As many U.S. tech companies — and so-called defenders of privacy and freedom of expression — work harder and harder to enter China’s booming market, they must confront their own complicity in enabling the Chinese government’s harmful policy of all-encompassing surveillance and control. Open MIC’s new report, Does Privacy Protection Have Borders? China’s Data Localization Rule and the Risks for U.S. Tech Companies, highlights this tension, revealing how U.S. tech giants have been employing a double-standard on user privacy in China compared to their operations elsewhere, endangering the lived realities of people in China and beyond.
The report, released today by Open MIC, a non-profit that works to foster greater corporate accountability in the media and tech sectors, discusses the implications of tech companies’ doing business in China under a 2017 Cybersecurity Law that imposes strict rules for local data storage. China’s strict and sweeping data localization rule effectively requires US tech companies to store data generated from their business in China on local partners’ servers in China. By complying with this rule, US tech companies are de facto facilitating the Chinese government’s easy access to people’s data, endangering Chinese people’s fundamental human rights and raising alarming questions for the rest of the world — does privacy protection have borders? If government pressure is strong enough, and the market is lucrative, at what point will a company shed the morality it claims to hold firmly?
“U.S. tech companies cannot hide behind legal compliance when they have frequently professed the importance of user privacy as core to the brand,” said Michael Connor, Executive Director of Open MIC. “As we see headline after headline announcing new data privacy scandals, it is alarming to see how quickly companies will quietly abandon professed privacy standards in China. Companies need to take a step back and establish stronger protections, regardless of where they are doing business, so that a new market in the short-term doesn’t destroy brand value in the long-term.”
The report raises red flags while urging a more collective and proactive approach to protect our global village in the internet era. The report gives rationale as to why privacy protection should not have borders, and why companies’ loss of standards in China impacts consumers everywhere.
While there is no quick fix, Open MIC calls the whole U.S. tech industry to, at a minimum:
Declare a strong commitment to defend and uphold strong data privacy policies and practices for all users, regardless of where they live.
Ensure that users understand and are aware of the risks of a company’s privacy policies and practices, particularly when those policies and practices leave users vulnerable to government surveillance.
Conduct thorough and public human rights and privacy risk assessments.
Publish regular transparency reports disclosing government requests for user data, including requests made of local partners that operate companies’ services in local markets.
Explore alternative and human-centric approaches to expanding their market without abandoning their principles.
Read the full report: http://privacyhasnoborders.openmic.org/