China’s recent cybersecurity laws have been cited by the government as internet and personal data protection milestones, while being viewed with suspicion by foreign multinationals as potentially increasing compliance costs. The one certain thing is that the Chinese government
is succeeding in exercising more control and oversight over cyberspace.
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...Vishni Ganepola
When compared with certain other jurisdictions, Sri Lankan legal framework on cyber-crimes is much effective. Yet, there is much potential for it to develop into a more effective legal framework. The chapter suggested certain measures that can be implemented to national level as well as in international level to provide for the irregularities that exist in system while giving examples from few main jurisdictions. Legal measures in order to identify existing and new offences, to provide interpretations for undefined yet commonly used terms and measures to implement lenient measures in relation to admissibility of computer evidence were suggested while social measures to increase public awareness and IT literacy and measures to provide required training expertise to investigators were also suggested. Base of ICT Law is technology. Therefore, answers to certain irregularities could also be found through technology. Thus, technical measures such as implementing national encryption policy and monitoring and surveillance system were recommended. Recommendations were proposed for the international community on how to enhance mutual legal assistance and on empowering international criminal justice system on cyber-crimes.
Existing Sri Lankan Legal Framework on Cyber CrimesVishni Ganepola
This document summarizes the existing Sri Lankan legal framework regarding cybercrimes. It outlines several key cybercrime offenses recognized under Sri Lankan law, including computer hacking, computer cracking, unauthorized modification of computers, crimes against national security/economy/public order, unlawful acquisition of information, illegal interception of data, and use of unlawful devices. It discusses the elements and penalties for each offense based on provisions in the Computer Crimes Act and other Sri Lankan legislation such as the Intellectual Property Act and Sri Lanka Telecommunications Act.
EFFECTIVENESS OF THE EXISTING LEGAL FRAMEWORK GOVERNING CYBER-CRIMES IN SRI L...Vishni Ganepola
In compliance with the Budapest Convention, the CCA has recognised almost all the cyber-crime offences that are provided in the convention. Mere fact that the legal system recognises certain cyber-offences or that it provides a special mechanism to conduct investigations does not render the legislative framework effective. For the legislative framework to be considered effective, it should be capable of achieving the objective for which it was established. Accordingly, the effectiveness of the contemporary legislative framework shall be assessed based on its success in identifying and preventing cyber-crimes, conducting investigations, enforcing the enacted laws and in protecting human rights and liberties which are the objectives behind the enforcement of the cyber-crime legislative framework.
Cyber Crimes: The Transformation of Crime in the Information AgeVishni Ganepola
The research paper attempts to provide a definition on cyber-crimes and has also identified few types of cyber-crimes that have been internationally recognized.
Encryption is important for privacy but Kenya currently lacks comprehensive encryption laws. The Kenyan constitution guarantees privacy for citizens but does not provide specific guidance on encryption use. While some laws touch on encryption, there are no overarching laws regarding rights to encryption, licensing, or obligations to assist authorities. If Kenya enacts encryption legislation, it should balance privacy rights with law enforcement needs and involve input from technology companies, civil society groups, and citizens.
The document outlines Republic Act No. 10175, also known as the Cybercrime Prevention Act of 2012, which defines and penalizes cybercrimes such as illegal access, cybersex, and libel. It establishes the Cybercrime Investigation and Coordinating Center to investigate cybercrimes and allows law enforcement to collect traffic data with a court order. The law was controversial due to introducing internet libel as an offense and was temporarily blocked by the Supreme Court.
Digital security law security of individual or governmentM S Siddiqui
The document discusses Bangladesh's proposed Digital Security Act 2018 and debates around balancing national security, personal security, and freedom of expression. It summarizes key sections of the proposed law that have raised human rights concerns, such as allowing searches and arrests without warrants. While cyber security aims to protect digital systems and data, the law may infringe on citizens' privacy and speech. There are calls to amend sections to ensure rights are not violated in the name of national security.
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...Vishni Ganepola
When compared with certain other jurisdictions, Sri Lankan legal framework on cyber-crimes is much effective. Yet, there is much potential for it to develop into a more effective legal framework. The chapter suggested certain measures that can be implemented to national level as well as in international level to provide for the irregularities that exist in system while giving examples from few main jurisdictions. Legal measures in order to identify existing and new offences, to provide interpretations for undefined yet commonly used terms and measures to implement lenient measures in relation to admissibility of computer evidence were suggested while social measures to increase public awareness and IT literacy and measures to provide required training expertise to investigators were also suggested. Base of ICT Law is technology. Therefore, answers to certain irregularities could also be found through technology. Thus, technical measures such as implementing national encryption policy and monitoring and surveillance system were recommended. Recommendations were proposed for the international community on how to enhance mutual legal assistance and on empowering international criminal justice system on cyber-crimes.
Existing Sri Lankan Legal Framework on Cyber CrimesVishni Ganepola
This document summarizes the existing Sri Lankan legal framework regarding cybercrimes. It outlines several key cybercrime offenses recognized under Sri Lankan law, including computer hacking, computer cracking, unauthorized modification of computers, crimes against national security/economy/public order, unlawful acquisition of information, illegal interception of data, and use of unlawful devices. It discusses the elements and penalties for each offense based on provisions in the Computer Crimes Act and other Sri Lankan legislation such as the Intellectual Property Act and Sri Lanka Telecommunications Act.
EFFECTIVENESS OF THE EXISTING LEGAL FRAMEWORK GOVERNING CYBER-CRIMES IN SRI L...Vishni Ganepola
In compliance with the Budapest Convention, the CCA has recognised almost all the cyber-crime offences that are provided in the convention. Mere fact that the legal system recognises certain cyber-offences or that it provides a special mechanism to conduct investigations does not render the legislative framework effective. For the legislative framework to be considered effective, it should be capable of achieving the objective for which it was established. Accordingly, the effectiveness of the contemporary legislative framework shall be assessed based on its success in identifying and preventing cyber-crimes, conducting investigations, enforcing the enacted laws and in protecting human rights and liberties which are the objectives behind the enforcement of the cyber-crime legislative framework.
Cyber Crimes: The Transformation of Crime in the Information AgeVishni Ganepola
The research paper attempts to provide a definition on cyber-crimes and has also identified few types of cyber-crimes that have been internationally recognized.
Encryption is important for privacy but Kenya currently lacks comprehensive encryption laws. The Kenyan constitution guarantees privacy for citizens but does not provide specific guidance on encryption use. While some laws touch on encryption, there are no overarching laws regarding rights to encryption, licensing, or obligations to assist authorities. If Kenya enacts encryption legislation, it should balance privacy rights with law enforcement needs and involve input from technology companies, civil society groups, and citizens.
The document outlines Republic Act No. 10175, also known as the Cybercrime Prevention Act of 2012, which defines and penalizes cybercrimes such as illegal access, cybersex, and libel. It establishes the Cybercrime Investigation and Coordinating Center to investigate cybercrimes and allows law enforcement to collect traffic data with a court order. The law was controversial due to introducing internet libel as an offense and was temporarily blocked by the Supreme Court.
Digital security law security of individual or governmentM S Siddiqui
The document discusses Bangladesh's proposed Digital Security Act 2018 and debates around balancing national security, personal security, and freedom of expression. It summarizes key sections of the proposed law that have raised human rights concerns, such as allowing searches and arrests without warrants. While cyber security aims to protect digital systems and data, the law may infringe on citizens' privacy and speech. There are calls to amend sections to ensure rights are not violated in the name of national security.
