China data privacy law and lawyers

On March 6th, the Standardization Administration of China (SAC) joined with the State Administration for Market Regulation (SAMR) to issue GB/T 35273-2020 《信息安全技术 个人信息安全规范》 , or “Information Security Technology – Personal Information Security Specification,” which will come into effect on October 1, 2020. This 2020 Specification will replace GB/T 35273-2017, which has been in effect since 2017. We wrote about this previous Personal Information Security Specification here.

The 2020 Specification will update and refine the guidelines outlined in the 2017 Personal Information Security Specification. The 2020 Specification is a national standard, referred to as “GB.” Some national standards, like the 2020 Specification, are not mandatory but are recommended guidelines that reinforce the law, and are referred to as GB/T. In this case, the 2020 Specification explains and reinforces China’s 2017 Cybersecurity Law. Though the 2020 Specification is not enforceable by law, the Chinese government uses these standards to evaluate an entity’s compliance with China’s legal guidelines and regulations. The Center for Strategic & International Studies wrote about the previous specification and the ambiguity surrounding how national standards are enforced in China, stating that “the written standard leaves space for interpretation by enforcement authorities whose interests and objectives may not align with the intent of the drafters.” Though the 2020 Specification clarifies issues such as biometric data, multiple business functions, and explicit consent, it is still unclear to what extent the new standard will be enforced in China.

The 2020 Specification outlines that “controllers” are those who collect personal information for providing a product or service. The “subject” is the individual or entity that provides the personal information to the controller. The 2020 Specification seeks to provide the subject with more autonomy in how and when they provide personal information to controllers.


Multiple Business Functions

Article 5.3 of the 2020 Specification states that the controller providing a product or service that requires personal information cannot bundle a subject’s personal information into multiple business functions. If the subject does not specifically authorize the consent to use personal information for a specific business function, the controller may not incentivize the subject by guaranteeing better quality service or increased security in return for authorized consent. If the subject ceases to use a specific business function, the controller cannot continue to use the personal information previously collected.


Explicit Consent

Article 5.4 states that controllers of personal information are required to inform subjects about the scope and purpose of their data collection. When gathering sensitive data (defined as any information that, if leaked or misused, may harm one’s physical or economic security, affect one’s reputation or mental health, or cause deferential treatment), controllers must obtain “explicit consent.” Explicit consent means the subject must provide an authorized statement on either paper or an electronic format affirming the collector the right to process their personal information. A new addition to the 2020 Specification is regulations on the collection and retention of biometric data. In addition to securing the subject’s explicit consent, controllers of biometric data must inform subjects on their intended purposes, method of collection, scope, and storage time. Biometric data includes genetic information, fingerprints, voiceprints, palmprints, auricle scans, iris scans, face scans, etc. When a collector receives biometric data indirectly, they must confirm that the third-party from whom they obtained the data has already received explicit consent from the subjects.


Storage of Personal Information

Article 6 concerns storage periods, anonymization, and de-identification of personal information. Controllers are asked to minimize the storage period of personal information necessary to accomplish their purposes, after which personal information must be anonymized. De-identification must be done as quickly as possible and precautionary measures must be taken to ensure that personal information data will not be re-identified with its subject. When the controller ceases to use the product or service that collected personal information, they must anonymize the data and send a notice to all subjects informing them that their information is no longer being used.


Rights of Personal Information Subjects

The 2020 Specification theoretically guarantees more autonomy for personal information subjects than the previous specification. Article 8 states that controllers shall provide the subject with a method to query a) the type of personal information the controller holds about the subject, b) the purpose of obtaining the personal information, and c) the identity of any third-parties who may be involved with the collection of the subject’s data. If the controller violates any law or any agreement held with a subject, the controller is required to immediately delete all personal information. Controllers must also provide a method for subjects to revoke their authorized consent to access their personal information.


Sharing and Transferring Personal Information

To share and transfer personal information, controllers must a) conduct security impact assessments in advance, b) inform the subject about the purpose of sharing and transferring their personal information, and c) receive the subject’s explicit consent. The 2020 Specification states that, in general, personal information should not be publicly disclosed, unless the controller has conducted necessary security impact assessments in advance, informed the subjects of their intent, received the subjects’ explicit consent, and keeps a detailed record of the public disclosure. However, there are no exceptions to publicly disclosing biometric data, or the analysis results of personal sensitive data, such as race, ethnicity, political views, and religious beliefs.


Cross-Border Transfer of Personal Information

Article 9.8 states that personal information collected and generated in China can be transferred overseas, but the controller must comply with all relevant national regulations and standards.


Personal Information Security Incidents

Controllers must develop a specific and detailed protocol for handling and reporting any personal information security incidents, including regular trainings for any workers who handle personal information. Subjects must be notified immediately if their personal information has been leaked or breached. Controllers should develop security impact assessments, which evaluates what impact the controller’s standards of personal information security have on the legal rights and interests of the subjects.


Though this national standard is “advisory” and does not carry the force of law, foreign companies operating in China should strive to comply fully with this Specification as a “best practices” measure. There have been many questions in the past concerning data transfer overseas and to what extent the Chinese government would allow the sharing of data accrued in China with foreign entities and governments. The Cybersecurity Law, in effect since 2017, states that all information collected in China should remain in China and can only be transferred outside China if absolutely necessary for the needs of the business, according to Article 37. China discourages transferring data out of the country by creating required conditions, also found in Article 37 of the Cybersecurity Law, which requires an entity to conduct security assessments and obtain approval from local cybersecurity authorities before it can transfer data out of the country. The language of the article lacks any detail as to what might qualify as a “necessity” for a foreign entity to transfer data outside in China. One bonus of the 2020 Specification is that it provides a little clarity concerning data localization: Article 9.8 states that personal information collected in China may be transferred overseas, so long as the collector operates in compliance with all relevant national standards. It is important to note that this standard concerns only personal information, and not generalized data.


