Beijing’s cyber watchdog issues new data and algorithm rules
China’s most powerful internet regulator has finalized rules on the use of algorithms and on big data collected by firms that intend to list on overseas stock markets. The winter for tech platform companies is only getting colder.
The Cyberspace Administration of China (CAC) issued the final versions of two new sets of regulations today.
The data rules for companies that want to list overseas are a rehash of Chinese cyber sovereignty. But while the algorithm rules do ban the spreading of “harmful” political information, most of them are concerned with protecting users and employees from rapacious behavior by internet companies, and might actually appeal to internet users in the U.S. or Europe.
New data rules for firms that want to IPO overseas
The first set of rules (in Chinese) require any company with data from over 1 million users to undergo a security review before listing shares overseas, beginning on February 15.
The CAC first proposed the rules last July, with the aim of containing the amount of data that could be obtained or manipulated by foreign governments.
- The ride-hailing giant Didi became the unwilling poster child of Beijing’s new hard-line position toward data when it was forced to delist in December.
- The CAC wants firms to apply for cybersecurity reviews before submitting a listing to foreign securities regulators, something Didi did not do. If a national security interest is discovered during the review, then that company will not be allowed to list abroad.
China’s concept of national security is excessively broad: Even accounting information from companies that do not store data on Chinese users is subject to restrictions.
- Financial records from supposedly private companies are classified as “state secrets,” which blocks U.S. regulators such as the U.S. Public Company Accounting Oversight Body (PCAOB) from accessing them.
- According to the SEC, there are 224 U.S.-listed companies located in countries that prevent full PCAOB inspections, totaling $1.8 trillion in market value. The country with the largest share is China.
China news, weekly.
Sign up for The China Project’s weekly newsletter, our free roundup of the most important China stories.
Rules to govern algorithms
Separately, the CAC also issued new regulations (in Chinese) on algorithms today. They come into effect on March 1 and target “algorithmic recommendation” (算法推荐). The rules were first proposed in August (in Chinese).
Among many other requirements, the rules demand that companies:
- Provide the option to turn off personalization and opt out of automatic recommendations;
- Ensure that algorithms do not lead to different prices for different users;
- Allow users to remove personal information;
- Inform users “in a conspicuous manner” how recommendation algorithms work and what effect they have on user “rights and interests”;
- Protect the interests of minors, avoid causing addiction, and ensure they “obtain information that is good for physical and mental health”;
- Protect the interests of the elderly and “consider the needs of the elderly in travel, medical treatment, and consumption”; and
- Ensure that algorithms do not lead to the exploitation of workers and look after their interests, including “remuneration, rest, and vacation.”