The document summarizes cyber crime laws in Pakistan. It outlines several key laws related to cyber crimes, electronic transactions, telecommunications, and electronic fund transfers. The primary law is the Prevention of Electronic Crimes Ordinance of 2007, which defines various cyber crimes and corresponding penalties. The laws aim to address online criminal activities and regulate electronic transactions, telecommunications systems, and payment systems in Pakistan.
Computer crime and the adequacy of the current legal framework in sri lankaVishni Ganepola
The slide set gives a brief idea as to what is computer crime,types of computer crimes, Existing Legal Framework on Computer Crimes in Sri Lanka, Effectiveness of the current legal framework and also provides few recommendations for further advancement in law.
You can access the video in the second page via the following link:
https://www.youtube.com/watch?v=JDRIGOJk0D4&t=7s
The Digital Security Act 2018 in Bangladesh aims to curb crimes committed digitally such as spreading fake news, slander, and inciting violence. However, critics argue it could undermine media freedom and freedom of expression that are protected by the country's constitution and laws. The act allows the government to monitor digital platforms and restrict content it deems harmful or offensive. International organizations have called for reforming the laws to prevent overreach and protect civil liberties.
This document discusses cyber law and its impact on cyber crime. It notes that while cyber crimes are increasing globally and costing businesses trillions, the laws governing cyber space have not kept pace with the growth of the internet. There is still a huge challenge to develop comprehensive international regulations and laws to address coordinated cyber attacks across borders. It argues that some structure around jurisdiction, privacy, commerce and other issues is needed to help curb cyber crime, but that regulating the internet is complex given its global, boundary-less nature. Enhanced international cooperation around cyber law enforcement is important for addressing cyber threats.
This presentation provides in-house counsel with a brief overview of IT / ICT related legislation within South Africa and the impact it might have on its organisations and its people
Ф franciscronje.com
regulatory compliance explained
This document provides an overview and analysis of the Digital Security Act 2018 in Bangladesh. It discusses the purpose of the act to address cybersecurity issues, the controversies around limitations to civil liberties, and an evaluation of the act's constitutionality and viability based on international guidelines. The document examines specific sections of the act that are controversial and violate constitutional rights. It provides recommendations to address these issues in both the short and long term through legislative amendments and capacity building.
This document provides an overview of cyber law in India. It summarizes the Information Technology Act 2000, which provides the legal framework for electronic commerce and digital signatures. It outlines some key sections of the act related to digital signatures, cyber crimes, data privacy, penalties, and amendments made in 2008. Examples of cyber crimes in India are also briefly described. The summary is intended to convey the high-level purpose and scope of cyber law in India according to this document.
The Philippine Cybercrime Prevention Act of 2012Jim Ayson
The document is a draft bill for the Cybercrime Prevention Act of 2012 being considered by the Senate of the Philippines. It aims to define cybercrime offenses and provide for the prevention, investigation and punishment of such offenses. Some key points covered include defining terms related to computers, computer data and systems; classifying illegal access, interception and interference with computer systems and data as cybercrime offenses; and clarifying the role of service providers in relation to interception or monitoring of communications data.
An Indian Outline on Database ProtectionSinghania2015
One Business Processing Outsourcing company of India was in the eye of storm when one of its employees sold confidential financial information relating to customers of few British banks to an undercover reporter from the British tabloid ‘The Sun’. The incident sparked off a debate among the offshore industry circles, media and the legal world for the need of specific legislation for the protection for personal data in India which is absent currently.
Cyber law In India: its need & importanceAditya Shukla
Cyber Law in India
The document discusses the need for cyber law in India. It notes that as internet usage has increased, so have cyber crimes. The Information Technology Act of 2000 and its 2008 amendment were introduced to address issues around electronic transactions, cyber crimes, and data protection. Some key points covered include definitions of cyber crimes like hacking and transmitting obscene content, penalties listed in the IT Acts, and the importance of having cyber laws as digital activities continue growing.
This act provides for the legal recognition and use of electronic commercial and non-commercial transactions and documents in the Philippines. It aims to facilitate domestic and international dealings through electronic means. Key points include:
- It defines electronic signatures, documents, data messages and other terms.
- Electronic documents and signatures are given the same legal validity as traditional paper-based ones.
- It covers the formation of electronic contracts and attribution of electronic messages.
- The government is mandated to enable e-commerce capabilities within two years and develop RPWeb to connect government offices online.
- Service providers face liability in certain cases. Hacking of electronic documents is a punishable offense.
Cyber law refers to the legal aspects of the internet and cyberspace. It is the part of the overall legal system that deals with internet-related issues. The Information Technology Act, 2000 is the primary law governing cyber law in India. It aims to provide a legal framework for e-commerce and digital signatures. The act defines cyber crimes and sets penalties. It also establishes authorities for certifying digital signatures and adjudicating cyber crime cases. Cyber law covers intellectual property laws as they relate to the internet and issues around data protection and privacy online.
This document provides a comparative analysis of the Information Technology Act of 2000 and its amendment in 2008 in India. Some key changes introduced by the 2008 amendment include expanding the definition of electronic signatures to include technologies beyond digital signatures, increasing penalties for cybercrimes, strengthening privacy provisions and expanding the scope of offenses to include new cybercrimes like identity theft, cyber-stalking and cyber-terrorism. The amendment also granted new investigation powers to police officers and adjudication powers to specialized officers to handle cybercrime cases and disputes.
The document provides an overview of the Information Technology Act 2000 and cyber security in India. Some key points:
- The IT Act 2000 aims to provide legal recognition for electronic transactions and commerce. It deals with legal recognition of electronic documents, digital signatures, cyber crimes and their adjudication.
- The Act has 13 chapters and covers topics like electronic governance, digital signatures, cyber crimes and their penalties. It also amends four other related Acts.
- The IT Amendment Act 2008 was passed to address issues like data privacy, information security and additional cyber crimes. It recognized the role of CERT-In.
- The document discusses sections of the Act pertaining to penalties, compensation for cyber crimes and the factors
The document summarizes the key aspects of the Information Technology Act 2000. It discusses how the act was introduced to provide a legal framework for electronic governance and commerce. It outlines some of the important sections of the act related to hacking, publishing obscene content, and privacy breaches. It also discusses amendments made in 2008 and key terms like digital signatures, encryption and cybercrime. Examples of cybercrimes like banking frauds, intellectual property theft and phishing are provided. In conclusion, it states that the act aims to validate online transactions but leaves some issues untouched and will need continuous amendments with India's evolving legal framework for technology.
This document summarizes key aspects of the 2008 amendments to India's Information Technology Act, including newly added cybercrimes and strengthened government interception powers. It notes the amendments aim to make the law technology neutral and defines cyber terrorism, adding offenses like identity theft and phishing. The amendments impact corporate India by increasing liability for data breaches and requiring intermediaries to exercise due diligence. The presentation encourages companies to implement cybersecurity practices and conduct a due diligence program to limit legal exposure under the new law.
An Introduction to Cyber Law - I.T. Act 2000 (India)Chetan Bharadwaj
An Introduction to Cyber Law - Chetan Bharadwaj
The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb.
The document provides an introduction to the Information Technology Act 2000 of India. It was passed to regulate electronic transactions and commerce via the internet and provide legal recognition. The objectives of the Act are to facilitate electronic filing of documents with the government and be in line with the UN Model Law on Electronic Commerce. Some key aspects are that the Act extends to all of India and any offenses committed overseas. It does not apply to negotiable instruments, power of attorney, trusts, wills, sale of immovable property or any exempted class of documents notified by the government. Important definitions in the Act include digital signatures and cyber cafes.
