China’s New Data Rules: Walmart, PayPal, and Foreign Firms Seek Guidance
China’s internet regulator is reaching out to foreign firms, including Walmart Inc. and PayPal Inc., to discuss ways to navigate Beijing’s new data-security rules, an effort to reassure multinationals worried about their ability to operate in the world’s No. 2 economy under the latest regulations.
Officials from the Cyberspace Administration of China recently met with executives from dozens of international firms to address their concerns about the new data regime. The meetings aimed to provide guidance on adhering to the rules and acknowledging the challenges of obtaining approvals for overseas transfers of sensitive information. They also discussed the possibility of creating a fast-approval mechanism for routine transfers and a curated white-list for data categories or specific companies.
The introduction of the new data laws has sparked widespread anxiety among foreign firms and has led to drastic changes in some cases. The law firm Dentons recently split off its Chinese operations, while Morgan Stanley moved over 200 technology developers out of mainland China. The new regulations grant President Xi Jinping’s administration the power to shut down or fine companies that mishandle sensitive information, potentially resulting in fines and suspensions.
Every company operating in China must now figure out how to navigate these data laws to avoid severe penalties. Compliance is not just a matter of ticking boxes; failure to comply could lead to blocked systems in China or the inability to transfer Chinese personal data outside the country.
The new data laws were introduced to exert control over valuable information that fuels the economy and future technologies. However, they have received criticism for hampering the free flow of information that multinationals rely on to operate globally, drive research, and develop long-term strategies.
Recognizing the concerns held by foreign companies in the country, Beijing has begun making overtures to foreign and private enterprises that are crucial to reviving an economy facing deflation. In a recent 24-point plan, China’s cabinet, the State Council, pledged to streamline data transfers and proposed measures such as creating a green channel for foreign firms that meet specific requirements. The government also plans to help major cities like Beijing, Shanghai, Tianjin, and the Greater Bay Area establish a list of general data that can be freely exported.
During the recent discussions between the Cyberspace Administration of China and foreign firms, Walmart, the world’s largest retailer by sales, was among the participants. PayPal and BC Education, a British-backed English learning institution, also attended the meetings. Walmart declined to comment, while representatives for PayPal and BC Education did not respond to requests for comment.
These discussions align with recent indications that officials are willing to relax some of the regulatory clampdowns that have emerged in the past couple of years as the Chinese economy recovers from the impact of the Covid-19 pandemic.
In addition to difficulties in obtaining approvals for transferring large amounts of personal information, foreign companies have raised concerns about having to share data with regulators during the approval process. This potential requirement could force them to disclose their internal security procedures and mechanisms. The American Chamber of Commerce in China has listed data management, preferential tax policies, and support for research and development as priority areas for policy improvements.
Financial institutions, automakers, electronics firms, and consumer retailers are among the most active multinationals in China. Companies like Volkswagen, General Motors, Starbucks, Intel, Tesla, and Apple have extensive operations in the country. Tesla, in particular, recently reiterated that it stores all Chinese data locally to address potential security concerns.
Banking is considered one of the more sensitive sectors as it deals with valuable data on Chinese borrowers. In response to the new regulations, Morgan Stanley is building a standalone China system to comply with local regulations, which may cost hundreds of millions of dollars.
Not complying with the new data laws could have severe consequences, including the complete halt of data flows and the ability to serve Chinese customers. It is essential for companies operating in China to prioritize compliance to avoid contractual liabilities.
Overall, the discussions between the Cyberspace Administration of China and foreign companies highlight the efforts being made to address concerns and provide guidance on navigating the new data-security rules. While the rules aim to exert control over data and protect sensitive information, striking the right balance is key to ensuring that global companies can continue to thrive and contribute to China’s economy.