The Chinese government has just passed a cybersecurity law that has broad implications for international businesses. The move comes with great criticism, with some calling the law “draconian” and “abusive” while others note the law is “vague” enough to spark worries of “censorship and espionage.” The legislation was passed on Monday, set to take effect in June 2017.
The Chinese government adopted the cybersecurity law to counter hacking and terrorism, but the law comes with strict requirements for operating in China, including security reviews and a requirement to store data on servers in China (data cannot leave the country). Based on the requirements, foreign technology companies would be locked out of many sectors deemed “critical,” despite assurances that foreign business interests would not be affected.
The law also includes a provision to provide unspecified “technical support” to security agencies, which some fear may give security agencies unregulated access to data (personal, sensitive or intellectual) as well as a requirement to notify the government and consumers about data breaches.
James Zimmerman, chairman of the American Chamber of Commerce in China, released the following statement:
“Broad requirements to store data inside China’s borders will hinder trade and innovation for both Chinese and foreign companies… [and] some of the requirements for national security reviews and data sharing will unnecessarily weaken security and potentially expose personal information.”
More than 40 business groups from around the world have argued against this cybersecurity law, saying it would both impede foreign businesses as well as cut China off from the wider digital economy.
The law has also drawn criticism from human rights advocates, who say that it will enhance the already strict censorship of China’s Internet and further impact individual rights to expression and privacy. China already bans platforms such as Google, Facebook and Twitter. The new law would require companies to censor “prohibited” information and to demand real names, including for services such as instant messaging.
For international organizations, this new law will either mean that organizations must make some substantial changes in order to comply with Chinese law or they will have to pull back from operating in, or to, the Chinese marketplace.