Edition:
HIGHLIGHTS
Donald Trump’s China policy
NEW
US-China relationsHong Kong economy
News
Hong KongChinaEconomyAsiaWorldSportThis Week in AsiaUS Elections
Business & Tech
BusinessTech
Opinion
Latest
Lifestyle
LifestylePeople & CultureStylePostMagK-popOutdoorCooking
More +
VideoTalking PostSCMP FilmsInfographicsPicturesPodcastsSCMP SeriesExplainedSCMP SpotlightNewslettersSpecial Reports
Topics
Donald Trump’s China policyUS-China relationsHong Kong’s Article 23 national security lawChina’s militaryChina's economic recoveryTrending in ChinaTaiwanChina’s Communist PartyUkraine warWellness
Focus
Greater Bay Area
avatar image
Advertisement
China economy
Opinion
Zhou Xin
Zhou Xin

Opinion | Easier cross-border data transfers back up China’s business-friendly messaging with practical change

  • Allowing the resumption of cross-border data transfers in day-to-day business shows pragmatism can still prevail in Chinese policymaking
  • The regulatory ambiguity of requiring a cybersecurity review for almost any data generated in China was paralysing for the business community

Reading Time:3 minutes
Why you can trust SCMP
0
A staff member works at the State Key Laboratory of Public Big Data at Guizhou University, in southwestern Guiyang province, on May 27, 2022. Photo: Xinhua
Zhou Xin

China has been building up a comprehensive and strict data regulatory framework over the last couple of years. With these rules, intended to ensure sufficient state oversight of cross-border data transfers, regulators have rushed to translate Beijing’s strategic security concerns into articulated rules that individuals and businesses must follow.

The impact of this move has been clear: with one law drafted after another, the state gradually increased its power over data with sometimes vague legislation, leaving government agencies to sort out the details of enforcement. Yet not even the administrative state has ironed everything out, leaving business executives and corporate lawyers scratching heads over what is allowed.

Some believe that new data rules are intentionally vague to give arbitrary power to regulators through impromptu implementation. More realistically, a sense of national emergency pushed Chinese regulators to rush new regulations before having a clear idea of how the rules could be implemented.

In this haste to plug loopholes or address potential security threats, business interests are often not fully considered – and sometimes they are sacrificed.

For example, the Cyberspace Administration of China (CAC) proposed in 2021 a security review process for companies seeking overseas initial public offerings when they handle the data of more than 1 million Chinese users. This came after ride-hailing giant Didi Chuxing listed in New York that summer against the advice of domestic regulators.
The finalised cybersecurity review regulation came into force in February 2022, adding a layer of compliance costs. In the months between Didi IPO and official implementation of the rules, overseas IPOs had to halt because there was no process for applicants to follow even if they wanted to comply.

Another important regulation came into effect in September 2022, requiring that the export of “important data” and personal information go through a security review, again adding to business uncertainty.

Zhou Xin
Zhou Xin
Zhou Xin is Tech Editor of the Post, following stints as Political Economy Editor and Deputy China Editor. He has previously worked for Reuters and Bloomberg in Beijing.
scmp poll
Advertisement
Before you go
related topics
China economy
Cybersecurity | China technology | Regulation | Hong Kong | Didi Chuxing | IPO | Greater Bay Area | Trade | Internet
Discover MORE stories on
China economy
now and stay updated with

Have ticket, will travel? China’s concertgoers spur tourism spending spree

China cuts US Treasury stockpile, dropping to No 3 spot among foreign holders

Macroscope | No, stock markets are not a barometer of the world’s economic health

Advertisement