• About
  • Archive
  • Contact
  • Home 1
  • Submit a Story
  • Submit a Story
  • USCBC Podcasts
China Business Review
  • Operations
    Multinational Supply Chains in a Post-Pandemic China

    Multinational Supply Chains in a Post-Pandemic China

    Managing Risk in the “New Era”

    Managing Risk in the “New Era”

    Design Patents vs. Trade Dress: Protecting IP in China

    Design Patents vs. Trade Dress: Protecting IP in China

    As China Emerges from COVID-19, US Companies Invest to Compete

    As China Emerges from COVID-19, US Companies Invest to Compete

    Inside the Mad Rush for Masks – Anatomy of a 10 Million Mask Order

    Inside the Mad Rush for Masks – Anatomy of a 10 Million Mask Order

    Addressing Risk in the Era of US-China “Great Power” Competition

    Addressing Risk in the Era of US-China “Great Power” Competition

  • Politics
    Hong Kong’s National Security Law, Five Months In

    Hong Kong’s National Security Law, Five Months In

    China Implements its Long-Awaited Unreliable Entities List Mechanism

    China Implements its Long-Awaited Unreliable Entities List Mechanism

    Competing WTO Reform Agendas and the Contest for the Next Director-General

    Competing WTO Reform Agendas and the Contest for the Next Director-General

    China Eyes Further Northeast Asian Economic Integration in RCEP

    China Eyes Further Northeast Asian Economic Integration in RCEP

    COVID-19 Could Doom or Deliver US-China Commercial Relations

    COVID-19 Could Doom or Deliver US-China Commercial Relations

    A Game of Chicken

    A Game of Chicken

  • Tech
    Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

    Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

    Semiconductor Self-Sufficiency: MIIT’s Ambitions for 2021 and Beyond

    Semiconductor Self-Sufficiency: MIIT’s Ambitions for 2021 and Beyond

    The Growing Intersection of Digital Health and Data Processing in China

    The Growing Intersection of Digital Health and Data Processing in China

    Export Controls on Emerging and Foundational Technologies: A Null Set?

    Export Controls on Emerging and Foundational Technologies: A Null Set?

    How Companies Are Reacting to China’s New Data Security Scheme

    How Companies Are Reacting to China’s New Data Security Scheme

    China’s Participation in International Standards Setting: Benefits and Concerns for US Industry

    China’s Participation in International Standards Setting: Benefits and Concerns for US Industry

    Trending Tags

    • Intellectual Property
    • innovation
    • cybersecurity
    • ecommerce
    • tech
  • Society
    Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

    Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

    China Cracks Down on Education Industry in Effort to Increase Birthrate

    China Cracks Down on Education Industry in Effort to Increase Birthrate

    The Extraordinary Rise of China’s Pet Industry

    The Extraordinary Rise of China’s Pet Industry

    COVID-19 Could Doom or Deliver US-China Commercial Relations

    COVID-19 Could Doom or Deliver US-China Commercial Relations

    The Year in Social Credit: Where is Corporate Social Credit Going in 2020 and Beyond?

    The Year in Social Credit: Where is Corporate Social Credit Going in 2020 and Beyond?

    Open Government Developments in China: Implications for US Businesses

  • Media

    Gallery: Craig Allen’s Trip to China

    USCBC 45th Annual Membership Meeting

    USCBC 45th Anniversary DC Open House

    USCBC President’s China Visit

    USCBC Hosts Business Roundtable with Zhejiang Party Secretary Che Jun

    USCBC hosts Comprehensive Economic Dialogue (CED) Luncheon

  • Podcasts
No Result
View All Result
  • Operations
    Multinational Supply Chains in a Post-Pandemic China

    Multinational Supply Chains in a Post-Pandemic China

    Managing Risk in the “New Era”

    Managing Risk in the “New Era”

