China’s new data security regime gives President Xi Jinping the power to shut down or fine tech companies as part of his drive to wrest control of vast reams of data held by tech giants like Alibaba Group Holding Ltd and Tencent Holdings Ltd.
Firms found mishandling “core state data” can be forced to cease operations, have their operating licenses revoked or fined up to 10 million yuan (US$1.6mil/RM6.5mil) under a law passed Thursday by the Asian nation’s top legislative body.
Companies that leak sensitive data abroad can be hit with similar fines and punishments, and those providing data to overseas law enforcement bodies without permission can face financial penalties up to 5 million yuan (RM3.2mil) and business suspensions, according to the law published on the website of the National People’s Congress.
Major decisions involving data security will be made by central national security officials. The law takes effect Sept 1.
Xi’s administration has tightened control over the hoard of information produced by the nation’s tech companies as part of broader efforts to position China as a leader in big data. Beijing has been pouring money into data centres and other digital infrastructure to make electronic information a national economic driver and help shore up the Communist Party’s legitimacy.
The law represents “another important piece in the overall data protection regulatory jigsaw in China, ” Carolyn Bigg, a lawyer who specialises in intellectual property and technology issues with DLA Piper in Hong Kong, said before it was passed. Companies will still need to wait for guidance and technical standards on the practical measures they must take to comply, she said.
“It remains a complex — and increasingly onerous — compliance framework for international businesses to navigate through, ” Bigg said.
Chinese tech stocks were mixed Friday. Alibaba fell 1.2% in Hong Kong, while Tencent and Meituan rose. A measure of tech shares on China’s benchmark CSI 300 Index dropped 1.6%.
China’s digital economy grew much faster than gross domestic product in 2019, according to the Chinese Academy of Information and Communications Technology. The country will hold about one-third of global data by 2025 — about 60% more than the US — market research firm IDC projects.
The new data law is expected to provide a broad framework for future rules on Internet services, and to ring-fence, prise open and ease tracking of valuable data in the interests of national security. Among those may be guidelines on how certain types of data must be stored and handled locally, and requirements on companies to keep track of and report the information they possess.
The NPC is also drafting personal information protection legislation that is expected to be adopted this year.
China’s push parallels debates in the US, where lawmakers have called for breaking up Internet titans like Facebook Inc. and Alphabet Inc, and in Europe, where regulators have prioritised anti-trust actions and giving users more control over data. President Joe Biden ordered a security review of foreign software applications Wednesday after revoking Trump administration bans on the Chinese-owned apps TikTok and WeChat that had faced opposition in US courts.
Like their American counterparts, Chinese tech giants including Alibaba and Tencent have focused on harnessing user data to refine an expanding array of digital services. This has led to natural monopolies, giving the platforms enormous wealth and power that also opens the door for abuses.
Now, Xi has declared his intention to go after “platforms” that amass data to create monopolies and gobble up smaller competitors. That’s led to a crackdown on China’s tech sector with regulators fining Alibaba a record US$2.8bil (RM11bil) for abuse of market dominance, and warning dozens of other top Internet companies to rectify anti-competitive practices.
Here are some other key points of the law passed by the NPC Standing Committee:
Companies that are found to have engaged in data-handling activities outside Chinese territory in a way that harms national security will be held legally responsible.
China will put export controls on data linked to national security.
The country will build a data protection system that puts a priority on “core state data”.
Beijing will take reciprocal measures against countries that adopt discriminative restrictions on investment and trade in data and related technology. – Bloomberg