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSpattok
This document summarizes a presentation by Pavan Duggal on privacy and security policies that encourage e-business. It discusses how different countries treat privacy and security differently depending on their legal histories. In India, there is no comprehensive privacy law, and privacy is interpreted within the framework of existing laws. The Information Technology Act of 2000 addresses some privacy and security issues but does not comprehensively define these terms. Strengthening privacy and security laws and adopting a flexible approach is needed to promote these issues in India.
What's new with Cybersecurity in Singapore? Abraham Vergis
This document discusses cybersecurity issues in Singapore and the new Cybersecurity Bill. It summarizes recent major cyber attacks like WannaCry that disrupted companies and government services. The bill aims to regulate critical infrastructure, empower the Cyber Security Agency of Singapore to respond to threats, facilitate sharing of cybersecurity information, and license cybersecurity service providers. The bill establishes baseline standards for protecting information that law firms must exceed due to risks of hackers interfering with confidential international dispute information.
The document summarizes cyber crime laws in Pakistan. It outlines several key laws related to cyber crimes, electronic transactions, telecommunications, and electronic fund transfers. The primary law is the Prevention of Electronic Crimes Ordinance of 2007, which defines various cyber crimes and corresponding penalties. The laws aim to address online criminal activities and regulate electronic transactions, telecommunications systems, and payment systems in Pakistan.
Computer crime and the adequacy of the current legal framework in sri lankaVishni Ganepola
The slide set gives a brief idea as to what is computer crime,types of computer crimes, Existing Legal Framework on Computer Crimes in Sri Lanka, Effectiveness of the current legal framework and also provides few recommendations for further advancement in law.
You can access the video in the second page via the following link:
https://www.youtube.com/watch?v=JDRIGOJk0D4&t=7s
The Digital Security Act 2018 in Bangladesh aims to curb crimes committed digitally such as spreading fake news, slander, and inciting violence. However, critics argue it could undermine media freedom and freedom of expression that are protected by the country's constitution and laws. The act allows the government to monitor digital platforms and restrict content it deems harmful or offensive. International organizations have called for reforming the laws to prevent overreach and protect civil liberties.
This document discusses cyber law and its impact on cyber crime. It notes that while cyber crimes are increasing globally and costing businesses trillions, the laws governing cyber space have not kept pace with the growth of the internet. There is still a huge challenge to develop comprehensive international regulations and laws to address coordinated cyber attacks across borders. It argues that some structure around jurisdiction, privacy, commerce and other issues is needed to help curb cyber crime, but that regulating the internet is complex given its global, boundary-less nature. Enhanced international cooperation around cyber law enforcement is important for addressing cyber threats.
This presentation provides in-house counsel with a brief overview of IT / ICT related legislation within South Africa and the impact it might have on its organisations and its people
Ф franciscronje.com
regulatory compliance explained
This document provides an overview and analysis of the Digital Security Act 2018 in Bangladesh. It discusses the purpose of the act to address cybersecurity issues, the controversies around limitations to civil liberties, and an evaluation of the act's constitutionality and viability based on international guidelines. The document examines specific sections of the act that are controversial and violate constitutional rights. It provides recommendations to address these issues in both the short and long term through legislative amendments and capacity building.
This document provides an overview of cyber law in India. It summarizes the Information Technology Act 2000, which provides the legal framework for electronic commerce and digital signatures. It outlines some key sections of the act related to digital signatures, cyber crimes, data privacy, penalties, and amendments made in 2008. Examples of cyber crimes in India are also briefly described. The summary is intended to convey the high-level purpose and scope of cyber law in India according to this document.
The Philippine Cybercrime Prevention Act of 2012Jim Ayson
The document is a draft bill for the Cybercrime Prevention Act of 2012 being considered by the Senate of the Philippines. It aims to define cybercrime offenses and provide for the prevention, investigation and punishment of such offenses. Some key points covered include defining terms related to computers, computer data and systems; classifying illegal access, interception and interference with computer systems and data as cybercrime offenses; and clarifying the role of service providers in relation to interception or monitoring of communications data.
An Indian Outline on Database ProtectionSinghania2015
One Business Processing Outsourcing company of India was in the eye of storm when one of its employees sold confidential financial information relating to customers of few British banks to an undercover reporter from the British tabloid ‘The Sun’. The incident sparked off a debate among the offshore industry circles, media and the legal world for the need of specific legislation for the protection for personal data in India which is absent currently.
Cyber law In India: its need & importanceAditya Shukla
Cyber Law in India
The document discusses the need for cyber law in India. It notes that as internet usage has increased, so have cyber crimes. The Information Technology Act of 2000 and its 2008 amendment were introduced to address issues around electronic transactions, cyber crimes, and data protection. Some key points covered include definitions of cyber crimes like hacking and transmitting obscene content, penalties listed in the IT Acts, and the importance of having cyber laws as digital activities continue growing.
This act provides for the legal recognition and use of electronic commercial and non-commercial transactions and documents in the Philippines. It aims to facilitate domestic and international dealings through electronic means. Key points include:
- It defines electronic signatures, documents, data messages and other terms.
- Electronic documents and signatures are given the same legal validity as traditional paper-based ones.
- It covers the formation of electronic contracts and attribution of electronic messages.
- The government is mandated to enable e-commerce capabilities within two years and develop RPWeb to connect government offices online.
- Service providers face liability in certain cases. Hacking of electronic documents is a punishable offense.
Cyber law refers to the legal aspects of the internet and cyberspace. It is the part of the overall legal system that deals with internet-related issues. The Information Technology Act, 2000 is the primary law governing cyber law in India. It aims to provide a legal framework for e-commerce and digital signatures. The act defines cyber crimes and sets penalties. It also establishes authorities for certifying digital signatures and adjudicating cyber crime cases. Cyber law covers intellectual property laws as they relate to the internet and issues around data protection and privacy online.
This document provides a comparative analysis of the Information Technology Act of 2000 and its amendment in 2008 in India. Some key changes introduced by the 2008 amendment include expanding the definition of electronic signatures to include technologies beyond digital signatures, increasing penalties for cybercrimes, strengthening privacy provisions and expanding the scope of offenses to include new cybercrimes like identity theft, cyber-stalking and cyber-terrorism. The amendment also granted new investigation powers to police officers and adjudication powers to specialized officers to handle cybercrime cases and disputes.
The document provides an overview of the Information Technology Act 2000 and cyber security in India. Some key points:
- The IT Act 2000 aims to provide legal recognition for electronic transactions and commerce. It deals with legal recognition of electronic documents, digital signatures, cyber crimes and their adjudication.
- The Act has 13 chapters and covers topics like electronic governance, digital signatures, cyber crimes and their penalties. It also amends four other related Acts.
- The IT Amendment Act 2008 was passed to address issues like data privacy, information security and additional cyber crimes. It recognized the role of CERT-In.
- The document discusses sections of the Act pertaining to penalties, compensation for cyber crimes and the factors
The document summarizes the key aspects of the Information Technology Act 2000. It discusses how the act was introduced to provide a legal framework for electronic governance and commerce. It outlines some of the important sections of the act related to hacking, publishing obscene content, and privacy breaches. It also discusses amendments made in 2008 and key terms like digital signatures, encryption and cybercrime. Examples of cybercrimes like banking frauds, intellectual property theft and phishing are provided. In conclusion, it states that the act aims to validate online transactions but leaves some issues untouched and will need continuous amendments with India's evolving legal framework for technology.