Though the 2020 Specification clarifies much of what is left unspecified in the Cybersecurity Law, there is still ambiguity surrounding specific procedures such as storage, anonymization, third-party sharing/transferring, etc. For this reason, our China cybersecurity/data privacy lawyers will continue working with Chinese local governmental authorities to confirm that our clients’ business operations are compliant with this new standard.

metal locking trade case

On July 9, 2020, List Industries Inc., Lyon LLC, Penco Products Inc., and Tennsco LLC (Petitioners) filed antidumping (AD) and countervailing duty (CVD) petitions against Certain Metal Lockers and parts thereof from China.

The subject metal lockers are typically used for storage in schools, fitness centers, athletic facilities, warehouses, transportation hubs, retail businesses, and other commercial and industrial establishments.

Locker rooms were specifically identified as a high risk danger zone for the spread of the coronavirus. With so many sports at all levels (professional, college, high school, club) canceled or postponed, demand for metal lockers must have taken a major hit.  Schools or businesses that have shut down and are struggling economically because of the coronavirus are for the most part not buying new lockers.

This petition looks like it is blaming imports for problems caused by the coronavirus.  But under U.S. trade laws, the U.S. International Trade Commission (“ITC”) only has to determine whether imports are “a” cause of material injury, not “the” cause or most important cause of injury.  If the Petitioners can show that imports had an adverse impact on volumes (e.g. loss of market share) and prices (e.g., price decreases or price suppression) that affected the domestic industry’s financial performance, the ITC will find that imports were a cause of material injury.

Another part of this case will be conducted by the U.S. Department of Commerce (“DOC”).  The DOC will investigate whether the named subject imports are being sold to the United States at less than fair value (“dumping”) or benefit from unfair government subsidies, and determine the amount of AD/CVD duties to impose.  The dumping margins calculated for products from China are often very high because China is considered a non-market economy so that DOC will not use the Chinese producer’s actual costs, but instead will use surrogate values to derive a normal value to compare against the U.S. export price.

Both agencies have to make affirmative findings of injury or threat of injury (ITC) or of dumping or subsidies (DOC) in order for AD/CVD duties to be imposed on the subject imports.


The proposed scope definition (see here) covers a wide range of metal lockers that are defined as storage devices with a width and depth of 27 inches or less, and may be floor-standing or wall mounted.  The lockers can be sold as individual or multiple locker units, and may be shipped pre-assembled or as sets of component parts, or as unassembled knocked down lockers.  The scope excludes certain lockers such as certain types of wire mesh lockers; lockers made entirely of plastic, wood, or any non-metallic material; multi-access point lockers; and lockers with installed electronic, internet-enabled locking device.

Metal lockers are imported into the United States under Harmonized Tariff System of the United States (“HTSUS”) subheadings 9403.20.0078. Parts of subject metal lockers are classified under HTSUS subheadings 9403.90.8041. These HTSUS subheadings are provided for reference only. The written description of the scope of the investigations is dispositive.

Alleged AD/CVD Margins.

Petitioner calculated estimated dumping margins of 277.40 – 330.80%.

Petitioner did not provide any specific Chinese subsidy margin calculations.

Named Exporters/ Producers

Petitioner included a list of companies that it believes are producers and exporters of the subject merchandise.  See attached list here.

Named U.S. Importers

Petitioner included a list of companies that it believes are U.S. importers of the subject merchandise.  See attached list  here.


Estimated Schedule of Investigations.

July 9, 2020 – Petitions filed

July 29, 2020 – DOC initiates investigation

July 30, 2020 – ITC Staff Conference

August 24, 2020 – ITC preliminary determination


December 6, 2020 – DOC CVD preliminary determination (assuming extended deadline) (10/2/20 – unextended)

February 4, 2021 – DOC AD preliminary determination (assuming extended deadline) (12/16/20 – unextended)

June 19, 2021 – DOC final determination (extended and AD/CVD aligned)

August 3, 2021 – ITC final determination (extended)

August 10, 2021 – DOC AD/CVD orders issued (extended)

China product liability insurance

Insurance is often an issue in the manufacturing contracts we write with Chinese manufacturers. Our clients often tell us they want a provision in their contract with their Chinese manufacturer that makes clear the Chinese manufacturer must secure X dollars in insurance protecting our client from any harm the Chinese manufactured product might cause. Our clients then mention that they want this insurance to name them as a third party beneficiary. More than anything, our clients want protection if the product they buy from China ends up injuring people or damaging property in the United States and/or Europe or Australia or Canada.

Our lawyers’ standard response is that we are happy to put such a provision in the contract, but it is dangerous to rely on it and it will increase the cost of the products our client buys.

We then explain how Insurance in China is a somewhat wild and wooly industry and many (most?) Chinese manufacturers have little to no insurance on the products they sell. We also tell them of how our China lawyers have seen many instances where Chinese companies agreed to purchase insurance but never did and even instances where Chinese companies sent out fake certificates of insurance to “prove” what they had purchased. We then explain the high cost and great difficulty of ensuring the Chinese manufacturer has secured the insurance it contractually promises to secure. Lastly, we mention how in the end the Chinese manufacturer will add its insurance costs to the products it sells.

