Apple will be passing control of its iCloud services covering mainland China to a Chinese company starting from late February, a message to customers in the country reveals, with the shift in operations made to comply with local cybersecurity and data protection laws.
Racks of Apple's iCloud servers in Maiden, NC
According to the message, the changeover will take place on February 28, reports the BBC, with Apple partnering with Guizhou-Cloud Big Data Industry Co. Ltd. The message from Apple claims the partnership will enable us to continue improving the speed and reliability of iCloud and to comply with Chinese regulations.
As part of the transfer of operations, affected users will have to agree to a new set of terms and conditions if they wish to continue using the services. The new terms include a clause stating that both Apple and GCBD will have access to data stored on the servers.
Customers based within mainland China have the option to terminate their account before the end of February, if they do not wish their data to be handled by GCBD. Those based outside mainland China remain unaffected by the changes.
The handover of iCloud services to a China-based firm may be of concern to privacy advocates, considering previous efforts by the country's government to censor or control its citizen's use of the Internet. There is also the suggestion that the rules make it easier for the government to perform surveillance on individuals in the country, and to access their personal data.
Apple advised that despite the changeover, it had strong data privacy and security protections in place, and no backdoors will be created into any of our systems.
Apple activated its first data center in China with GCBD in July last year, one month after the new laws were ratified, with the project receiving close scrutiny by the Guizhou provincial government via a working committee. The rules mandate certain data protections for Chinese citizens, including forcing foreign firms operating in China to store sensitive data on domestic servers, and requiring the same companies to pass security reviews before being allowed to transfer the data out of the country.