A new, broadly-worded cyber security law comes into force in China today. While the law is a boon for individuals, who will receive unprecedented data privacy protection, foreign firms bemoan it unfairly targets them.
The rules mandate that firms operating in “critical” industries—such as banks and utilities—must store data collected in China on Chinese servers. However, a catchall provision also requires the same of companies that hold data which could “harm people’s livelihoods”—potentially impacting a vast array of businesses that collect simple things, like credit card information.
Foreign companies operating in China are more likely to store their data overseas than local rivals, making compliance with the new rules more burdensome and costly. Foreign businesses also worry that, once on Chinese servers, their intellectual property could be ‘leaked’ to China’s state-owned rivals (Beijing has a history of corporate espionage).
On a national security level, the new policy aims to protect important Chinese data from prying eyes; information stored on servers based in Europe or the US is inherently more vulnerable to being tapped by intelligence agencies.
Simon is the founder of Foreign Brief who served as managing director from 2015 to 2021. A lawyer by training, Simon has worked as an analyst and adviser in the private sector and government. Simon’s desire to help clients understand global developments in a contextualised way underpinned the establishment of Foreign Brief. This aspiration remains the organisation’s driving principle.