Macau (MNA) – The Macau government decided to extend the proposed implementation period of the proposed new Cybersecurity Law – if approved – from 30 to 180 days, after the majority of opinions received during the law draft public consultation period considered the implementation period too short.
‘The extension is in order to provide conditions for critical infrastructure operators to make their preparations for the cybersecurity regime,’ the Macau government indicated in the report for the 45-days public consultation conducted on the Cybersecurity Law and revealed this Thursday.
The public consultation was held between December 11, 2017 and January 24, 2018, with around 716 opinions being submitted, 38 from public departments, 149 from public and private operators of infra-structure considered critical for the city, and 529 from the general public, with 3,081 different opinions on specific topics expressed.
With the Cybersecurity Law draft proposing that the law be enforced 30 days after being published in official record, some 76 opposing views to the proposed period were submitted with 44 opinions suggesting that the government should adequately provide a transitional period for the sectors and inform the public of the law’s details before implementation.
Representatives from local communications company Companhia de Telecomunicaçōes de Macau (CTM) previously indicated that they considered the proposed application period for the law proposal regulations to be of concern, particularly when it came to Real-Name System regulations.
In the report, however, the Macau Government noted that the implementation of the proposed regulations for Real-Name System and Web logs would be conducted with a different timeframe from the other regulations.
The bill proposes that licensed public network operators responsible for public or mobile fixed telecommunications networks implement a Real-Name System, whereby they are mandated to collect real authentication data when signing contracts with its users and confirming the provision of access services to the Internet, domain name registration and public telecommunication services.
Real-Name System is primarily aimed at people who purchase prepaid cards in order to ‘prevent criminals from using such non-nominal cards as an instrument to escape criminal investigation’.
Authorities indicate in the report that they intend to implement Real-Name System regulations by phases, with someone who has purchased a prepaid card prior to the entry into force of the law having to present his or her true identification data within a certain period after the entry into force of the law, under penalty of deactivation of the card.
Meanwhile, operators would also be mandated to keep Web Logs for one year, Web Logs of the data transfers between Internet IP addresses and network user addresses.
During the public consultation 72 per cent of opinions collected in regard to the Real-Name System regulations were in favour, with 62.5 per cent in favour of Web Logs regulations.
No reason for concern
Some people expressed opposing opinions towards the proposed Web Log regulations claiming they could lead to a violation of personal privacy, network communications privacy, and of freedom of expression.
Authorities responded to the concerns that the Web Logs data to be recorded would not include the user’s online behaviour such as pages visited or their content.
‘The purpose of preservation is to trace the true identity of the users of Internet IP addresses involved in the crime of the computer network concerned, thus facilitating the investigation of the crime,’ claim authorities.
The Macau Government emphasised that police agencies would only be able to obtain Web Logs from network service operators after obtaining authorisation from a judge, in accordance with local legal procedures.