Tag Archives: data protection and privacy

Tech Decoupling By Any Other Name

CHINA’S NEW DATA-PROTECTION law came into effect on November 1, the same day that the US internet company Yahoo! said it was quitting the Chinese market, citing an increasingly challenging business and legal environment. Its media brands, such as Engadget and TechCrunch, two tech news sites, are also no longer accessible in China.

Even before being acquired by private equity group Apollo Global Management earlier this year, Yahoo! was for some time sliming what was left of its China business after a complicated history involving Alibaba. However, in decamping completely, it follows Microsoft, which pulled its business-focused social network LinkedIn from the country in mid-October, also citing growing compliance requirements.

LinkedIn had run into criticism in the United States for bowing to Beijing’s censorship rules in blocking the accounts of several journalists critical of China’s policies. In March, Chinese authorities had suspended it from taking new user registrations for 30 days for failing to censor political content. In a US court case in 2020, it was shown to have been used by Chinese intelligence services to recruit overseas sources.

LinkedIn had operated in China since 2014, the only one of the leading Western social media sites left there, although it has struggled for a foothold against local rivals. Google withdrew from China in 2010, saying it prefered not to censor searches.

The Personal Information Protection Law is a proximate cause. Foreign and domestic entities processing user information, such as through web cookies and services — must now have representation within China responsible for compliance. They also have onerous new responsibilities to acquire security clearances to move data across national borders. Companies are at risk of fines of up to 5% of a company’s annual turnover for compliance failures.

Beyond the new data protection law is a thickening atmosphere of control. Last month, Apple removed two popular religious apps from its App Store in China. It is thought to have been removing apps Beijing does not like without fuss for some years. It has never made any secret that it follows the laws of the countries it operates in, even where it disagrees with them.

Apple, however, has a different operating relationship in China than Yahoo! or LinkedIn because of its hardware manufacturing and sales ($14.6 billion in Greater China in the three months to end-September) there.

It will need to tread a fine line between protecting those local sales and supply chains, which will depend on Beijing’s blessing, and its reputation elsewhere in the world if it censors the apps in its App Store. Complicating its path forward is that it does not want to choose between its hardware and App Store businesses in China, which would set a precedent for its hardware customers to download apps on an iPhone away from the App Store. That way lies ruin for its Mac ecosystem, which is so reinforcingly lucrative for it.

For Microsoft, which has been in China since 1992 and derives only some 2% of its annual sales there, its R&D operations and network of local partners are its most valuable assets in China. If protecting them meant shuttering LinkedIn, which likely provided only a slither of its China revenue, it would have been an easy decision. Microsoft plans to replace LinkedIn with a jobs only site later this year.

More broadly, foreign tech firms are being swept up in the measures that authorities are applying to rein in the power of the platform tech and online media companies across a swathe of internet activities, from fintech to gaming. Epic Games, creator of Fortnite, has stopped taking new user registrations and says it will end its services in China from November 15.

This is what decoupling looks like in practice.

Leave a comment

Filed under Technology

China Codifies Data Protection And Privacy

THE NEXT STEP in codifying new data protection and privacy standards has passed China’s legislature. The National People’s Congress Standing Committee enacted the Personal Information Protection Law on August 20. It will take effect on November 1.

It follows the recently passed Data Security Law, which will take effect on September 1.

Once fully implemented, the two new laws together will significantly impact data protection compliance requirements for businesses and data flows between China and the outside world. As with all Chinese legislation, authorities might enforce the law opportunistically for political reasons to penalise foreign firms or their governments.

The text of the final draft of the Personal Information Protection Law has not yet been released. Based on earlier drafts, it will resemble the EU’s General Data Protection Regulation (GDPR) in the level of the demands and restrictions it places on firms and other organisations that collect personal data, but without creating a fundamental right to privacy.

The law should improve the protection of individuals from misuse of their personal data by businesses and lower-level government officials, who have been known to sell it illegally or abuse it for private purposes.

However, these protections will be overriden if relevant stat organs need to acquire the data for specificed purposes, most notably domestic security.

1 Comment

Filed under Politics & Society, Technology