If data represents the “new oil,” as they say – powering the engines of commerce and media in China – one wonders what happens when the government throws sand in the gears, as it appears may happen.
November looms as a red-letter month in the country, when a new data and consumer privacy law will take effect, mandating guardrails and standards that might make it tougher than ever for Big Tech firms (especially U.S. companies) to compete there.
Read also: China Passes Far-Reaching Regulations to Protect User Privacy
The Personal Information Protection Law (PIPL), as it is officially known, was unveiled earlier in the month. It has some key differences from other regulations that govern data collection and transmission, such as the European General Data Protection Regulation (GDPR). In this case, China is reportedly still going to have a significant reach into consumers’ private information.
But as to how that data can flow outside of the country, or be handled by firms based outside of China’s borders….
Foreign Firms and Data Collection
Per an English translation of the law, via Denzen Shira & Associates, Chapter III of the law mandates that firms moving beyond the country’s borders must pass security assessments levied by the Cyberspace Administration of China, or must have been “certified” by the country’s cybersecurity department.
And here’s a bit of a shot across the bow for companies that want to do business in China: If data are to be given over to foreign law enforcement agencies, there must be consent from the government. That might be a stumbling block for Apple and other firms that rely on China for a significant percentage of the top line.
The PIPL follows legislation from June and April that, as noted in the country’s new Data Security Law taking effect this week, would make much of the data collected from social media, eCommerce and other online activities open to the government. Those moves would apply to companies like Alibaba, ByteDance and others — which indicates, too, that at least some of those firms may curtail their data collection activities in the face of continued crackdowns from watchdogs.
(Incidentally, there are indications that online activities are getting ever-more stringent oversight from regulators, across all demographics, especially younger, tech-savvy citizens. For example, The Wall Street Journal reports that younger users can only play online video games three hours a week.)
Related news: China’s Latest Tech Regs Fixated on Data Control
There are indications, too, that foreign firms are already bending a bit. Tesla, as has been reported, is boosting its data center operations in the country to keep the data that it collects in the country inside China.
And for Apple, where China represented 18 percent of total net sales in the most recent quarter, the widening scrutiny on data might mean the algorithms and app stores that are so critical for giving people what they want might be at best watered down, or at worst hobbled. The playing field seems a bit lopsided, as tech firms have limits on what they can collect, but the state can collect what it deems it wants and needs, unfettered.
Learn more: Wide-Ranging Chinese Corporate Crackdown May Grow Ever Wider