December 8, 2022

China’s New Power Play: More Control of Tech Companies’ Troves of Data

Shortly after rising to power in late 2012,

Xi Jinping

made his first company visit in his new job as China’s Communist Party chief, to

Tencent Holdings Ltd.

There, he raised a topic that has become both an opportunity and a challenge for his rule: the vast troves of personal data being gathered by the country’s technology companies.

Mr. Xi complimented Tencent’s founder, Pony Ma, on the way the company was accumulating information from millions of users, and harnessing that data to drive innovation. He also suggested that data would be useful to Beijing.

“You have the most sufficient data, then you can make the most objective and accurate analysis,” he told Mr. Ma, according to state media accounts. “The suggestions to the government in this regard are very valuable.”

More than eight years later, those suggestions are becoming demands. The government is now calling on big tech companies like Tencent, online retailing giant

Alibaba Group Holding Ltd.

and TikTok owner ByteDance Ltd. to open up the data they collect from social media, e-commerce and other businesses, according to official documents and interviews with people involved in policy-making.

The complex new web of laws and regulations around sharing digital records is being driven by the huge growth in data held by China’s tech giants—and a belief that the government should be able to access it. The efforts are also part of Mr. Xi’s quest to rein in the increasingly powerful tech sector, which has pushed back on some of Beijing’s previous data-sharing efforts. The most recent law, passed Thursday, will make it harder for companies to resist such requests.

China’s leaders worry that the country’s tech giants could be using their extensive personal and corporate digital records to build alternative power centers in the one-party state. That concern led Mr. Xi to halt a planned initial public offering by

Jack Ma’s

financial-technology behemoth Ant Group Co. late last year.

Chinese government entities involved in the effort to regulate data, including the State Council and the Cyberspace Administration of China, didn’t respond to requests for comment.

Tencent founder Pony Ma in 2018.


Jason Lee/Reuters

Beijing is also intensifying the pressure on foreign firms operating in China to keep records gathered from local customers inside the country, so the government has more authority over the records. Western companies have long complained such “data-localization” requirements could stifle innovation in their global operations or enable Chinese authorities to steal their proprietary information.

U.S. electric-car maker

Tesla Inc.

pledged in late May to build more data centers in China and to keep information generated by the vehicles it sells there within Chinese borders. In a statement posted on Chinese social media, Tesla said it was “honored” to participate in an industry discussion on the matter.

Tesla didn’t respond to requests for comment.

China’s motives

Many countries are wrestling with how to regulate digital records. Some economies, including in Europe, emphasize the need for data privacy, while others, such as China and Russia, put greater focus on government control. The U.S. currently doesn’t have a single federal-level law on data protection or security; instead, the Federal Trade Commission is broadly empowered to protect consumers from unfair or deceptive data practices.

Behind China’s moves is a growing sense among leaders that data accumulated by the private sector should in essence be considered a national asset, which can be tapped or restricted according to the state’s needs, according to the people involved in policy-making.

Those needs include managing financial risks, tracking virus outbreaks, supporting state economic priorities or conducting surveillance of criminals and political opponents.

Officials also worry companies could share data with foreign business partners, undermining national security.

Beijing’s latest economic blueprint for the next five years, released in March, emphasized the need to strengthen government sway over private firms’ data—the first time a five-year plan has done so.

A group recites the party oath in front of a screen showing Mr. Xi in Shanghai, June 4.


Aly Song/Reuters

A key element of Beijing’s push is a pair of laws, one passed on Thursday and the other a proposal updated by China’s legislature in April. Together, they will subject almost all data-related activities to government oversight, including their collection, storage, use and transmission. The legislation builds on the 2017 Cybersecurity Law that started tightening control of data flows.

The new Data Security Law, which will take effect on Sept. 1, includes a goal of classifying private-sector data according to its importance to state interests. The vaguely worded clause, analysts and legal experts say, gives authorities considerably more leeway to control data deemed essential to the state, while making it harder for businesses, both Chinese and foreign, to say no.

The law will “clearly implement a more stringent management system for data related to national security, the lifeline of the national economy, people’s livelihood and major public interests,” said a spokesman for the National People’s Congress, the legislature.

The proposed Personal Information Protection Law, modeled on the European Union’s data-protection regulation, seeks to limit the types of data that private-sector firms can collect. Unlike the EU rules, the Chinese version lacks restrictions on government entities when it comes to gathering information on people’s call logs, contact lists, location and other data.

“Less invasive private-sector data collection anywhere is a good thing,” says analyst Ryan Fedasiuk at Georgetown University’s Center for Security and Emerging Technology. “But China’s push for data privacy strikes me as yet another move to strengthen the role of the government and the party vis-à-vis tech companies.”

Authorities are taking action even before the laws take effect, as part of the tech clampdown.

In late May, citing concerns over user privacy, the Cyberspace Administration of China singled out 105 apps—including ByteDance’s video-sharing service Douyin and

Microsoft Corp.’s

Bing search engine and LinkedIn service—for excessively collecting and illegally accessing users’ personal information. The government gave the companies named 15 days to fix the problems or face legal consequences.

