Nike Run Club App will shut its Chinese operations from July 8, the American firm announced last week. Nike has asked users to move to a Nike mini app on WeChat. Nike Run Club App has around 8 million users. Many foreign brands have pulled out after China enforced strict data protection laws. 

          U.S. companies leaving China, Source: Statista

Exodus of US companies

A week prior, Amazon announced that it was halting sales of its Kindle e-books in China starting from July 2023. Towards the end of last month, Airbnb said it too was pulling out from China owing to fierce competition from homegrown rivals. Microsoft-owned LinkedIn also shut down its Chinese operations last year.

Most foreign tech giants have either been blocked in the country (like Facebook and Twitter in 2009) or have quit the country (like Google in 2010). Last November, Yahoo left China citing “increasingly challenging” business environment.

By mid-November, Epic Games (the publisher of hugely popular Fortnite) pulled out of China in the wake of the Xi Jinping-led government’s chokehold on video games. The Chinese government has capped the gaming hours to three for children below the age of 18. 

Last August, China announced a set of expansive data protection policies emulating EU’s General Data Protection Regulation (GDPR). First came the Personal Information Protection Law (PIPL), which restricted the transfer of personal data of Chinese citizens across the border. The law kicked in in November which gave companies very little time to comply.

Like in GDPR, companies were required to submit themselves to a security clearance assessment conducted by Chinese regulators before transferring data and would have to appoint local representatives to handle privacy issues. Companies that violated the law were potentially subject to fines of up to 5 percent of their annual revenue or have their operation licence revoked. In addition, individual penalties could be levied against senior executives of the companies. If companies are found to store unauthorised data overseas, they are liable to pay even heftier fines that can run up to 500,000 yuan. 

The country’s Data Security Law came into effect in September last year. The Law is enacted for the purpose of regulating data processing, ensuring data security, promoting development and utilisation of data, protecting the lawful rights and interests of individuals and organisations, and safeguarding the sovereignty, security, and development interests of the state. 

The law applies to data processing activities and security supervision and regulation of such activities within the territory of the People’s Republic of China. Where data processing outside the territory of People’s Republic of China harms the national security, public interests, or the lawful rights and interests of individuals or organisations of the People’s Republic of China, legal liability will be investigated in accordance with the law.

The law also had an additional set of compliances for organisations that processed valuable data. These entities were required to open themselves to periodic risk assessments besides following PIPL’s cross border regulations as well. China has a much broader definition for “personal data.” According to PIPL even if the data cannot be matched to a specific user it can be classified as personal data as long as it can be “related to identified or identifiable natural persons.”

As its domestic tech giants like Tencent and Alibaba grew in scale and power, the Chinese government became wary about the increasing complaints regarding user privacy violations. Last year, before the 618 shopping festival, the Ministry of Industry and Information Technology summoned several e-commerce platforms and telecom companies for their intrusive marketing messages. The regulatory body also condemned apps including WeChat for illegal transfer of personal information.

In the beginning of last year, the country’s popular ride-hailing app Didi Chuxing came under fire for data privacy issues. Despite the fraught relationship with their own government, Didi filed for the US IPO in June. Right after the company raised USD 4.4 billion, the Cyberspace Administration of China initiated an investigation against it. In response, Didi’s executives said China’s cybersecurity law was vaguely worded and did not explicitly state how it would be implemented.