The Cyberspace Administration of China (CAC) announced that all tech firms with information on at least 1 million people must participate in a security review before going public overseas starting Feb. 15. Companies will only be allowed to go public if the CAC determines their data processing activity isn't a threat to China's national security.
- China's Personal Information Protection Law went into effect on Nov. 1.
- The law mandates that CAC must approve cross-border data transfers.
- Foreign firms must have an assigned agency or employee in China that oversees compliance.
- Companies that don't comply can be fined $7.5M or 5% of their revenue from the previous year.
- It's unclear if firms looking to go public in Hong Kong must undergo a review.