The Netflix Black Mirror episode ‘Nosedive’ took place in an alternate universe: Individuals were able to rate all their interactions with each other between one and five stars. An Uber for everything – if you will. This rating determined your status in that society.
Some have compared China’s Social Credit System to the ‘Nosedive’ system, and judged it a dystopic nightmare. Others allege this is an unfair exaggeration, based on poor English translations and some floated, but not implemented, policy ideas.
In this piece, I explain what China’s corporate social credit system is, and examine one important implication: The impact this should have on foreign businesses with a presence in China, and how this relates to data protection and ediscovery processes.
The Social Credit System was announced by the Chinese Government in 2014, however it had been in existence regionally since 2009. The aim is to have a fully operational database and ranking system of all Chinese citizens and China-based businesses by the end of 2020. It would not be surprising of course if, as a result of COVID-19, this policy development gets pushed back.
There is both an individual rating and a corporate rating system purely for businesses. The rating, a score not entirely dissimilar to a US-style credit score, rates businesses based on their compliance record, including financial and tax records. After submission of information to the authorities, depending on their compliance, corporations can be put on a watchlist (i.e., improvement required), ‘blacklisted’ (i.e., listed as not recommended to do business with), or ‘redlisted’ (i.e. recognized as highly compliant and trustworthy). More than 33 million businesses have already been scored.
There is no one database holding this information, but multiple databases, some run by the Government, some run by private businesses, some held nationally and some held by municipal/city governments.
All Discovery processes, including the use of eDiscovery tools, rely on robust record-keeping and documentation practices of corporations: This ensures that in the Discovery process, the corporation can provide all required information.
The existence of corporate social credit ratings means businesses in China have to alter their information gathering, protection and reporting practices. They need to accurately gather a range of important compliance information about themselves, and other businesses, for reporting to the authorities (far more so, for example, than a corporation in the US). This information could, in theory, be accessed through Discovery proceedings.
However, China’s legal system is not a ‘common law’ system like that operating in the United States or the United Kingdom (among other places): It does not have a Discovery process for civil proceedings as we would know it (note, there is a form of limited court-directed evidence gathering).
A key consideration for businesses headquartered outside China, that have a formal presence or branch based in China, is that they could be required to release this information in overseas (e.g., US-based) litigation. This means these enterprises will need to have their data protection systems designed for both possible Discovery actions based overseas (the 2019 case, In re Application of Antonio del Valle Ruiz recognizes the possibility of requiring Discovery, in the US, of documents held in offshore locations), as well as their social credit reporting obligations in China. In theory, information held relating to social credit ratings could become discoverable overseas.
Businesses have a range of legal obligations that they need to keep in mind when designing their data/document custody processes. For any businesses headquartered overseas (e.g., in the UK or US), but with a presence in China, attention must be paid both to the documentation requirements of the corporate social credit rating system, as well as possible legal proceedings for Discovery, when designing their processes.