We then mention how even if the Chinese company really does buys insurance (using our client’s money via increased product pricing), it will likely be really difficult to collect on that insurance from a Chinese insurance company if ever there is actually a problem. And though it is conceivable that a US or EU insurance company would write the policy for the Chinese manufacturer, the chances of this happening are exceedingly low.

We then strongly suggest how it might be easier/cheaper/safer for our client to secure its own insurance, rather than rely on its Chinese counterpart. Virtually without exception, they agree. Why pay someone else (through increased product pricing) to buy Chinese insurance that you probably can never be certain exists and will be difficult if not impossible ever to collect against? Why not just buy and pay for the insurance yourself?

Our clients almost invariably end up agreeing with us.

The takeaways from all of this are the following:

  • Insurance does matter.
  • Insurance you have gotten yourself, through people you know, is usually a much safer bet than relying on your Chinese counterpart.
  • Even foreign companies doing business in China may have less insurance than one would tend to believe.


China Cyber Lawyers

In The Chinese Government is Accessing YOUR Network Through the Backdoor and There Still is NO Place to Hide, I explained how Chinese banks are requiring their account holders to install malware which allows the Chinese government to see All account holder data — financial or otherwise. We received the usual set of comments we get whenever we right about the lack of data protection in China:

  1. There are those who ask why we write about China’s lack of data protection when “every country does the same thing.” First off, this is a blog about China. Second, not every country does the same thing. Third, your data in China goes to the Chinese government, not to Facebook or to Google and last we looked, neither Facebook nor Google have virtually unlimited power to imprison you.
  2. There are those who ask why we write about China’s lack of data protection when there isn’t anything anyone can do about it and would not we all (including YOUR law firm) be better off just keeping our mouths shut. Yes, we would all be better keeping our mouths shut and just acting like this is not a problem and continuing to encourage companies to go into China strictly for the money. But that is just not how we roll.
  3. You are international lawyers, not data security specialists and you just don’t know all the easy workarounds out there that will enable you to have a China bank account and give no data to the Chinese government. I will address these comments in this post

The most interesting comments focused on the idea that Western-style cyber security measures can be successfully used as a defense to government lead hacking in China. One detailed response appeared on Dylan Evan’s Simple Salt blog in Chinese spying: the ongoing saga.

Mr. Evan’s describes himself and his blog as follows:

Good security is easy for most people.  I want to explain how it can be easy for you.  I receive no compensation for any content on this site, and have no direct financial stake in any company mentioned on this site.

I have a deep technical background in corporate security and compliance, mostly for medical and finance companies in the USA.  I currently work for a large company in the finance industry.

Mr. Evan’s stated goal is to show cyber security is easy. But it is not easy in China because capable technicians like Mr. Evans are not permitted to work their magic in China and other than his one post on our post, there is nothing on Mr. Evans’ blog to indicate he has ever had anything to do with China cyber security prior to last week. Just to be clear, we are not questioning Mr. Evans’ cybersecurity knowledge, nor are we even questioning his knowledge of cybersecurity in China. We are simply pointing out why it is that he seems not to realize why China cybersecurity is not your father’s cybersecurity in Tulsa or Jacksonville.

To put it starkly, in China, the government itself is the hacker and it will not allow any foreign or domestic technician to provide services that will defeat the hacker’s ultimate goals.

Simple Salt starts its post by explaining how setting up banking operations on a separate laptop can seal the compromised site from the safely protected main site. The use of a dedicated laptop for banking purposes is standard practice in China. I did that in China myself when I had to step in to help run a company there. The reason a separate laptop is required reveals where the problems lie. The Chinese bank software is written so it will only run on a Chinese version of the Windows operating system.

Moreover, it will only run on an outdated, unpatched, unsupported version of Windows — usually an outdated version of Windows 7. The reason is that the malware hidden in the software depends on exploiting various flaws that are endemic in unpatched Windows operating systems. For this reason, anyone who is using a dual language, patched, supported version of Windows 10 simply cannot make use of the bank provided software. Use of the separate laptop is therefore forced.

In the daily life of a normal business in China, this use of a separate laptop becomes completely impractical. It is important to understand that under the new system I described, the entire financial and regulatory life of a business in China is done over the Internet. For full protection, then, we would need multiple separate laptops: one for each bank, one for the tax department, one for VAT receipts, one for the local government, one for the national government, one for freight forwarders, one for customs, one for the (government controlled) accountant, one for the bookkeeper, one for the employee benefits service. The list becomes endless. So the pressure is to combine all of those software systems onto one single laptop. This laptop is then used throughout the entire working day. It is not linked to the receiver (let’s say the one bank) and then immediately shut down. It remains linked to someone on the Internet for virtually the entire day.

But wait, it gets worse. Now all of the business’s important data is located on one or more dedicated laptops sealed off from the company’s main system. But to do business, the company needs the data from its laptops to go to its main system. Imagine for just a minute if all your company’s bank information were on one laptop in one office and not a part of your main system. So data from the laptops has to be regularly transmitted to the main system.

Not only must data from the laptop go to the main system at some point for the company to function at all smoothly, but it is also necessary for data from the main system to go to the laptop for use of the various systems located on the laptops. Again, just imagine how you will smoothly move only certain financial data from your main system to your laptop every day.

