Close Share

PUBLISHED: May 12, 2017 5:36pm

Foreign businesses pushing for China to delay controversial cyber law



Adjust Font Size:

BEIJING, 12 May 2017: 

Overseas business groups are pushing Chinese regulators to delay the June 1 implementation of a controversial cyber law that mandates strict data surveillance and storage for firms working in China, saying the rules would severely hurt business.

The EU Chamber of Commerce in China and US-based Business Software Alliance (BSA) say the law – passed by China’s largely rubber-stamp parliament in November – as well as rules for implementing it, need further review before being rolled out.

The new regulation includes requirements for data to be stored locally as well as contentious security reviews, which critics say could unfairly target foreign firms.

In a letter to the government’s Cyberspace Administration of China dated May 11, the EU Chamber said the new rules were “fraught with weaknesses,” would lead to “great uncertainties and compliance risks” and crimp China’s booming information technology market for both foreign and domestic companies.

It recommended delaying the law to “allow sufficient discussion”.

Several foreign business sources have said dozens of leading business associations from Japan, Australia, the US and Europe are preparing a separate joint letter to Chinese cyber authorities ahead of June 1, asking the government to delay the implementation date.

Lawyers say while lobbying is highly unlikely to stop the government from moving ahead with the rules, authorities probably won’t police the industry too harshly initially.

Up until now, China’s data industry has been governed by loosely defined laws but no overarching data protection framework.

The new law codifies much stricter controls than other regions including Europe and the US.

On top of internationally common standards, such as requiring user consent before moving data beyond country borders, China’s new cyber law also mandates companies store all data within China and pass security reviews.

The rules align with China’s own ethos of “cyber sovereignty” – the idea that states should be permitted to govern and monitor their own cyberspace, including control of incoming and outgoing data flows.

The Cyberspace Administration of China, the country’s top cyber ministry, did not immediately respond to a request for comment.

“It doesn’t look to us like there’s going to be the regulatory clarity necessary for the cybersecurity law to be fully enforced on June 1,” said Jared Ragland, senior director of policy for the Asia-Pacific region at software lobbyist group BSA.

China’s cyber authority said in November the law is not intended to unfairly target foreign companies, and is a response to increased threats from cyber-terrorism and hacking.

The government has already released rules as part of the new framework that restrict the movement of data outside Chinese borders and require yearly reviews of data by authorities.

“It’s pretty clear that the law will be enforced from June 1… but I don’t think it will be very strictly enforced from day one,” said Barbara Li, a Beijing-based partner with law firm Norton Rose Fulbright.

“The law is going to affect a lot of international companies and also Chinese companies that transfer data for the business across the border.”



How do you like the new site

Leave your feedback here.

Have a story worth sharing?

Send us your details here.

Copyright © 2015 The Rakyat Post

Terms of Use ›   Privacy Policy ›   Contact ›