China will start enforcing a new cybersecurity law this week which Chinese officials say will help guard against cyberattacks and prevent terrorism. China has been advancing its internet security efforts since Edward J. Snowden, former American intelligence contractor, revealed that foreign technology firms had the ability to help governments spy and retrieve private information.
The law would require effect companies by requiring them to store their data within China and succumb to security checks especially in the finance and communications industry. Individuals internet use would be altered by requiring persons to register with their real names in order to use messaging services.
Foreign companies in China are concerned about how little information has been released about the law. These companies worry that these new laws will make their businesses in China less secure and more expensive and force them to leave China. Michael Chang, an executive of the Finnish technology company Nokia and the vice president of the European Union Chamber of Commerce in China, reiterates the confusion that many businesses in China are feeling right now. “Industry is not ready because the implementation rules are not clear. We still have a lot of unclarified territory….” Chang explains. Chang estimates that “less than half” of how the law will be implemented has been explained which will have huge effects on business as “a wide range of companies are doing data transfers.”
Executives are worried about the lack of clarity surrounding the law and its ambiguous wording as it could make certain companies vulnerable to breaking the law. An example of such ambiguous wording was pointed out by Mats Harborn, the president of the European Union Chamber of Commerce in China. The law seeks to regulate “critical information infrastructure” but what categorizes as critical information infrastructure is not defined which gives the Chinese government the ability to go after companies and claim that the information that the company works with fits into this definition.
The uncertainty about how the law will be enforced in the immediate future, as well as the distant future, has made foreign technology firms hesitant on bringing their companies to China. European, American, and Asian companies took a stand against the law recently and asked the Chinese government to delay the implementation of the law in order to allow companies to adjust to “substantial compliance obligations”. The Chinese government complied with the request and will delay implementation of the part of the law concerning regulations over cross-border data flow until the end of 2018.
Paul Triolo of the political risk consultancy Eurasia Group remarked on the importance of the specifics of the data-flow specifics on the law. “Getting the cross-border data flow issues right is a prerequisite for Beijing’s efforts to promote economic globalization,” Triolo said. The way that China details this part of the law will determine whether or not they will hurt their digital trade market.
The European Union and China will hold a summit meeting in Brussels this week to further discuss trade and the law. European officials have complained about the unequal trade between the Europe and China and the inferior steel that China has sold to Europe.
In the European Union Chamber of Commerce in China’s annual business confidence survey, half of people reported higher sales in China this last year after the implementation of a stimulus package by the Chinese government. Another part of the survey mirrors the uncertainty of the new cybersecurity law with 40 percent of respondents saying that they believe regulatory barriers will increase over the next five years.
Featured image via U.S. Department of Defense