Bytedance, Microsoft and LinkedIn didn’t respond to requests for comment. It’s unclear how the companies responded to the government’s request.

ByteDance headquarters in Beijing.


Greg Baker/Agence France-Presse/Getty Images

Two weeks earlier, the government ordered 13 firms, including the financial arms of food-delivery giant Meituan, ride-sharing provider Didi Chuxing Technology Co. and e-commerce firm Inc.,

to adhere to tighter regulation of their data and lending practices.

Meituan, Didi and all said they had agreed to rectify their business practices as required.

Foreign firms

Beijing’s pressure on foreign firms to fall in line picked up with the 2017 Cybersecurity Law, which included a provision calling for companies to store their data on Chinese soil. That requirement, at least initially, was largely limited to companies deemed “critical infrastructure providers,” a loosely defined category that has included foreign banks and tech firms.

In private meetings with American firms, Chinese officials have dismissed concerns that the rule could allow China to take proprietary information, while saying the data needs to be stored in China for security and regulatory purposes, according to people familiar with the discussions.

To comply with tough Chinese cybersecurity rules,

Apple Inc.

in 2017 pledged to store all cloud data for its customers there with a government-owned company. It has built a data center in China for customers of its iCloud service, for data including photos, documents, messages, apps and videos uploaded by Apple users throughout the mainland. Apple declined to comment.

Since last year, Chinese regulators have formally made the data-localization requirement a prerequisite for foreign financial institutions trying to get a foothold in China.

Citigroup Inc.


BlackRock Inc.

are among the U.S. firms that have so far agreed to the rule and won licenses to start wholly-owned businesses in China.

Citigroup and BlackRock declined to comment.

The data-security laws promise to broaden the requirement to include more types of foreign companies. Regulators are also rolling out sector-specific rules to strengthen control over data considered important to state interests.

Tesla’s Gigafactory in Shanghai has sparked some new rules. China’s leadership greenlighted the U.S. car maker’s plan to set up the wholly-owned production facility in 2018.

Tesla’s Gigafactory last year.


Qilai Shen/Bloomberg News

Senior officials have publicly likened Tesla to a “catfish” rather than a “shark,” saying the company could uplift the auto sector the way working with Apple and Motorola Mobility LLC helped elevate China’s smartphone and telecommunications industries.

To ensure Tesla doesn’t become a security risk, China’s Cyberspace Administration recently issued a draft rule that would forbid electric-car makers from transferring outside China any information collected from users on China’s roads and highways. It also restricted the use of Tesla cars by military personnel and staff of some state-owned companies amid concerns that the vehicles’ cameras could send information about government facilities to the U.S.


Should governments have access to data collected by technology companies? Join the conversation below.

In late May, Tesla confirmed it had set up a data center in China and would domestically store data from cars it sold in the country. It said it joined other Chinese companies, including Alibaba and

Baidu Inc.,

in the discussion of the draft rules arranged by the CyberSecurity Association of China, which reports to the Cyberspace Administration.

Lawyers and analysts say China’s rules could ultimately serve many purposes, including slowing foreign companies’ technological progress. An inability to send certain data back to the U.S. could hurt Tesla’s ability to use artificial intelligence algorithms to analyze such data to improve its cars.

“It’s reducing a proprietary advantage companies like Tesla have,” says

Lester Ross,

a Beijing-based lawyer at WilmerHale, who advises American firms operating in China.

Internal debate

In the past, the government often demanded data from private firms, and could sometimes enforce its wishes, especially for hunting down criminal suspects and silencing dissent. Chinese companies have pushed back on previous proposals to open up and centralize their statistics, such as those on customers’ borrowing habits and payment histories.

Over the years, senior officials including Premier

Li Keqiang

have sometimes argued for giving the private sector more autonomy in collecting and handling user data, people familiar with Beijing’s internal deliberations say. The idea was to encourage firms to keep innovating and to accommodate their growth, including overseas.

On the other side are officials from China’s security apparatus and financial regulatory agencies, who thought tech firms were becoming too big and not doing enough to support state objectives. Resisting requests to share more data, China’s tech giants cited a lack of relevant regulations.

Increasingly, China’s president, Mr. Xi, leaned toward voices advocating greater digital control. He now labels big data as another essential element of China’s economy, on par with land, labor and capital.

“Whoever controls data will have the initiative,” he has said in private meetings, according to the people familiar with internal discussions.

A critical speech by Jack Ma last year led Mr. Xi to halt Ant Group’s IPO.


Philippe Lopez/Agence France-Presse/Getty Images

The government grew more aggressive after a now-infamous speech by tech billionaire Jack Ma last October, in which he angered regulators by criticizing them for smothering innovation. Mr. Xi halted the IPO of Ant Group, in which Mr. Ma is the controlling shareholder, soon after.

Chinese regulators believe Ant and other financial-technology players, including Tencent, have monopolized user data to get unfair advantages over banking institutions, while also making it harder for the state to monitor credit risk.

