Australia's Telecommunications Interception and Access Act has nothing on China's plans.
Human Rights Watch is calling out a Cybersecurity Law about to be passed by the Chinese government as a "regressive measure that strengthens censorship, surveillance, and other controls over the Internet." The new law demands companies to require users to provide their real name and personal information, which will then be retained.
Data retention has been in force in Australia since October last year. Telecommunications providers are required to store customer data for a minimum of two years for access by "registered and sanctioned agencies" without a warrant. Personal details, records of the IP addresses and details websites visited are among what is believed to be retained (we still don't know for sure).
With this new law in China, the the Human Rights Watch report reveals companies will also have to monitor and report to the government undefined "network security incidents," as well as provide undefined "technical support" to security agencies to aid in investigations, raising fears of increased surveillance.
Network operators will have to hold on to network logs for at least six months and "accept government supervision"
Now while many of these measures are not new, most were previously only informally applied or defined in lower-level regulation, Human Rights Watch says.
"Elevating these powers in the Cybersecurity Law sends a signal that the government may enforce the requirements more strictly, leaving less leeway for tech companies to avoid implementation".