Making Chinese IPOs a bit more private

Author: Juan Du, University of Sydney

The responses of Chinese regulators to initial public offerings (IPOs) by the country’s homegrown tech companies have made headlines beyond financial markets. With memories of the paused IPO and anti-trust investigations into Jack Ma’s Ant Group still fresh, regulators launched a series of investigations into Didi Global, China’s biggest ride-hailing company, within days of its IPO in New York on 30 June 2021.

Some media reports about the regulatory actions are skewed towards speculation about the Chinese Communist Party’s tightened grip over the tech giants. But based on public information, the accumulation of user data is a common theme in the investigations into Ant Group and Didi Global.

Like oil giants last century, big tech companies are facing growing challenges from states over their monopoly on user data. Super platforms act as basic infrastructure for the digital economy, enabling everything from the production to the distribution and consumption of digital services. Empowered by data, these platforms offer innovative solutions to digitalising traditional sectors. But they also enjoy higher pricing and bargaining power, hampering market competition, innovation and consumer interests.

In April 2021, Alibaba took a hefty penalty from Chinese regulators in the wake of anti-trust investigations. According to regulators, the company controlled over half of China’s online retail between 2015 and 2019. Since 2015, Alibaba has required merchants to choose between its platform and competitors’, using data and algorithms to implement this ‘pick one from two’ strategy — a violation of Chinese anti-trust law.

Alibaba was also accused of other data-related monopolistic behaviour. Its data-driven solutions, such as tailored search results for customers, make it difficult for merchants to switch platforms without losing their customer base, transaction records and review histories.

National security is also a concern when examining firm behaviour in cross-border exchanges of data. The probe into Didi Global was grounded in China’s National Security and Cybersecurity Laws, under which IPO-related cross-border activities require critical infrastructure operators to first seek evaluation from ad hoc Chinese regulators to pre-empt national security risks.

Two more companies came under scrutiny on the same grounds. Both control the personal data of millions of Chinese users and were recently listed in the US stock market. One of the companies, like Didi, manages large amounts of data on user identification and contact information, flow of vehicles and people and China’s transportation infrastructure.

Chinese regulators made revisions to the Cybersecurity Review Measures days after investigations into Didi. These made it compulsory for operators handling the data of over one million users to register with the cyberspace regulator for safety-related reviews before listing overseas. The cyber security examination will be undertaken by 14 Chinese regulators, and the securities regulator is the latest addition to this mechanism. The revisions referred to the Data Security Law, which will come into effect in September 2021.

The revisions are a typical case of policymaking lagging behind developments in industry. But when it comes to national security, countries often decide that it is better safe than sorry, as evidenced by the escalating screening of foreign investment in critical infrastructure by the United States, Japan, Australia and the European Union.

Didi’s treatment sent a ripple through the tech industry. Some tech companies like Meicai chose to delay their planned overseas IPOs to adjust to the new compliance requirements. Venture capitalists may have second thoughts over regulatory risks when investing in Chinese tech start-ups and see it as a hurdle for cashing in on their initial investments through IPOs. Chinese tech companies may be less favoured after foreign investors were spooked by the consecutive drops of Didi’s share price. Some firms may choose to instead list on the Hong Kong stock exchange.

Despite the chaos, there are some positives. The regulations restrain tech companies from illegal collection and use of data. Since 1 May 2021, companies have been prohibited from collecting data without consent beyond defined basic personal information. Big firms are more careful about monopolistic practices. The rival Chinese super platforms, WeChat and Alipay, are reported to be considering opening their ecosystems to each other and ending some inter-platform choice restrictions for users.

Firms have put more effort into data governance and privacy protection. The development of technical solutions, such as Privacy-Preservation Computation, is accelerating safer cross-border data sharing. Companies will learn to consult Chinese regulators to minimise regulatory risks. Hopefully, the regulators will gain experience in providing a more controlled process for firms to meet compliance needs.

Though China is the world’s largest e-commerce market and home to numerous tech unicorns, its data legislation is relatively undeveloped compared to places such as Europe, Singapore and Australia. Its soon to come into effect Data Security Law serves both development and safety purposes. China’s rapid legislation on data sovereignty is partly driven by its competition with the United States. Since the US–China trade war, the United States has issued entity lists, executive orders and legislation targeting China.

Data is the key factor of production in the digital economy. With China focusing increasingly on the quality of economic development rather than just numeric GDP growth figures, tech firms are expected to rein in disorderly expansion of capital and follow fair market practices.

Juan Du is a PhD candidate at the University of Sydney Business School.

The post Making Chinese IPOs a bit more private first appeared on East Asia Forum.

from East Asia Forum