China's new corporate social credit system is a major new threat to data security
Data Privacy and Security

China's new corporate social credit system is a major new threat to data security

For Western companies with a big presence in China, all eyes have most likely been focused over the past few months on the escalating Sino-US trade war. Whilst this is understandable, in reality a fresh threat is waiting just over the horizon. From 2020, a new corporate social credit system (SCS) will give the authorities sweeping new powers to demand huge volumes of detailed enterprise data to analyse and cross-reference. For those already concerned about the implications of a sweeping Cybersecurity Law, this represents a potentially even greater corporate risk.

The stark choice for Western firms operating in the Middle Kingdom seems to be: comply and hand over your data, or refuse and get blacklisted.

How does it work?

Over the past few months awareness in the West has grown about Chinese plans to implement a dystopic-sounding social credit scoring system. The idea, eventually, is that every citizen will be given a score, calculated algorithmically and dependant essentially on their behaviour: parking fines, posting ‘rumours' online, smoking in non-smoking areas are all examples of activities which could lower your score. Drop below a certain threshold and you could be prevented from travelling, checking-in to nice hotels, or even from consideration for top roles at state-owned firms. Although we're still a long way from the all-seeing Black Mirror-like system many headlines predict, it is coming.

The bad news for companies operating in China is that a parallel version applies to businesses and is set to roll-out next year. While companies already get assessed by the government according to around 300 rules — covering things like health and safety, emissions and online customer complaints — the plan is to combine these into a single database, according to a new report from the EU Chamber of Commerce in China. The Chinese government will decide what rating is needed to pass, then the relevant authorities will collect information digitally on a continual basis, with a score worked out by algorithm. Sanctions for those with poor scores could include more inspections, restricted investment permits, public naming and shaming and even blacklisting.

"It is no exaggeration to say that the Corporate SCS will be the most comprehensive system created by any government to impose a self-regulating marketplace, nor is it inconceivable that the Corporate SCS could mean life or death for individual companies," warned European Chamber President, Jorg Wuttke.

To continue reading...


« Virtual CISO: Solving cybersecurity growing pains?


News roundup: Google cops $170 million fine for violating child privacy »
Phil Muncaster

Phil Muncaster has been writing about technology since joining IT Week as a reporter in 2005. After leaving his post as news editor of online site V3 in 2012, Phil spent over two years covering the Asian tech scene from his base in Hong Kong. Now back in London, he always has one eye on what's happening out East.

  • twt
  • Mail


Do you think your smartphone is making you a workaholic?