BEIJING Foreign companies in China are bracing for the impact of a new law governing data collection that came into effect on June 1.
The law requires companies to store customer information within China and to seek approval before transmitting that data out of the country. The law has drawn international opposition over concerns that it could hinder the free use of data, which companies rely on in forming their business strategies.
LAYING THE GROUNDWORK Countries around the world are establishing laws and regulations to counter the rising tide of cyberattacks. China, which has built its own internet space by shutting out companies like Google that do not adhere to its censorship guidelines, is no exception.
Beijing says the new cybersecurity law, which was passed in November, is aimed at enhancing internet and data security in response to the growing number of companies collecting and analyzing massive amounts of user information. The law requires companies to adopt technological standards based on Chinese law when building a network or providing services, and is intended to serve as the foundation for future cybersecurity legislation and regulations.
As leaders in areas such as cloud computing, American companies are particularly concerned about the law. Some foreign businesses have already begun switching management of their systems and data analysis from cloud technology leader Amazon.com to China's Alibaba Group Holding, according to one foreign law firm, an indication that the new law will work to the advantage of Chinese companies.
The added costs of establishing independent data systems in China is another cause for concern. An executive at a U.S. household goods maker expressed frustration that although it employs data from around the world to develop products, its Chinese data will no longer be integrated in that process. An executive from a major infrastructure company, meanwhile, warned about potential security issues, such as leaks of sensitive operational information.
U.S. law firm Lantham & Watkins said in a note to clients that the new law is "likely to significantly impact all multinational companies across all industries and sectors with significant operations in China." One of the worries is that the law "provides the Chinese government with significant discretion to restrict data transfers out of China, which may result in increased involvement in the affairs of private companies."
A group of 54 corporations, mainly members of the U.S.-China Business Council, sent a letter to Chinese authorities on May 15 saying, "Our concerns encompass enormously consequential issues for China's economy, its relations with economic and commercial partners and the global economy."
CONTROL ISSUES Chinese President Xi Jinping has been tightening his control over the internet, saying, "No internet safety means no national security." The country's anti-terrorism laws require that companies provide tools to decrypt users' communications. Internet broadcasts, meanwhile, must be screened in advance by censors. In early 2017, regulations on virtual private networks were tightened, and in May tougher regulations governing outlets that provide online news were announced.
Chinese public safety systems were among the targets of a global cyberattack that took place in mid-May, sparking calls for the country to develop its own cybersecurity mechanisms. China is likely to continue its hard line on internet controls as Xi and his circle prepare for the leadership shake-ups to take place during the Communist Party's National Congress this autumn.
Nikkei deputy editor Kenji Kawase in Hong Kong contributed to this report.