In a move that sets the stage for other global companies doing business in China, Apple announced on July 12, 2017, that it will open a new data center in China to locally host data in order to comply with China’s new cyber security law. The law, which took effect in June, imposes a number of cybersecurity obligations, one of the most significant of which was that personal information and other important data collected in China by certain entities are required to be stored domestically.
Apple plans to build the data center in the southern province of Guizhou to house all data for its customers in China using Apple’s iCloud service. (Previously, Apple pulled at least some data for Chinese customers from servers in the United States.)
The Chinese cybersecurity law’s requirement to host data of Chinese customers on local servers could apply to virtually every multinational company doing business in China, under the law’s broad definition of “network operator.” Although some other companies have indicated that they plan to comply with the data localization requirement, Apple’s major announcement (the data center is part of a $1 billion investment) demonstrates how seriously leading tech companies are taking the new Chinese law.
The move represents a marquee “win” for PRC regulators and will force other foreign companies to consider seriously the need to make similar decisions if they wish to continue to operate in China.
For more on the sweeping law, read Paul Hasting’s analysis here. If you have any questions regarding the law or compliance with the new requirements, please contact a member of our Privacy & Cybersecurity Practice.