Ant built its own credit-risk system as it expanded into consumer lending, in part using spending and bill-paying data from its Alipay app, used by more than one billion consumers. Ant wound up with a sizable position in China’s financial sector, traditionally dominated by China’s state-owned banks. It works with banks to fund the loans, but hasn’t had to bear much of the default risk.

New regulations proposed late last year by the central bank and China’s top banking regulator are calling on firms like Ant and Tencent to transmit credit statistics into either a centralized system run by the central bank or a credit-rating agency controlled by the government.

“From the point of view of the state, anti-data monopoly must be strengthened,” said Li Lihui, a former president of state-owned

Bank of China Ltd.

and now a member of China’s legislature. He said he expects China to establish a “centralized and unified public database” to underpin its digital economy.

Tencent’s headquarters in Shenzhen.


Qilai Shen/Bloomberg News

Ant and Tencent declined to comment. During the company’s earnings call in March, Tencent’s president,

Martin Lau,

said, “We’ll be completely compliant with whatever regulations that will become in place.”

Another initiative under way involves some Chinese cities testing so-called unified data centers for private-sector firms to share data with authorities.

Shenzhen, where Tencent is based, is planning to build one that would centralize the storage, sharing and supervision of data collected by government entities as well as companies in finance, education, telecommunications and other areas.

The city hasn’t provided detailed information on its plans for using the information, which it broadly defines as “public data.” A Shenzhen official confirmed the initiative but declined to comment further.

“Public data is a new type of state-owned asset, and its data rights belong to the state,” said a draft regulation released by Shenzhen’s government last year.

Write to Lingling Wei at [email protected]

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

in Tech
Related Posts

Facebook Lets More Employees Choose Full-Time Remote Work or Return to the Office

June 9, 2021

June 9, 2021

Facebook Inc. FB -1.03% is giving most of its employees a choice: Seek permission to keep working at home or...

EU and U.K. Open Antitrust Probes Into Facebook

June 4, 2021

June 4, 2021

The European Union and the U.K. opened formal antitrust investigations into Facebook Inc.’s FB -0.94% classified-ads service Marketplace, ramping up...

Companies Struggle to Keep Their Tech Workers From Logging Off

June 18, 2021

June 18, 2021

Many information-technology workers in the U.S. are on the hunt for new jobs, seeking a wider array of remote work...

EU Eyes Formal Antitrust Investigation Into Facebook

May 26, 2021

May 26, 2021

The European Union is close to opening its first formal antitrust investigation into Facebook Inc., according to a person familiar...

Trump Justice Department Sought Democratic Lawmakers’ Records From Apple

June 11, 2021

June 11, 2021

WASHINGTON—The Justice Department during the Trump administration sought records from Apple Inc. relating to communications by House Intelligence Committee members...

DeFi Is Helping to Fuel the Crypto Market Boom—and Its Recent Volatility

June 3, 2021

June 3, 2021

Dogecoin and NFTs have captured the public’s imagination, but money is also flooding into another hot, and risky, corner of...

Blink Charging Taps Cash Pile in Electric Car Bet

May 27, 2021

May 27, 2021

Blink Charging Co. is using cash acquired in a recent stock offering to expand its network of charging stations ahead...

After Colonial Pipeline Hack, U.S. to Require Operators to Report Cyberattacks

May 25, 2021

May 25, 2021

The Transportation Security Administration intends to release the first of at least two security directives that would require pipeline operators...

Qualcomm Shares Rise to Record High on Ambitious Growth Targets

November 17, 2021

November 17, 2021

The push by Qualcomm Inc.’s new chief executive to diversify into everything from cars to connected devices now comes with...

Lordstown Motors Executives Sold Stock Ahead of Reporting Results and Before Troubles Came to Light

June 21, 2021

June 21, 2021

Several top executives at Lordstown Motors Corp. RIDE 3.30% sold off chunks of stock in the electric-truck startup ahead of...

How to Get More Women Into Technology

June 1, 2021

June 1, 2021

During her decadeslong career in technology, Judith Spitz watched as the “dismal number” of women in the industry failed to...

SEC Is Running Out of Options to Rein In Elon Musk

June 2, 2021

June 2, 2021

WASHINGTON—The Securities and Exchange Commission has tried for several years to get Elon Musk to behave more like a typical...

Irish Healthcare System Struggles With Tech Disruptions After May Ransomware Attack

June 18, 2021

June 18, 2021

Ireland’s healthcare service is still slowly restoring its technology systems five weeks after suffering a ransomware attack, highlighting the painful...

Google Nears Settlement of Ad-Tech Antitrust Case in France

May 27, 2021

May 27, 2021

Alphabet Inc.’s GOOG -1.27% Google is nearing a settlement of an antitrust case in France alleging the company has abused...

All-or-Nothing Investment Websites Used Wirecard for Card Payments

June 4, 2021

June 4, 2021

More than half a dozen websites that securities regulators alleged stole money from novice investors in the U.S., Canada and...