Author: Juan Du, University of Sydney
Responses from Chinese regulators to initial public offerings (IPOs) from the country’s tech companies grabbed headlines beyond financial markets. While memories of the suspended IPO and antitrust investigations into Jack Ma’s Ant Group are still fresh, regulators have launched a series of investigations into Didi Global, China’s largest ridesharing company, days after its launch. IPO in New York on June 30, 2021.
Some media reports on the regulatory measures are skewed towards speculation about the Chinese Communist Party’s enhanced grip on tech giants. But based on public information, the accumulation of user data is a common theme in the surveys of Ant Group and Didi Global.
Like the oil giants of the last century, big tech companies face growing challenges from states regarding their monopoly on user data. Super platforms act as a basic infrastructure for the digital economy, enabling everything from production to distribution and consumption of digital services. Backed by data, these platforms offer innovative solutions to digitize traditional sectors. But they also benefit from higher bargaining and pricing power, hampering market competition, innovation and consumer interests.
In April 2021, Alibaba received a heavy sanction from Chinese regulators following antitrust investigations. According to regulators, the company controlled more than half of online retailing in China between 2015 and 2019. Since 2015, Alibaba has asked merchants to choose between its platform and its competitors, using data and insights. algorithms to implement this strategy of “pick one out of two” – a violation of Chinese antitrust law.
Alibaba has also been accused of other data-related monopoly behaviors. Its data-driven solutions, such as personalized search results for customers, make it difficult for merchants to switch platforms without losing their customer base, transaction records, and revision histories.
National security is also a concern when examining the behavior of companies in cross-border data exchanges. The Didi Global investigation was based on China’s national security and cybersecurity laws, under which cross-border IPO-related activity requires critical infrastructure operators to seek assessment from ad hoc Chinese regulators first. to anticipate national security risks.
Two other companies came under scrutiny for the same reasons. Both control the personal data of millions of Chinese users and were recently listed on the US stock exchange. One of the companies, like Didi, manages large amounts of data on user identification and contact details, the flow of vehicles and people, and China’s transportation infrastructure.
Chinese regulators made revisions to the cybersecurity review measures days after the Didi investigations. These have forced operators handling the data of more than one million users to register with the cyberspace regulator for security-related exams before registering abroad. The cybersecurity review will be carried out by 14 Chinese regulators, and the securities regulator is the latest addition to this mechanism. The revisions concerned the Data Security Law, which will come into force in September 2021.
Reviews are a typical case of political decision making lagging behind developments in the industry. But when it comes to national security, countries often decide that prevention is better than cure, as evidenced by the increasing screening of foreign investment in critical infrastructure by the United States, Japan, Australia and the European Union.
Didi’s treatment had a ripple effect in the tech industry. Some tech companies like Meicai have chosen to delay their overseas IPOs to accommodate new compliance requirements. Venture capitalists may have doubts about regulatory risks when investing in Chinese tech start-ups and see it as a barrier to cash in their initial investments through IPOs. Chinese tech companies may be less favored after foreign investors were spooked by consecutive declines in Didi’s share price. Some companies may choose to list in place of the Hong Kong Stock Exchange.
Despite the chaos, there are some bright spots. Regulations prevent tech companies from collecting and using data illegally. As of May 1, 2021, companies are prohibited from collecting data without consent beyond the basic personal information defined. Large companies are more cautious about monopoly practices. Rival Chinese super-platforms, WeChat and Alipay, are reportedly considering opening up their ecosystems to each other and ending some restrictions on the choice of platforms for users.
Companies have put more effort into data governance and privacy protection. The development of technical solutions, such as Privacy-Preservation Computation, accelerates more secure cross-border data sharing. Companies will learn to consult Chinese regulators to minimize regulatory risks. Hopefully regulators will gain experience in putting in place a more controlled process for companies to meet compliance needs.
Although China is the world’s largest e-commerce market and home to many tech unicorns, its data laws are relatively underdeveloped compared to countries such as Europe, Singapore, and Australia. Its data security law, which will come into force soon, serves both development and security. China’s rapid data sovereignty legislation is driven in part by its competition with the United States. Since the US-China trade war, the US has issued lists of entities, decrees, and laws targeting China.
Data is the key factor of production in the digital economy. With China increasingly focusing on the quality of economic development rather than GDP growth numbers, tech companies are expected to curb the disorderly expansion of capital and follow fair market practices.
Juan Du is a doctoral candidate at the University of Sydney Business School.