This document summarizes key aspects of the 2008 amendments to India's Information Technology Act, including newly added cybercrimes and strengthened government interception powers. It notes the amendments aim to make the law technology neutral and defines cyber terrorism, adding offenses like identity theft and phishing. The amendments impact corporate India by increasing liability for data breaches and requiring intermediaries to exercise due diligence. The presentation encourages companies to implement cybersecurity practices and conduct a due diligence program to limit legal exposure under the new law.
An Introduction to Cyber Law - I.T. Act 2000 (India)Chetan Bharadwaj
An Introduction to Cyber Law - Chetan Bharadwaj
The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb.
The document provides an introduction to the Information Technology Act 2000 of India. It was passed to regulate electronic transactions and commerce via the internet and provide legal recognition. The objectives of the Act are to facilitate electronic filing of documents with the government and be in line with the UN Model Law on Electronic Commerce. Some key aspects are that the Act extends to all of India and any offenses committed overseas. It does not apply to negotiable instruments, power of attorney, trusts, wills, sale of immovable property or any exempted class of documents notified by the government. Important definitions in the Act include digital signatures and cyber cafes.
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSpattok
This document summarizes a presentation by Pavan Duggal on privacy and security policies that encourage e-business. It discusses how different countries treat privacy and security differently depending on their legal histories. In India, there is no comprehensive privacy law, and privacy is interpreted within the framework of existing laws. The Information Technology Act of 2000 addresses some privacy and security issues but does not comprehensively define these terms. Strengthening privacy and security laws and adopting a flexible approach is needed to promote these issues in India.
What's new with Cybersecurity in Singapore? Abraham Vergis
This document discusses cybersecurity issues in Singapore and the new Cybersecurity Bill. It summarizes recent major cyber attacks like WannaCry that disrupted companies and government services. The bill aims to regulate critical infrastructure, empower the Cyber Security Agency of Singapore to respond to threats, facilitate sharing of cybersecurity information, and license cybersecurity service providers. The bill establishes baseline standards for protecting information that law firms must exceed due to risks of hackers interfering with confidential international dispute information.
Issues with respect to the proper ownership and jurisdiction of information contained on the internet have set the stage for an ongoing legal debate over Cyber-Law and its impact on Cyber-Crime.
Enhanced Global Cyber-Security and proposed governing regulations are not a luxury, but a necessity, for today’s business and government entities which operate in real time environments.
This document discusses security issues in e-commerce, including authentication and identification, privacy, data protection, and system security. It covers legal requirements around electronic signatures, identity theft, privacy rights, data protection rules for sensitive personal data, and security measures to protect systems from unauthorized access. Overall, the document examines the key challenges of maintaining security and privacy in e-commerce transactions and systems in light of relevant Indian laws.
Spice Route Legal Data Protection & Privacy UpdateMathew Chacko
The document summarizes recent legal and regulatory changes in India that have driven increased focus on privacy and data protection. It outlines (i) the Supreme Court's recognition of privacy as a fundamental right, (ii) a whitepaper proposing a new data protection law meeting international standards, (iii) a draft digital health law regulating personal data in healthcare, (iv) an RBI order requiring payment data localization in India, and (v-vi) new rules for prepaid payment instruments and the extraterritorial implications of the EU's new General Data Protection Regulation. The changes indicate India is moving to strengthen data privacy laws and compliance.
The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United Nations by a resolution dated 30 January 1997.
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
The document summarizes several grey areas and limitations in the Information Technology Act, 2000 of India. It notes that the Act lacks definitions for key terms like cybercrimes and does not adequately address issues like jurisdiction, domain name infringement, intellectual property rights, cross-border taxation, and more. Several important documents and statutory bodies are also not fully covered by the Act. It further argues the Act does not cover new technologies, cybersecurity laws, and has less penalties than GDPR. The safe harbor clause and right to privacy are also identified as issues.
Network service providers retain records for various lengths of time.pdfeyevision3
Jurvin Enterprises recorded the following transactions for the just completed month. The
company had no beginning inventories.
$72,100 in raw materials were requisitioned for use in production. Of this amount, $65,500 was
for direct materials and the remainder was for indirect materials.
Total labor wages of $150,500 were incurred and paid. Of this amount, $133,300 was for direct
labor and the remainder was for indirect labor.
Manufacturing overhead costs of $121,500 were applied to jobs using the company’s
predetermined overhead rate.
Post the above transactions to T-accounts.
Jurvin Enterprises recorded the following transactions for the just completed month. The
company had no beginning inventories.
Solution
Answer 1. Cash Raw Materials Work in Process 76,100.00 a. a.
76,100.00 72,100.00 b. b. 65,500.00 320,300.00 f. 150,500.00 c. c. 133,300.00
126,700.00 d. e. 121,500.00 End. Bal. 4,000.00 End. Bal.
- Finished Goods inventory Manufacturing Overhead Cost
of Goods Sold f. 320,300.00 320,300.00 g. b. 6,600.00 121,500.00 e. g.
320,300.00 c. 17,200.00 29,000.00 h. h. 29,000.00 d. 126,700.00
(Underapplied Overhead) End. Bal. - End. Bal.
- End. Bal. 349,300.00 Answer 2.
Cost of Goods Sold = $349,300.
This document provides an introduction to cyber law and intellectual property rights. It defines key terms related to the internet and world wide web such as how the web was invented by Tim Berners-Lee. It also summarizes provisions of the Indian IT Act 2000 related to email validity, e-commerce, and digital signatures. The document further discusses cyber crimes, cyber squatting, and features of the IT Act related to tampering and publishing obscene content. It provides an overview of how digital signatures are used and authenticated under the IT Act.
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
The document summarizes key information security regulations relevant to law firms, with a focus on encryption requirements. It discusses regulations including HIPAA, ITAR, Massachusetts Data Privacy Law, Safe Harbor Framework, Red Flags Rule, and ISO 27001. The Massachusetts law requires law firms to encrypt transmitted records containing personal information, data stored on laptops and portable devices if technically feasible, and use access controls.
Israel Privacy Protection Regulations - Duty To Report A Severe Security EventBarry Schuman
One of the most significant recent developments in data protection in Israel has been the publication of the Privacy Protection Regulations (Data Security) in May 2017. These significant regulations came into effect in May 2018.
The regulations were enacted after extensive consultation with the Israeli public, and in particular the stake holders that would be effected by the regulations. The regulations apply to both private and public sectors and establish organizational mechanisms aimed at making data security part of the management practices of all organizations processing personal data.
It is anticipated that the regulations will considerably advance the level of data security in Israel. They are both flexible, tangible and precise to a degree that offers organizations regulatory certainty and practical tools that are unpretentious to implement.
It Amendment ActIT Amendment Act, 2008 notified w.e.f. 27/10/2009Neeraj Aarora
The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed by the both houses of parliament on December, 2008 and received the accent of the president on 5th February, 2009. However, the Amendment Act had not yet come into force and was only for information purpose. However, there was lots of confusion about the date of “Notification” of IT Amendment Act, 2008 as per the requirements of the Section 1 (2) of the same. However, after the wait of almost more than 8 months, the Information Technology (Amendment) Act, 2008 (ITAA, 2008) has been notified with effect from 27/10/2009 and is now become operational.
