China's strict cybersecurity laws took effect today; potentially impacting foreign businesses

Firms will also have to store user data on servers inside China, and people will be given the right to have their information deleted.

A draft of the supporting regulations was released for public comment in April, while another draft measure on the definition of "critical information infrastructure" was released on Saturday.

Until now, China's data industry has had no overarching data protection framework, being governed instead by loosely defined laws. After understanding the type of covered entity and the related obligations, a key next step is developing a detailed overview of the primary aspects of the company's data systems in order to better understand any gaps that may exist between the legal requirements and the current systems. In the past, the Chinese government has often been criticized for censoring the internet. On June 13, 2013, the US whistleblower Edward Snowden gave an explosive interview to the South China Morning Post while he was in hiding in Hong Kong. Companies such as the hospitality sharing app company Airbnb have already begun complying with provisions concerning data on Chinese citizens. Consequently, all domestic and foreign enterprises are expected to abide by the new laws within 19 months starting June 1 and extending up to the end of 2018. It remains unclear if a phase-in period would be accompanied by guidance on the new law or if companies would be subject to immediate penalties for non-compliance.

China's controversial cybersecurity law, which requires worldwide firms to store critical data within the country, has come into effect from today amid complaints from foreign businesses.

Companies not considered critical will still have to develop data protection measures; store data relating to China or Chinese people on domestic servers; and get permission from the relevant authorities before moving large amounts of data overseas.

"They do have legitimate cybersecurity concerns that were heightened with the [Edward] Snowden revelations", said Adam Segal, director of the cyberspace policy program at the Council on Foreign Relations. The law is the latest step in China's long-term campaign for jurisdictional control over content on the internet. As far as Beijing is concerned, the best way to protect Chinese data from foreign spying is by keeping everything within its borders, the same way its "Great Firewall" is keeping its own citizens from foreign influence.

It's also a clever plan to create more tech jobs and businesses for the locals. Suddenly, accessing and copying foreigners' IP (intellectual property) has never been easier.

However, one global law firm with a Chinese presence told PGI that the intention of the law is not to prohibit foreign businesses from operating in China, nor is it to boost Chinese competitiveness. It mainly consists of members from the U.S.

Because China has little respect for human rights, let alone independent and democratic checks and balances, some argue there is no guarantee of how China will use the information it now has access to.

A new, broadly-worded cyber security law comes into force in China today.

  • Zachary Reyes