China decided in June to implement a new data security law that applies broadly to the handling and processing of electronic and physical data by corporations and other entities. Under the law, data are categorised according to official directives. Data classified as “important data,” including “core state data,” cannot be transmitted outside the country’s borders without official permission. Because the law involves such matters as national security, it also applies to data handling outside China. The new law enters into force at the beginning of September.
China has traditionally been quite relaxed in its regulation of data and its handling and management, but the situation has clearly changed. In addition to the new data security law, an act on protection of personal data is in the drafting phase. The bill is expected to be presented to lawmakers for approval during the winter. China’s rush to update its data laws is driven partly by official fears that the data gathered by China’s giant tech firms on hundreds of millions of Chinese citizens could wind up in foreign hands. In the past 12-months, regulatory crackdowns have focused in those branches where large Chinese tech firms are most active. Last autumn, officials tightened rules for the fintech sector and intervened at the last minute to block the listing of Alibaba’s Ant Financial spinoff. Officials announced last winter that they were tightening their interpretation of cartel laws, and soon after new regulation on the “platform” economy was released.
Approval of the data security law quickly raised a range of data security issues. China’s cyberspace administration announced in early July that it was launching an investigation into the data collection and handling of the ride-hailing giant Didi Chuxing with respect to national security. The company had just held its IPO on the New York Stock Exchange a couple days before the investigation was announced. The investigation and potentially large fines sent the company’s share price from over $16 to around $9. Indeed, the very mention of surprise investigations and targeted official measures was enough to spook many investors. Chinese share prices briefly fell across the board in Shanghai, Shenzhen and Hong Kong. Following Didi’s IPO debacle, the US Securities and Exchange Commission announced that it would require Chinese firms listing on US exchanges to provide more information to prevent a repeat of the event. The China Securities Regulatory Commission followed with its own announcement that it was ready to engage in closer dialogue with American regulators.
Rules and their interpretation can change quickly and without warning in China as officials try to deal with problems in an environment characterised by the lack of transparency. As competitive frictions with the US rise, matters of national security will acquire greater significance.
Key indices have recovered from a brief July drop in mainland China and Hong Kong
Sources: Shanghai, Shenzhen and Hong Kong stock exchanges, Macrobond and BOFIT.