Friday, May 20

China’s New Data Security Law gets Tech Heavyweights Nervous

It has been a long day, and finally, China ensures it has the upper hand on large enterprises operating within the territory of the People’s Republic of China. China’s new data security law, w.e.f September 1, 2021, gives President Xi Jinping the power to shut down Chinese tech giants such as Alibaba Group Holding Ltd. and Tencent Holdings Ltd. If President Xi Jinping so wills can access the vast repository of data at the disposal of the two multinational technology companies.

According to China’s new data security law, businesses misusing “core state data,” may expect a suspension of operations, revoking business licenses, and a penalty of up to 10 million yuan ($1.56 million). In addition, China’s new data security law ensures that businesses do not transmit sensitive data abroad without the consent of China’s National Security Commission or risk up to 5 million yuan ($.8 million) in penalty.

President Xi’s control of China’s multinational technology firms gives him the complete freedom to regulate the big data that China wants to harness for global market leadership. President Xi’s administration can now retrieve any information in possession of its technology firms. Beijing’s investment in large data centers and robust digital infrastructure is leverage electronic data as China’s new oil to rebrand the legitimacy of the communist administration.

In 2017, China passed its first Cybersecurity law banning the transfer of sensitive digital data outside the country’s sovereign limits. In addition, the current Data Security Law imposes stricter regulations to ensure data doesn’t leak through the cracks technology, as noted in previous audits. Interestingly, the law does not name the activities that violate China’s data security regime. So now, the chances of data leakage are higher in collecting, safeguarding, and transferring authorized data. 

President Xi Jinping’s assumption of total authority on the big data assets of the multinational technology firms in China alerts foreign businesses with shops in the Mainland. China will not wait for a reported event on the leakage of digital data. So it will launch a screening process to determine the impact of data transfer on national security. Under the new law, China will set up a task force integrating various data-security and risk assessments that’ll hold offenders for criminal liability, besides withdrawal of licenses.

China’s new data security law applies across telecommunications, transportation, finance, natural resources, health, education, and science and technology. The Central Military Commission will formulate military data regulation in a separate bill. In the transportation category, the law monitors how self-driving technology collects data and transmits it onshore for technological reviews, audits, and advancement. This new data security law is a huge regulatory crackdown on foreign enterprises doing business in China that may accidentally purchase the wrath of China’s National Security.

Talking about self-driving technology, China’s top suspect for cross-border transfers of data is Tesla. Not only data gathered by its electric vehicle but cameras and sensors producing image data is also subjected to the new law. On this matter, Tesla has agreed to establish a local data center in China, following the footsteps of Apple in China. As per Tesla’s consent, it’ll store data generated by its vehicles sold in mainland China in local data centers.

According to China’s state news agency, the state encourages data security and awareness as a collective social responsibility. It expects industries and organizations, scientific research institutions, enterprises, individuals, etc., to participate in data security protection and work together in the common interest of China’s digital transformation. The state has asked companies to formulate data security codes for internal data discipline. China has also agreed to work with global think tanks in developing robust data governance that regulates the authorized transmission of data under international guidelines.

This article has been retrieved on June 14, 2021, via local backup as we experienced a site crash and had backup until June 10, 2021. The article is republished as originally dated; June 13, 2021.
Skip to content