Thy name is TikTok. India has banned TikTok along with a potful of other PRC apps on national security—cybersecurity—grounds. In response, TikTok’s CEO Kevin Mayer said that
Chinese authorities had never requested the data of their Indian users, and even if they had, the company wouldn’t comply.
“Never requested” is a cynically offered non sequitur. Not having been asked is entirely separate from never will be asked.
It’s more serious than that, though. The People’s Republic of China enacted a law in 2017 that requires all PRC-domiciled companies to comply with PRC intel community requests for information. Not “pretty please,” not “strongly encouraged.” It’s “stand and deliver, stand in violation of law.”
This past week, the PRC enacted an additional law, that while nominally aimed at Hong Kong, has the effect of fleshing out that 2017 law. This latest rule by law enactment tells the PRC government that it’s authorized to go outside the nation’s borders to enter other nations to arrest and bring to the PRC for trial those who violate or threaten PRC national security. Mayer’s pious claim that TikTok wouldn’t comply with such a request would be a clear violation—in PRC government eyes—and subject him and his staff to arrest and removal to the PRC.
Article 38 of that law specifically says this:
This Law shall apply to offences under this Law committed against the Hong Kong Special Administrative Region from outside the Region by a person who is not a permanent resident of the Region.
Beijing has long said that Hong Kong is critical to the PRC’s national security—and that’s the PRC’s rationale for this additional law. From that, any company not complying with an intel request, by threatening PRC security, offends against Hong Kong.
Mayer knows that. He’s not an ignorant or oblivious man.