Bussiness Online Regulation: Going its Own Way

网络监管 自行其道

---

China's new Cyber-security law overreaches. "If you want to stay in China, you have to go all in." So says James Fitzsimmons of Control Risks, a consultancy, of the impact China's new cyber-security law will have on multinational companies (MNCs). These firms have moaned for months about the law's intrusive and vague provisions and asked for a delay in its implementation, but to no avail.

中国新出的网络安全法规过于夸张有些管得太宽。“如果你想在中国生活要想留在中国市场，必须全力以赴。”控制风险化险咨询公司的顾问James Fitzsimmons如是说，中国新出的网络安全法将对多个跨国公司产生影响。这些公司对此法律的牵制和应对方法的不明确中笼统且极具干扰性的条例抱怨数月，并要求推迟此政策的实行，然而无果。

It came into force on June 1st, and foreign firms are now scrambling to figure out its implications. Mr Fitzsimmons, for one, is convinced that they must take the costly step of separating their local IT systems from their global networks.

此政策的强制实行发生于6月1日正式生效，外企开始努力搞清楚这意味着什么现在急于弄清其影响。Mr. Fitzsimmons确信，这将迫使他们花费高昂的代价从他们的全球网络系统中隔离出来这些外企定将重金解除其当地信息系统与全球网络的关联。

At first blush, the law seems a reasonable effort at tackling two areas of policy in need of reform. The first is cyber-security.

乍一看，这项政策似乎是为了改革需要而加固两个地区之间政策解决政策中两方面需要改革的问题的合理手段。首先是网络安全问题。

Companies in industries deemed to be critical must now ensure that their technology systems are "secure and controllable." They must store important data locally, and will be subject to audits by official inspectors.

被认为是重要的企业公司向来至关重要的工业企业，现在必须确保他们的技术系统是“安全可控的”。他们必须把重要数据保存至本地在境内，并且接受政府检查员审查。

Susan Ning of King & Wood Mallesons, a Chinese law firm, thinks that foreign firms should be familiar with such rules since, on her firm's analysis, European regulations on cyber-security are tighter than those found in the new law.

来自中国法律公司King & Wood Mallesons的Susan Ning认为，外企应该早对这些政策感到很熟悉，因为通过她公司的分析，欧洲法规在网络安全方面比中国的新网络安全法更为严格。

The other neglected area taken on by this law is data privacy. Firms in China have long amassed and manipulated consumer data as they have pleased.

在这项法规中安全法承担的另一个容易被忽视的领域是数据隐私问题。中国的公司长期收集利用那些客户请求他们保管的数据长期以来，在华企业十分满意于可以大量收集使用顾客的信息。

And as Ronald Cheng of O'Melveny, an American law firm, observes, online fraud, malware and mobile-phone scams are rife. Under the new rules, companies must be much more careful with data about, or acquired from, individuals in China.

美国一家法律公司O'Melveny的Ronald Cheng认为，网络诈骗、恶意软件以及手机诈骗司空见惯。在这项新法律下，在中国的公司必须对个人数据更为警惕在中国，一旦涉及个人信息，各公司将不得不小心应对。

They are required to maintain such data on local servers, and must obtain permission before sending bulk data abroad. However reasonable these goals seem, two big worries linger.

他们被要求维持诸如本地服务器的数据政府要求各公司将这些数据保存至本地服务器，并在把大量数据发送至国外前必须获得批准。不管其目的看起来如何合理，都关系到两个重大问题。

First, the law is overly broad and mischievously vague. It provides little guidance on what constitutes "critical information infrastructure"(though impact on "social or economic well-being is a criterion) and which firms are network operators (so even individuals with multiple computers could fall foul of the law).

首先，这项法规限制范围过大，恶意模糊不清过于宽泛模糊。它对组成关键信息基础设施（尽管在社会或经济效益上的作用是标准的）和网络运行公司（即使是个人也能通过多台电脑犯罪）的监管作用微乎其微并未具体明确“关键信息基础设施”（即使“社会福利或经济福利”的影响可视作标准），也未明确指出哪类公司才算是“网络运营商”（所以即使拥有多台电脑的个人也会与法律冲突）。

Kenneth Jarrett, head of the American Chamber of Commerce in Shanghai, argues that the law's far-reaching restrictions could harm both foreign firms and cross-border trade. The law's ambiguity is forcing MNCs in many industries to reconsider how they hold data, and Chinese consumers may pay the price.

