A new national security law has turned Hong Kong into a battleground for the United States and China’s escalating war over control of the global internet. Whether Hong Kong eventually falls behind China’s Great Firewall will depend on how strictly Beijing enforces the regulation, and how willing technology platforms are to stand up in the face of Communist Party pressure—particularly when their business interests are at stake. Some tech giants like Google and Facebook have already paused accepting requests for data from Hong Kong authorities. Others, like Chinese-owned TikTok, have decided to pull out of the region altogether.
The new law was imposed by the Chinese Communist Party with little input from local Hong Kong officials, and went into effect on the evening of June 30. It establishes a wide-reaching security apparatus with the power to crack down on a range of political actions, including separatism and subversion of state power. Civil rights groups around the world quickly decried the measure, and over the past week, activists, researchers, and other vulnerable groups began scrambling to protect themselves from its potential legal consequences.
On Monday, Hong Kong’s newly established national security committee released rules clarifying how portions of the law will be implemented. “The police can request online platform service providers to hand over information about their users, or remove content the government deems to be ‘endangering’ national security,” says Jenny Wang, a strategic adviser at the Human Rights Foundation. “This is a huge threat to internet freedom and the anonymity that Hong Kong protesters have relied on in the past year to organize and exchange ideas.”
If companies like Google and Facebook refuse to comply, they could be fined thousands of dollars, and their local employees may be sent to prison for up to six months. The rules also specifically extend beyond Hong Kong’s borders: For example, Facebook could be compelled to produce information about a user in the US if Hong Kong authorities deemed their posts a threat to Chinese national security. “Regardless of how often such requests are made, even the possibility of such harsh penalties for protecting user data will leave foreign businesses in an incredibly difficult position,” Jeremy Daum, a senior research fellow at Yale Law School’s Paul Tsai China Center in Beijing, wrote on Twitter. “They may well be left with no choice but to leave [Hong Kong], which may be the goal.”
After the implementation rules were released, companies including Google, Zoom, Microsoft, and Telegram all said they would temporarily stop accepting requests for user data from the Hong Kong government. “Zoom supports the free and open exchange of thoughts and ideas,” a spokesperson for the company said in an email, adding that it was actively monitoring the situation in Hong Kong. Representatives from Microsoft and Google said the companies were currently reviewing the law and had paused accepting user requests from the city. Facebook did not respond to a request for comment, but in a statement given to The New York Times said it was pausing user data requests pending further assessment of the law, “including formal human rights due diligence and consultations with international human rights experts.” Apple, which relies on the Chinese market for a significant portion of its sales and hosts iCloud servers in the country, did not respond to a request for comment.
“We believe that the pause in accepting data requests is a prudent move,” says Raman Jit Singh Chima, Asia policy director and senior international counsel at the digital rights group Access Now. He says tech companies need time to unpack the national security law and the powers it gives authorities in Hong Kong, as well as “how that’s going to impact the ability of their firms—and an increasing number of other companies—to respect human rights in their operations there.”