China’s new data rules could target US companies like Google, Microsoft amid Huawei spat
Global Times


The logos of Huawei and Google on display in Paris, France on Wednesday. (Photo: VCG)

China is planning to further tighten regulations on internet data storage, banning the transfer of data on domestic users and asking both domestic and foreign companies to provide data to regulators for national security considerations, according to new draft rule released on Tuesday.

Coming at a time when China and the US locked horns in an escalating trade and technology spat, the move could be seen as a countermeasure to US officials' crackdown on Chinese telecom company Huawei, as the draft rules could affect many US companies such as Google, Microsoft and Amazon, analysts said.

Citing the need to protect national security and users' personal information, the Cyberspace Administration of China (CAC) released the draft regulation that markedly tightened rules on how companies, both foreign and domestic, should handle data generated in the country. The draft rules are open for public comment through June 28.

Specifically, the draft regulation said that companies are forbidden to route domestic internet traffic outside the country. Also companies should assess potential security risks and seek permission from regulators before publishing, sharing, transacting or providing important data to the outside world, it said.

In another section that could draw criticism from some foreign officials, the regulation said that companies should provide data to relevant government agencies when asked by them for protecting national security, social management, economic regulation and other duties.    

Such a move is necessary for China to safeguard its national security and in line with similar practices adopted by other major powers including the US, Russia and the EU, said Liang Haiming, dean of Hainan University's Belt and Road Research Institute, who had suggested such moves years ago.

"Against the backdrop of the China-US trade war, our data security becomes very important because the US could wage an internet war or use data it has collected to launch attacks on [China]," Liang told the Global Times on Tuesday.

The release of the draft rules also signals that China's firm stance on matters of national security despite pressure from US officials in now stalled trade talks, analysts said. 

US officials had reportedly pressured Chinese officials for concessions in granting US firms access to China's cloud computing market and relaxing restrictions on data storage.

The new rules, which was published under the cybersecurity law adopted, were aimed at bolster protection of China's national security in line with the rule of law, but in light of the US' crackdown on Huawei, it could also be a tool for Chinese officials to counter the US, analysts said

The move could be an effective way for China to counter the intensifying US crackdown campaign against Huawei, particularly after US companies such as Google decided to follow a US ban to cut supplies to Huawei, according to Liu Dingding, a Beijing-based veteran internet analyst.

"The US fired the first shot by blacklisting Huawei, and US companies indicated that they will follow the US government, so China is forced to retaliate and this is a great way because it could target many US companies," Liu told the Global Times.

Though China has required foreign companies to store data on domestic users in China, some companies - not just internet firms, but others such as financial institutions as well - have long stored their Chinese clients' data elsewhere, such as in India, Liang said. 

The new draft regulation, which carries serious punishment such as business license revocation and even criminal charges, could mean China will step up its efforts to crack down on such practices, analysts said.

The new draft regulation on data followed a similiar one on cybersecurity, which was also released by the CAC on Friday for public comment. The draft rules on Friday stated that companies involved in key information infrastructure would face cybersecurity reviews by regulators, if their products and services are found to pose a threat to China's national security.