Many countries are wrestling with how to regulate digital records. Some economies, including in Europe, emphasize the need for data privacy, while others, such as China and Russia, put greater focus on government control. The U.S. currently doesn’t have a single federal-level law on data protection or security; instead, the Federal Trade Commission is broadly empowered to protect consumers from unfair or deceptive data practices.

Behind China’s moves is a growing sense among leaders that data accumulated by the private sector should in essence be considered a national asset, which can be tapped or restricted according to the state’s needs, according to the people involved in policy-making. Those needs include managing financial risks, tracking virus outbreaks, supporting state economic priorities or conducting surveillance of criminals and political opponents. Officials also worry companies could share data with foreign business partners, undermining national security.

Beijing’s latest economic blueprint for the next five years, released in March 2021, emphasized the need to strengthen government sway over private firms’ data—the first time a five-year plan has done so. A key element of Beijing’s push is a pair of laws, one passed in June 2021, the Data Security Law,  and the other a proposal updated by China’s legislature in Apr0il 2021. Together, they will subject almost all data-related activities to government oversight, including their collection, storage, use and transmission. The legislation builds on the 2017 Cybersecurity Law that started tightening control of data flows.

The law will “clearly implement a more stringent management system for data related to national security, the lifeline of the national economy, people’s livelihood and major public interests,” said a spokesman for the National People’s Congress, the legislature. The proposed Personal Information Protection Law, modeled on the European Union’s data-protection regulation, seeks to limit the types of data that private-sector firms can collect. Unlike the EU rules, the Chinese version lacks restrictions on government entities when it comes to gathering information on people’s call logs, contact lists, location and other data.

In late May 2021, citing concerns over user privacy, the Cyberspace Administration of China singled out 105 apps—including ByteDance’s video-sharing service Douyin and Microsoft Corp.’s Bing search engine and LinkedIn service—for excessively collecting and illegally accessing users’ personal information. The government gave the companies named 15 days to fix the problems or face legal consequences….

Beijing’s pressure on foreign firms to fall in line picked up with the 2017 Cybersecurity Law, which included a provision calling for companies to store their data on Chinese soil. That requirement, at least initially, was largely limited to companies deemed “critical infrastructure providers,” a loosely defined category that has included foreign banks and tech firms….Since 2021, Chinese regulators have formally made the data-localization requirement a prerequisite for foreign financial institutions trying to get a foothold in China. Citigroup Inc. and BlackRock Inc. are among the U.S. firms that have so far agreed to the rule and won licenses to start wholly-owned businesses in China…

Senior officials have publicly likened Tesla to a “catfish” rather than a “shark,” saying the company could uplift the auto sector the way working with Apple and Motorola Mobility LLC helped elevate China’s smartphone and telecommunications industries. To ensure Tesla doesn’t become a security risk, China’s Cyberspace Administration recently issued a draft rule that would forbid electric-car makers from transferring outside China any information collected from users on China’s roads and highways. It also restricted the use of Tesla cars by military personnel and staff of some state-owned companies amid concerns that the vehicles’ cameras could send information about government facilities to the U.S. In late May 2021, Tesla confirmed it had set up a data center in China and would domestically store data from cars it sold in the country. It said it joined other Chinese companies, including Alibaba and Baidu Inc., in the discussion of the draft rules arranged by the CyberSecurity Association of China, which reports to the Cyberspace Administration…

Increasingly, China’s president, Mr. Xi, leaned toward voices advocating greater digital control. He now labels big data as another essential element of China’s economy, on par with land, labor and capital.  “From the point of view of the state, anti-data monopoly must be strengthened,” said Li Lihui, a former president of state-owned Bank of China Ltd. and now a member of China’s legislature. He said he expects China to establish a “centralized and unified public database” to underpin its digital economy.

Excerpts from China’s New Power Play: More Control of Tech Companies’ Troves of Data, WSJ, June 12, 2021