The impact of China's 2016 Cyber Security Law on foreign technology firms, and on China's big data and Smart City dreams

https://doi.org/10.1016/j.clsr.2017.05.022Get rights and content

Abstract

Chinese officials are increasingly turning to a policy known as Informatisation, connecting industry online, to utilise technology to improve efficiency and tackle economic developmental problems in China. However, various recent laws have made foreign technology firms uneasy about perceptions of Rule of Law in China. Will these new laws, under China's stated policy of “Network Sovereignty” (“网络主权” “wangluo zhuquan”) affect China's ability to attract foreign technology firms, talent and importantly technology transfers? Will they slow China's technology and Smart City drive? This paper focuses on the question of whether international fears of China's new Cyber Security Law are justified. In Parts I and II, the paper analyses why China needs a cyber security regime. In Parts III and IV it examines the law itself.

Introduction

In Part I, this paper provides background context by introducing China's Smart City drive. Smart Cities and associated technologies have deliberately been chosen for analysing China's Cyber Security Law for two reasons. Firstly Smart Cities must utilise all the technologies that China has officially stated are necessary for its development namely: the Internet of Things, cloud computing, big data and spatial geographic information systems. Big data informing these policy decisions is often collected from millions of smart devices, including mobile phones, that necessitate a cyber security regime.

Secondly Smart Cities can offset many of the political problems that besiege the Chinese Government and cause citizen unrest, namely air quality, traffic congestion, access to healthcare and efficient government services. This intersection of incredibly complex policy decisions that keeps Chinese leaders awake at night, merits our direct attention.

China's Cyber Security Laws cannot be understood without understanding its Informatisation strategy. In Part II, this paper charts China's Informatisation Strategy and Network Sovereignty policies. This paper unpacks the Chinese policy statement that connecting industry online and cyber security are truly “two wings of one body”. It is argued that the current Chinese Government values technological progress as China's key development task and accordingly recent controversial laws that worried foreign technology firms and governments were amended to avoid impeding technological goals, including China's 2015 Anti-Terrorism Law. In Parts III and IV, this paper objectively assesses China's Cyber Security Law at length. The law was passed by the National People's Congress on 7 November 2016, taking effect on 1 June 2017. While some provisions of this Law appear to tighten government control over Chinese and foreign technology firms, this paper presents evidence that suggests China will not harm its innovation agenda through excessive control over data and cyber technology.

There is a complete circle to be drawn. The Chinese Government must appease a population now expecting more from its leadership in terms of economic development and better quality of life while at the same time protecting them from cyber risks in an increasingly inter-connected world. These are complex policy considerations to balance.

To fulfil these demands, this paper contends that China must rely on assistance from both foreign and local technological innovators. These firms will therefore play a role in shaping the cyber security compliance debate in China. The text of the Cyber Security Law and subsequent regulatory developments allow for such negotiations over interpretation and enforcement. Negotiations may continue for another 18 months.

Section snippets

Part I: why China needs a Cyber Security Regime

The following background is necessary to understand why China needs a cyber security regime, especially in relation to China's national policy of using the internet and big data to resolve long-standing development problems.

The enactment of the Cyber Security Law in 2016 arguably reflected more than a legislative attempt to regulate the internet for the purpose of censorship. The law was passed by the National People's Congress on 7 November 2016, but did not take effect until 1 June 2017.

Part II: China's Informatisation Strategy and Network Sovereignty: “Cyber security and Informatisation are two wings of one body”

China's Cyber Security Laws cannot be understood without understanding China's Informatisation drive and the concept of Network Sovereignty. It is important to point to the formation of the Cyber Security and Informatisation Leading Small Group,37 and its

Part III: China's Cyber Security Law

On 6 July 2015, the Standing Committee of the National People's Congress released a first draft of the Cyber Security Law of the People's Republic of China (Draft) (《中华人民共和国网络安全法(草案)》) (Draft)131

Part IV: are fears of the new law justified?

There is an understandable fear among foreign and Chinese companies, and any company that relies on foreign software systems to run its business in China. The requirements to store data locally as well as only employing technology deemed “secure” might amount to Chinese firms gaining another edge over foreign rivals. Storage requirements, however, remain unclear. It is true that: “[t]he law also requires business info and data on Chinese citizens gathered within the country to be kept on

Conclusion

Foreign and Chinese observers are yet to see if China has articulated a new vision for an innovative and inclusive entrepreneurial ecosystem embodied by Informatisation and Internet Plus; or a more rigid one embodied by Network Sovereignty. Vague regulations famously allow regulators leeway to suit their aims. The Cyber Security Law may be the opportune time for China to decide which way it is heading toward: further innovation or further restriction.

As CAC is under heavy pressure to implement

Acknowledgement

I would like to thank Professor Colin Hawes of the University of Technology, Sydney for his editing and comments on the final manuscript, and Paul S. Triolo of the Eurasia Group for reading and commenting on my final draft. I would also like to thank Professor Natalie Stoianoff of the University of Technology, Sydney and Shaanan Cohney of the University of Pennsylvania for their input and expertise. Finally, I want to thank Professor Steve Saxby for his encouragement and support from conception

References (0)

Cited by (53)

  • An overview of smart city planning—The future technology

    2023, Artificial Intelligence and Machine Learning in Smart City Planning
  • Privacy in AI and the IoT: The privacy concerns of smart speaker users and the Personal Information Protection Law in China

    2022, Telecommunications Policy
    Citation Excerpt :

    The 2013 Law on Protection of Consumer Rights and Interests also stipulates that the personal information right shall be protected by law. The 2016 Cybersecurity Law (CSL) is a landmark piece of legislation that focuses on the Internet safety issues within the territory of China and provides legal guidance to basic network operation (Parasol, 2018). Network operators are obligated to publicly disclose their ways of data usage and obtain consent from users.

View all citing articles on Scopus
View full text