china flag

China's new strict cyber-security law concerns businesses

Strict cyber-security laws were introduced in China yesterday stoking fears from businesses that they will struggle to operate under the new regime.

The law, passed by China’s rubber-stamp parliament in November, requires local and overseas firms to submit to security checks and store user data within the country.

China’s top cyber authority said on Wednesday it was not targeting foreign firms with the new law, after over 50 overseas companies and business groups lobbied against the legislation that includes stringent data storage and surveillance requirements.

“The purpose is to safeguard (China’s) national cyberspace sovereignty and national security... rather than to restrict foreign enterprises,” the Cyberspace Administration of China (CAC) said in a statement on its website.

The law has sparked fierce push-back by firms and lobby groups who say vague wording of the regulations leaves foreign firms vulnerable to abstract interpretations of the rules.

Earlier this month, the CAC met foreign business groups in a closed-door meeting to try to allay these fears, including an 18-month phase-in period for aspects of the regulations, according to attendees.

According to a revised draft, a phase-in period until the end of 2018 would relate to measures affecting cross-border data transfers, which has been one of the most contentious elements of the new law.

The CAC notice on Wednesday made no mention of a phase-in period. It added that the law is not designed to hinder international trade or the flow of data across the Chinese border.

Firms and lobby groups say the late changes to the law, while positive, leave most of the original legislation intact and remain broad. The law’s impact will therefore depend on how Beijing enforces it.

“Much will depend on how the measures are implemented,” the US-China Business Council said in a note to members last month after the CAC meeting.

On top of internationally common standards, such as requiring user consent before moving data beyond country borders, China’s new cyber law also mandates companies store all data within China and pass security reviews.

This fits China’s ethos of “cyber sovereignty” – the idea that states should be permitted to govern and monitor their own cyberspace, controlling incoming and outgoing data flows.

China maintains a strict censorship regime, banning access to foreign news outlets, search engines and social media including Google and Facebook.

Earlier this week, Rela – a hugely popular dating app for gay women – was abruptly suspended by the Chinese government, leaving users to speculate about the reasons for its removal.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles