Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By John Butcher
China may use its new cybersecurity law to shift the technology market towards domestic products at the expense of foreign companies—or to punish companies in the event of geopolitical or trade disputes, regulatory analysts told Bloomberg BNA.
The new law, which took effect June 1, has been lauded by Chinese authorities as providing a safeguard for companies and consumers without restricting foreign companies’ operations in China. However, it also creates new costs and onerous obligations that foreign companies may be unwilling or unable to meet, the analysts said.
“Every country should take seriously their cybersecurity and their obligations to protect personal privacy, but cybersecurity should not become a mechanism for erecting trade barriers that create unjustifiable obligations on companies based overseas while diminishing competitiveness and innovation,” Lester Ross, chairman of the policy committee at the American Chamber of Commerce in Beijing, told Bloomberg BNA.
The law imposes new security review requirements on companies sending data overseas and broadens the scope of information that must be stored within China’s borders. The latest, detailed set of regulations implementing the law also requires internet operators to cooperate with investigations involving crime and national security, and imposes data localization requirements on infrastructure companies that collect and store data.
China has been pursuing avenues to access foreign companies’ technology as it bolsters control of the collection and movement of data. Forcing companies to store information within the mainland has already led some to tap cloud computing providers with more local server capacity—a potential boon to homegrown Alibaba Group Holding Ltd. and Tencent Holdings Ltd. at the expense of Amazon.com Inc. and Microsoft Corp.
“These requirements encourage business operations in China to use cloud and storage services in China, and thus benefit the domestic cloud and storage service providers,” such as Alibaba’s AliYun cloud service, Yang Xun, commercial intellectual property and technology practice leader at Simmons & Simmons in Shanghai, told Bloomberg BNA.
Requiring companies to store information inside China will almost certainly effect market access for U.S. firms, Yang said.
China has “long pursued a domestic technology agenda,” and the new law “could be a tool in this,” Carly Ramsey, a regulatory risk specialist at risk consultancy firm Control Risks in Shanghai, told Bloomberg BNA. Although much of the increased regulatory enforcement of foreign companies “across many areas” is due to regulators finally enforcing previously set rules, it is sometimes motivated by geopolitics, she said.
Under the cybersecurity law, companies are designated as critical information infrastructure (CII) operators or network operators.
CII operators— companies that conduct business China’s government deems essential —are required to store data collected inside the country and must share their software source codes with Chinese authorities during a technology review process. Network operators must conduct cybersecurity audits, collect data on users and, under draft implementing regulations, undergo a security review of data designated to be transferred outside of China.
Creating non-tariff barriers to foreign companies, potentially in the form of “slowing or blocking market access through a long and arduous security review process,” could also advance the domestic technology agenda, Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations in New York, told Bloomberg BNA.
A combination of the law’s lack of clarity, Chinese companies’ closeness with the government, and Beijing’s stated intention to reduce dependence on foreign suppliers has created “legitimate” concern the law may be used to discriminate, Segal said.
Ross said new cross-border data flow restrictions could impose “a huge restricting cost on almost every foreign firm that operates in China.”
There is historical precedent to support the potential for Chinese authorities to use the security law in ways that may slow trade, James Gong, a cybersecurity and data privacy senior associate at Herbert Smith Freehills in Beijing, told Bloomberg BNA.
A law introduced by the China Banking Regulatory Commission in 2016 required financial institutions to use Chinese technology and share source code of software applications used by banks, Gong said. The legislation was suspended a few months after its implementation amid a backlash from foreign tech firms and Chinese banks, but it demonstrated the authorities’ agenda of moving the Chinese market toward domestic products, he said.
Ramsey said that part of the review process under the new cybersecurity law is “looking at market position.” The authorities are aware of what happened with the banking law, so they may consider if there is a replacement Chinese technology before blocking or hindering market access to a foreign product, she said.
Yang said that, although the security review process isn’t designed to discriminate against foreign companies, opinions and comments from domestic businesses will be “given more weight” as the government finalizes implementing regulations. “As a result, domestic business will be benefited more from the standards,” he said.
To contact the reporter on this story: John Butcher in Beijing at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)