China’s probe into a consultancy firm Capvision Partners is the recent move in a series of security related campaigns going on for long in order to ensure stiff control of data produced inside its territory.
State broadcaster CCTV said in a programme on the Capvision investigation that the state media accused foreign institutions of employing domestic consulting businesses to obtain state secrets and intelligence in crucial areas.
An overview of the key moments in China’s campaign to control data and information export, in particular, is provided below:
- China passed a national security law in July 2015 in order to expand the parameters for defending its cyberspace and put emphasis on developing vital technologies. The new law came in place of an old one made in 1993.
- China’s cybersecurity law passed in November 2016 focused on two aspects, requirements for security audits and the storage of data on Chinese servers.
- Another of China’s security law pertained to data security was passed in June 2021 to safeguard “important data” and “core data.” The law is centred around information pertaining to the safety of the nation and economy, the welfare of its citizens, and significant matters of public interest.
- Chinese authorities investigated ride-hailing behemoth Didi Global just after it went public in July 2021 in the United States. As per Chinese sources the reason for investigation was the company’s disregard to the Chinese government’s request of making a cybersecurity evaluation before listing.
- China passed a law in August 2021 governing the collection and transfer of personal data outside the country, as well as laws pertaining to what is referred to as critical information infrastructure.
- According to reports at the time, in November 2021, certain Chinese shipping data providers stopped providing information to international businesses, citing the necessity to adhere to new data laws.
- China introduced cyber security assessment regulations in January 2022, requiring platform companies with user data of more than 1 million to undergo a security examination prior to offering shares abroad.
- China introduced cross-border data review policies in July 2022, requiring a security assessment for “important” offshore data transfers.
- Wind Information Co, China’s mega financial data provider, was stopped by regulators to cease exporting data to users outside the country in September 2022.
- CNKI, a Chinese academic data platform, stopped international reach to at least four of its databases in order to follow the new data laws, in March 2023.
- In April 2023, lawmakers approved a comprehensive reform to the anti-espionage laws that broadens the definition of spying and outlaws the transmission of information related to national security.
- Police reportedly visited the Shanghai office of American consulting firm Bain & Co in April 2023 and questioned some employees.
