Chinese companies that seek to expand in overseas markets seem to always enter a stage where everything is against them. Whether it is tightened regulatory security based on political factors or just normal market changes, Chinese firms constantly face a whole new level of challenges, according to media reports.

Photos: VCG

On May 25, the EU implemented what has been characterized as the strictest security law in history - the General Data Protection Regulation (GDPR). While the move is not necessarily aimed at Chinese companies in particular, they have nevertheless been negatively impacted by it.

In the immediate future, Chinese companies will have to make certain changes to comply with the new regulation, but in the long run, they will face challenges that could hurt not only their current business models, but also their technological innovation efforts that would otherwise put them in a better position.

However, at the same time, the regulation offers a rare and unusual opportunity for China to rethink its laws and regulations related to the protection of consumer data, especially since consumers are an ever-growing group increasingly relying on a burgeoning e-commerce industry.

Immediate impact 

After the EU regulation came into effect, many Chinese companies had to make immediate changes in order to comply with the law, according to a report released by Beijing-based newspaper the China Youth Daily on Tuesday.

A slew of Chinese companies, from telecom equipment maker Huawei Technology Co to internet giants Tencent Holdings and Alibaba Group Holding, have all applied for fresh authorization so they can operate legally in the EU in the wake of the GDPR's enactment, the report said.

In the case of Tencent, the company released a new update to its popular QQ social networking platform and shut down the old version to comply with the new law, according to the report, adding that other popular apps such as WeChat and map services provider AutoNavi Holdings have also adopted new measures.

Although the China Youth Daily report did not mention the specific issues the EU's new regulation has caused for Chinese companies, experts noted that the cost could be tremendous.

"The GDPR will cost companies a very high price," Liu Quan, a Chinese industry expert, was quoted as saying by the Beijing-based Economic Observer newspaper on Sunday.  "To comply with the strict data protection mechanism set by the GDPR, companies have to pay out a huge amount of money to ensure compliance."

According to a survey among a number of US companies operating in the EU that was cited in the Economic Observer report, 68 percent of firms said they might have to invest somewhere between $1 million and  $10 million to meet all standards under the new regulation, while 9 percent said their expenses could now exceed $10 million. 

The report, however, did not reveal the source of the survey and there is no such public survey among Chinese companies operating in the EU regarding the potential cost to make immediate changes in line with the law.

Companies that violate the new law could be slapped with a fine equating to 4 percent of their total revenue, or even 20 million euros ($23.5 million), a penalty much higher than the abovementioned adjustment costs, Reuters reported on May 25. 

"Four percent of a company's revenue usually exceeds their profit, so all companies will be impacted, whether it's an internet giant or a small or medium-sized company," Liu said.

Bigger issues

The new regulation could also provide a new legal platform for European officials already growing weary of fast-expanding Chinese companies so they can target them with regulatory scrutiny, according to the Economic Observer report.

"The EU could also be using the GDPR as a new technical barrier to stop Chinese companies in the digital sector from expanding across the continent," Liu was quoted as saying in the report.

As the presence of Chinese companies in overseas markets is quickly on the rise, so are security regulations aimed at them, with many foreign governments, especially those in the US and Europe, frequently citing "national security concerns" as their reasons for blocking the normal business operations of Chinese firms.

"There has been no shortage of cases where [foreign governments] block Chinese companies' overseas development based on national security reasons," Liu pointed out.

In the latest case, the US government forced US telecom giant AT&T to drop its business ties with Huawei related to the latter's Mate 10 smartphones, according to the Economic Observer report.

"This incident shows that the US side doesn't trust Chinese companies on issues such as technology and users' privacy protection," Liu said, noting that the GDPR will have a huge negative impact on Chinese companies that have been seeking overseas expansion under the China-proposed Belt and Road initiative. 

EU officials have also expressed concerns over rising Chinese investment in its member countries. On May 31, the bloc released a joint statement with the US and Japan after a trilateral meeting of trade ministers to address "non-market-oriented policies and practices" as well as State-owned enterprises. 

The statement, while avoiding mentioning China by name, has been considered a clear rebuke to the overseas expansion of Chinese companies.

"Trade disputes [like the one involving Huawei in the US] are usually centered on data protection, and could be repeated in the EU [with other Chinese companies]," Liu said.

The new law could also dampen innovation driven by Chinese tech companies, which prosper thanks to continuous efforts, said Liu Deliang, a law professor at Beijing Normal University, according to the China Youth Daily report. 

The EU has already fallen behind in key internet innovation because of its strict regulations, and this should serve as a lesson for China that it cannot copy the EU's path, Liu said.  

The bright side

Although the GDPR could cause short-term pain for some Chinese companies, there is also a positive side, according to Liu cited in the Economic Observer report.

There are still no special laws and regulations for protecting personal data in China, even though that issue is currently in crisis mode, Liu said. "[In China,] personal data is often violated. It is being illegally collected, stored, processed and used for criminal activities," he said.

By complying with the strict EU regulations, Chinese companies could learn to better protect user data, "therefore, it is conducive to improving the competitiveness of Chinese companies in the global market," Liu noted.

This story is based on articles by the China Youth Daily and the Economic Observer