    Design Patents vs. Trade Dress: Protecting IP in China

    Design Patents vs. Trade Dress: Protecting IP in China

    As China Emerges from COVID-19, US Companies Invest to Compete

    As China Emerges from COVID-19, US Companies Invest to Compete

    Inside the Mad Rush for Masks – Anatomy of a 10 Million Mask Order

    Inside the Mad Rush for Masks – Anatomy of a 10 Million Mask Order

    Addressing Risk in the Era of US-China “Great Power” Competition

    Addressing Risk in the Era of US-China “Great Power” Competition

  • Politics
    Hong Kong’s National Security Law, Five Months In

    Hong Kong’s National Security Law, Five Months In

    China Implements its Long-Awaited Unreliable Entities List Mechanism

    China Implements its Long-Awaited Unreliable Entities List Mechanism

    Competing WTO Reform Agendas and the Contest for the Next Director-General

    Competing WTO Reform Agendas and the Contest for the Next Director-General

    China Eyes Further Northeast Asian Economic Integration in RCEP

    China Eyes Further Northeast Asian Economic Integration in RCEP

    COVID-19 Could Doom or Deliver US-China Commercial Relations

    COVID-19 Could Doom or Deliver US-China Commercial Relations

    A Game of Chicken

    A Game of Chicken

  • Tech
    Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

    Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

    Semiconductor Self-Sufficiency: MIIT’s Ambitions for 2021 and Beyond

    Semiconductor Self-Sufficiency: MIIT’s Ambitions for 2021 and Beyond

    The Growing Intersection of Digital Health and Data Processing in China

    The Growing Intersection of Digital Health and Data Processing in China

    Export Controls on Emerging and Foundational Technologies: A Null Set?

    Export Controls on Emerging and Foundational Technologies: A Null Set?

    How Companies Are Reacting to China’s New Data Security Scheme

    How Companies Are Reacting to China’s New Data Security Scheme

    China’s Participation in International Standards Setting: Benefits and Concerns for US Industry

    China’s Participation in International Standards Setting: Benefits and Concerns for US Industry

    Trending Tags

    • Intellectual Property
    • innovation
    • cybersecurity
    • ecommerce
    • tech
  • Society
    Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

    Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

    China Cracks Down on Education Industry in Effort to Increase Birthrate

    China Cracks Down on Education Industry in Effort to Increase Birthrate

    The Extraordinary Rise of China’s Pet Industry

    The Extraordinary Rise of China’s Pet Industry

    COVID-19 Could Doom or Deliver US-China Commercial Relations

    COVID-19 Could Doom or Deliver US-China Commercial Relations

    The Year in Social Credit: Where is Corporate Social Credit Going in 2020 and Beyond?

    The Year in Social Credit: Where is Corporate Social Credit Going in 2020 and Beyond?

    Open Government Developments in China: Implications for US Businesses

  • Media

    Gallery: Craig Allen’s Trip to China

    USCBC 45th Annual Membership Meeting

    USCBC 45th Anniversary DC Open House

    USCBC President’s China Visit

    USCBC Hosts Business Roundtable with Zhejiang Party Secretary Che Jun

    USCBC hosts Comprehensive Economic Dialogue (CED) Luncheon

  • Podcasts
No Result
View All Result
China Business Review
No Result
View All Result
Home Cybersecurity

Defending China’s Data

USCBC by USCBC
October 2, 2018
Share on FacebookShare on TwitterLinkedin

By Matthew Nitkoski

In late March of this year, Baidu CEO Robin Li stirred up controversy while speaking at the China Development Forum in Beijing. When asked for his opinion on using personal data for reform, Li said, “I think Chinese people are more open and less sensitive about the privacy issue. If they are able to trade privacy for convenience, safety, or efficiency – in many cases, they are willing to do that.” Li’s comments inspired a spirited debate in China’s online community as netizens mulled the implications of his statement. As the CEO of one of China’s most well-known companies, Li’s comments instantly went viral, but the issues they raised didn’t die away – one month later another local incident would rekindle Chinese interest in personal privacy norms.

