By Lingling Wei
Shortly after rising to power in late 2012, Xi Jinping made his
first company visit in his new job as China's Communist Party
chief, to Tencent Holdings Ltd. There, he raised a topic that has
become both an opportunity and a challenge for his rule: the vast
troves of personal data being gathered by the country's technology
companies.
Mr. Xi complimented Tencent's founder, Pony Ma, on the way the
company was accumulating information from millions of users, and
harnessing that data to drive innovation. He also suggested that
data would be useful to Beijing.
"You have the most sufficient data, then you can make the most
objective and accurate analysis," he told Mr. Ma, according to
state media accounts. "The suggestions to the government in this
regard are very valuable."
More than eight years later, those suggestions are becoming
demands. The government is now calling on big tech companies like
Tencent, online retailing giant Alibaba Group Holding Ltd. and
TikTok owner ByteDance Ltd. to open up the data they collect from
social media, e-commerce and other businesses, according to
official documents and interviews with people involved in
policy-making.
The complex new web of laws and regulations around sharing
digital records is being driven by the huge growth in data held by
China's tech giants -- and a belief that the government should be
able to access it. The efforts are also part of Mr. Xi's quest to
rein in the increasingly powerful tech sector, which has pushed
back on some of Beijing's previous data-sharing efforts. The most
recent law, passed Thursday, will make it harder for companies to
resist such requests.
China's leaders worry that the country's tech giants could be
using their extensive personal and corporate digital records to
build alternative power centers in the one-party state. That
concern led Mr. Xi to halt a planned initial public offering by
Jack Ma's financial-technology behemoth Ant Group Co. late last
year.
Chinese government entities involved in the effort to regulate
data, including the State Council and the Cyberspace Administration
of China, didn't respond to requests for comment.
Beijing is also intensifying the pressure on foreign firms
operating in China to keep records gathered from local customers
inside the country, so the government has more authority over the
records. Western companies have long complained such
"data-localization" requirements could stifle innovation in their
global operations or enable Chinese authorities to steal their
proprietary information.
U.S. electric-car maker Tesla Inc. pledged in late May to build
more data centers in China and to keep information generated by the
vehicles it sells there within Chinese borders. In a statement
posted on Chinese social media, Tesla said it was "honored" to
participate in an industry discussion on the matter.
Tesla didn't respond to requests for comment.
China's motives
Many countries are wrestling with how to regulate digital
records. Some economies, including in Europe, emphasize the need
for data privacy, while others, such as China and Russia, put
greater focus on government control. The U.S. currently doesn't
have a single federal-level law on data protection or security;
instead, the Federal Trade Commission is broadly empowered to
protect consumers from unfair or deceptive data practices.
Behind China's moves is a growing sense among leaders that data
accumulated by the private sector should in essence be considered a
national asset, which can be tapped or restricted according to the
state's needs, according to the people involved in
policy-making.
Those needs include managing financial risks, tracking virus
outbreaks, supporting state economic priorities or conducting
surveillance of criminals and political opponents.
Officials also worry companies could share data with foreign
business partners, undermining national security.
Beijing's latest economic blueprint for the next five years,
released in March, emphasized the need to strengthen government
sway over private firms' data -- the first time a five-year plan
has done so.
A key element of Beijing's push is a pair of laws, one passed on
Thursday and the other a proposal updated by China's legislature in
April. Together, they will subject almost all data-related
activities to government oversight, including their collection,
storage, use and transmission. The legislation builds on the 2017
Cybersecurity Law that started tightening control of data
flows.
The new Data Security Law, which will take effect on Sept. 1,
includes a goal of classifying private-sector data according to its
importance to state interests. The vaguely worded clause, analysts
and legal experts say, gives authorities considerably more leeway
to control data deemed essential to the state, while making it
harder for businesses, both Chinese and foreign, to say no.
The law will "clearly implement a more stringent management
system for data related to national security, the lifeline of the
national economy, people's livelihood and major public interests,"
said a spokesman for the National People's Congress, the
legislature.
The proposed Personal Information Protection Law, modeled on the
European Union's data-protection regulation, seeks to limit the
types of data that private-sector firms can collect. Unlike the EU
rules, the Chinese version lacks restrictions on government
entities when it comes to gathering information on people's call
logs, contact lists, location and other data.
"Less invasive private-sector data collection anywhere is a good
thing," says analyst Ryan Fedasiuk at Georgetown University's
Center for Security and Emerging Technology. "But China's push for
data privacy strikes me as yet another move to strengthen the role
of the government and the party vis-à-vis tech companies."
Authorities are taking action even before the laws take effect,
as part of the tech clampdown.
In late May, citing concerns over user privacy, the Cyberspace
Administration of China singled out 105 apps -- including
ByteDance's video-sharing service Douyin and Microsoft Corp.'s Bing
search engine and LinkedIn service -- for excessively collecting
and illegally accessing users' personal information. The government
gave the companies named 15 days to fix the problems or face legal
consequences.
Bytedance, Microsoft and LinkedIn didn't respond to requests for
comment. It's unclear how the companies responded to the
government's request.
Two weeks earlier, the government ordered 13 firms, including
the financial arms of food-delivery giant Meituan, ride-sharing
provider Didi Chuxing Technology Co. and e-commerce firm JD.com
Inc., to adhere to tighter regulation of their data and lending
practices.
Meituan, Didi and JD.com all said they had agreed to rectify
their business practices as required.
Foreign firms
Beijing's pressure on foreign firms to fall in line picked up
with the 2017 Cybersecurity Law, which included a provision calling
for companies to store their data on Chinese soil. That
requirement, at least initially, was largely limited to companies
deemed "critical infrastructure providers," a loosely defined
category that has included foreign banks and tech firms.