As a practical matter, it is not possible to keep the systems separate and during these required data transfers, your door is opened for malware infection. In the most primitive way, malware is transferred when a thumb drive is used for data transfer. However, many businesses just do the data transfer through some form of ethernet or wireless link between the various systems. In some cases, companies just give up and shift all their important financial operations to the dedicated laptop, or even to a Chinese Windows desktop.

This is what actually happens on the ground in China, and there is no way to prevent it. Some foreign owned companies in China will install a system based on advice from a foreign expert like Mr. Davies. They will use patched, updated operating systems, the most modern anti-virus protections, the best cryptography and a sophisticated VPN. This work is all in vain because when a network connection is required, China Telecom or some other Chinese government agency will install the network system. And they will say it is fine for you to use these systems for your personal purposes, but you cannot use these systems for any operations that make use of the Internet in China because China’s rules require the following:

1. China approved virus software.

2. China approved cryptography.

3. A China approved ISP.

4. A China approved cloud provider.

5. China approved connection software.

6. A China approved version of Chinese language Windows that we will provide to you.

7. Support service provided only by a China approved (and controlled) network consultant.

To top it all off, China’s local authorities have the right to inspect your networked system at any time without notice and this inspection is done without the participation of company staff. During that inspection, your data will be removed using a thumb drive. If the government inspectors want to do it, they can then install the malware through the use of that same thumb drive. Most large network connections in China are done through use of a cloud system. Chinese government authorities have the same rights to inspect the cloud system. In accordance with the rules, the client of the cloud provider will not even know that its system has been inspected.

Network systems are provided to businesses in China exclusively through the Chinese government and/or by Chinese government agencies and/or by IT consultants approved and controlled by the government. The Chinese government is the primary hacker in China, with your cyber security being performed by the hacker itself. This goes beyond a simple network connection. The Chinese government provides the landline phone system and the cell phone system. The Chinese government provides the Internet connection. The government Chinese government provides the email server. Many Chinese government agencies will not use email; they instead require all contacts be through WeChat, a completely insecure platform constantly monitored by the Chinese government. By using the extreme efforts described in the Simple Salt post, a foreign company doing business in China might be able to avoid one of these assaults on its data. But when the attacks come from every direction and are organized by the Chinese government itself, and all backed up by threat of imprisonment, any defense will ultimately fail.

So as I have said: there is no place to hide.

For this reason, the analysis provided in the Simple Salt post and in some of the other comments we received are naive and the vast majority of foreign invested companies in China do not have the capacity even to try. The task is too daunting and they know they will ultimately fail. The task is made even more pointless because in China these companies have no place to go for on the ground help. U.S. based cybersecurity consultants are not permitted to work on the ground in China, so the assistance is not in fact practically available.

Measures taken to maintain security against Chinese government intrusion are seen as suspect or even illegal behavior. This is an important point. On Twitter, our post was met with comments from China bots and China lackeys saying things like “the only people who care about this sort of thing are those who have something to hide.” Truth is though that it is that the Chinese government will not allow any consultant or any company to defeat its cyber hacking program. This program is part of critical, central government policy.

U.S. based cyber security consultants who promote their services by marketing an “easy” way to evade to Chinese government cyber hacking are doing a double disservice. First, within China their measures simply won’t work. Second, companies that use these measures risk being identified as a “problem”, leading to even more intrusive scrutiny of their network systems and potential increased scrutiny and interference with their business operations in China, perhaps even prison. See e.g., the following articles, all published within the last couple of weeks, and all detailing how China does not take terribly kindly to foreigners who try to circumvent the China system:

  1. U.S. Warns Its Citizens in China They Risk ‘Arbitrary’ Arrest
  2. Australians at risk of arbitrary arrest in China, DFAT travel advice warns
  3. China’s national security law for Hong Kong covers everyone on Earth
  4. China Thinks It Can Arrest Basically Anyone on the Planet for Criticizing Communism
  5. How this Long Island man ended up in a Chinese prison on espionage charges
  6. Michael Kovrig and Michael Spavor: China charges Canadians with spying

I challenge anyone to read these articles and then suggest that companies in China set up their network systems to circumvent Chinese government dictates.

So, as I noted, there is no place to hide. You are only “safe” if the Chinese government has no interest in you. The techno types who think they can defeat the Chinese system on the ground in China are living in a dream world. But there is no risk to them. The risks are loaded on the foreign companies operating within China. It is those risk we work to identify on this blog. Those risks are real and cannot be dissolved by techno-magic.

What are you seeing out there?

China then and now

Back in April 2007, we shared some tips on doing business in China that had appeared in Silk Road International.  As often happens when I delve into our archives, I was amazed at how much of the advice remains current. With that in mind I’m sharing it again, adding some commentary based on what has happened in the intervening decade-plus. Here we go.

First, you’ll get out of China exactly what you expect to get. If you hate China, complain about the dirt, the problems and the lack of QC, etc., etc., that’s what you’ll see everyday and that’s what you’ll take home. This doesn’t mean you have to be Pollyanna and only see the sun that shines through the outhouse window—some things here really, really stink. But it does mean that if you expect to be disappointed or plan to fight for everything you’ll do just that. Do you homework and know what you’re getting into before you come over.

This remains absolutely true. One thing that has changed, though, is there are now many more foreigners who have decided to make China their home and/or long-term business bet, who master the language, and who have made their peace with the less appealing aspects of the country. As a result, whiners will find less sympathy than back in the 2000s, both from other expats and from Chinese who have come to expect a bit more from foreigners in their midst.