What are the new laws under Canada Digital Privacy Act.pdfRiley Claire
The introduction of a new bill by the Canadian government indicates a significant overhaul of the country's privacy laws. Businesses in Canada are obligated to report data breaches affecting customers' personal information. All regulated Canadian businesses in the country's key industries—including banking, insurance, healthcare, and transportation—must abide by the Act's regulations or guiding principles. You may learn more about the new laws under the Canada Digital Privacy Act in this pdf.
This document discusses intellectual property law challenges in the age of internet and converging technologies. It notes that the balance of rights between copyright owners, internet service providers, consumers, and other stakeholders is difficult to maintain as technology advances faster than legal developments. It also examines issues around regulating converged media and the need for coordinated intellectual property legislation to address digital copyright issues raised by new communication technologies. The document surveys IP laws and regulations globally to analyze challenges and solutions around protecting multimedia content, software, and websites in the internet era.
1. The document discusses a proposal by FairPlay Canada to establish an independent agency to identify websites and services blatantly engaged in piracy and require ISPs to block access to them, subject to judicial oversight.
2. It provides background on piracy in Canada and describes FairPlay Canada's proposal and partners.
3. Critics argue the proposal risks censorship, lacks due process, and could expand beyond blocking major piracy sites. Supporters counter that it targets clearly illegal sites and balances copyright protection with an open internet.
This document provides an overview of cyber security laws and guidelines in India under the Information Technology Act 2000. It discusses the motivation for having cyber security legislation, common cyber crimes, and ensures technology is used legally and ethically. The key learning objective is for participants to understand the adequate laws in place in India to deal with cyber security offenses. It covers various cyber crimes and offenses defined under the IT Act, including hacking, data theft, computer tampering. Sections 43, 65, and 66 which deal with penalties for computer damage, tampering with source code, and computer related offenses are explained in detail through case studies. The size and future of cyber crimes in India is also highlighted.
Cyber warfare and identity theft pose significant threats to privacy. International treaties and domestic laws like India's IT Act protect privacy to some degree but lack comprehensive data protection. The 2019 Personal Data Protection Bill aims to address this but remains pending. Strong cybersecurity practices like multi-factor authentication can help prevent privacy breaches and identity theft if implemented properly. Strengthening privacy protections would also support cybersecurity goals by promoting trust and responsible data use.
Cyber laws are needed to regulate digital information and activities online. They cover areas like internet access, e-commerce, privacy, and freedom of expression. Cyber laws are important because almost all internet transactions have legal implications. India's National Cyber Security Policy aims to protect public and private infrastructure from cyberattacks by safeguarding personal, financial, and sovereign data. Its objectives are to create a secure cyber ecosystem, assurance frameworks, and regulatory structures to strengthen cybersecurity and respond effectively to threats. The Information Technology Act, 2000 provides sections to empower users and safeguard cyberspace by prohibiting activities like hacking, identity theft, child pornography, and cyber terrorism.
The document summarizes South African legislation relating to information security and compliance. It discusses key Acts such as the Electronic Communications and Transactions Act, Regulation of Interception of Communications Act, and the draft Protection of Personal Information Bill. It also covers concepts such as the Hype Cycle of compliance requirements, definitions of security in the SA context, applicable cybercrime laws, and recommendations from King II on corporate governance and information security best practices.
The document discusses the Cybercrime Prevention Act of 2012 in the Philippines. It begins with background on the "I LOVE YOU" computer virus in 2000 that prompted the first cybercrime law. It then summarizes key aspects of RA 10175, including punishable cybercrimes, penalties, enforcement authorities, and international cooperation provisions. Examples are given of types of cybercrimes prosecuted under the act such as identity theft, cyberbullying, and an online sexual exploitation case. The document provides an overview of the Philippine government's efforts to address cybercrime through laws and law enforcement agencies.
Similar to Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Masses in Cyberspace or Keeping Out the Foreigners? (20)
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
The Future of Criminal Defense Lawyer in India.pdfveteranlegal
https://veteranlegal.in/defense-lawyer-in-india/ | Criminal defense Lawyer in India has always been a vital aspect of the country's legal system. As defenders of justice, criminal Defense Lawyer play a critical role in ensuring that individuals accused of crimes receive a fair trial and that their constitutional rights are protected. As India evolves socially, economically, and technologically, the role and future of criminal Defense Lawyer are also undergoing significant changes. This comprehensive blog explores the current landscape, challenges, technological advancements, and prospects for criminal Defense Lawyer in India.
Pedal to the Court Understanding Your Rights after a Cycling Collision.pdfSunsetWestLegalGroup
The immediate step is an intelligent choice; don’t procrastinate. In the aftermath of the crash, taking care of yourself and taking quick steps can help you protect yourself from significant injuries. Make sure that you have collected the essential data and information.
Safeguarding Against Financial Crime: AML Compliance Regulations DemystifiedPROF. PAUL ALLIEU KAMARA
To ensure the integrity of financial systems and combat illicit financial activities, understanding AML (Anti-Money Laundering) compliance regulations is crucial for financial institutions and businesses. AML compliance regulations are designed to prevent money laundering and the financing of terrorist activities by imposing specific requirements on financial institutions, including customer due diligence, monitoring, and reporting of suspicious activities (GitHub Docs).
Business law for the students of undergraduate level. The presentation contains the summary of all the chapters under the syllabus of State University, Contract Act, Sale of Goods Act, Negotiable Instrument Act, Partnership Act, Limited Liability Act, Consumer Protection Act.
Integrating Advocacy and Legal Tactics to Tackle Online Consumer Complaintsseoglobal20
Our company bridges the gap between registered users and experienced advocates, offering a user-friendly online platform for seamless interaction. This platform empowers users to voice their grievances, particularly regarding online consumer issues. We streamline support by utilizing our team of expert advocates to provide consultancy services and initiate appropriate legal actions.
Our Online Consumer Legal Forum offers comprehensive guidance to individuals and businesses facing consumer complaints. With a dedicated team, round-the-clock support, and efficient complaint management, we are the preferred solution for addressing consumer grievances.
Our intuitive online interface allows individuals to register complaints, seek legal advice, and pursue justice conveniently. Users can submit complaints via mobile devices and send legal notices to companies directly through our portal.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
Receivership and liquidation Accounts
Being a Paper Presented at Business Recovery and Insolvency Practitioners Association of Nigeria (BRIPAN) on Friday, August 18, 2023.
Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Masses in Cyberspace or Keeping Out the Foreigners?
1. Reproduced with permission from Privacy & Security Law Report, 17 PRA 194, 10/10/2017. Copyright 2017 by
The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
Cybersecurity
Strengthening the Great Cyber-Wall of China—An Effort in Protecting
the Masses in Cyberspace or Keeping Out the Foreigners?
China’s Cybersecurity Law
China’s recent cybersecurity laws have been cited by the government as internet and per-
sonal data protection milestones, while being viewed with suspicion by foreign multination-
als as potentially increasing compliance costs. The one certain thing is that the Chinese gov-
ernment is succeeding in exercising more control and oversight over cyberspace, the au-
thors write.