In April, artist Deng Yufeng paid around US $800 for the personal records – including   names, phone numbers, and shopping history – of 346,000 Chinese citizens. These personal records hung in a local museum in Wuhan for two days until police shut down the exhibition after learning that Deng had illegally obtained the information by contacting black market data peddlers through QQ – a popular Chinese messaging app. While the exhibit was quickly shuttered, the story and its implications resonated with Chinese netizens who wondered at how easily their own private data could be found and bought online.

Although not the only controversial incidents to occur this year, these stories highlight emerging themes in Chinese privacy laws. First, there is a growing awareness among Chinese netizens of the dangers of exposing too much information online and – as Deng’s exhibit reveals – the potential consequences. Incidents of data theft are becoming more commonplace, with a recent data breach of Huazhu Group – a major Chinese hotel operator – exposing more than 500 million pieces of customer information. Second, while Beijing has laid down a rough framework of data privacy laws and standards, there is still considerable work to be done to fill in the gaps. According to Sara Xia, an attorney specializing in China Law at Harris Bricken, the China Cybersecurity Law is China’s first high-level law that defines personal information and regulates data privacy for all network operators. “The remaining standards and specifications in that law are currently optional, so there isn’t much with which companies must comply,” says Xia.

Developing the Framework

To establish basic rules and principles governing data privacy, Beijing enacted China’s Cybersecurity Law on June 1, 2017. While the law covers a wide range of activities concerning national security, sovereignty, and online threats, it also includes specific provisions covering the protection of personal data. For businesses operating in China, there are a few elements that deserve special attention.

Under China’s Cybersecurity Law, businesses and organizations that collect, store, and transfer Chinese citizens’ data can be divided into two principal categories. Network Operators are defined as network service providers as well as owners and administrators of networks. They are required to carry out regular security self-assessments to determine if they are handling sensitive data and, if so, submit themselves to further inspection from government authorities. Critical Information Infrastructure Operators (CIIO) must submit to the same requirements as network operators, but the businesses and organizations that fall into this category are also required to comply with additional regulations. This may include storing all personal information and data collected within mainland China and procuring certain IT products and devices from approved sources.

Another major data protection element was put into place on May 1, 2018 in the form of the Personal Information Security Specification. Modeled on Europe’s General Data Protection Regulation (GDPR), the Personal Information Security Specification seeks to borrow key concepts from foreign data protection laws while accounting for the specific idiosyncrasies of mainland China. For example, the specification lays out basic rules for consent – a private citizen’s acknowledgment that they understand where and how their data will be used. This specification, along with other measures dealing with cross-border data transmission and the “secondary uses” of personal data, provide an overarching framework covering data collection, storage, and transfer.

Taking Preventative Steps

For foreign businesses operating in China, one principle concern revolves around the storage of Chinese citizens’ personal data. According to Xia, businesses that fall under the CIIO umbrella are required to store critical information on the Chinese mainland. “CIIOs in critical industries such as energy, financial services, and telecommunications may be more vulnerable to threats, so these businesses and organizations must comply with additional, more stringent data protection regulations,” says Xia.

Furthermore, foreign businesses must pay close attention to new regulations as they are released. For example, there is currently no single agency in charge of data privacy regulations. As a result, numerous agencies have control over the elements and concepts laid down in the China Cybersecurity Law and supporting standards. As further details are released, the agencies ultimately charged with implementation and enforcement will have broad purview over how to interpret regulations, so future modifications could have sizeable impacts on data storage and transfer.

One final element includes the distinction between law and standards. The China Cybersecurity Law, while still awaiting further refinement, is binding law that compels businesses and organizations to comply. Additional elements such as the Personal Information Security Specification, however, are suggested standards or policy guidelines. The Security Specification and other draft guidelines will likely play a role in the development of future legislation, but for the moment, they are only standards.

Striking a Balance

The above-cited laws and standards highlight Beijing’s concerted efforts to establish clear rules and regulations governing data storage, information transfer, and personal privacy. What may not be evident, however, are the competing interests driving Beijing to strike a compromise between data privacy and accessibility.