Interestingly, as more businesses relocate to Southeast Asia, some seasoned China hands are turning into whiners themselves, complaining and pointing out how good things used to be in China. Don’t be that gal or guy.

Second, practical experience will do you more good than any degree, guide or guanxi. In coming to China this means know your industry and stand firm on your established standards and experiences. And then, when you’re here spend enough time to understand how your industry works over here. If this means that you fly over four or five or ten times before you close any deal, so be it. Get into factories more than once and more than for the guided tour.

Very true. First, with regard to guanxi, as this blog pointed out in a post aptly titled, China Guanxi: You Don’t Have It, “foreign investors who think they have created a guanxi network in China are usually deluding themselves.”  Fortunately, we’ve reached a point where this is better understood, in large part because of all the foreigners who have learned the hard way they couldn’t operate in the same way as Chinese because, well, they weren’t Chinese.

Similarly, by now we have plenty of examples of foreigners who wanted to operate in China on the cheap and/or easy. It just doesn’t work that way. If you want to have good results, you have to be on top of things. There is a reason why world-beating companies have their own staff working onsite at their suppliers’ facilities in China (and elsewhere), getting involved at the granular level. That might not be practical for most companies, but they should try to emulate that approach to the best of their abilities. Trusting the factories and other Chinese partners to get it right on their own is a gamble not worth taking.

Third, invest in your supplier and supply chain. If you expect better quality products you’d better start at the source of the products and spend the time (and money) that it takes to teach multiple levels of the supply chain what you expect, why you expect it and what it will mean to them to meet those standards. If you’re here for the long haul, invest in what it takes to create the supply chain that will justify your investment and provide you the ROI that is expected.

This is getting complicated in China. As we explained in How to Prevent China Factory Problems and Trademark Theft That is Happening Like Never Before,

Chinese factories believe their existing American clients will be leaving China in 2020, and they also believe their newest American clients are using them as “test kitchens” to develop products and then move production outside China once the product is developed and selling. Our China lawyers know this because Chinese factories have told us this and because we see what Chinese factories are doing.

What exactly are Chinese factories doing? They are getting aggressive with requirements to get started on manufacturing with them. They are getting less concerned with the quality of goods they make and sell. And they are stealing IP (especially trademarks) far sooner and far more often than even a year ago.

Under these conditions, it’s hard to establish the trust required to build long-term relationships. At the same time, investing time and resources in perfecting your supply chain will help demonstrate to your Chinese suppliers that you are not planning to cut and run.

Moreover, a worsening business climate in China does not have to mean worsening business relationships with Chinese suppliers. Many Chinese manufacturers have established operations in Southeast Asia. In some instances, the best path forward for you might be for your trusted Chinese supplier to set up shop in a country where your products won’t be subject to China tariffs or duties. If so, consider helping out with that process.

Fourth, be willing to learn from the factories and people [in China]. This doesn’t mean that you need to sacrifice any of your standards. But it does mean that due to technology, logistics, politics and even weather you may have to alter your standard production processes.

This is even truer nowadays, as Chinese factories and their staff have acquired more experience and increasingly innovate.

Fifth, if you expect your suppliers to follow their contracts and respect your IP then you’d better do the same. If you bust your supplier’s butt over IP violations and then have the factory driver take you to the local knock-off golf or DVD shop, what message are you giving to the factory?! Yea, what you do personally does influence how you are seen by your Chinese supplier. Make sure all your legal issues are taken care of in China (and back home) so that the law is always on your side, just in case. Get the right visa, file copy right and trademark applications both at home and in China, if you are going to get an office here in China, do it right.

Live by the local rules, die by the local rules. For a few years, I visited a supplier together with my client’s local representative to assess the supplier’s IP protection measures. During the visit, whenever we found deficiencies, the representative would scold the staff. A few days later, I ran into one of the supplier’s managers at a coffee shop. In confidence, he told me the representative would take samples for her own use, in violation of company rules. She was in fact responsible for some of the items I found to be missing.

Faced with that kind of hypocrisy, how could suppliers take IP protection guidelines seriously?

Finally, more than ever, it is essential you dot the i’s and cross the t’s when it comes to all sorts of legal requirements, especially in China. Again, what works for the locals won’t necessarily work for you. What works for a particular foreigner might not work for you. What is fine when it involves another foreigner might not be fine when it involves a Chinese national.

Back in the 2000s, people could have been forgiven for thinking they’d get away with a Wild West attitude in China. By now, however, we have plenty of cautionary tales that show how foolhardy it is to roll the dice.

China fakes

In May 2019, Luckin Coffee began trading publicly on NASDAQ at $17 a share. The Chinese coffee company raised $561 million in its IPO and in less than a year, its stock value had tripled to $51 a share. Started in Beijing in 2017, but headquartered in Xiamen, this Chinese company established thousands of locations in the span of two years. Luckin Coffee shops are designed to favor convenience and speed, as opposed to Starbucks’ more leisurely atmosphere. Luckin proclaimed itself as the greatest threat to Starbucks’ growth in China and in January 2020 Luckin Coffee had 4,500 operating coffee shops. Luckin offered heavily discounted prices, which increased its popularity and its ability to expand. At a glance, Luckin Coffee’s rapid and sustainable growth made the company seem like a foreign investor’s dream.

