Draft Data Security Law With Enhanced Blocking Statute Against Both Criminal & Administrative Foreign Enforcement

Posted by Wang, Yi on August 5, 2020

As part and parcel of a comprehensive security-driven regulatory regime from trade, data/cyber to national security, China speeds up the legislation of Data Security Law. Once enacted, China’s blocking statute relating to data security will extend from criminal proceedings to any foreign enforcement proceedings, among other nuances that we will provide separately upon request.

China speeds up the legislation of its forthcoming Data Security Law as its legislation body released on June 28, 2020 the draft law to the public.  It is part and parcel of a comprehensive, Chinese security-related regulatory regime, which encompasses of the draft Export Control Law (see our alert on July 21, 2020), along with the National Security Law already in place since 2015.

Broader Blocking Statute to Foreign Administrative Proceedings

It contains blocking statute akin to those already under the International Criminal Judicial Assistance Law enacted in 2018, which will extend the coverage from foreign criminal proceedings to any foreign enforcement proceedings. This broad coverage hypothetically will include proceedings by not only securities regulators like the Securities Exchange Commission (SEC) of United States, but also supervisory bodies administering EU General Data Protection Regulation (GDPR).

Once enacted, it will become a “must” for any “individuals or organizations” (regardless of whether physically in China) who receives request by “a foreign enforcement authority” for data locally stored “within the territory of the People’s Republic of China”” to report to the competent authorities dealing with data security in China.  Moreover, provision of such locally stored data will be blocked absent due approval by Chines authorities.  The exception to this broad blocking statute is prevailing treaty obligations undertaken by China with cooperating foreign enforcement bodies.

Retaliatory Measures Against Foreign Discriminatory Action in Cross-border Investment/Trade Concerning Data or Data Development/Techs

The draft Data Security Law also contains empowerment clause for “retaliatory” measures against a foreign government taking “discriminatory” action in “cross-border investment/trade concerning data or data development/utilization technologies.”  Therefore, the forthcoming Data Security Law will have profound impact over structuring and closing of China-outbound investments and US-outbound technology transactions, as well as regulatory compliance associated with these transactions.

This legislation is expedited in light of the growing number of enforcement that appears (to significant number of Chinese investors and executives) to profile certain Chinese businesses and individuals as “instruments” of an “adversary government.” These enforcement activities do help pursue certain wrongdoers committing white-collar crimes from perspectives such as those under FCPA (Foreign Corrupt Practice Act) and/or export control regimes against abuse of dual-use items. 

Nevertheless, these preemptive enforcement could also create or have created additional layer of costs at both the private sector and at the regulators on commoditized technologies, goods and services.  The revenues of MNCs from these commoditized items are pivotal to finance their R&Ds efforts underlying the genuine American technology leadership.  The outcome of these controversies will be fact-depending and a matter of time given the uncertainty of legal proceedings involved. 

Moreover, the rush of such “foreign enforcement” could trigger the defensive maneuvers under the forthcoming Data Security Law, as well as the draft Export Control Law.  As such, MNCs must fully engage with their international trade counsels, along with M&A/business counsels to assess the impact of new regulatory requirements under the draft Data Security Law to their business operations and business planning/execution, besides presumption on revenue projection based on historical data.

Please feel free to let us know if you have any questions. Thank you.

About the author: Yi Wang, trade and business attorney with public and private sector experience in cross-border transactions, regulatory clearance for transactions and trade/FCPA litigation.

(This briefing first appeared at China Big Idea.)