With foreign competitors such as Facebook and Google blocked, domestic tech giants have for two decades dominated the Chinese market. The Communist Party has kept a firm grip on politics, but the tech firms have had considerable leeway in their business activities. “It was a Wild West within an authoritarian system,” says Martin Chorzempa of the Peterson Institute, an American think-tank.
Now the Communist Party is reminding internet billionaires who is boss. President Xi Jinping has authorised an extraordinary crackdown. Last year the planned ipo of Ant Group, a giant internet finance company, was halted at the last moment. In July, two days after Didi, a ride-hailing firm, went public in New York, China’s internet regulator ordered it to stop signing up new users, and forced its apps off mobile stores. The city of Beijing on September 6th denied reports that it is considering taking Didi under state control.
Video-game companies are being pushed into scanning their users’ faces to help enforce a ban on children playing online games for more than three hours a week. The crackdown has shifted the balance, says Mr Chorzempa. Now, “technocrats, who have been frustrated for years that companies ignore proper, sensible regulations, are empowered.”
The party is pushing for more than superficial change. It is using a suite of new laws and regulations to force tech firms to alter both their behaviour and their products. The aim is to control what Chinese people see and do online. The new rules will require tech firms to write code for their platforms so that they promote content that the government likes, and inhibit what it does not. This is likely to be more efficient than the whack-a-mole approach of enforcing the party’s will case by case, and plausible at a scale that the labour-intensive approach of trying to control technological systems directly would not be.
In the past month alone Chinese lawmakers have finalised at least four new laws and regulations which, as they go into effect over the next three months, will have the potential to reshape the Chinese internet. Technology regulations in other countries and regions, such as Europe’s General Data Protection Regulation (gdpr), mostly require companies to obtain their customers’ consent for the specific processing of their data. China’s new rules are much stricter and more wide-ranging. Tech firms will be expected to protect national security and public order, says Nicolas Bahmanyar, a data-privacy consultant with Leaf, a law firm in Beijing. “A little banner is not going to cut it,” he adds.
A Personal Information Protection Law (pipl), China’s first privacy law, comes into effect on November 1st. Years in the making, it is much shorter and less detailed than gdpr, which inspired it, laying out principles that are both broad and intentionally vague. Details and future reinterpretations are to be dealt with by regulations particular to certain industries or technologies. This, says Mr Bahmanyar, allows regulation to keep pace with fast-changing technology. It also gives the government leeway to enforce vague rules as it sees fit. Didi was hit by rules brought in to govern companies whose digital services are seen as critical infrastructure. These were rewritten to cover foreign listings just as the firm was attempting to go public.
Not all new laws will worry investors as much as the ones used to clobber Didi. Some deal with problems that affect the West, too. One forthcoming set of regulations published in draft on August 27th by the Cyberspace Administration of China (cac) looks to set the rules for the use of recommendation algorithms. This is the sort of software that companies like Amazon and Alibaba use to recommend products based on a customer’s shopping history, or that short-video apps like TikTok use to work out what viewers like in order to give them more of it.
The draft regulations require, for instance, that companies expose the keywords with which they have labelled their users, and allow users to delete them. This, in principle, will mean that internet users in China will no longer be dogged by advertisements for the refrigerator that a recommendation algorithm has decided they might like to buy. Writing algorithms which lead users to “addiction or high-value consumption” would also be banned. Algorithms which dispatch workers, such as Didi’s driver-management system, must “ensure workers’ rights and interests”. The regulations read like an attempt to fix the problems griped about by consumers everywhere.
They also require firms that deploy recommendation algorithms to “uphold mainstream values” and to “vigorously disseminate positive energy”. Such algorithms must not be used to “engage in activities harming national security” or to upset the economic or social order. As such, their aim seems to be to withhold algorithmic juice from any content that does not make the government look good.
Kendra Schaefer of Trivium, a consultancy in Beijing, has written that the publication of these new algorithm regulations marks the moment when Chinese tech laws have gone beyond those in Europe (in America, only California has such rules).
Data-protection experts say many of these changes will be beneficial. Chinese internet users are constantly assailed by spam messages and phone calls. An app developed by the ministry of public security, which promises to screen fraudulent calls and messages, has become one of the most downloaded in China since it was released in March. The Chinese press is full of stories about people’s personal data being stolen. In 2016 Xu Yuyu, a prospective student, died of a heart attack after transferring her life savings to fraudsters who used personal data purchased on the black market to trick her into thinking they represented her university.
Protecting people from such predations will burnish the party’s reputation for standing up for the little guy. The new rules give citizens more rights against companies than people in any other country. But they give Chinese internet users precisely no privacy rights enforceable against the state. Indeed, says Sajai Singh of J. Sagar Associates, a law firm in Bangalore, the creation of a single common standard for the treatment of data in China will make it easier for the state to spy on citizens. Mr Chorzempa says rewriting the law to make firms rewrite software is a sea change. Once they start feeling they can intervene “at this level and granularity, what else will they do?” he asks.