Will Certification Be Required to Access the Internet? New Regulations Open for Public Comment by Two Departments (AI Translation)

持证上网要来吗？ 两部门新规征求意见

The Ministry of Public Security and the Cyberspace Administration of China have jointly released a "Draft for Comment" for the "National Public Service Management Measures for Network Identity Authentication," aimed at standardizing identity verification online through introducing "Net IDs" and "Net Certificates." These measures seek to provide real identity registration and verification services based on statutory identification document information, thereby reducing personal information collection by internet platforms [para. 1].

The draft proposes the issuance of "Net IDs," which are network identity symbols composed of letters and numbers uniquely corresponding to an individual’s identity information but without explicit personal identification information, and "Net Certificates," which are authentication credentials that carry the "Net ID" and non-plain-text personal identity information. This allows users to verify their identities without disclosing plain-text personal information, reducing privacy invasion concerns [para. 2].

The draft includes four key aspects: defining the concepts of "online number" and "online certificate," specifying usage methods and scenarios, emphasizing data and personal information protection obligations, and outlining legal responsibilities for violations [para. 3]. Article 3 establishes that the Ministry of Public Security and the Cyberspace Administration of China are responsible for supervising the implementation of these measures [para. 4].

The voluntary nature of the system is emphasized, allowing individuals to apply for "Net IDs" and "Net Certificates" at their discretion. Regulatory agencies are encouraged to promote these measures to foster a secure identity verification ecosystem [para. 5]. Article 8 specifies that internet platforms do not need to retain users’ legal identification information beyond what is essential and with user consent, aiming to minimize data collection [para. 6].

Zhao Peng from the China University of Political Science and Law views the draft as offering an alternative to internet platforms who might abuse real-name registration systems for excessive data collection [para. 7]. However, he cautions that the implementation should not force users into these systems by making them essential for internet access, a sentiment echoed by Peking University’s Shen Kui. Shen emphasizes that fewer entities collecting personal identification information could reduce the risk of data breaches [para. 8][para. 9].

However, the draft faces scrutiny regarding its proportionality and potential to infringe on personal privacy. Critics like Peking University's Zhao Hong highlight that state agencies could potentially mismanage personal data, just like private entities, and raise concerns about unnecessary bureaucracy in administrative management [para. 10]. Tsinghua University’s Lao Dongyan further argues that extending systems meant for criminal investigation to the general populace without legal backing constitutes overreach [para. 11][para. 12].

Shen Kui adds that mandatory use of "Net IDs" and "Net Certificates" could lead to users experiencing a convergence of their fragmented online presence into a single, comprehensively monitored profile, leading to self-censorship and limiting the vibrancy of the digital economy [para. 13]. The draft proposes regulations to address over-collection and data leaks through other means, questioning the necessity and proportionality of the outlined measures [para. 14].

Public feedback on this draft is solicited by the Ministry of Justice until August 25, 2024, with submissions accepted via its official website, email, or traditional mail [para. 15].