In the News: China Enforces Cybersecurity Rules; Gotion Invests in EV Battery Facility in the U.S.; and Former SEC Chair Urges Disclosure on China Exposure

Credit: Kittipong Jirasukhanonta/Adobe Stock

China Increases Cybersecurity Enforcement

China is tightening security around domestic data. According to the South China Morning Post, law enforcement agencies are expanding efforts to monitor compliance in all types of businesses. Businesses are being warned about punishments they will face for not following evolving cybersecurity regulations. Last month, police in Zhenjiang, in the province of Jiangsu, carried out security sweeps and issued warnings to those that offered Wi-Fi without requiring real-name registration. The security inspections demonstrate China's growing scrutiny of the use of personal data by companies. Beijing has also been strengthening its data protection legal framework, which is seen as a pillar for national security.

New regulations on data protection include requirements that all companies that handle personal data conduct regular compliance audits. The rules come as Beijing this year scales up its anti-espionage efforts, with warnings over unauthorized acquisition of documents, data, materials and items related to national security and interests. Building on the Cybersecurity Law of 2016, the Data Security Law implemented in September 2021 limits the ways data can be processed. The law also stresses the need to safeguard national security and interests, making the protection of data a national security priority. The Security Bureau warned of possible data leaks in the healthcare, financial and real estate sectors that could cause significant harm to public interest, economic operations, and individual rights.

Angela Zhang, an associate professor of law at the University of Hong Kong, said the recent cases reflect a shift in focus by local governments to enforce the data security rules on small and medium-sized firms. "Unlike large corporations, small and medium-sized enterprises often lack robust compliance mechanisms. This could account for the recent surge in enforcement actions against them. However, the fines levied under this law tend to be relatively small, and the targets of enforcement actions are generally not prominent corporate actors. Alex Roberts, a Shanghai-based counsel for TMT at Linklaters, said the recent enforcement actions are a clear signal from Chinese authorities that any informal grace period is over, and businesses, regardless of their size, must take action to comply with the data privacy and security laws. The enforcement action sparked debate among industry participants over its fairness when targeting small enterprises, which may not be able to afford to take costly compliance measures.