China has approved only about a quarter of applications to export data since the introduction of new data security laws, dealing a blow to businesses struggling to navigate a slowing economy and increased tensions between Washington and Beijing. Under a law that came into force in September 2022, government approval is required for cross-border data transfers by companies with more than 1mn registered users, a low threshold in a country with a population of more than 1bn.
The Cybersecurity Administration of China, the country’s chief internet regulator, has yet to approve thousands of requests from local and international businesses to send data, ranging from personal credit history to online sales records, to their overseas partners, current and former CAC officials said.
Only about one quarter of all applications have been approved, according to one current CAC official, one former CAC official and the head of data security at a Chinese ecommerce company. It is not clear how many applications have been submitted in total. The CAC stopped publishing figures on approvals in May. It did not respond to requests for comment.