In private meetings with American firms, Chinese officials have
dismissed concerns that the rule could allow China to take
proprietary information, while saying the data needs to be stored
in China for security and regulatory purposes, according to people
familiar with the discussions.
To comply with tough Chinese cybersecurity rules, Apple Inc. in
2017 pledged to store all cloud data for its customers there with a
government-owned company. It has built a data center in China for
customers of its iCloud service, for data including photos,
documents, messages, apps and videos uploaded by Apple users
throughout the mainland. Apple declined to comment.
Since last year, Chinese regulators have formally made the
data-localization requirement a prerequisite for foreign financial
institutions trying to get a foothold in China. Citigroup Inc. and
BlackRock Inc. are among the U.S. firms that have so far agreed to
the rule and won licenses to start wholly-owned businesses in
China.
Citigroup and BlackRock declined to comment.
The data-security laws promise to broaden the requirement to
include more types of foreign companies. Regulators are also
rolling out sector-specific rules to strengthen control over data
considered important to state interests.
Tesla's Gigafactory in Shanghai has sparked some new rules.
China's leadership greenlighted the U.S. car maker's plan to set up
the wholly-owned production facility in 2018.
Senior officials have publicly likened Tesla to a "catfish"
rather than a "shark," saying the company could uplift the auto
sector the way working with Apple and Motorola Mobility LLC helped
elevate China's smartphone and telecommunications industries.
To ensure Tesla doesn't become a security risk, China's
Cyberspace Administration recently issued a draft rule that would
forbid electric-car makers from transferring outside China any
information collected from users on China's roads and highways. It
also restricted the use of Tesla cars by military personnel and
staff of some state-owned companies amid concerns that the
vehicles' cameras could send information about government
facilities to the U.S.
In late May, Tesla confirmed it had set up a data center in
China and would domestically store data from cars it sold in the
country. It said it joined other Chinese companies, including
Alibaba and Baidu Inc., in the discussion of the draft rules
arranged by the CyberSecurity Association of China, which reports
to the Cyberspace Administration.
Lawyers and analysts say China's rules could ultimately serve
many purposes, including slowing foreign companies' technological
progress. An inability to send certain data back to the U.S. could
hurt Tesla's ability to use artificial intelligence algorithms to
analyze such data to improve its cars.
"It's reducing a proprietary advantage companies like Tesla
have," says Lester Ross, a Beijing-based lawyer at WilmerHale, who
advises American firms operating in China.
Internal debate
In the past, the government often demanded data from private
firms, and could sometimes enforce its wishes, especially for
hunting down criminal suspects and silencing dissent. Chinese
companies have pushed back on previous proposals to open up and
centralize their statistics, such as those on customers' borrowing
habits and payment histories.
Over the years, senior officials including Premier Li Keqiang
have sometimes argued for giving the private sector more autonomy
in collecting and handling user data, people familiar with
Beijing's internal deliberations say. The idea was to encourage
firms to keep innovating and to accommodate their growth, including
overseas.
On the other side are officials from China's security apparatus
and financial regulatory agencies, who thought tech firms were
becoming too big and not doing enough to support state objectives.
Resisting requests to share more data, China's tech giants cited a
lack of relevant regulations.
Increasingly, China's president, Mr. Xi, leaned toward voices
advocating greater digital control. He now labels big data as
another essential element of China's economy, on par with land,
labor and capital.
"Whoever controls data will have the initiative," he has said in
private meetings, according to the people familiar with internal
discussions.
The government grew more aggressive after a now-infamous speech
by tech billionaire Jack Ma last October, in which he angered
regulators by criticizing them for smothering innovation. Mr. Xi
halted the IPO of Ant Group, in which Mr. Ma is the controlling
shareholder, soon after.
Chinese regulators believe Ant and other financial-technology
players, including Tencent, have monopolized user data to get
unfair advantages over banking institutions, while also making it
harder for the state to monitor credit risk.
Ant built its own credit-risk system as it expanded into
consumer lending, in part using spending and bill-paying data from
its Alipay app, used by more than one billion consumers. Ant wound
up with a sizable position in China's financial sector,
traditionally dominated by China's state-owned banks. It works with
banks to fund the loans, but hasn't had to bear much of the default
risk.
New regulations proposed late last year by the central bank and
China's top banking regulator are calling on firms like Ant and
Tencent to transmit credit statistics into either a centralized
system run by the central bank or a credit-rating agency controlled
by the government.
"From the point of view of the state, anti-data monopoly must be
strengthened," said Li Lihui, a former president of state-owned
Bank of China Ltd. and now a member of China's legislature. He said
he expects China to establish a "centralized and unified public
database" to underpin its digital economy.
Ant and Tencent declined to comment. During the company's
earnings call in March, Tencent's president, Martin Lau, said,
"We'll be completely compliant with whatever regulations that will
become in place."
Another initiative under way involves some Chinese cities
testing so-called unified data centers for private-sector firms to
share data with authorities.
Shenzhen, where Tencent is based, is planning to build one that
would centralize the storage, sharing and supervision of data
collected by government entities as well as companies in finance,
education, telecommunications and other areas.
The city hasn't provided detailed information on its plans for
using the information, which it broadly defines as "public data." A
Shenzhen official confirmed the initiative but declined to comment
further.
"Public data is a new type of state-owned asset, and its data
rights belong to the state," said a draft regulation released by
Shenzhen's government last year.
Write to Lingling Wei at lingling.wei@wsj.com
(END) Dow Jones Newswires
June 12, 2021 00:15 ET (04:15 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
Tencent (PK) (USOTC:TCEHY)
Historical Stock Chart
From Aug 2024 to Sep 2024
Tencent (PK) (USOTC:TCEHY)
Historical Stock Chart
From Sep 2023 to Sep 2024