[ad_1]
Long before the Chinese cyberspace agency warned Didi will slow its $ 4.4 billion box office offering in New York, the country’s data security hawks had begun preparing their legal arsenal to face another perceived threat from the U.S.
In March 2018, the United States passed the cloud law, which allowed law enforcement to request data stored outside its territory. Later that year, Canada arrested Meng Wanzhou, The chief financial officer of Huawei and daughter of its founder, based on an American extradition request. U.S. courts forced HSBC to testify about Meng’s submissions to the bank.
As tensions between the United States and China grow, legal experts close to Beijing’s regulators say the 2018 series of events pushed data security to the top of China’s political agenda. relate the data to national security. Beijing was quick to create legal barriers against what it considered “long-arm” tactics used by foreign governments to access data.
The resulting increase in China’s data security hawks has elevated everyday business procedures, such as listing or transferring data abroad, to the state of national security concerns. Lawyers warn that companies are trapped in the large legal gray space at the whim of the agencies ’discretionary power, while companies say they fear being subjected to the kind of inter-agency bad communication that confused Didi’s IPO.
“There are 27 dragons governing a patch,” said Xu Ke, director of the Internet Law Research Center at Beijing University of International Business and Economics.
This month, the China Cyberspace Administration has sent Didi’s stock price plummets after its $ 4 billion public offering in New York with the ban on new users. The CAC has proposed measures that will allow it to veto any company with more than one million users listed abroad.
On Friday, seven government agencies assigned staff to Didi to carry out what appears to be a multi-month cybersecurity review. It was also the first public announcement about China’s secret spy agency, the State Security Ministry, which was based on the staff of a company.
The Didi case comes as China prepares a new data security law, which expands the scope of data that cannot be transferred outside of China without prior approval. The drafting of the law, which will be introduced in September, was driven by the State Security Ministry, according to several people familiar with the matter.
“It is a legal remedy against the misuse of the long arm of the state by a small number of countries – and protects data on the territory of our country from being improperly acquired by foreign judicial or executive agencies,” he said. published by the CAC on the Data Security Act.
China’s intensive concern for data security is not isolated: its opponents think along similar lines. In 2019, the US hit trade sanctions against Huawei. The following year, the United States threatened to ban TikTok, while India banned Chinese mobile apps. All these sanctions were made in the name of national security.
“Right now, all police agencies tend to be more cautious [around national security]. It is a problem of transferring attitudes from the external situation to the domestic and from the top [of the government] in the background, “said Li Tianhang, a cybersecurity lawyer at Beijing’s Hui Ye law firm.
Conflicting legal demands at the international level could put multinationals at risk. According to a document by Hong Yanqing, chief draftsman of China’s data protection laws, China, the EU and the United States are building mutually incompatible legal regimes on “blocking and data capture” and multinationals are seen trapped in the “game of laws.” ”.
Beijing’s growing data fears have pushed some of its agencies to develop roles. Following Didi’s research, the CAC, hitherto little known, has proposed a mandatory security review for all companies with more than a million users looking for foreign IPOs, allowing it to own technology companies. of China, whose fundraising largely corresponds to USD. funds seeking outings in New York.
However, the CAC’s ability to conduct audits is limited. The agency was set up in 2014, mainly to control online discourse, and largely has former propaganda officials. His focus on data security is recent; in this field, he acts as a coordinator between various agencies with more executive power.
“CAC’s local offices have little knowledge of what the new rules are and how best to enforce them,” said a data protection officer who works for an Internet-based finance company based in Guangdong. . “Sometimes they reject our data review requests because they don’t understand what counts as sensitive data.”
But since the law required the company to follow the procedure, the official added, his company was resorting to sending data to the agency by certified mail so there was no way the agency could reject it. .
However, after the Didi case, lawyers and former officials predict that responsibility will shift from business industry regulators to government security factions.
“As soon as something rises to the level of national security, it is difficult for any other regulator to say anything. No one wants to take the risk of a national security incident on their own turf,” said a familiar person. with regulators.
Additional reports from Nian Liu
[ad_2]
Source link