However, on January 30, 2020, an anonymous report on Luckin Coffee was released in the United States, claiming several cases of fraud. On January 31st, Carson Block of Muddy Waters LLC (which has a long history of spotting Chinese stock fraud) posted the 89-page report on Twitter. The claims in this report are not pretty: from April 2019 through the fourth quarter, Luckin Coffee inflated sales by $310 million and falsely increased expenses by $190 million. The first line of the report states: “When Luckin Coffee went public in May 2019, it was a fundamentally broken business that was attempting to instill the culture of drinking coffee into Chinese consumers through cut-throat discounts and free giveaway coffee.”

Though executives at Luckin initially denied the validity of the report, an internal investigation began in April 2020 and it essentially reached the same conclusion as the anonymous report: Luckin had grossly exaggerated (a/k/a flat out lied about) its sales figures to inflate the company’s value for the IPO. The investigation found Jian Liu, Luckin’s chief operating officer, as the primary culprit of the misconduct, though it is likely that the company’s chairman, Charles Lu, was aware of these misdeeds. The internal report also said that the accounting fraud was accomplished by funneling funds to the company from several third-party companies, most of which had ties to Luckin executives. Additionally, Luckin employees created false sales transactions to increase the company’s perceived value before going public.

Luckin Coffee’s market value, which was listed at $12 billion earlier this year, has now fallen to $1 billion. Luckin’s stock has lost 94% of its value and was most recently listed at $2.50 per share. On June 26, NASDAQ delisted Luckin shares and no longer allows them to be publicly traded.

Luckin’s swift demise is yet another warning to investors to be wary of Chinese companies. This may be easier said than done. The anonymous report from January that first revealed the controversy states “Luckin knows exactly what investors are looking for, how to position itself as a growth stock with a fantastic story, and what key metrics to manipulate to maximize investor confidence.” Mark Williams, a professor at Boston University and a former U.S. Federal Reserve bank examiner, said “Luckin is a microcosm of what can happen when weak underwriting standards are allowed to persist in the pursuit of rapid growth.”

Even more recent on the list of scandals involving fraudulent Chinese companies on NASDAQ is the Kingold Jewelry controversy. Kingold Jewerly is a Wuhan-based corporation that in the last five years took out $2.8 billion dollars in loans from Chinese financial institutions, using gold bars for collateral. On May 22, a Chinese court examined the gold bars and discovered they were gilded copper. Once this story came out, Kingold stock value fell 57%. The once-billion-dollar company now has a market capitalization of only $5.3 million. These scandals have not gone unnoticed by Wall Street and Washington, who are working together to pass bills that require fundraising applicants to prove they are not owned or controlled by a foreign government. NASDAQ is also hoping to create higher standards for applicants of initial public offerings and increase the minimum fundraising to $25 million.

Bob Pisani of CNBC has a July 9, 2020 article setting out other possible measures that might convince China to comply with US securities regulations. The issue at hand is that, just as fraudulent Chinese companies hurt Wall Street, so too does increased regulation and sanctions. The issue for Wall Street is striking a balance between enforcing stricter regulations while still allowing investors to profit from Chinese stocks. As accounting professor Roger Silvers puts it, “they have to be careful not to cut off their nose to spite their face.”

In the meantime, Luckin and Kingold stand as testaments to the risks of investing in Chinese companies. What appeared to be a foreign investor’s wildest dream soon became their darkest nightmare. The core of Luckin and Kingold and similar Chinese investment disasters  is that their stories were not plausible. No discounter opens 4500 retail outlets in two years and is also profitable. No jewelry company keeps massive amounts of gold in a warehouse to use as collateral for loans. More importantly, no lender takes gold as collateral without doing an inspection. This is particularly true in China, in light of the 2014 Qingdao copper scandal, where non-existent copper was used for the same illicit purpose. See Qingdao scandal casts a long shadow over metal markets.

It is time for U.S. investors to quit pretending China is somehow different from the rest of the world. It is not. If the deal looks or even smells bad, it almost certainly is bad.

Listen above or stream on SpotifyApple PodcastsGoogle Play or Stitcher!

The large-scale shift to telework brought on by the COVID-19 pandemic is prompting businesses around the world to explore new avenues to engage with clients and friends. Harris Bricken is no exception, and we are proud to announce our new podcast series: Global Law and Business, hosted by international attorneys Fred Rocafort and Jonathan Bench.

In Episode #13, we discuss what it’s like working for the Chinese government as an American with former Senior Government Consultant, James Moore. We cover:

  • China’s general business environment pre-Covid and post-Covid.
  • The division of labor between Chinese provincial governments and local governments with regard to business and fostering entrepreneurship.
  • What it is like to work inside the Chinese government as a foreigner.
  • Major draws to foreign businesses to continue to engage with China.
  • Major limitations toward foreign businesses doing business with China.
  • Reading, listening, and watching recommendations from:

If you have comments on this episode or if you’d like to suggest topics for future episodes, please email

And please follow Fred and Jonathan on social media to stay informed on upcoming guests and topics:

We’ll see you next week for another discussion on the global business environment with guest Simon Lacey as we discuss Southeast Asia and Huawei.

manufacturing contracts

Recently we have worked on several matter that involved reviewing multiple contracts and weeks’ worth of emails and WeChat correspondence to piece together how a China manufacturing deal went awry, with the aim to salvage the relationship between the Chinese manufacturer and our client, but mostly with the aim to determine whether we can help our client recover some of its funds that are now in the manufacturer’s Chinese bank account. The funds were paid in exchange for some substandard products. It is important to mention that these clients came to us only after the deals went bad.

