China Business and Finance Update
Sign up for myFT Daily Digest and become the first person to learn about Chinese business and financial news.
The shock waves that have evaporated billions of dollars in the Chinese stock market in recent days are part of a regulatory attack that is expected to extend beyond technology to all private sector businesses in the country.
Billionaires who started in November suspend their $37 billion initial public offering Ma YunFintech company Ant Group has expanded to Data security investigation Ride-hailing app Didi Travel and devastating restrictions on travel Tutoring industry.
Experts and companies warned that as the Chinese government introduced a comprehensive new legal framework on how companies collect and use data, the turmoil shows no signs of abating.
Kendra Schaefer, a technical analyst at Trivium, a Beijing consulting firm, said: “We tell our customers that you see extreme uncertainty of two to three years.”
What is the new law?
Chinese companies — and anyone who might do business in China or trade with the world’s second largest economy — face a series of laws about data.
The best understood is the Cyber Security Law, which came into effect in 2017 and covers network and device security. It has a review process to determine which companies are dealing with so-called “critical information infrastructure” or data that is considered to be likely to harm China’s security or pose a risk to citizens of the country.
In September, China will issue a new “Data Security Law.” This will help regulators determine which data can be transferred outside of China without state approval and which are prohibited.
By early next year, the Chinese government is expected to issue a personal information protection law, similar to the European General Data Protection Regulations. The law is expected to have a profound impact on China’s huge digital economy, including the establishment of a data audit process for applications such as Didi.
Ernan Cui, a Chinese consumer analyst at Gavekal Dragonomics, said that behind the wave of regulatory actions in Beijing is essentially a “data control war” between the government and the private sector.
What are the key gray areas?
Trivium’s Schafer said that it is unclear whether Beijing plans to announce which companies are designated as operators of critical information infrastructure and will therefore be subject to stricter supervision.
“This is a big problem… the company just doesn’t know yet,” she said. “In fact, what’s worth noting about CAC [Cyberspace Administration of China, the internet regulator] After Didi, this is how we discovered that they are’critical infrastructure’. “
In terms of cross-border data transmission, CAC stated that any data required by foreign authorities requires China’s approval.
“It’s not just about technology companies. It’s about every company that ships anything out of China,” Schafer said.
Andrew Gilholm, head of China analysis at consulting firm Control Risks, said that although few foreign companies provide critical information infrastructure such as telecommunications networks, many foreign groups will be caught up in selling services and products to Chinese customers. Dilemma.
“[Chinese] The company was asked:’Who is your foreign supplier? ‘Or’Where in your supply chain are foreign entities dependent? ‘,”He says.
Who is the next goal of the regulator?
Analysts predict that Beijing will slowly move from one department to another, region by region, deciding which data is sensitive and therefore requiring approval to leave the country.
A pharmaceutical company based in China’s Jiangsu Province stated that the company has been subject to unpredictable CAC scrutiny when transmitting data to its US R&D laboratory.
“Officials suggested that it is better to move our laboratory back to China because the regulations may become stricter,” said a representative who requested anonymity for security reasons.
Sam Radwan, the head of Enhance International, a consulting company that provides consulting services to Chinese companies, said that industries such as insurance and healthcare should look forward to increased supervision because they participate in large-scale data collection programs.
For example, auto insurance companies have been conducting extensive experiments in China to digitally track the behavior and location of drivers. Telemedicine is also booming in China. Radwan pointed out that these industries have been collecting “richer” and “even more sensitive” data than Didi.
Analysts warned that branches of foreign companies in China should also be prepared to engage in “arguments” with regulators over sending basic company information outside of China.
“Suppose you are a Japanese company and you have signed a contract with a large Chinese company to build a new subway in Chongqing. You have some data related to the project you moved to Tokyo-these are the company’s worrying gray areas because this is business. A normal part of this,” said Gilholm, a Chinese risk analyst.
The problem that further complicates the outlook is Regulatory Authority Will control the new data management system.
“Surgical warfare is a natural product of the new regulatory process,” Schafer added.
Additional reporting by Nicolle Liu in Hong Kong