On the one hand, Chinese policy makers have identified a critical need for rules and regulations governing data privacy. They’ve begun by laying out broad terms and definitions to determine how companies adapt and instituted standards that will shape future laws and regulations. Although vague, these laws and standards give policymakers ample room to shift and adapt their regulations as they see how companies react.

On the other hand, 800 million Chinese internet users continue to churn out massive amounts of valuable data – data that fuels AI, machine learning, and other high priority tech projects. China’s most recognizable international companies rely on this data to continue the breakneck development that they hope will thrust China to the forefront of global technology developments. With the strengthening regulatory regime set to have a chilling effect on domestic companies’ growth, leading tech giants such as Baidu, Alibaba, and Tencent are using their own clout to push back on some of the more stringent requirements.

With the stakes set high, policymakers find themselves searching for a proper balance between regulations that provide an adequate level of security while still leaving room for tech companies to thrive. While Beijing always has the final say, the interaction between the public sector, private business, and citizens will ultimately lead to the further refinement and development of China’s data protection laws.

 

Matthew Nitkoski manages the Business Development Team for a technology company in Washington D.C. He has a MA in International Affairs from The George Washington University where he specialized in US-China relations and East Asian Economics. With over 2 and a half years of experience living in mainland China, he is an avid follower of China’s technology and economic developments.

USCBC

USCBC

Next Post
Ghosts of Fukushima: The Evolution and Future of China’s Nuclear Power

Ghosts of Fukushima: The Evolution and Future of China's Nuclear Power

Recommended.

Reflections on the Phase One Agreement

January 20, 2022

Can China’s Beleaguered Gaming Industry Overcome the New Wave of Restrictions?

November 29, 2021

From Reshoring to Rightshoring: Dr. Sara Hsu on the Future of US-China Supply Chains

August 4, 2021

China Cracks Down on Education Industry in Effort to Increase Birthrate

July 22, 2021

Latest Podcasts.

A benchmark on how companies are coping with Omicron

May 18, 2022

How companies are approaching China’s changing cyber landscape

May 12, 2022

What does the future of US-China decoupling look like?

May 5, 2022

A look at the latest US exports to China

April 8, 2022
China Business Review

China Business Review is the official magazine of the US-China Business Council, a nonprofit and nonpartisan trade association that represents more than 200 American companies doing business in China.

  • How to contribute to China Business Review

Categories

  • Bilateral Relations
  • Business Etiquette
  • CBR Spotlight
  • China Deals
  • Corruption
  • Cybersecurity
  • Ecommerce
  • Environment
  • Finance
  • Galleries
  • Getting Started
  • HR & Staffing
  • Infographics
  • Innovation
  • Intellectual Property
  • Management
  • Media
  • Operations
  • Opinion
  • Policy & Regulations
  • Politics
  • PR & Marketing
  • Rural Issues
  • Safety
  • Social Policy
  • Society
  • Standards + Licensing
  • Sustainability
  • Tax
  • Tech
  • Top Story
  • Trade
  • Uncategorized
  • US-China Business Council
  • Videos

Tags

Agreements Agriculture Alibaba Best Practices Business Environment China China's Investments Abroad China Market Intelligence Chinese Consumers Chinese Investment Commentary Consumer Trends E-Commerce Economic Trends Energy Environment Events Food Foreign Investment Going Global Healthcare Reform Human Resources Infrastructure Internet Interview Investment Investments into China IPO Joint Venture Labor Legal Analysis M&A Manufacturing Media National People's Congress Q&A Strategic and Economic Dialogue Supply Chains Technology Trade Transparency US-China Relations USCBC US Exports to China Xi Jinping

Join our Mailing List

Sign up for the US-China Business Council's newsletters to stay ahead of the game with roundups, analysis, and commentary.

Sign Up

Follow Us

  • About
  • USCBC
  • Submit a Story
  • Archive

© 2021 China Business Review

No Result
View All Result
  • Operations
  • Politics
  • Tech
  • Society
  • Media
  • Podcasts

© 2021 China Business Review