20 Apple staffers in China detained on suspicion of selling customer data

Amid the controversy surrounding China”s new cybersecurity law, it appears authorities have good reasons to enforce new regulations for online activities. Chinese police say they have uncovered a massive underground operation run by Apple employees allegedly selling customer data illegally.

A police statement reported by the AFP reveals authorities had investigated the operation for months before apprehending 22 people over the weekend, including 20 Apple employees who allegedly used the company”s systems to gather private data from customers, including full names, phone numbers and Apple IDs.

Operating in Chinese provinces including Guangdong, Jiangsu, Zhejiang, and Fujian, the Apple staff in question allegedly charged between 10 yuan ($1.50) and 180 yuan ($26.50) for “pieces” of the unlawfully extracted user data.

The operators, who reportedly worked in direct marketing and outsourcing roles, cumulatively earned more than 50 million yuan ($7.36 million), according to the statement by local police in southern Zhejiang province. Police seized their “criminal tools” and dismantled the online network upon apprehending the suspects. It is unclear whether the stolen data belonged to International users or only residents of China.

China”s new cybersecurity law, which took effect Thursday, is expected to have a big impact on domestic business.

“There”s unfortunately a lot of confusion,” commented Michael Chang, an executive with Nokia and the vice president of the European Union Chamber of Commerce in China. “Industry is not ready because the implementation rules are not clear,” Mr. Chang said. “We still have a lot of unclarified territory that needs to be addressed as soon as possible.”

The law would require that companies, including those whose core business is data transfer, store their data locally, or risk fines up to RMB1,000,000 (US $150.000). Security checks will be carried out on financial and communications companies, while regular users will have to re-register with their preferred messaging service using their real names. Violations of the law may lead to revocation of licenses or closure of businesses.