Christopher’s company entered China in 2012 and began co-operating with state-owned firms, using telecoms data to create advertising products. In 2014 the government signalled that it would strengthen data security, elevating it to the status of a national-security concern. Not long after, the offices of Christopher’s firm were raided. A dozen of his local staff were detained; two of them were held for up to two years.
Since lifting self-destructive covid-19 rules earlier this year, China’s leaders have gone on a charm offensive to lure back foreign businesses and investors. Yet the government is launching sporadic raids on foreign companies. In March the local staff of Mintz Group, an American firm that conducts corporate investigations, were arrested in Beijing.
The Personal Information Protection Law of 2021 is one of the strictest such statutes in the world, lawyers say. It restricts the transfer across borders of any information that can be used to identify individuals. Merely forwarding an email with a signature containing a Chinese citizen’s personal information may constitute an infraction, notes one lawyer. Almost all global companies in China are thought to be operating in violation of the letter of the code.