China just added legislative defenses to its “Great Firewall,” but foreign businesses are unsure how that will translate for them.
China’s new cybersecurity law, which took effect Thursday, is being hailed by Beijing officials as a milestone for data privacy but foreign companies are worried about the fine print—especially since violations could mean fines up to $150,000.
The New York Times reports the law requires personal information and other “sensitive” data to have certain protections and be stored on servers in China. To move the data out of the country, it might need to be reviewed first—but it’s unclear what determines that.
Due to its broad scope and vague language, foreign businesses are unsure of exactly how the law will be applied. According to legal experts at Lawfare, it’s likely that it will be enforced when China thinks doing so would support its political and economic interests.
Critics fear the new law tilts the balance of business in favor of Chinese companies and away from multinational corporations. Given China’s history of corporate espionage, some are worried the new law will make foreign companies more vulnerable.
This article was featured in the InsideHook newsletter. Sign up now.