BY BENJAMIN CHEONG AND TERRANCE TONG
Introduction
The flurry of legislative reforms in China in recent
months saw the recurring theme of national security
dominating the Chinese cybersecurity agenda. Extend-
ing the notion of national security to the cyberspace, re-
cent cybersecurity-related legislative developments set
the stage for China’s increasingly complex web of cy-
bersecurity regulations and demonstrate the govern-
ment’s resolve to tighten its control over the internet
and cyber activities. These laws have been lauded by
Beijing as milestones in the protection of China’s cyber-
space and personal data of Chinese citizens, while be-
ing viewed with suspicion by foreign multinational
companies as potentially increasing compliance costs,
leaving them vulnerable to industrial espionage and
giving Chinese companies an unfair advantage.
This article will briefly analyse the scope of these
newly promulgated laws and their relevant implement-
ing regulations, how they are likely to be implemented
and address the impact of these laws and regulations
for multinationals operating in or seeking to expand
their footprint into China.
The Complicated Web of
Cyber-Govenance
The Anti-Terrorism Law The Anti-Terrorism Law
(ATL), which came into effect on Jan. 1, 2016, was in-
troduced to ‘‘prevent and punish terrorist activities,
strengthen counter-terrorism efforts and to safeguard
the security of the state, the public and the lives and
properties of the people’’. Although the ATL seeks pri-
marily to safeguard against terrorism and prevent ter-
rorist activities generally, certain provisions of the ATL
imposes statutory obligations specifically on telecom-
munications operators and internet service providers.
At the outset, it should be noted that the terms ‘‘tele-
communications operators’’ and ‘‘internet service pro-
viders’’ are not defined within the ATL, and can poten-
tially take on a wide enough interpretation to include
any companies or businesses providing telecommunica-
tions, internet or any ancillary services.
Under Article 18 of the ATL, telecommunications op-
erators and internet service providers have a specific
Benjamin Cheong is a partner as Rajah Tann
Singapore LLC in Singapore where he is a
member of the technology, media, and tele-
communications practice and data protection
and cybersecurity practice.
Terrance Tong is a trainee solicitor at PK
Wong & Associates LLC in Singapore.
COPYRIGHT 2017 BY THE BUREAU OF NATIONAL AFFAIRS, INC. ISSN 1538-3423
Privacy and Security
Law Report®
2. obligation to ‘‘provide technical support assistance to
public security organs and state security organs’’ in the
course of prevention and investigation of terrorist ac-
tivities.
Article 19 of the ATL also requires these companies
to implement network security and information content
monitoring systems, so as to actively monitor and pre-
vent the dissemination of information with terrorist or
extremist content. This is coupled with the obligation to
disclose such content to the relevant state authorities
and to conduct user identifications before provision of
services.
Non-compliance with the ATL could also attract stiff
fines of up to 500,000 RMB ($75,270) and even personal
liabilities for managers or personnel who are respon-
sible for their companies’ contravention of the ATL,
which may result in such persons being detained.
In light of the broad requirements of the ATL, there
are wide ranging implications beyond the potential cost
of compliance. One such implication would be that mul-
tinational companies operating in China will have to
bear the risk of their valuable intellectual property
rights being compromised when compelled under the
ATL to provide technical assistance in the form of dis-
closure of technical data and decryption technology.
The Chinese government has, however, given the re-
assurance that this legislation ‘‘accords with the actual
work needed to fight terrorism which is basically in line
with what other major countries in the world do. This
will not affect the normal operation of tech companies
and they have nothing to fear in terms of having ‘‘back-
doors’’ installed or losing intellectual property rights’’.
This will remain to be seen once the Chinese authorities
start enforcing the ATL.
The National Intelligence Law In the same vein, the
National Intelligence Law (IL), which came into effect
on June 28, 2017, seeks to bolster national intelligence
efforts for the purposes of preserving national interests
and security. However, unlike the ATL which imposes
statutory obligations on telecommunications operators
and internet service providers in China, the IL gives the
relevant authorities sweeping powers to monitor both
foreign and domestic individuals and companies.
More specifically, Articles 10 to 17 of the IL confers
upon Chinese intelligence institutions extensive powers
in the course of carrying out intelligence efforts. These
institutions are authorized to use all necessary means to
carry out espionage, domestically and abroad, and to
compel relevant organizations or citizens to provide
necessary assistance in the course of carrying out such
efforts.
The IL further empowers relevant intelligence institu-
tions to, amongst other things:
(i) enter relevant restricted areas and venues, learn
from and question relevant institutions, organizations,
and individuals;
(ii) use or lawfully request, the use of transportation,
communications tools, premises and/or buildings be-
longing to any state organs, organizations or individu-
als; and
(iii) when necessary, set up relevant work sites, equip-
ment, and facilities.
As with the ATL, there is a real risk that valuable in-
tellectual property rights such as trade secrets belong-
ing to companies operating in China may be compro-
mised if it is assessed by the authorities to be necessary
for the purposes of carrying out espionage. Individuals
who are in violation of the IL or found to have ob-
structed national intelligence efforts may, under Article
28, be detained up to 15 days.
Companies operating in China may find it a relief to
note that Articles 26 and 27 of the IL provide for mea-
sures that aim to safeguard against the abuse of powers,
requiring intelligence institutions to put in place proper
procedures and channels for anonymous complaints of
abuses of power. However, the practical effect of the
measures will in a large part also depend on its imple-
mentation, and it remains to be seen if it will in fact
achieve its stated purpose.
The Cybersecurity Law The Cybersecurity Law (CSL),
which came into effect on June 1, 2017, is one of the
most important and comprehensive piece of legislation
that seeks to consolidate China’s regulation of cyber ac-
tivities. The primary purpose of the legislation is to
safeguard China’s cyberspace sovereignty, national se-
curity and the societal public interest. This is to be
achieved through the CSL’s focus on ‘‘personal’’ and
‘‘critical’’ data, and a tiered system of network security
provisions.
Various data privacy and cybersecurity obligations
are imposed on ‘‘network operators,’’ which is broadly
defined as ‘‘network owners, managers, and network
service providers’’ of ‘‘systems comprised of computers
and other information terminals and related equip-
ment’’ that gather, store, transmit, exchange, and pro-
cess information’’. This definition not only covers tele-
communication, wireless communication, and internet
service providers but could ostensibly cover every orga-
nization or business that owns or operates IT networks
in China.
The general cybersecurity obligation is found under
Article 21 of the CSL which stipulates key duties that
network operators are to perform. This includes formu-
lating internal security management systems, adopting
appropriate technological measures to prevent viruses
and malwares, monitoring of network operational sta-
tus, and storage of network logs for at least six months.
Chapter IV of the CSL also governs and sets out the rule
on usage, collection and transfer of personal data be-
longing to Chinese citizens.
In addition, the CSL imposes three specific sets of ob-
ligations:
(i) Restrictions on network products and services;
(ii) Obligations imposed on Network Operators; and
(iii) Obligations imposed on Critical Information In-
frastructure Operators (CII Operators).
Restrictions on Network Products and Services
All ‘‘critical network equipment’’ and ‘‘specialised
network security products’’ must comply with
government-issued standards of security. Further, un-
der Article 23, these network products and services
must be subject to an inspection and certification pro-
cess before the sale or provision of the products or
services.
These terms are not specifically defined in the CSL.
However, a catalogue detailing specifically which prod-
ucts and services would be subject to Articles 22 and 23
was published jointly on June 9, 2017 (the Catalogue)
by the Cyberspace Administration of China (CAC), the
Ministry of Industry and Information Technology
(MIIT), the Ministry of Public Security (MPS), and the
Certification and Accreditation Administration (CNCA).