Here are some conclusions I have drawn from this process:

Don’t be too eager to make a deal. In the Phase One trade deal between the U.S. and China, one major complaint is that the deal is not really a good deal. In the Trump administration’s haste to make a deal, they put together an agreement that is substandard for a variety of reasons, most notably because it lacks any real enforcement mechanism other than backing out of the deal.

Even good companies with experienced China hands can neglect to incorporate the best China business practices during contract negotiations if they are too focused on signing the contract. This generally happens when companies that are new to China think they cannot afford an attorney to help them conduct due diligence on their Chinese counter-party or draft a solid China contract. These companies typically believe they have enough general business experience not to need an attorney; they have great rapport with their China counter-party and are convinced they will be able to work through any future issues amicably; they have never had an issue in any previous business deal they have done on a handshake or a bare bones contract; their domestic attorney that does not specialize in China matters has looked over it; and/or they are on too tight a timeline to conduct due diligence or negotiate key terms that will matter if the deal starts to fall apart.

Get a good contract now. As a rule, companies need to use strong contracts crafted for enforcement in China unless you are sure you can get the contract enforced in your home country. If you intend to enforce the contract in your home country, then you need a strong contract crafted for your home country. You need a legal expert to confirm to you that you have a strong likelihood of success in a lawsuit.

This is not the same as your gut reaction that because you “know” you’re dealing with a “major Chinese company” that you will have no problem finding a cache of the Chinese company’s assets in your home country. Most of the really big Chinese companies never (and I mean never) do foreign deals with their actual main company. Instead, they set up asset-less shell companies for those deals. By way of one example, our China lawyers have represented parties in at least a dozen deals with one of China’s biggest and best-known companies and every single one of those deals was with a Chinese company formed no more than a month before the contract was signed.

If the Chinese manufacturer’s assets are only in China, you need a law firm that can produce a quality China manufacturing contract for you (see here, here, here, here, here, here, here, and here). Your normal (or top notch) U.S. law firm likely can produce a great U.S. manufacturing contract for you, but they will certainly miss some key elements for a China manufacturing contract.

Stick to your guns during your negotiations. Even if you have a good manufacturing contract, if you or someone in your company with authority decides that one or two provisions are not important (when they actually are), then you are consciously removing your China armor. You should have saved the money you spent on your manufacturing contract because you will need it (and a lot more) to pay your attorney to help you figure out where your negotiations went wrong, why your contract is now substandard, and (hopefully) discerning your best avenue for recovering some of your damages from the substandard products you received and now have no use for.

Make sure your team and your Chinese counter-party know who has authority to bind the company. You need to be clear who in your organization has “actual authority” and who has “apparent authority” to negotiate and contract for the company. Even someone without actual authority can have apparent authority if you do not make clear to your Chinese counterpart that they can only contract with someone who has actual authority. You need to provide this information in writing.

After the contract has been negotiated and signed, and after you have wired your funds and received substandard product, it is not a strong defense to say that you did not approve the prior actions of someone affiliated with your company, whether it is a low-level employee or third party agent.

Good record-keeping only helps if you don’t make a misstep. You may have meticulously documented every exchange with your Chinese manufacturer. And you may believe that you have a good recollection of the events. And you may believe that your employees, co-owners, and other trusted people like your Chinese-based sourcing agent all think and believe and act in lockstep with you. But chances are, you are probably wrong on one or more of these beliefs. Keep good records of all conversations in case you need to fight with your manufacturer at some point down the road. But you also need to prepare yourself for the probability that there will be something less than ideal in your records that you will need to deal with.

China contracting is fraught with dangers even on a good day, and in today’s environment we haven’t had a good day in many years. Remember that making a good deal now does not outweigh the discovery later that your good deal is really a bad deal. The famous Chinese idiom of 同床异梦 (one bed, two dreams) always potentially applies to you and your Chinese manufacturer and to you and everyone else in your organization. Don’t forget to take a step back and review everything before plunging ahead with a seemingly good deal.

Oh, and this review I did. Almost without exception, we ended up having to tell the client that because of its less than stellar contract and its string of various mistakes along the way, we did not think it would make sense for it to pursue their Chinese manufacturer any further. In other words, these companies were now out millions of dollars and we did not think it economical for it to spend a penny more trying to get it back. The client initially complained about our conclusion, to which we essentially said, “Look, if you want to keep paying us to try to recover money for you that we do not believe can be recovered, we will not stop you from doing so, but we do not recommend it.” They ended up taking our advice.

Don’t let this happen to you. Be careful out there.

China trademark lawyers

We constantly stress the importance of securing trademark registrations in China. See e.g., China: Do Just One Thing. Trademarks. But upon seeing an email from one of our international IP attorneys to a client, it occurred to me that we have not written about what companies should do after they secure their China trademark(s).

So here goes, in the form of the fairly standard email we write to our clients once we have received notification from the China trademark office that the trademark application has been accepted and the trademark has now been registered in China.

We are pleased to report that the following China trademarks have been registered for Class 25 goods (i.e., clothing):

(1)    [Brand name]
(2)    [Brand name] logo

Attached please find a scan of the Certificate of Trademark Registration (along with an English translation) for each of the above-referenced trademarks. Please note the following:

1.    If ______[client] LLC (i) changes its name or address; (ii) licenses any third party to use either trademark; or (iii) assigns either trademark, it must file an application with China’s Trademark Office to that effect.

