Chinese law mandates local data centre storage and full access
Tue 1 Nov 2016
A controversial cybersecurity law is entering the third and final stage of approval by the Chinese parliament. The law will require foreign companies to store data locally, and to provide the government with encryption keys to access data at will.
In addition to the new data storage requirements, the new regulations will also allow law enforcement to take action against foreigners who interfere with the functioning of the country’s information infrastructure. Law enforcement will be authorized to freeze the assets of overseas individuals and organizations under investigation.
The cybersecurity law, as drafted, suggests improved protective measures against cyberattacks for key industries, which include public communications, energy, finance, transportation, and e-government services.
The regulation has been promoted as a way for China to combat cyberattacks, using the threat of freezing the assets of hackers as a deterrent to future malicious activities. However, overseas businesses with a stake in the Chinese market have an interest in the new data storage and access requirements, which would open up proprietary information to scrutiny by the Chinese government.
Some believe that the new law could be an effort to protect the Chinese tech sector, by creating privacy concerns for customers who choose foreign products.
The draft cybersecurity law has already been criticized as being too vague, restricting trade, and discriminating against foreign companies. A group of 40 companies created a petition to revise the proposed law in August, arguing that not only would it impede the actions of foreign businesses, but it would be detrimental to China’s economic growth, by isolating the country and creating barriers to market entry for foreign companies and investors.
China’s Foreign Ministry responded to the petition, saying “The concerns of foreign investors and businesses invested in China are unnecessary” and that the new law “will not create obstacles and barriers for international trade and foreign businesses investing in China.”
The ministry stated that companies would be allowed to transfer data beyond China’s borders after passing a security evaluation, and said that the requirement that companies provide data to the government in the course of investigations is necessary for national security.
The latest draft, currently up for approval by the Chinese Parliament, not only fails to address stated concerns but creates a host of new problems with the expansion of rights to law enforcement, and the requirement for local storage of data with government access to encryption keys.