How China’s New CyberSecurity Laws Can (Will?) Destroy Your Business

In China’s New Cybersecurity Program: NO Place to Hide and again in China’s New Cybersecurity System: There is NO Place to Hide we wrote how China’s new “cybersecurity” laws give the Chinese government and its prized companies full and total access to all data and IP held by foreign companies. Yesterday, in China’s New Cryptography Law: Still No Place to Hide, we wrote why encryption will not provide foreign companies a way out from China’s wholesale takeover of foreign company data and its concomitant IP.  In this post, we set out two ways China’s data takeover will harm foreign businesses far beyond China.

The first harm comes from U.S. export control laws that require certain high-tech information not be disclosed to persons who are not U.S. citizens, green card holders or protected individuals without an export license. These export control laws directly conflict with Chinese law  requiring full and total government access to that information in China because putting information regarding a controlled technology on a server or a computer in China will instantly create significant export control problems for itself. Foreign companies typically put their private information in China on a private server in China so as to isolate that information from the Chinese government. China’s new laws make clear that foreign companies must turn over this information to the Chinese government and failing to do so can lead to prison time. This conflict will be an enormous problem for US high tech companies with computer servers in China with high tech information on them because their “willingness” to give this information to the Chinese government (which obviously is not a U.S. citizen or green card holder) will in some instances constitute criminal law violations of U.S. export control laws.

The second way China’s latest data subversions will be disastrous for many foreign companies is by eviscerating their trade secret protections. To prevail on a trade secret claim in most countries you must be able to prove the following three things:

  1. The secret taken qualifies for trade secret protection.
  2. The holder of the secret took reasonable precautions to prevent disclosure of the secret.
  3. The secret was wrongfully taken.

Number 2 above could prove to be the downfall of foreign companies in China and here is an example of how that could happen. Suppose your Australian company (this is not just a United States issue) has a trade secret regarding cost efficiently producing a particular product. Suppose you make your China subsidiary makes your product in China and you provide the production information to your China subsidiary so it can cost efficiently make that product. Now further suppose one of your employees at your Germany subsidiary quits the company and sells your trade secret to your largest competitor, based in the United States. You then sue your ex-employee in Germany and your largest competitor in the United States for trade secret violations. No doubt, both your ex-employee and your largest competitor will argue that the information they bought/sold was not a trade secret because by your having revealed this information to the Chinese Government (and to its SOEs and Universities, etc.) means you did not take reasonable precautions to prevent disclosure of the information and therefore the information lost any standing it might have had as a trade secret and your case should be dismissed.

Will your ex-employee and your largest competitor win on this argument? Who knows at this point, but I think they will because companies that go into China do so voluntarily and they know that by doing so they are making their information freely available to others.

Your thoughts?