Image via Techcrunch
“In China’s view, data originating from China ought to be kept inside China’s borders because it is not safe elsewhere, period.”
Effective June 1st, 2017 are new regulations mandated by Beijing which require increased protocols with respect to data transfers together with an increased degree of data localization. This will have notable implications for foreign enterprises operating within the Mainland.
Essentially, within certain parameters, companies deemed “network operators” or “critical information infrastructure operators” (CIIOs) will be required either to store user data within China, or to export that data to China. The new measure not only extends the frontiers for cybersecurity law in China, but also demonstrates a growing trend regarding the sovereignty and global significance of digital data.
Back in February of 2017, the Cyberspace Administration of China (CAC) issued a set of draft measures, entitled “Inspection Measures on Network Products & Services” 《个人信息和重要数据出境安全评估办法（征求意见稿）. Those measures laid a framework for the new regulations. Not only has China now established an internal Network Security Inspection Committee, going forward, digital data, alongside network products and services used by information systems that have potential national security implications, will be subject to audit and inspection.
Requiring companies to store data originating from China in China is, of course, rather expensive from a corporate infrastructure perspective.
Companies whose future success hinges, in part, on their ability to continually woo Chinese consumers have adapted. For example, Apple recently announced that it would open its first data center in Guizhou, China. The move is part of Apple’s $1 billion investment in the province, and, adroitly, it will be operated in partnership with local data management business, the Guizhou-Cloud Big Data Industry.
Apple noted that it would retain encryption keys for all data stored within its center so as to ensure data integrity and security.
Other tech giants, such as Amazon, Microsoft and IBM, and even smaller players such as AirBnB, Evernote and LinkedIn, have moved to form partnerships with Chinese companies who provide China based cloud storage services.
Most noteworthy is the fact that the new cybersecurity law provides for regularly scheduled security reviews and also for messaging apps users to register with their real identities. This will have special implications for Facebook, the current king in the global digital messaging arena, as it continues to strive to find the right plan of attack for its China strategy.
Storing data closer to home translates into easier data-sharing between Chinese government bodies and Western Internet operators. Ostensibly, it will also ensure greater levels of local compliance for foreign enterprises in China. However, as data and digital identity values rise exponentially, our increasingly digitized world will see an increased potential for conflict between the ethos of Western tech companies (user privacy and user experience), on the one hand, and China’s requirements to scrub, monitor, share data, and, occasionally, censor data, on the other.
The law will likely be amended in the future.
The severity of the law on operational, ethical and intellectual property issues, and the bottom-line for Western tech giants, remains to be seen.