AS CHRISTOPHER WAS preparing to board a flight from New York to Singapore in February 2019, he was pulled aside by local authorities and told to stay put. An Interpol “red notice”, a request for local law enforcement to make an arrest on behalf of another government, had been issued on his name, he would soon learn. The executive, who has asked that his real name not be used because his case is ongoing, was the founder of an international advertising group that a few years earlier had got into big trouble in China over data security.
Your browser does not support the
Christopher’s company entered China in 2012 and began co-operating with state-owned firms, using telecoms data to create advertising products. In 2014 the government signalled that it would strengthen data security, elevating it to the status of a national-security concern. Not long after, the offices of Christopher’s firm were raided. A dozen of his local staff were detained; two of them were held for up to two years. He hired Chinese lawyers to assess the situation but was never able to learn the specifics of the charges.
It was not until he was denied entry to Singapore, several years later, that he came to understand the allegations against him. According to an Interpol document reviewed by The Economist, Chinese authorities had accused Christopher’s company of having “illegally obtained a substantial amount of private information of Chinese citizens in the name of ‘targeted advertising’”. He was, the government claims, liable for these alleged violations.
Since lifting self-destructive covid-19 rules earlier this year, China’s leaders have gone on a charm offensive to lure back foreign businesses and investors. Yet the government is launching sporadic raids on foreign companies. In March the local staff of Mintz Group, an American firm that conducts corporate investigations, were arrested in Beijing. Shortly after, authorities showed up at the offices of Bain & Company, an American consulting firm, where staff were questioned and some electronic equipment confiscated. Several other foreign firms that deal in data and intelligence have reportedly faced similar situations. The entire industry of corporate investigators who help foreign investors understand what is happening on the ground in China has been rattled. Both Bain and Mintz have said they are co-operating with the authorities.
Pulling up the data drawbridge
Meanwhile Chinese firms that sell information about the Chinese economy and companies are being forced by their domestic overseers to curtail their operations abroad. According to a Wall Street Journal report on May 1st, one such company, called WIND Financial Information, has recently informed some foreign clients that it can no longer provide its services. Firms supplying Chinese corporate records, such as Qichacha, are no longer permitted to do so outside China. To the dismay of academics around the world, CNKI, a digital subscription platform for Chinese research papers, suddenly became inaccessible to accounts outside the country in March. In just the past few months many of the links that have helped the world understand China have been severed.
Chinese authorities have given no explanation for the raids on Mintz and Bain, or for curtailing the information services available to foreigners. But a growing group of experts finger the stepped-up policing of data in recent years. In 2021 the government enacted laws on data security and personal information that have wide-ranging implications for how such data can be transferred, where and by whom.
The Personal Information Protection Law of 2021 is one of the strictest such statutes in the world, lawyers say. It restricts the transfer across borders of any information that can be used to identify individuals. Merely forwarding an email with a signature containing a Chinese citizen’s personal information may constitute an infraction, notes one lawyer. Almost all global companies in China are thought to be operating in violation of the letter of the code. Many have applied for an extension to comply with the rules. To fully comply, corporations will probably need to turn their China businesses into islands of information that have little contact with their global operations.
The vagueness of these and other rules creates more risks for businesses. Take China’s espionage law, updated on April 26th to give security agencies more access to data that may present a national-security threat. Like many data-related laws, it leaves wide open the definition of what constitutes such a threat. This, says Aynne Kokas, author of “Trafficking Data: How China is Winning the Battle for Digital Sovereignty”, lets the government redraw the lines as its threat perception changes. Companies are left on tenterhooks.
Many of the risks to firms have existed for years, notes a foreign executive with years of experience in China. Now they are becoming much more material. Companies must start making more sober assessments about whether they are putting themselves or their local staff in harm’s way, he warns. And as China further tightens its data laws, more and more businesses—from investment banks and law firms to news organisations—may be ensnared.
After years of seeking to resolve his case, Christopher says no further details have emerged from China. The vague charges related to illegal data acquisition have never been explained, he claims. He has spent years agonising over how things went wrong. He says that his company never had direct access to personal information in China. Getting his hands on such data, he says, was impossible from the beginning. A red notice remains on his name today, making most forms of international travel a hassle at best—or, at worst, a risk of being extradited to China. ■
To stay on top of the biggest stories in business and technology, sign up to the Bottom Line, our weekly subscriber-only newsletter.
Source: Business - economist.com
