Macau | Personal information will be required to purchase pre-paid phone and data SIM cards under new Cybersecurity Law

Cybersecurity law proposal states communication companies will have to request identity verification for all phone and online services such as pre-paid SIM cards

Macau (MNA) – The Macao Post and Telecommunications Bureau (DSRT) will be in charge of supervising if public communication network operators put in place protective cybersecurity measures, according to the Cybersecurity Law draft announced today.

Besides implementing the same measures considered by other companies, communication companies will have to put a Real Name System in place, requesting customers provide identify confirmation data when signing contracts for Internet services, domain name registrations and mobile or fixed communications.

Web Logs records of transfers between IP addresses and Intranet addresses will also have to be kept for a year.

Under the proposed law, when purchasing pre-paid phone and data sim cards, buyers will have to provide information that can verify their identity with representatives from the Office for Personal Data Protection (GPDP) stating similar measures have already been implemented in the European Union and other Asian countries.

“After the terrorist attacks on Madrid in 2005 measures were enforced to allow higher traceability of pre-paid phone cards. The measure doesn’t lead to the immediate arrest of criminals but it helps significantly,” said GPDP assessor Antonio Pedro.

Secretary Wong was adamant that no Real Name System would be required for usernames in services such as Facebook or WeChat and access to private data will only be requested after judicial authorisation is provided.

The proposal also states data collected will be in binary code with personal citizens’ communications not revealed.

“The changes won’t affect citizens’ freedom of expression or privacy[…] We have 116 critical infrastructures and we only demand them to protect their information,” added Secretary Wong.

Any privacy infractions committed by companies providing pre-paid cards will be penalised in accordance with the current MSAR Personal Data Protection Law.

Although if approved the law will be enforced within 30 day of approval, communication companies will be granted more time to replace existing pre-paid sim cars with cards following the new security measures.