New cyber-security law in China takes effect, tightens flow of data out of the country.
With immediate effect from today, China has implemented a new cyber-security law that will put a tighter lid on data leaving the country which Beijing is calling it a milestone in data privacy regulations. However, many are concerned about how the drastic changes will be implemented, failure of which carries a fine of up to 1 million yuan (about S$203,490).
The new law will also lower the country’s ease-of-business ranking, which is already ranked 78 out of 190 countries, imposing increased costs to foreign firms and rendering multinationals vulnerable to cyber-espionage while giving domestic businesses an unfair advantage.
Strict regulations but poorly defined.
The new law places more stringent regulation on personal information and privacy, and standardizes procedures governing the collection of that data and usage. Businesses will have incorporate data protection measures, while sensitive data (e.g. personal information on Chinese citizens, national security interests, etc.) are to be stored on domestic servers.
Depending on circumstances, companies will have to undergo a security check before it is allowed to move data out of the country.
But the government has not made it entirely clear on what is or isn’t considered important or sensitive data – and a breach of it, including unauthorized collection, disclosure or receipt of personal information, will be regarded as a criminal offense, with fines going up to five times of the amount of profit earned through the illegal action.
A statement by the government through the state media outlet, China Daily, says that the new law is meant to safeguard both the interests of the public in cyberspace as well as national cyberspace sovereignty and security.
A bigger concern to companies implicated in the new law is the costs involved. Most affected are companies relying on services that would now come into conflict with the new law as they need to migrate their data onto new platforms – a process that is slow and expensive.
And if they can’t afford to make those changes then they are going to have to leave, with small and medium enterprises most at risk.
To further complicated matters, the need for all data to be stored domestically in China would seriously interrupt the operations of foreign companies that need to transfer data in and out of the China regularly. More troublingly is that it will leave multinationals open to corporate and industrial espionage by the Chinese government.
The new law has also been called “unnecessarily onerous” by the American Chamber of Commerce in Shanghai, stating that it could cost cross-border trade billions of dollars.
For China, the new cyber-security laws will help the country protect domestic data from unwanted foreign snooping.
In addition, the move will also help the Chinese government achieve its goal of creating more white-collar jobs in the country – by helping its domestic tech industry gain a technical edge by forcing companies to store its data on local servers, which in turn biases market access for foreign against Chinese companies.