China and Its Data Method

November 2, 2019

China continues to expand its authority to surveil anything and everything that occurs electronically within its borders, and its latest plan could pose a legal bind for any foreign companies doing business there. China Law Blog sums up the problem in, “China’s New Cybersecurity Program: NO Place to Hide.” China’s Ministry of Security plans to access all raw data that crosses Chinese networks and/or resides on Chinese servers and to employ renowned big-data expert Wang Yingwei to analyze it in his new role as head of the Cybersecurity Bureau. Reporter Steve Dickinson emphasizes the Ministry intends to intercept every scrap of data from every corner of society, from businesses to fellow ministries to even the Internet of things. Note that foreign businesses are included, and the methods such entities used to rely upon to avoid the surveillance will no longer apply. Dickinson writes:

“They did this primarily by establishing VPN internet servers in their own offices. These servers used VPN technologies to isolate data from the Chinese controlled networks, allowing for the use of a company intranet that maintained the secrecy of emails and data stored on the company servers in China. As cloud computing has advanced, foreign owned companies typically use the same VPN technologies to isolate their cloud based servers from the Chinese controlled system. Though the Chinese authorities often complained about these VPN systems, foreign companies were usually able to claim that their special WFOE status exempted them from Chinese data controls. However, with the roll-out of the new system, that will all change. First, the Cybersecurity Law and related laws and regulations are very clear that they apply to all individuals and entities in China without regard to ownership or nationality. There are no exceptions. More important, the new Foreign Investment Law that goes into effect on January 1, 2020 eliminates any special status associated with being a WFOE or other foreign invested enterprise. Foreign owned companies will be treated in exactly the same way as Chinese owned companies.”

Not only does this mean foreign companies will be unable to secure their own trade secrets on Chinese networks or at offices within China, neither will they be able to adhere to U.S. or EU laws on protecting client confidentiality, restricted emerging technologies, or other sensitive information. To avoid prosecution for breaking these laws simply by doing business within China, some companies may have no choice but to shutter any operations in that country.

Cynthia Murrell, November 2, 2019

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta