China: "Companies will have to follow stricter procedures for storing data"

The VTC giant Didi is particularly concerned by this new law on data control.

© AP - Ng Han Guan

Text by: Ariane Gaffuri Follow

4 min

In China, the law on the protection and online control of sensitive business data comes into force on September 1.

For Beijing, this is to avoid any leakage abroad of data at risk for national security.

Three questions for Antoine Bondaz, researcher at the Foundation for Strategic Research. 

Advertising

Read more

RFI: What is this law on sensitive corporate data

Antoine Bondaz:

It is first of all very important to remember that

this law on data security

complements a Chinese legal arsenal, including the law on cybersecurity of 2017. We will have to wait for the implementation of certain directives, and this will be done very soon by the cybersecurity administration of China. But what we know is that this new law makes it more difficult to manage the data of all operators, in particular those linked to what is called “critical information infrastructures”, that is to say - say the main infrastructures, whether related to energy issues, social security ...

Chinese companies will therefore have to follow more stringent procedures to store this data and obtain agreements if they want to send some abroad.

This is obviously going to have a concrete impact on digital companies in China that collect data, but sometimes can send it abroad.

This is for example what happened a few weeks ago to the Chinese VTC giant Didi.  

What are the consequences for businesses in terms of data storage and management? 

The consequences for companies are obviously an additional cost in data management. It is the fear of potentially making a mistake since the penalties are extremely important - from a few thousand euros to several tens of thousands of euros and activity bans. They are primarily aimed at those who store and use the data and this could make the operation of Chinese companies in China, but also their potential interactions with foreign companies, more complicated.  

The other problem is that the concept of national security is obviously mentioned in the law.

In China, however, this is an extremely inclusive concept.

When it was officially presented in 2015, there were eleven dimensions of national security - political, economic, military, territorial ... The question that obviously arises will be that of the interpretation of this concept by the legal authorities, in the cases where the law will be applied and broken. 

Beijing is taking back control of Chinese companies after offering them great freedom of action, which has allowed them to develop ...

This is the paradox. Until now, Chinese digital companies were “privileged” by the political power, which sought in particular to limit the establishment of foreign companies in the Chinese market, such as Google or Uber. Here we are in another dimension which is data protection. This is a trend that we have obviously seen in Europe for a few years, more and more in other countries, and the objective for China is to better protect data and better protect itself against what could be perceived. such as foreign interference or as the use by foreign actors, including businesses, of Chinese citizens' data.

After a first phase of protecting these digital companies, we are now witnessing a phase of increasingly strict regulation of these same companies.

We have seen it with online games, we will see it in a few weeks with data related to privacy and personal data, and we are seeing it today with the law on data security.

Newsletter

Receive all international news directly in your mailbox

I subscribe

Follow all the international news by downloading the RFI application

google-play-badge_FR

  • China

  • our selection

  • New technologies