商业
Online Regulation: Going its Own Way
网络监管:自行其道
China's new Cyber-security law overreaches.
中国新的网络安全法规有些管的太宽。
“If you want to stay in China, you have to go all in.” So says James Fitzsimmons of Control Risks, a consultancy, of the impact China's new cyber-security law will have on multinational companies (MNCs).
在化险咨询公司的顾问詹姆斯·菲茨西蒙斯看来,中国网络安全法对跨国公司的影响是,“要想留在中国市场,必须全力以赴!”
These firms have moaned for months about the law's intrusive and vague provisions and asked for a delay in its implementation, but to no avail.
跨国公司因为其中笼统且极具干扰性的条例哀叹数月,纷纷要求推迟实施网络安全法,然却未果。
It came into force on June 1st, and foreign firms are now scrambling to figure out its implications.
网络安全法于6月1号正式生效,现在外企正急于弄清其影响。
Mr Fitzsimmons, for one, is convinced that they must take the costly step of separating their local IT systems from their global networks.
其中,詹姆斯·菲茨西蒙斯确信这些外企定将重金解除其当地信息系统与其全球网络的关联。
At first blush, the law seems a reasonable effort at tackling two areas of policy in need of reform.
乍一看来,安全法似乎合理解决了政策中的两方面需要改革的问题。
The first is cyber-security.
一方面是网络安全问题。
Companies in industries deemed to be critical must now ensure that their technology systems are “secure and controllable.”
向来至关重要的工业企业,现在必须确保其技术体系“安全、可控”。
They must store important data locally, and will be subject to audits by official inspectors.
他们必须将重要数据存储于境内,接受政府检查员审查。
Susan Ning of King & Wood Mallesons, a Chinese law firm, thinks that foreign firms should be familiar with such rules since, on her firm's analysis, European regulations on cyber-security are tighter than those found in the new law.
来自中国金杜律师事务所的苏珊·宁认为,就其公司所做分析看来,欧洲比中国在网络安全法方面要求更为严苛,外企应早已深谙此类律法。
The other neglected area taken on by this law is data privacy.
安全法承担的另一个被忽视的领域则是数据隐私问题。
Firms in China have long amassed and manipulated consumer data as they have pleased.
长期以来,在华企业十分满意于可以大量收集使用顾客信息。
And as Ronald Cheng of O'Melveny, an American law firm, observes, online fraud, malware and mobile-phone scams are rife.
美国美迈斯律师事务所的罗纳德·程认为,网络诈骗、网络恶意软件、手机欺诈十分猖獗。
Under the new rules, companies must be much more careful with data about, or acquired from, individuals in China.
但在网络安全法的保护下,在中国,一旦涉及个人信息,各公司将不得不小心应对。
They are required to maintain such data on local servers, and must obtain permission before sending bulk data abroad.
政府要求各公司将这些数据保存至本地服务器,且向境外输送大数据前须获得同意。
However reasonable these goals seem, two big worries linger.
然而,无论这些目的看似有多合理,都存在两方面担忧。
First, the law is overly broad and mischievously vague.
首先,该法过于宽泛模糊。
It provides little guidance on what constitutes “critical information infrastructure” (though impact on “social or economic well-being” is a criterion) and which firms are “network operators” (so even individuals with multiple computers could fall foul of the law).
并未具体明确“关键信息基础设施”(即使“社会福利或经济福利”的影响可视作标准),也未明确指出哪类公司才算是“网络运营商”(所以即使拥有多台电脑的个人也会与法律冲突)。