The flood of Western tech companies exiting China has continued, as Yahoo, LinkedIn and Epic Games joined the chorus of companies citing “challenging” operating conditions as they scale back or stop operating in the country altogether.

From 1 November, users were informed that Yahoo’s suite of services “will no longer be accessible from mainland China” due to an “increasingly challenging business and legal environment” that had driven the shutdown of Yahoo’s remaining weather, news and finance services, as well as Yahoo-owned media properties like AOL and TechCrunch.

Yahoo had already all but pulled out of China, having long ago shut down its Chinese email, web and music services as well as closing its Beijing R&D centre in 2015.

The move came just days after Microsoft announced that it would “sunset” its current Chinese LinkedIn app and limit its local presence to a soon-to-be-launched jobs app called InJobs that lacks a social feed and the ability to share posts or articles.

Such self-publishing features have recently come under the increasing scrutiny of Chinese authorities that see Western platforms’ social media functionality as a threat to state censorship and control.

“We recognise that operating a localised version of LinkedIn in China would mean adherence to requirements of the Chinese government on Internet platforms,” Microsoft wrote in explaining its decision to change strategies after seven years of operating LinkedIn in China.

“While we strongly support freedom of expression, we took this approach in order to create value for our members in China and around the world…. We’re facing a significantly more challenging operating environment and greater compliance requirements in China.”

Coming after previous government crackdowns on Facebook, Twitter, and Google, the latest departures leave China’s 926.8 million-strong social media market to domestic tech giants like Baidu, WeChat, and Weibo – which are accustomed to operating within the legislation and, unlike Western rivals, face no operational or ideological conflicts with international mores.

Even video-game giant Epic Games has dialled back its Chinese operations, announcing this week that it will shut down Fortress Night, the Chinese version of its popular Fortnite game, in the wake of a government crackdown that included limiting children to 3 hours of gaming per week.

People who need PIPL

For Western tech giants, the straw that broke the camel’s back was the 1 November implementation of China’s new Personal Information Protection Law (PIPL) – a far-reaching new law that imposes a range of obligations on companies utilising “sensitive personal information”, defined as personal information whose leakage or illegal use could “infringe the dignity of a natural person or cause harm to personal safety and property security”.

Borrowing heavily from the European Union’s general data protection regulation (GDPR) yet still significantly different, China’s PIPL is based around principles of lawfulness, legitimacy, necessity, and good faith; clear and reasonable purposes for processing personal information; and transparency, accuracy, and security obligations around companies’ use of personal data.

PIPL also requires personal information processing entities (PIPEs) to adhere to a raft of guidelines including forcing processors of personal information to store their data in Chinese data centres; puts the burden of proof on tech companies accused of breaching personal information protections; and creates new pathways for civil liability and class actions by consumer groups and government authorities.

PIPL extends its control to the foreign activities of companies providing services intended to facilitate the conducting of business in China or the evaluating the behaviour of Chinese individuals.

Penalties of up to 5 per cent of annual revenues may be applied in “grave” violations of PIPL’s requirements, with personal liability provided for those responsible.

“It is important for companies and financial buyers that process personal information in multiple jurisdictions to re-examine their data privacy policies and practices,” law firm White & Case advises, with a view to harmonising the procedures for different regulatory authorities’ requirements.”