After the implementation of the new data security regulations, the hearing materials for the listing of Hong Kong stocks of Internet giants put more emphasis on data security risks, compliance measures and their potential impact on business. By combing the hearing materials on the listing of Alibaba, jd.com, Netease cloud music and microblog Hong Kong stocks, taking the supervision of a taxi platform in July 2021 as the watershed, the differences are as follows: 1) cloud music and microblog listed in November 2021 have significantly improved the frequency of words such as “data security”, “information security” and “privacy protection”, with emphasis on possible business risks, Including CRM, business expansion and third-party cooperation to share customer data; 2) Before 2021, Internet manufacturers such as jd.com and Alibaba have put more emphasis on the possible impact of EU gdpr and California CcpA & CPRA on overseas business. However, regardless of the degree of impact on business and the intensity of punishment, China’s personal security law is more stringent, and Internet manufacturers have paid more attention to it; 3) In terms of compliance measures, Internet manufacturers build a complete system from top to bottom. For example, cloud music is led by the vice president of technology. The cross departmental Information Security Committee formulates an overall compliance plan, sets up a data security team, and establishes a life-cycle security plan covering data collection, preservation, application and destruction together with other departments.
Data security has become the core of Internet regulation. The personal information protection law, data security law and anti-monopoly law may constitute the three legal pillars of Internet regulation in China in the future. The governance of the Internet industry continues to evolve, and there is still uncertainty about the impact on its business model and profitability. Sorting out the direction of data security supervision may be beneficial to understanding the investment in the Internet industry. The personal security law is similar to the European general data protection regulations (gdpr) in the framework of ensuring user privacy, requiring Chinese companies to ensure compliance in data storage and processing. On the cost side, Internet enterprises will make more investment to meet compliance requirements. On the business side, the original “data over collection” and “consumer price discrimination” And other extensive operation loopholes will be hit, and the regulatory power will be used to offset the inhibitory effect of capital pursuit of non-compliance income and super platform on market competition. In 2020, the anti-monopoly law was revised. At the end of the year, the central economic work conference proposed to prevent the disorderly expansion of capital. In 2021, the data security law and the personal information protection law and other policies have been implemented. In October, the Internet Information Office publicly solicited opinions on the measures for data exit security assessment (Draft for comments). It is expected that with the strengthening of users’ awareness of privacy and security, The spontaneous demand for data security of Internet manufacturers is urgent.
Regulatory policy overweight and big data accelerated application drive the development of data security, which will become the most explosive direction of network security in 2022. The short-term 10 billion market is dominated by technical service revenue, and the long-term SaaS operation revenue is expected to reach 100 billion. Recently, data security law, customs protection regulations, personal information protection law and other laws and regulations have been intensively issued and implemented. Only from the perspective of privacy computing, a component of data security, Gartner predicts that more than 80% of Companies in the world will face at least one data protection regulation focusing on privacy in 2023, In 2024, the expenditure on privacy driven data protection and compliance technology will exceed US $15 billion worldwide. With the implementation of the data security law and the rapid development of the data trading market, KPMG expects that China’s data security technical services are expected to reach 10 billion in 2023. With the cloud of IT architecture, it will leverage 100 billion of data security SaaS operating revenue in the long term.
Privacy security: Westone Information Industry Inc(002268) , Qi An Xin Technology Group Inc(688561) , Dbappsecurity Co.Ltd(688023) .
Network security: Qi An Xin Technology Group Inc(688561) , Westone Information Industry Inc(002268) , Sangfor Technologies Inc(300454) , Dbappsecurity Co.Ltd(688023) , Topsec Technologies Group Inc(002212) , Venustech Group Inc(002439) , Nsfocus Technologies Group Co.Ltd(300369) .
Risk tips: industry competition intensifies the risk; The policy strength is less than the expected risk; Macroeconomic risks; There may be errors between the calculation and the actual situation