China looks to increase penalties under its cybersecurity law

BEIJING (Reuters) -China’s cyberspace regulator on Wednesday proposed a series of amendments to the country’s cybersecurity law including raising the size of fines for some violations, saying that it wanted to do so to improve coordination with other new laws.

The Cyberspace Administration of China (CAC) said, for example, that it wanted to introduce a penalty that would see operators of critical information infrastructure which used products or services that had not undergone security reviews be fined up to an equivalent of 5% of their previous year’s revenue, or 10 times the amount they paid for the product.

It also said it wanted to raise the fines for some violations, from up to 100,000 yuan ($14,371) previously to one million yuan. The proposed amendments are open to public feedback until Sept. 29, it added.

China’s 2017 cybersecurity law marked the first major set of rules governing the storage and transfer of data of Chinese origin.

The country over the past year has added laws on data security and personal information protection.

The changes have impacted how companies in China operate and especially how they handle data such as user information.

In July, the CAC said Chinese ride-hailing giant Didi Global had violated three major laws and fined it $1.2 billion.

($1 = 6.9585 Chinese yuan renminbi)

(Reporting by Beijing newsroom and Brenda Goh; editing by Andrew Heavens and Jason Neely)