Update: 10 October 2023 – On October 5, the spokesperson of the Ministry of Post and Telecommunications responded to the joint letter, stating the draft law was “crafted with the intent of safeguarding vital information infrastructure and essential public services.” A statement by the ministry further highlighted that the draft law aligned with the “Cambodia Digital Economy and Society Policy Framework and the digital government policy” towards “promoting development and mitigating risks in the digital sector.”
These statements do not adequately respond to or alleviate the substantial human rights risks which will emerge should the draft law come into force. Access Now acknowledges the official response, but continues to call for the withdrawal or a substantial amendment to the Draft Law on Cybersecurity. Access Now remains available and willing to engage with authorities to ensure the necessary amendments are made.
Today, 2 October 2023, Access Now and the International Commission of Jurists (ICJ) sent a joint letter to Cambodia’s Ministry of Post and Telecommunications and Ministry of Justice, calling for the withdrawal or substantial amendment of its Draft Law on Cybersecurity to bring its provisions in line with international human rights standards.
The draft law, if adopted, would likely undermine the rights to privacy and freedom of expression, while also risking personal security and exposing people to increased cyber threats.
In the legal analysis attached to the joint letter, Access Now and the ICJ point out that the vaguely worded and sweeping provisions in the Draft Law may be abused to allow government cybersecurity inspectors overbroad access to private data. It fails to provide for safeguards, but instead would grant a newly created body of cybersecurity inspectors immense power to investigate, observe, monitor, prevent, and respond to cybersecurity threats and incidents. The Draft Law also fails to make provision to ensure that cybersecurity inspectors are properly qualified.
Access Now and the ICJ urge Cambodia to strengthen its cybersecurity landscape to deal with malicious cyber activities and ensure that any law, policy, or practice to implement this goal complies with the country’s international human rights obligations. Effective cybersecurity requires a human-centric and human rights-respecting approach.