Please use the sharing tools found via the email icon at the top of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email [email protected] to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
Personal online information belonging to Chinese owners of iPhones and iPads — including private messages, photos and device backups — is to be stored locally in China for the first time, as Apple opens its first iCloud data centre on the mainland. Apple’s move follows Beijing’s introduction last month of tighter cyber security rules and reflects the concessions foreign multinationals must make to tap the world’s largest mobile market, which is increasingly important for iPhone sales. The US tech group’s new facility in Guizhou will be jointly operated with a Chinese internet company, as part of a $1bn investment in the southwestern province. Announcing the relocation of mainland Chinese customers’ iCloud data from the US, Apple sought to head off potential security concerns from its tens of millions of users in the region. “As our customers know, Apple has strong data privacy and security protections in place and no backdoors will be created into any of our systems,” it said in a statement. Apple already complies with legally valid requests for data from law enforcement authorities around the world, including China. Nonetheless, moving customers’ iCloud data to a Chinese facility will make it easier for the authorities to go through the legal motions required to obtain that private information. Under US law, foreign governments have to undertake a process, which can sometimes take years, to obtain data about their citizens that are stored on servers in the US. China’s new cyber security law requires all data collected on the country’s citizens or areas relating to broadly defined issues of national security to be held on servers in China. Transfers of data abroad must first be reviewed and approved by regulators. Until now, Apple has serviced its Chinese iCloud customers using data centres outside the country, primarily in the US. Some Apple media systems, including parts of its iTunes and iBooks digital content stores, were transferred to servers in China a few years ago, but those systems did not include any personal data. Related article China’s cyber security law rattles multinationals Businesses warn rules will increase costs and leave them more vulnerable to spying Last year, Apple fought a request by the US government to break down the encryption protections built into its iOS operating system, as investigators sought to access a dead terrorist’s iPhone. Apple also said last year that it had rejected a Chinese demand that it hand over its iOS source code. The Chinese law means Apple must store its iCloud encryption keys there securely. Apple will retain control of the keys but, in certain instances, such as credit card information, only the user holds the key to their data, meaning the iPhone maker would be unable to comply with any request from law enforcement. Other US tech groups including Microsoft, IBM and Amazon already offer their cloud infrastructure services in China through local partners. Google has no data centres in China. “It’s not a new direction. China has been increasingly requiring different types of data be stored within China,” said Mark Natkin, managing director at Marbridge Consulting. “It’s indicative of an effort China is making to ensure that user data from online and mobile services provided to Chinese users is stored in data centres in China.”