China’s new cyber security law comes into force

China’s new cyber security law comes into force

A new, broadly-worded cyber security law comes into force in China today. While the law is a boon for individuals,

Photo: AP/Greg Baker

Photo: AP/Greg Baker

A new, broadly-worded cyber security law comes into force in China today. While the law is a boon for individuals, who will receive unprecedented data privacy protection, foreign firms bemoan it unfairly targets them.

The rules mandate that firms operating in “critical” industries—such as banks and utilities—must store data collected in China on Chinese servers. However, a catchall provision also requires the same of companies that hold data which could “harm people’s livelihoods”—potentially impacting a vast array of businesses that collect simple things, like credit card information.

Foreign companies operating in China are more likely to store their data overseas than local rivals, making compliance with the new rules more burdensome and costly. Foreign businesses also worry that, once on Chinese servers, their intellectual property could be ‘leaked’ to China’s state-owned rivals (Beijing has a history of corporate espionage).

On a national security level, the new policy aims to protect important Chinese data from prying eyes; information stored on servers based in Europe or the US is inherently more vulnerable to being tapped by intelligence agencies.