2
10-10-17 COPYRIGHT 2017 BY THE BUREAU OF NATIONAL AFFAIRS, INC. PVLR ISSN 1538-3423
3. The Catalogue sets out the first batch of equipment and
products that are covered, which includes very common
items such as ‘‘routers, switches, servers (rack-
mounted), and the dedicated products for cybersecurity
include integrated data backup, firewall (hardware),
web application firewall, intrusion detection system, in-
trusion defense system, security isolation and informa-
tion exchange products (gatekeepers), anti-spam mail
products, network audit systems, network vulnerability
scanning product, security data system, and website re-
covery products (hardware)’’.
Such requirements, however, have raised legitimate
concerns regarding (a) the extent to which information
technology (hardware and software) products must be
‘‘certified’’ for security by the Chinese authorities be-
fore they can be sold in China; (b) whether the certifi-
cation would require companies to provide the source
code and other intellectual property relating to their
products; and (c) whether these requirements would
create market barriers to entry for products offered by
non-Chinese companies.
Obligations Imposed on Network Operators
Whilst a slew of obligations is imposed on network
operators, it is Article 28 of the CSL which raises the
red flag. The provision compels network operators to
provide ‘‘technical support and assistance’’ to state
authorities. As with both the ATL and IL, this may po-
tentially include the granting of state access to confi-
dential data, in the course of the preservation of na-
tional security or investigations of crimes. The cir-
cumstances under which network operators may be
compelled to provide technical assistance remains
largely unclear.
On the other hand, one of the most important im-
provements to the overall legal protection of personal
information is brought about by the CSL. This is be-
cause China does not have an overarching data protec-
tion law, and the CSL contains very detailed data pro-
tection obligations which bind network operators. In
particular, network operators are required:
(i) to inform and obtain consent from the users when
collecting their personal information;
(ii) to collect and use personal information in a legal
and proper manner;
(iii) not to steal or use other illegal means to obtain
personal information;
(iv) to gather and store personal information in ac-
cordance with the law, administrative regulations and
their agreements with users;
(v) not disclose, tamper with or destroy collected
personal information;
(vi) to allow users to request that their personal in-
formation is destroyed in circumstances where the net-
work operator has violated the laws; and
(vii) ensure that all personal information obtained is
kept confidential.
Additional Obligations Imposed on CII Operators
The CSL adopts a tiered regulatory approach, which
means that all obligations imposed on CII Operators
will be in addition to the obligations generally im-
posed on network operators. CII Operators are de-
fined broadly as operators that provide services that,
if lost or destroyed, would endanger China’s national
security and national welfare. The CSL elaborates CII
as companies operating, or providing services, in the
following sectors: public telecommunications and in-
formation services, power and energy, transportation,
irrigation, finance, public services, and e-government.
Specific operational security obligations are set out in
Articles 31 to 39 and are mandatory for CII Operators.
The Chinese government also actively encourages all
network operators to voluntarily comply with these ad-
ditional obligations. Article 34, for instance, requires
the establishment and maintenance of a higher level of
data security measures. This includes, amongst others,
obligations such as the setting up of specialised security
management bodies, periodically conducting network
security technical training and education, and conduct-
ing disaster recovery backups. However, the specific
scope of these measures is contemplated to be set out
by implementing regulations, which have not yet been
released.
Penalties
Chapter VI of the CSL sets out in detail the penalties
for contravention and non-compliance. Network op-
erators and CII Operators in breach of their obliga-
tions may be liable for a fine of up to 100,000 RMB
($150,540) and directly responsible managers or per-
sonnel may also be personally liable for a fine of up to
100,000 RMB ($150,540). Article 67 of the CSL also
criminalises the establishment of website or commu-
nications group for the commission of unlawful and
criminal activities, allowing detention of up to 5 days
and/or a fine of up to 15,000 RMB ($2,258), and where
circumstances are deemed serious, a detention period
of up to 15 days and/or a fine of up to 500,000
($75,270).
Measures on Security Review of Network Products
and Services CII Operators who are procuring services
or network products that could potentially have an im-
pact on China’s national security will also have to un-
dergo a separate procurement-related cybersecurity re-
view as mandated under Article 35 of the CSL.
The Measures on Security Review of Network Prod-
ucts and Services (the Security Review Measures),
which took effect from 1 June 2017, offering guidance
on how a security review will be conducted has been
published by the CAC. The Security Review Measures
stipulate that all important network products and ser-
vices which are procured for use in network systems
that concern national security will be subject to a secu-
rity review.
Draft Measures on Security Assessment of Outbound
Transmission of Personal Information and Important
Data Additionally, CII Operators are subject to a data lo-
calisation obligation to store personal information of
Chinese citizens or other important data gathered as a
result of operations conducted within Chinese territo-
ries. Article 37 of the CSL further restricts data export
and stipulates that such data shall not be transferred
out of China unless ‘‘truly necessary’’ for business
needs, and subject to appropriate security assessment
by the relevant state departments.
On May 19, 2017, the CAC released a further revised
draft Measures on Security Assessment of Outbound
Transmission of Personal Information and Important
Data (Draft Outbound Transmission Measures).
In the Draft Outbound Transmission Measures, ‘‘per-
sonal information’’ is defined very broadly as ‘‘all the
information recorded in electronic form or otherwise,
which can be used, solely or together with other infor-
mation, to determine the identity of a natural person,
3
PRIVACY & SECURITY LAW REPORT ISSN 1538-3423 BNA 10-10-17
4. including but not limited to the name, date of birth, ID
card number, personal biometric information, address
and phone number of the natural person’’. ‘‘Outbound
Transmission’’ is defined as ‘‘providing overseas insti-
tutions, organizations and individuals with the personal
information and important data generated or collected
by network operators during their operation within the
territory of China’’.
A two-tier assessment procedure is envisaged under
the Draft Outbound Transmission Measures: self-
assessment and regulatory assessment.
Article 12 of the Measures requires the network op-
erators to conduct security assessment on the outbound
transmission of data at least once a year. In case of any
changes to the data receiver, any major changes to the
purpose, scope, quantity and type of the outbound
transmission of data, or any major security events of the
data receiver or the outbound transmission of data, an-
other security
assessment shall be conducted without delay.
The following issues should be considered when con-
ducting such security assessment:
(i) necessity of the outbound transmission of data;
(ii) personal information involved, including the
quantity, scope, type and sensitivity of personal infor-
mation, as well as whether the owner of personal infor-
mation agrees to transmit his personal information
abroad;
(iii) important data involved, including the quantity,
scope, type and sensitivity of important data;
(iv) security protection measures and capability of
the data receiver, as well as the network security envi-
ronment of the country or region where the date re-
ceiver is located;
(v) risks of leakage, damage, tampering and abuse of
the data after being transmitted abroad and further
transferred;
(vi) risks to national security, social and public inter-
ests, and personal legitimate interests arising from the
outbound transmission of data and gathering the out-
bound data; and
(vii) other important matters to be assessed.
The Draft Outbound Transmission Measures provide
that a network operator shall report to its industrial au-
thority or regulator to arrange for security assessment
to determine whether the data shall be allowed to trans-
mitted abroad in the following circumstances:
(i) the data to be transmitted abroad contains or con-
tains in aggregate more than 500,000 users’ personal in-
formation;
(ii) the quantity of the data to be transmitted abroad
is more than 1,000 gigabytes;
(iii) the data to be transmitted abroad contains data
relating to nuclear facilities, chemical biology, defense
industry, population and health, as well as the data of
large-scale project activities, marine environment and
sensitive geographic information etc.;
(iv) the data to be transmitted abroad contains sys-
tem vulnerabilities, security protection and other net-
work security information of critical information re-
garding to the infrastructure;
(v) an infrastructure operator of the critical informa-
tion provides personal information and important data
abroad; or
(vi) other data which may affect national security,
and social and public interests, and are necessary for
assessment as determined by the industrial authority or
regulator.
