HONG KONG, Aug. 20 (Reuters) – Chinese regulators are considering urging data-rich companies to turn over the management and monitoring of their data to third-party firms if they want U.S. stock listings, sources said in Beijing’s unprecedented scrutiny of private sector companies.
Regulators believe that engaging outside information security firms, ideally government sponsored, to manage and monitor the data of the IPO hopefuls could effectively limit their ability to transfer Chinese onshore data overseas, one of the people said.
This would help allay Beijing’s growing concerns that foreign listing could force such Chinese companies to share some of their data with foreign companies and undermine national security, the person added.
The plan is one of several proposals under scrutiny by Chinese regulators as Beijing has been tightening its hold over the country’s internet platforms in recent months, including efforts to tighten scrutiny of foreign listings.
The crackdown, which has shattered stocks and severely hurt investor sentiment, specifically targeted unfair competition and how internet companies dealt with vast amounts of consumer data after years of being more laissez-faire.
A final decision on the data handover plan of the IPO-tied companies is pending, the sources said, who declined to identify due to the sensitivity of the matter.
The regulators had discussed the plan with capital market participants, said one of the sources, in order to strengthen the supervision of all Chinese offshore companies.
The IPO advisors hope that a formal framework for the data handover issue could be provided in September, the source said.
The China Securities Regulatory Commission (CSRC) and the Cyberspace Administration of China (CAC) did not respond to faxed requests for comments.
Chinese regulators recently suspended plans to list companies overseas, particularly in the United States, pending new data security regulations.
Last month, the CAC proposed a draft rule that would require companies with over 1 million users to undergo security audits before listing abroad.
The US Securities and Exchange Commission, which oversees US listings, did not immediately respond to a request for comment.
Beijing’s data transfer plan comes as US politicians raise concerns that Chinese companies are violating US rules that require public companies to disclose a number of potential risks to their financial performance to investors.
“This is further evidence that there are no private companies in the People’s Republic of China – they are all under the control of the Chinese Communist Party,” Rep. Michael McCaul, Republican chief of the House of Representatives Committee on Foreign Affairs, said in a statement.
“Any company doing business in the PRC has to answer to the CCP, which threatens investor transparency, consumer privacy and national security,” he added.
A total of 37 Chinese companies have raised $ 12.6 billion through US exchanges so far this year, almost double the $ 6.6 billion year-over-year, according to Dealogic.
Plans to step up oversight of overseas-listed Chinese companies came days after Beijing launched a cybersecurity investigation into ride-hailing giant Didi Global Inc (DIDI.N), which was high after it was listed on the US stock exchange of $ 4.4 billion.
Didi is currently in talks with state-owned Westone Information Industry Inc (002268.SZ) to handle its data management and monitoring activities, Reuters reported earlier this month.
Under the discussed plan, Westone could access Didi’s servers across the country to track their data collection, usage, and transfers – which, according to the report, could effectively prevent the company’s data from getting into the hands of a foreign company.
Didi said at the time that media reports about the transfer of control over the data were untrue.
The proposed restrictions on Didi could become a possible template for other data-rich Chinese companies looking to go public in the US, one of the people said.
Beijing’s increasing sensitivity to the collection and use of onshore data is due to the fact that the top legislature passed a new law on Friday to protect the privacy of online users. It will implement the directive from November 1st.
In September, China will also implement its data protection law, which obliges companies that process “critical data” to carry out risk assessments and report to the authorities.
The government has increasingly seen user data as key to the country’s financial and social stability in recent years, pushing tech giants like Ant Group, Tencent and JD.com to share consumer credit data to prevent excessive borrowing and fraud, Reuters reported in January. Continue reading
Ant is also in the process of outsourcing its consumer credit data operations as part of the business overhaul to revive its public stock sales.
Reporting by Julie Zhu and Scott Murdoch in Hong Kong; additional coverage by Chris Sanders and Michelle Price in Washington; Editing by Sumeet Chatterjee and Kim Coghill
Our Standards: The Thomson Reuters Trust Principles.