In order to reduce cybercrime, protect individual’s data and the public and private institutions of Cambodia, a cyber security law has been drafted by the Ministry of Posts and Telecommunications.
Officials from the Ministry of Post and Telecommunications have provided an open explanation for the importance of recently drafted cybersecurity legislation, asserting that it aligns with both the Cambodia Digital Economy and Society Policy Framework and the digital government policy.
This clarification was made in response to calls from two international human rights NGOs – The International Commission of Jurists (ICJ) and Access Now – for the law to be refined.
The NGOs contend that the law does not adequately safeguard people’s rights – as protected by international law – but rather adversely impacts them.
The request was made in a joint letter signed by Ian Seiderman, policy director at the ICJ and Raman Jit Singh Chima, Asia policy director and senior international counsel at Access Now. The October 2 letter was addressed to Chea Vandeth, Minister of Posts and Telecommunications.
The letter called for the withdrawal or amendment of its draft law on cybersecurity to align its provisions with established international norms.
“The draft law, if adopted, would likely undermine the rights to privacy and freedom of expression, while also risking personal security and exposing people to increased cyber threats,” it read.
In a legal analysis attached to the letter, Access Now and ICJ pointed out that the provisions within the draft law could be exploited, permitting cybersecurity inspectors access to private data.
The letter asserted that the legislation neglects to incorporate protective measures and, instead, bestows authority upon a body of inspectors to conduct investigations, surveillance, monitoring, prevention and response to threats and incidents. The draft law also overlooks the requirement to ensure the qualifications of cybersecurity inspectors.
“Cambodia wants this draft law to deal with malicious cyber activities, but in its current form, it will only create a new problem of having a cybersecurity landscape that imposes unreasonable administrative burdens on many organisations, including small and medium enterprises and civil society,” Golda Benjamin, Asia Pacific campaigner at Access Now, said in the letter.
In the letter, Seiderman warned that the suggested provisions could be subject to misuse by the executive branch, particularly since the legislation does not establish an independent supervisory or corrective framework to act as a check on actions or provide protection against overreach.
“If this legislation is put forward for adoption, it needs to be amended to correct these deficiencies and comply with Cambodia’s international legal obligations and rule of law principles,” he added.
Ministry spokesman Liv Sophanarith explained on October 5 that the proposed legislation was crafted with the intent of safeguarding vital information infrastructure and essential public services, while bolstering the capacity of the Kingdom’s cybersecurity officials.
He noted that draft law will prevent and counteract threats and assaults targeting both private and state entities, as well as individuals.
“There are no provisions in the proposed law that compromise human rights; instead, it aims to fortify consumer interests and protect the safety of individuals utilising critical information infrastructure services, by offering them technical support,” he said.
A ministry statement explained that the legislation was carefully drafted to align with the Cambodia Digital Economy and Society Policy Framework and the digital government policy. The government has given priority to cybersecurity as a means of promoting development and mitigating risks in the digital sector.
“This draft law has established principles, measures and mechanisms to govern and uphold the cybersecurity of all critical information infrastructure, in line with regional and global trends,” it added.
