With China’s passage this month of its Cyber Security Law (the “Law”; unofficial English translation on China Law Translate), much of the attention in the international business community has focused on how business obligations will change for mainland China operations and how the law will generally affect cross-border handling of customer, operations, and other data. These are all legitimate questions, and this attention is bound to create additional questions for China’s regulators to answer.
There is another area worth considering: To what extent may foreign businesses and individuals use the Law’s mandates to seek relief for data breaches and other cyber security compromises?
Recent reports have identified concerns over particular companies in China that manufacture Internet of Things (IoT) devices and distribute online application software, which implicate the security of Internet infrastructure companies outside of China and privacy for users overseas. In one account, hackers may have exploited