Under the following three circumstances, the data shall
not be transmitted abroad:
(i) the outbound transmission of personal informa-
tion fails to be approved by the owner of personal infor-
mation, or may jeopardise personal interests;
(ii) the outbound transmission of data causes secu-
rity risks to the nation’s politics, economy, technology
and national defense, which may affect national secu-
rity and jeopardise social and public interests; or
(iii) other data which are prohibited from being
transmitted abroad as determined by relevant authori-
ties.
While the Draft Outbound Transmission Measures are
helpful to clarify that outbound transmission of data is
allowed if such data transmission is approved by the
user, and if it is necessary and carries no harm to the
national security and social and public interests, the
fact that the ambiguous terms ‘‘other data which may
affect national security, and social and public interests’’
and Љ other data which are prohibited from being trans-
mitted abroad as determined by relevant authorities’’
contained in these measures still give rise to unpredict-
ability and business uncertainty.
Critiques of the Laws
Generally, the laws grant extensive regulatory pow-
ers to the Chinese government and its organs. The
sheer scope of the law, coupled with the vague and am-
biguous drafting, renders compliance incredibly diffi-
cult. The broad drafting of the laws has been raised as
a key concern for business risk and uncertainty, par-
ticularly for foreign multinational companies operating
in China.
Firstly, the invasive measures and vague wording of
the laws sparks fear that the Chinese authorities may
compel foreign multinational companies to hand over
confidential data or open back doors within their prod-
uct offerings in the name of ‘‘national security’’ or
‘‘counter terrorism’’. It is submitted that the law goes
beyond what is necessary to secure the internet and fur-
ther tightens China’s already heavily regulated cyber
space.
Each of the laws discussed above contains provisions
allowing state authorities to compel specified entities to
allow state access to confidential data and provide tech-
nical assistance (presumably such as decryption) to
state authorities, subjecting companies to close moni-
toring and surveillance. While the laws will undoubt-
edly strengthen cybersecurity, the risk of the laws being
used as a tool for achieving objectives that are merely
tangential to cybersecurity remains real.
Secondly, the CSL and its implementing regulations
present an indirect form of protectionism in favor of lo-
cal Chinese companies. The restriction on network
products and services entail high compliance cost re-
quiring foreign companies and manufactures seeking to
provide such products and services to modify existing
offerings to comply with the government issued stan-
dards. There is also significant risk that foreign prod-
ucts or services that are uncertified or unable to meet
the issued standards could be completely cut off from
the Chinese market, in favor of local companies.
Similarly, the data-localisation and data export obli-
gation effectively forces foreign companies to store data
in China, which can result in a duplication of services
4
10-10-17 COPYRIGHT 2017 BY THE BUREAU OF NATIONAL AFFAIRS, INC. PVLR ISSN 1538-3423
5. and high operational cost. The importance of data in
this global economy is indubitably clear. Global compa-
nies are increasingly using such data analytics to under-
stand customers’ preferences, streamline internal busi-
ness processes and increase efficiency. Restrictive data
policies will make data analytics more expensive, put-
ting foreign companies at a disadvantage as compared
to local companies, since these companies will no lon-
ger be able to conduct data analytics cost-effectively on
a global basis. In order to comply, foreign companies
have the option of contracting with local cloud service
providers in China or build their own data centers, ei-
ther of which involves high outlays. This requirement
benefits largely local Chinese companies offering cloud
and storage services such as Alibaba Group Holding
Ltd.’s AliYun, but is particularly onerous for small-
medium sized enterprises that do not possess the deep
pockets to comply.
Thirdly, from a human rights perspective, elements
of the laws are said to further solidify the government’s
control over the Internet, which is already subject to the
country’s Great Firewall. Elements such as the crimi-
nalisation of the use of the Internet for unlawful or
criminal activities, and the obligation on operators to
prevent the dissemination of ‘‘terrorist’’ or ‘‘extremist’’
content are likely to further restrict online freedom in
China. Noting that the laws also provide for personal li-
abilities to be imposed on directly responsible manag-
ers or personnel in a wide array of circumstances, the
Chinese government would effectively have another
tool to suppress and crack down on dissidents.
Compliance With These Laws Moving forward, for-
eign companies will have to conduct a cost and benefit
analysis to decide whether it is worthwhile to continue
operating in, or expand operations into, China. Not-
withstanding the seemingly insurmountable task of
compliance, the Chinese market and its promise for
growth is far too huge to be ignored.
At the outset, it would be prudent for foreign compa-
nies operating in China to assess whether they are sub-
ject to the relevant laws and ancillary regulations, and
determine the extent of compliance required. This will
require foreign companies to consider whether they fall
under an enforcement priority. As a rule of the thumb,
given the broad drafting and vague definitions em-
ployed in the laws, companies in the technology-related
sectors should take the stance that it will more likely
than not be subject to the obligations.
Preparing for compliance will require a review of cur-
rent business practices and internal processes, includ-
ing data localisation, and a security review. Foreign
companies already operating in China should have been
accustomed to restrictive internet controls given the re-
quirements imposed under the Golden Shield Project
(known as China’s Great Firewall). These companies
should also take the opportunity to assess potential
gaps in their existing cybersecurity policies and proce-
dures. This may include taking further measures for
data categorisation and segregation, server localisation,
review of its existing standard terms and conditions of
service offerings, and putting in place appropriate inter-
nal cybersecurity policies amongst others. The compli-
ance route will inevitably involve foreign companies in-
curring significant cost outlays, particularly if the com-
pany requires major overhaul to its practices and
processes.
Large multinational companies are already moving to
comply with the laws with Apple announcing its plans
to build its first Chinese data center in partnership with
a local Chinese data management company, while Ama-
zon.com Inc. and Microsoft Corp. already have data
centers in China. Other companies such as Airbnb Inc.
and South Korean company, AmorePacific Corp., are
either shifting data collected from its Chinese opera-
tions to local Chinese servers, or relocating its
e-commerce systems to China.
Foreign multinational companies should also be
minded to recognise that the Chinese legal systems are
fundamentally different from the Anglo-Saxon legal
system familiar to most in the Western world. A plain
reading of the relevant laws and implementing regula-
tions will not be sufficient to understand or determine
the precise ambit of the obligations. Rather, the key to
compliance is to understand the government’s motiva-
tions and regulatory approach. This will require con-
stant strategic engagement with the relevant state au-
thorities to help understand and mitigate the impact of
the laws.
Conclusion
Short of the detailed implementing regulations that
have yet been fully released by the relevant state au-
thorities, the true overall impact of the laws remains to
be seen. Guidelines and implementing regulations will
continue to be rolled out as state authorities look to-
wards facilitating the implementation of cybersecurity
measures. While the state of cybersecurity regulation in
China remains in a flux, one thing that is certain is that
the Chinese government is succeeding in its desire to
exercise more control and oversight over the cyber-
space.
BY BENJAMIN CHEONG AND TERRANCE TONG
To contact the editor responsible for this story: Don-
ald Aplin at daplin@bna.com
5
PRIVACY & SECURITY LAW REPORT ISSN 1538-3423 BNA 10-10-17