China Deepens Enforcement of Data Security Laws, Spiking Data Compliance Costs for Multinationals

From July to September 2024, China's Cyberspace Administration (CAC) rolled out new regulations for multinational corporations and global technology service providers.

Chinese regulatory bodies rolled out further implementing rules for the Data Security Law and Personal Information Protection Law, specifically detailing rigorous requirements for cross-border data transfer security assessments and standards for personal information export. The new regulations mandated that multinational corporations operating in China must undertake complex data localization storage and security review processes, significantly increasing compliance costs and operational complexity for foreign firms. The Chinese government asserted these measures were necessary to protect national data sovereignty and citizen privacy.

The introduction of these detailed rules fueled international business concerns about a burgeoning "data sovereignty wall." From a conservative perspective, Western companies argued that China was using data security requirements to erect non-tariff barriers, further restricting the free flow of global data and impairing operational efficiency in China. This move forced more multinationals to prioritize data governance and risk compliance as the highest concern for China investment, accelerating U.S.-China "decoupling" in the digital sphere and prompting Western nations to expedite the creation of their own digital trade rules and regional data transfer frameworks.