上海美国商会的领事Kenneth Jarrett主张，该法律过于广泛的限制将同时对外企和跨境贸易产生危害。其模糊性迫使大量不同产业的跨国公司重新考虑他们将如何保存数据，这部分的费用可能要让中国消费者来报销。

A foreign firm used to monitor its energy turbines in China from its headquarters, using its real-time global data to optimise operations; it now keeps the Chinese information on the mainland, efficiency be damned.
A provider of global online education was sending data on Chinese users overseas to allow them to access its courses abroad; it is now rejigging its IT system to keep such data inside China and may have to curtail its offerings.

一家从其总部分支到中国的外国公司曾过去，外企只需在总部监管其中中国的用户信息，利用全球实时数据监控其引擎涡轮，以此来优化运营操作，然而现在却只能保持着中国大陆的信息将中国用户的信息存储至中国境内，效率一落千丈。过去，全球环球在线教育的供应商对海外华人用户发送数据使他们可以进入课程将中国用户的数据输送至海外，以便这些用户接受其海外课程，在中国境内时却要重新调整IT系统来保持这些境外数据现在，供应商调整了系统信息，将此类数据保留至中国，在资源提供方面也有所缩减。

The second big worry about the new law is that it may be a Trojan horse designed to promote China's aggressive policy of indigenous innovation. This push has already led Microsoft, an American software giant, to enter into a local joint venture and reveal its source code to officials in order to sell a local version of its Windows 10 operating system. Other foreign technology firms fret that they will be forced to divulge intellectual property to government inspectors, with no guarantees that such secrets will not be passed on to local rivals. They are right to worry, say legal experts.

该新法规的第二大问题是，这可能是在设计特洛伊木马来促进中国式自主创新中国式特洛伊木马——为提升本土创新能力的侵袭政策。这一举措导致美国的软件巨头微软公司加入了一家当地的合资企业与当地企业合资，并为了出售当地版本中国版Win10系统而向官员揭示了其源代码将其源代码告知中国行政人员。其他外国科技公司则苦恼于，他们要在没有机密是否会被泄露到当地竞争对手手中的保证下，而向政府审查机构告知他们的知识产权。法学专家表示，他们的顾虑是对的并非是无道理的。

Officials may also decide that certain foreign services do not pass the nebulous test of being secure and controllable. This uncertainty is already boosting the fortunes of such local vendors as Huawei and Lenovo, makers of servers and other hardware, as well as Tencent and Alibaba, both of whom are making a big push into cloud services. Informed sources say these firms have had a hand in crafting the new law.

官员也决定某些外国服务不能通过安全可控的模糊测试行政人员或许还决定了，某些国外服务无法达到所谓安全可控的检测要求。这一不确定性不可控因素已经使当地多家厂商发家致富，比如华为联想，腾讯阿里巴巴等其他服务和硬件厂商。这些品牌在云端服务上都有巨大进展。据知情人士透露，这些公司在该法律背后有所作为正是这些公司参与了网络安全法的起草。

The local champions should not celebrate quite yet. As Mr Cheng observes, China's best technology companies are increasingly active abroad, and so they too will need to harness international flows of consumer data in the future.

当地的赢家不用过早庆祝，据Cheng观察，中国顶级的科技公司逐渐开始在海外活动，不久的未来他们也将会利用消费者数据在国际上的流动中国的科技巨擎着海外的发展蒸蒸日上，未来也需要用到用户数据跨境流动。

A law that seems rigged in favour of locals ultimately may end up harming both Chinese firms and consumers.

一项被伪装成看似有利于当局的法律，最将以损害中国公司和消费者的权益告终看似支持当地企业的法律，最终或影响到中国企业用户。

© economist.com