On Friday, Chinese tech stocks swooned for the nth time, sending the Hang Seng index into bear market territory, after Beijing approved a new privacy law to prevent data collection by domestic technology companies. As we reported then, China's most powerful legislative body, the Standing Committee of the National People's Congress, passed the Personal Information Protection Law that will go into effect on Nov.1. The move sent tech stocks plunging and leaving investors bewildered over the intensity of Beijing's regulatory crackdown that has slammed countless sectors.
It turns out that when it comes to control over data, Beijing is nowhere near done and late on Friday Reuters reported that as part of Beijing's unprecedented scrutiny of private sector firms, Chinese regulators are considering pressing data-rich companies "to hand over management and supervision of their data to third-party firms" if they want to list in the U.S.
The regulators believe bringing in third-party information security firms - ideally state-backed - to manage and monitor IPO hopefuls' data could effectively limit their ability to transfer Chinese onshore data overseas. That, Reuters notes, would help ease Beijing's growing concerns that "a foreign listing might force such Chinese companies to hand over some of their data to foreign entities and undermine national security" a increasingly sensitive topic for public Chinese firms such as Didi whose stock price plunged amid an ongoing feud with Beijing over who gets to control the company's data trove.
The plan is one of several proposals under consideration by Chinese regulators as Beijing has tightened its grip on the country's internet platforms in recent months, including looking to sharpen scrutiny of overseas listings.
The crackdown, which has smashed stocks and badly dented investor sentiment, in the process hammering US hedge funds who as we noted on Friday have been especially exposed to Chinese stocks...
... has targeted unfair competition and internet companies' handling of an enormous cache of consumer data, after years of a more laissez-faire approach. A final decision on the IPO-bound companies' data handover plan is yet to be made, said the Reuters sources.
The regulatory officials have discussed the plan with capital market participants, said one of the sources, as part of moves to strengthen supervision of all Chinese firms listed offshore.
IPO advisers are hopeful a formal framework on the data handover issue could be delivered in September, said the source.
Chinese regulators have recently put companies' overseas listing plans, particularly in the United States, on hold pending new rules on data security. Last month, the CAC proposed draft rules calling for companies with over 1 million users to undergo security reviews before listing overseas .
With US policymakers already worried that Chinese firms are flouting U.S. rules requiring public companies to disclose a range of potential risks to their financial performance, Beijing's data handover plan sparked renewed calls for caution.
"This is one more piece of evidence that private companies do not actually exist in the People’s Republic of China – they are all under the control of the Chinese Communist Party," U.S. Representative Michael McCaul, the top Republican on the House Foreign Affairs committee, said in a statement.
"Any company that does business in the PRC must answer to the CCP, threatening investor transparency, consumer privacy, and national security," he added, according to Reuters.
Senator Bill Hagerty, who sits on the Senate Banking Committee, echoed this statement to Reuters: "The Biden Administration and the SEC must continue to take action to ensure that Americans are aware of all the risks of investing in companies that are in anyway subjected to the Chinese Communist Party’s rule, including the CCP’s management of key data."
The plans to step up supervision of Chinese companies going public overseas came days after Beijing launched a cybersecurity investigation into ride-hailing giant Didi Global on the heels of its $4.4 billion U.S. stock market listing. Didi is now in talks with state-owned Westone Information Industry Inc to handle its data management and monitoring activities, Reuters reported earlier this month. The proposed restrictions on Didi could become a possible template for other data-rich Chinese companies that look to go public in the United States.
As noted above, Beijing's increasing sensitivity about the collection and usage of onshore data comes as the top legislative body on Friday passed a new law designed to protect online user data privacy. It will implement the policy starting on Nov. 1. In September, China is also set to implement its Data Security Law, which requires companies that process "critical data" to conduct risk assessments and submit reports to authorities.
The government has in recent years increasingly seen user data as key to the country's financial and social stability and pushed tech giants including Ant Group, Tencent and JD.com to share consumer loan data to prevent excess borrowing and fraud, Reuters reported in January. read more Ant is also in the process of spinning off its consumer-credit data operations, as part of the business revamp to revive its public share sale.