2.    Each trademark will be valid for a period of 10 years, starting on the official registration date of June 21, 2013, and ending on June 20, 2023. If you wish to renew the trademarks, you may do so any time within six months before the expiration date.

3.    Each trademark will be presumptively valid throughout its term, but if a trademark is not used in commerce in China at least once every three years with respect to the covered goods, then it is at risk of cancellation for non-use.

We are still waiting to receive the original trademark certificates. Based on past experience, we will likely get that in about a month or so and when we do, we will send those to you.

As we noted in our previous email, we should discuss some other ways to protect your intellectual property in China.

Registering your trademarks is the first and most important step, but there are two additional steps we recommend, especially to those who manufacture goods at risk of counterfeiting, like branded clothing. First, monitor China for possible infringement of your marks, including monitoring third party applications for similar trademarks. Second, register your trademark with China Customs. The latter is an essential step if you believe counterfeit product may be coming from China because Chinese Customs will not seize allegedly counterfeit products unless you have a registered trademark in China AND you have separately registered that trademark with Chinese Customs.

Please let me know if you wish to discuss these additional steps with us

China employment law FAQ

In China Employment Law Webinar: Questions Answered, Part 1 and Part 2, I answered many questions I was not able to get to during my recent webinar on China employment Law: What Your Company Needs to Know. This is the final part of the additional Q & A.


Question: Are China employers obligated to inform an employee regarding employment contract renewal and, if so, how long before the current contract expires must that employer notification be?

Answer: Like so many China employment law matters, the rules on employment renewals vary by locale. Most places require employers give notice of renewal/non-renewal at least one month before the current employment contract expires. Regardless of what local law mandates, our China employment lawyers typically recommend employers start the renewal (or non-renewal) process early because it is much easier to deal with this issue early on before the expiration of the current employment term.


Question: Will the non-compete clause be effective even if the employee has not received any compensation for the non-compete clause?

Answer: Do you mean the employee never received any non-compete compensation after termination of employment? Whether a non-compete will be deemed effective will depend on additional facts, such as what exactly the parties agreed on regarding the employee’s obligations, the duration of non-payment by the employer, as well as what the local laws say. Generally speaking though, an employer must continuously pay its employee for a post-employment non-compete agreement to remain in force. In addition, the employee may unilaterally terminate the non-compete agreement/provision if the employer fails to make its required non-compete compensation payments for three months or longer, so long as the employee performed his or her non-compete obligations up to that point.


Question: If a non-compete clause has been included in the employment contract, but the employee does not receive any compensation payment, can the employer trigger the clause effectively?

Answer: A lot depends on what the non-compete and the employment contract say. See also my answer to the question above.


Question: Can I engage contractors instead of employees in China?

Answer: Generally speaking, China does not allow for independent contractors. This means any individual must be engaged pursuant to an employment contract, and your Chinese company must fulfill all employer obligations stemming from such employment, including paying the employee a salary and making social insurance and other mandatory employee benefit contributions. If you do not have a legal entity in China, you cannot directly hire anyone there and the independent contractor approach will not work. See Doing Business in China Without a WFOE: Will the Defendant Please Rise. There are some complicated work-arounds for this.


Question: We are a WOFE with four staff in Shanghai. We use FESCO to handle payroll and contracts. However, we have found FESCO to be slow and in many cases negligent. Aside from doing this ourselves, are there other options?

Answer: It is a little hard to comment on your situation without gathering up additional facts. In our experience, FESCO is generally pretty good overall, (though sometimes slow and always expensive) but this varies by location. If FESCO is not responding to you in a timely manner, you should request to speak to a higher-level manager, and you should also start looking at other HR service providers. Your options will also depend on your contract with FESCO. This goes without saying but you should never rely on FESCO for legal advice because they are not China lawyers, employment or otherwise. There are other options, but all are complicated and each have their own risks and rewards.


Question: Can a US company send its employees to China to perform some short-term work for its customers in China without getting any special visa?

Answer: It depends on what you mean by “special visa.” It also depends on other factors such as what the employees will do and how long they will work in China. This is not something you want to get wrong because China has since coronavirus been looking even harder for foreigners in China without the proper visa.


Question: I believe one of the latest China developments is the requirement for a business conducting CBEC to now establish a WOFE in China. I was a WOFE legal representative in China in 2009 for a German company. Can you touch on key changes since that time for someone becoming a legal representative again in 2021?

Answer: This is a very specific question and I do not have enough facts to even hazard an answer. I suggest you send me an email with your detailed questions. We will then review and get back to you with our initial thoughts.


Question: We have an employee who started out great but now is terrible. She is on an open-term contract though. Are we still allowed to terminate her?

Answer: Just because an employee is on an open-term contract does not mean she is untouchable. For example, you can unilaterally terminate an employee (open-term or otherwise) without having to pay severance if you can show the employee committed a serious wrongdoing in violation of your employer’s rules and regulations. With that said, terminating an open-term employee tends to be much trickier than terminating a fixed-term employee. Your options will largely depend on your employment contract with this employee and on your employer rules and regulations. Generally, if there is a no legally permissible basis for a unilateral termination, you will need to try to get it structured as a mutual termination (which requires a severance payment of at least the statutory severance amount) and she, as an open-term employee, will have a great deal more leverage in terms of severance negotiation.


Have more China employment law questions? Please feel free to send them to me at And please feel free to send me any other China or international law questions because if I cannot answer them, there almost certainly will be another lawyer in my law firm who can.