Skip to content

China’s Draft Data Security Law: Foreign Companies Caught in the Middle

In July of this year, the Chinese government introduced the Draft Data Security Law. Article 2 of that law states that the law’s jurisdiction extends to “organizations and individuals outside of” China who engage in data activities that harm China’s national security or the public interest of the Chinese people. It is expected that the law will take effect after being discussed and passed at the National People’s Congress next year.

Observers pointed out that the Chinese government may use Article 2 of the law, which extends the legal responsibility for data security to other parts of the world, to achieve its political purposes.

James Andrew Lewis, senior vice president and director of the Technology Policy Program at CSIS, (The Center for Strategic and International Studies) told Voice of America, “The bill gives Chinese authorities the ability to regulate data controllers, whether they are in China or outside of China, so it has an extra-territorial effect.”

Dr. Lynette Ong, an associate professor of political science at the University of Toronto, said that the draft law is certainly a deterrent to foreign companies, just like the Hong Kong National Security Law. “In fact, the effect of this law is to legalize their (the government’s) actions … but this does not mean that, without this law, no action would be taken. If any foreign organization’s actions harm China’s interests, they would also take action, even if there were no such law.”

In addition, under Article 32, as long as the police or another law enforcement agency adheres to relevant law and procedures vis-à-vis a request to access data, data holders will be obliged to cooperate.

Professor Ong said that this legal provision may worry the chief executive of a foreign company. “If I were the chief executive officer of a data company, I might be worried about whether to continue to operate in China. I think data companies are particularly sensitive, because their customers have high expectations for data security. Therefore, if a certain standard cannot be met, they may leave mainland China completely. In fact, this will have a certain impact on the Chinese economy.”


In 2005, Shi Tao, a Chinese journalist, writer and poet, was sentenced to 10 years in prison for releasing a document of the Communist Party to an overseas Chinese democracy site. Yahoo!-China was later discovered to have facilitated his arrest by providing his personal details to the Chinese government.

Source: Voice of America, October 12, 2020