By Josh Ye
HONG KONG (Reuters) – A Chinese investigation of consulting firm Capvision Partners over national security concerns is the latest step in a years-long campaign by Beijing to tighten control of data generated within its borders.
State media accused overseas institutions of using domestic consulting firms to steal state secrets and intelligence in key areas key, state broadcaster CCTV said in a programme on the Capvision investigation.
Below is a timeline of main events in China’s effort to tighten its grip on data and information and especially over their export.
July 2015: China passes a national security law that broadened the scope to protect its cyberspace and also emphasised a need to develop key technologies. It replaced a 1993 law.
November 2016: China passes a cybersecurity law that contained requirements for security reviews and for data to be stored on servers in China.
June 2021: China passes a data security law on the protection of “important data” and “core data”, including information involving national and economic security, people’s welfare and on issues of important public interest.
July 2021: Authorities launch a cybersecurity investigation into ride-hailing giant Didi Global two days after it went public in the U.S. Sources said the firm had disregarded a demand from authorities that it undertook a cybersecurity review before its listing.
August 2021: China introduces regulations around so-called critical information infrastructure and also passed a personal information protection law that laid out conditions under which firms can collect personal data and transfer it abroad.
November 2021: Some Chinese providers of shipping information stop giving data to foreign companies citing a need to comply with new data laws, sources said at the time.
January 2022: China releases cybersecurity review measures that require platform companies with data on more than 1 million users to undergo a security review before listing shares overseas.
July 2022: China unveils cross-border data review measures that require a security review for “important” offshore data transfers.
September 2022: Regulators ask China’s biggest financial data provider Wind Information Co to stop providing offshore users with certain data, sources told Reuters.
March 2023: U.S. due diligence firm Mintz said authorities had raided its China office and detained five Chinese members of staff. The foreign ministry said Mintz was suspected of engaging in unlawful business.
March 2023: Chinese academic data platform CNKI suspends foreign access to up to four of its databases to comply with data laws.
April 2023: Legislators pass a wide-ranging update to anti-espionage legislation, banning the transfer of information related to national security and broadening the definition of spying.
April 2023: U.S. consultancy firm Bain & Co said police visited its office in Shanghai and questioned some staff.
May 2023: State media disclose that authorities have investigated consulting firm Capvision Partners.
(Reporting by Josh Ye; Editing by Brenda Goh and Robert Birsel)