China has made a new amendment to its data security law that will bar companies with over 1 million users from publicly listing themselves on foreign soil-if they do not pass all the acts in the Cybersecurity review law
In simple words, online companies that have over one million users should go through a data processing activity taken up by Cyberspace Administration of China where it needs to submit details on how it collects, stores, uses, processes, transmits and discloses data to other governments when the need arises.
Chinese Cyberspace Review Technology and Certification Center of MIIT will then scrutinize the application and will review it based on three parameters.
In the 1st case, if no review is needed, then the company can go for public listing in foreign nations.
Second, if the Chinese data processor feels that the company’s data collection from users could affect national security, they can carry on with their business objective of filing for an IPO after a review certification gets completed.
In 3rd case, if the Chinese government feels that a company is posing as a threat to national security by going public on foreign soil, then they will be barred from doing business abroad.
So, all companies willing to operate in foreign countries should get an A+ certificate during the network security review in china before applying to the foreign securities regulatory authorities for going public.
Zuo Xiaodong, the Vice President of the China Information Security Research Institute, confirmed the news and added that the new law will curb companies selling data of Chinese users to analytics and advertisement firms operating on foreign soils- mainly UK and United States.