China’s new data security regime gives President Xi Jinping the power to shut down or fine tech companies as part of his drive to wrest control of vast reams of data held by giants like Alibaba Group Holding Ltd. and Tencent Holdings Ltd.
Firms found mishandling “core state data” can be forced to cease operations, have their operating licenses revoked or fined up to 10 million yuan ($1.6 million) under a law passed Thursday by the Asian nation’s top legislative body.
Companies that leak sensitive data abroad can be hit with similar fines and punishments, and those providing electronic information to overseas law enforcement bodies without permission can face financial penalties up to 5 million yuan and business suspensions, according to the law published on the website of the National People’s Congress.
The law, which goes into effect Sept. 1, stipulates that major decisions involving data security will be made by central national security officials.
Xi’s administration has tightened control over the hoard of information produced by the nation’s tech companies as part of broader efforts to position China as a leader in big data. Beijing has been pouring money into data centers and other digital infrastructure to make electronic information a national economic driver and help shore up the Communist Party’s legitimacy.
Chinese tech stocks were mixed Friday. Alibaba fell 1.2% and Tencent slipped 0.8% at the close in Hong Kong, while Meituan advanced 3.1%. A subgauge of tech shares on the CSI 300 Index of key firms listed in Shanghai and Shenzhen dropped 1.5%, among the worst performers.
China’s digital economy grew much faster than gross domestic product in 2019, according to the Chinese Academy of Information and Communications Technology. The country will hold about one-third of global data by 2025 — about 60% more than the U.S. — market research firm IDC projects.
The new data law is expected to provide a broad framework for future rules on internet services, and to ring-fence, prise open and ease tracking of valuable data in the interests of national security. Among those may be guidelines on how certain types of data must be stored and handled locally, and requirements on companies to keep track of and report the information they possess.
The NPC is also drafting personal information protection legislation that is expected to be adopted this year.
China’s push parallels debates in the U.S., where lawmakers have called for breaking up internet titans like Facebook Inc. and Alphabet Inc., and in Europe, where regulators have prioritized anti-trust actions and giving users more control over data. President Joe Biden ordered a security review of foreign software applications Wednesday after revoking Trump administration bans on the Chinese-owned apps TikTok and WeChat that had faced opposition in U.S. courts.
Like their American counterparts, Chinese tech giants including Alibaba and Tencent have focused on harnessing user data to refine an expanding array of digital services. This has led to natural monopolies, giving the platforms enormous wealth and power that also opens the door to abuses.
Now, Xi has declared his intention to go after platforms that amass data to create monopolies and gobble up smaller competitors. That’s led to a crackdown on China’s tech sector, with regulators fining Alibaba a record $2.8 billion for abuse of market dominance, and warning dozens of other top internet companies to rectify anti-competitive practices.
Here are some other key points of the law passed by the NPC Standing Committee:
Companies that are found to have engaged in data-handling activities outside Chinese territory in a way that harms national security will be held legally responsibleThe nation will put export controls on data linked to national securityIt will build a data protection system that puts a priority on “core state data”Beijing will take reciprocal measures against countries that adopt discriminative restrictions on investment and trade in data and related technology