top of page
  • Writer's pictureP Xenos and M Bacina

China Strengthens Grasp on Personal and Corporate Data

Updated: May 2

China have strengthened their grip on personal and corporate data, as the government have set their sights on extending its control over foreign entities.

For several years, the Chinese government have been working on a comprehensive internet security and surveillance program, which began with the adoption of the Cybersecurity Law in 2016.

This increased control over privacy laws has been ignited by the emergence of new artificial intelligence (AI) and cybersecurity technologies, causing data to become a vital and much-coveted resource. China’s government has shown on several occasions to favour a more restrictive approach towards the governance of personal data, and on this occasion, this seems to be more pertinent than ever.

The main aim of the program is to maintain control and have access to massive amounts of data that is generated daily and transmitted across Chinese networks. This data is then used in facial recognition tools, social scoring systems, and surveillance programs. The plan for the new system is ambitious, comprehensive, and seeks to cover every district, ministry, business, and institution.

Major impacts of this program will follow on areas where data is involved including networks, information systems, cloud platforms, control systems, and mobile internet.

It will not be long until this system applies to foreign-owned companies in China. The new Foreign Investment Law comes into effect on 1 January 2020, and will eliminate any special status associated with being a foreign company, resulting in foreign-owned companies being treated the same as Chinese companies.

However, the exact implication of this form of regulation is currently unknown, as Jim Fitzsimmons, Singapore-based director of Control Risks stated:

No other country in the world does this, so it’s unknown how this will work. Cybersecurity is not very good in China. A lot of information is bought, stolen and traded, so the government wanted to tighten that up.

Yan Luo, partner at Covington law firm in Beijing shared an opposite sentiment, stating that:

Many of the requirements were not that out of the global norm, and are unlikely to be a challenge for firms that already had “robust cybersecurity programmes"

What is certain however, is that this form of regulation creates challenges for Australian, U.S. and European companies operating in China, as all information (even VPNs) on any server located within China will be available to the Chinese government,

It will be interesting to see how the Chinese government handles the challenge of monitoring or controlling decentralised systems, where no single actor controls the data (and hence can comply with any government request).

Interest in Bitcoin reached its peak in Hong Kong late last month with transaction volumes recording an all-time-high on Local Bitcoins.


bottom of page