[ad_1]
Updates on Chinese Business and Finance
Sign up for myFT Daily Digest to be the first to know about Chinese business and financial news.
The shockwaves that have swept billions of dollars off Chinese stocks in recent days are part of a regulatory attack that is expected to extend beyond technology to all areas of the country’s private sector activity.
What began in November with the suspension of billionaire Jack Ma’s initial $ 37 billion fintech public offering, Ant Group, expanded this month to a data security investigation of the Didi Chuxing ridesharing app and devastating restrictions on the tutoring industry.
Experts and businesses warn the turmoil shows no sign of abating as the Chinese government rolls out a sweeping new legal framework on how businesses collect and use data.
“We tell our clients that you envision two to three years of extreme uncertainty,” said Kendra Schaefer, technical analyst at Trivium, a Beijing-based consulting firm.
What are the new laws?
Chinese companies – and potentially anyone doing business in China or doing business with the world’s second largest economy – face a series of data laws.
The best understood is the cybersecurity law, which entered into force in 2017, covering the security of networks and equipment. It has a review process to determine which companies manage what is known as “critical information infrastructure,” or data deemed potentially damaging to Chinese security or posing a risk to the country’s citizens. .
In September, China will introduce a new data security law. This will help regulators define what data can be transferred outside of China without state approval and what is prohibited.
Early next year, the Chinese government is also expected to issue a law on the protection of personal information, similar to the European General Data Protection Regulation. The law is expected to have far-reaching implications for China’s huge digital economy, including establishing processes for auditing data from apps like Didi.
Ernan Cui, a Chinese consumer analyst at Gavekal Dragonomics, said that behind the waves of Beijing’s regulatory actions essentially lay a “battle for control of data” between the government and the private sector.
What are the main gray areas?
Schafer of Trivium said it was not clear whether Beijing plans to release which companies have been designated as critical information infrastructure operators and therefore would be subject to more stringent scrutiny.
“That’s the big deal. . . companies don’t know it yet, ”she said. “Which was actually quite remarkable about the CAC [Cyberspace Administration of China, the internet regulator] after Didi, this is how we discovered that it was a “critical infrastructure”.
Regarding cross-border data transfers, the CAC said all data requested by foreign authorities will require approval from China.
“It’s not just about technology companies. It’s every company that sends anything out of China, ”Schafer said.
While few foreign companies provided critical information infrastructures – such as telecommunications networks – many foreign groups would be trapped because they were selling services and products to Chinese customers, said Andrew Gilholm, China Analysis Manager at Control Risks, a consulting firm.
“[Chinese] We ask companies: “Who are your foreign suppliers? Or “Where in your supply chain do you rely on foreign entities?” ” “, did he declare.
Who will regulators target next?
Analysts expect Beijing to move slowly from sector to sector, region by region, deciding which data is sensitive and therefore needs approvals to leave the country.
A pharmaceutical company based in China’s Jiangsu Province said it has already faced unpredictable CAC reviews on its transfer of data to its research and development lab in the United States.
“Officials have suggested that it is better to relocate our lab to China as the regulations are likely to become more stringent,” said a representative, asking not to be identified for security reasons.
Sam Radwan, director at Enhance International, a consultancy that advises Chinese companies, said sectors such as insurance and healthcare should expect increased surveillance as they were involved in mass data collection.
Auto insurance companies, for example, have conducted extensive trials in China to digitally track driver behaviors and locations. Telemedicine, too, has exploded in China. These sectors have collected data “richer” and “even more sensitive” than that of Didi, noted Radwan.
Chinese branches of foreign companies are also expected to prepare for a “fight” with regulators over sending basic information about companies outside of China, analysts have warned.
“Let’s say you’re a Japanese company under contract with a big Chinese company to build a new metro in Chongqing, and you have data relating to the project that you are transferring to Tokyo – this is the kind of thing where companies have areas. worrying gray because it’s a normal part of business, ”said Gilholm, the risk analyst in China.
To further complicate the outlook, there are questions about which regulators will control the new data management regime.
“Turf wars are a natural outgrowth of new regulatory processes,” Schafer added.
Additional reporting by Nicolle Liu in Hong Kong
[ad_2]
Source link