybersecurity law including raising the size of fines for some violations, saying that it wanted to do so to improve coordination with other new laws.

The Cyberspace Administration of China (CAC) said, for example, that it wanted to introduce a penalty that would see operators of critical information infrastructure which used products or services that had not undergone security reviews be fined up to an equivalent of 5 per cent of their previous year’s revenue, or 10 times the amount they paid for the product.

It also said it wanted to raise the fines for some violations, from up to 100,000 yuan (US$14,371) previously to 1 million yuan. The proposed amendments are open to public feedback until Sept. 29, it added.

China’s 2017 cybersecurity law marked the first major set of rules governing the storage and transfer of data of Chinese origin.

The country over the past year has added laws on data security and personal information protection.

The changes have impacted how companies in China operate and especially how they handle data such as user information.

In July, the CAC said Chinese ride-hailing giant Didi Global had violated three major laws and fined it US$1.2 billion.