In recent years, the widespread use of data has raised concerns about threats to individuals’ privacy, data breaches, and other forms of misuse. As a result, an increasing number of countries have moved to regulate how companies handle personal data. One hallmark example is the European Union’s (EU) General Data Protection Regulation (GDPR), first introduced in 2016.

Subsequently, many countries have begun adopting different variants of data regulation. China, for instance, moved to regulate personal data in 2017, citing both privacy and national security concerns.

How might such digital economy policies regulating data impact investments? ACI researchers attempted an estimate by exploiting the implementation of China’s Cybersecurity Law (CSL) and its focus on internet, network, and other digital services providers.

Passed in 2016 and entered into force in 2017, the CSL regulates personal data protection and defines the data security obligations of internet service providers and so-called critical infrastructure operators, including provisions on data localization.

The researchers noted that the official document of the CSL explicitly names several types of service providers and organizations, such as “providers of network products and services”, “electronic information distribution service providers”, “application software download service providers”, “internet industry organizations”, and “network-related industry organizations”. This prompted the examination of the differential impact of the CSL on investments in the internet and software industries separately from other sectors.

Utilising including nearly 20,000 deal information of venture capital investment data in China covering one year before the enactment of CSL and one year after the rollout of CSL sourced from the Preqin database, ACI’s researchers found that the number of venture capital deals in China’s internet and software industries in particular dropped by more than 8% and 11%, respectively, after the enactment and rollout of the Cybersecurity Law. Meanwhile, the negative effects are rather muted for non-internet and non-software industries. In addition, the reduction is greater after the rollout of the CSL than after the enactment.

Further dissecting the heterogeneous impact of the CSL on different types of investment stages and different profiles of investors, the researchers found that the reduction in the number of venture deals is more pronounced for early-stage investments and deals with foreign investors.

The research findings are consistent with the conjecture that while regulations such as the CSL are often intended to protect users and safeguard national interests, they may also have negative implications for the economy—both through direct compliance costs to businesses and an initial increase in uncertainty. Higher compliance costs and the associated policy uncertainty can potentially hinder investment, particularly for small firms that are less cost-competitive and for foreign investors who are less familiar with the regulatory environment.

ACI’s latest research contributes to the literature by moving beyond the commonly studied European context to examine the effect of China’s CSL on the country’s venture capital investments. The authors directly compare the volume of venture capital investments in China with that in other countries before and after both the enactment and implementation of the CSL using a difference-in-differences strategy. They also depart from previous qualitative studies on Chinese data regulations by formally quantifying the impact of the CSL on foreign investments and joint ventures in China.

The authors highlight that their findings suggest data regulations may have negative economic implications. This underscores the need for policies that carefully balance regulatory objectives with the goal of facilitating economic growth.

By HUANG, Yijia

Researchers: LIU, Jingting, SENGSTSCHMID, Ulrike, DOU, Liyu