An anonymous reader quotes a report from MIT Technology Review: An aggressive new cybersecurity and data protection law in China that goes into effect today will have global ripple effects, and could serve as a model for other governments. But the Chinese government has also left many parts of the law vague -- likely an intentional move meant to allow the country to stake out its own sense of "cyber sovereignty" while waiting to see how the U.S., Europe, and others decide to regulate the flow of data across international borders. The new law is a resounding announcement from China that it intends to be a global player in controlling perhaps the most precious commodity of the digital economy: data. It's hard to know how the law will actually change things because the most controversial aspects of it are so vague. Among them is a requirement that certain companies submit their products to the government for cybersecurity checks, which may even involve reviewing source code. How often it would be required, and how the government will determine which products must be reviewed is unknown. This could come into play as part of China's broader regulatory push to expand law enforcement's power to access data during criminal investigations. Another vague directive calls for companies to store certain data within the country's borders, in the interest of safeguarding sensitive information from espionage or other foreign meddling. The government has delayed the implementation of this change until the end of 2018, however.