One of the things I love about being back in Seattle are the opportunities to meet with people passing through from Asia. Just this month I met with people I’ve known forever from China, Vietnam, Thailand and Japan, all of whom were “passing through Seattle” on 1-3 week U.S. trips. One of my best meetings was with a leading expat “risk person” (I’m not sure I can mention his name here so I won’t) who has been in China for about three decades. This is a person who has always understood China and — unlike many China hands — his knowledge of China is in no way rooted in 1983 (I picked that date entirely at random).
Much of our discussion involved China’s recent crackdowns against foreigners and cybersecurity. The insights this person relayed were both very much based on what he and his company have been seeing in China the last year or so, along with his conversations with Chinese government officials who matter.
If I had to pick two buzzwords for our lunch, they would be “enforcement” and “control.”
On the enforcement front, this person said that China has very much stepped up both its ability to enforce its laws and its desire to do so. He said that this absolutely holds true for both foreigners and Chinese and for both foreign companies and Chinese companies. For somewhat obvious reasons, our China lawyers have never represented Chinese companies on internal China law matters.
My law firm’s expertise is in helping foreign companies navigate China’s laws and in helping Chinese and other foreign companies navigate U.S. and European laws. This means our China clients are mostly American (North America and Latin America), European, and Australian. When we do represent Chinese companies, it is in their U.S. and their European matters. This is my long-winded way of saying that whenever our China lawyers talk about increased enforcement in China, we necessarily focus on increased enforcement against foreign companies because we have very little knowledge regarding enforcement as against Chinese companies.
But because the company of this person with whom I had lunch so often works with the Chinese government, he was able to tell me that what our China attorneys are seeing with Chinese law enforcement against foreign companies is happening with Chinese domestic companies as well. In particular, China has gotten very serious about enforcing its anti-corruption and tax laws against all who do business in China, foreign and domestic alike. See e.g., Doing Business in China Without a WFOE: Will the Defendant Please Rise. What this person also said is that China’s ability to enforce its laws has increased exponentially due to increased computerization and communication/cooperation between various Chinese government agencies. As an example of that, if you owe China taxes or owe on a China court judgment, China customs will likely know this and will not let you leave the country. See e.g. Shutting Down a China WFOE: Don’t Go There.
On the control front, we talked a lot about cybersecurity and consumer/industry research. If you are asking what those two have to do with control, good question. The control of which we talked was government control and both cybersecurity and consumer/industry research have a lot to do with that. Let me explain….
What this person told me (and what I have probably repeated about a dozen times since then), is that companies seeking to comply with cybersecurity laws need to know the underlying intent/goals of the data protection laws around the world. This person then said that Europe’s GDPR regulations are focused on privacy, U.S. data protection laws are focused on money, and China data protection is focused on control.
Let’s focus on China and control. China’s cybersecurity and data protection laws are focused on protecting China government control. They are focused on protecting data China does not want the world to see. It is focused on making sure data is localized to China and thereby easily subject to onsite inspections by Chinese government officials. See e.g., SaaS in China: The 101 where we talk about how China does not want foreign companies on “its Internet”; it wants foreign companies to be on its Internet only through more easily controlled Chinese companies.
How does industry and consumer research enter into all this? I will add in one of my favorite words to better explain: “content.” One of the things our China technology and our China media and entertainment lawyers are always telling clients is that “content matters.” if your website is being used to sell $11 widgets, it’s probably not a big deal. But if it is being used to sell newspapers or books the Chinese government does not like, it is a big deal. If your online courses teach how to become Microsoft certified, the Chinese government likely does not care. But if it is being used to educate the Chinese people about some aspect of history the Chinese government does not want them to know, the Chinese government will likely really care.
You should think about research in the same way. If you are researching whether 50 Chinese consumers prefer Diet Coke or Coke Light (does anyone really know the differences between these two worldwide anyway, and is it really true that in some countries they are exactly the same?), the Chinese government likely does not care. But if you are researching China’s total energy usage or production, the Chinese government likely really cares. It cares because your numbers might contradict its numbers and reveal (perhaps) . that China’s economy is not actually doing as well as claimed. Or maybe you are researching what percent of Chinese high schoolers would like to study and then work abroad. The Chinese government . might not like such a study for fear it may reveal discontent.
A CEO I know puts the basics of China’s Five Year Plans on a small laminated card he keeps in his wallet so he can easily check his company’s China plans to make sure they coincide with China’s Five Year Plan or at least do not contradict it. In other words, he is constantly making sure his company acts in harmony with China’s plans, not against them. You should be doing the same with your data and your research and your content.
What are you seeing out there?
Tomorrow, I will write about how trying to circumvent China’s laws (and government control) by trying to get “all technical” with them is usually a very bad idea.