The importance of data today cannot be overstated. In the 14th Five-year Plan, data—to some, the ‘oil of the 21st century’—is now defined as a fifth factor of production, alongside land, labour, capital and technology. While data must circulate fluidly to maximise value, the flow must also be regulated to varying degrees, depending on the source. For this reason, China is attempting to structure its data market to allow for careful control of the selling, buying, sharing and usage of data.
Personal data is one of the most valuable but challenging forms of data to protect. This factor informed the development and implementation of the European Union’s General Data Protection Regulation (GDPR), which sets standards on the collection and processing of data from a privacy protection perspective. China, meanwhile, is creating a categorisation system to protect all data that affects, or might affect, national security and public safety, with privacy just one aspect of this mechanism.
Personal data provide deeper insights into consumer behaviour, trends and preferences, which enhances companies’ ability to meet demand. This is particularly the case for those that accumulate personal data for research and development into applications and services for autonomous vehicles, healthcare solutions and financial tools, among others. However, big data pooling and collaborative analytics also has the potential to infringe upon individuals’ privacy rights. To avoid this, in today’s globalised economy, any framework that allows for the commercial exchange of data must harmonise with other international legal frameworks.
One competitive advantage that many European companies hold in China is their ability to leverage their global systems. However, this is increasingly being challenged by vague definitions of what constitutes transferable data in China, in tandem with the government’s push for localisation as its definition of ‘national security’ develops.
These invisible market access barriers not only cause many Chamber members to take a more conservative approach to ensure compliance, they also prove costly. Potential tangible costs include having to switch from foreign data centre, cloud, network and communication services partners to Chinese providers to avoid future issues. Then come the less tangible costs – too much network localisation can lead to interoperability issues. Coupled with data governance rules, this hampers the transfer of data overseas, which could negate many foreign companies’ competitive edge.
This is compelling many European companies to create ‘island solutions’, effectively decoupling their China operations from their global ones in order to comply with domestic rules. To achieve this, complex operational changes are required, not only moving data but also mapping how applications are connected and secured locally, and adapting business plans to the new requirements.
As data processing technologies proliferate, so do companies’ and governments’ abilities to contextualise and draw new insights from that data. China’s Corporate Social Credit System will require companies to transmit data to the government, including personal data, more frequently and in greater volume. Information technology (IT) infrastructure will be subject to rigorous audits to verify the quality of data for ‘national security’ purposes. This raises a concern for companies that have given assurances to customers regarding personal information protection globally. European companies would therefore be advised to ensure that their IT systems in China do not contain more data than is strictly required to do business here.
The Chamber stands ready to facilitate constructive discussion between Chinese and European authorities and our members on this complex and rapidly changing situation. We need to not only mitigate costs and reduce disruptions, but also prevent European companies from being forced to exit the market altogether.