Airbnb’s recent IPO was a staggering success. Within hours of the IPO, Airbnb’s valuation amazingly exceeded Hilton, Hyatt and Marriott Hotels valuation combined. But Department of Defense employees who book with Airbnb, and perhaps investors as well, should be aware of a lurking danger when Airbnb or any U.S. company agrees to share its data with Chinese subsidiaries. American companies that share their data with Chinese subsidiaries or “partner” businesses risk having that data used to steal the U.S. company’s intellectual property and customer base. Additionally, DoD employees who are customers to such enterprises risk having their personal data shared, stored and exploited by the Communist Party.

The former director of national intelligence wrote that China’s strategy for U.S. companies is to “rob, replicate and replace.” Yet Chinese data-sharing demands are the ostensible price for entry to the Chinese market, and Airbnb opened users’ data to a Chinese subsidiary. Airbnb’s privacy policy clearly states, “Even if your country of residence is not China, some of your information will be shared with Airbnb China ...” For now, the written privacy statement limits the data sharing to Airbnb customers who travel in China, but there are danger signals.

The Wall Street Journal reported that Sean Joyce, a former FBI deputy director and Airbnb’s first “chief trust officer” resigned over concerns involving Airbnb’s data sharing with Chinese authorities. According to the report, Joyce believed most people using the vacation rental website weren’t aware of the extent of information shared. Sharing data with a foreign subsidiary is not always a problem, but given China’s civil-military fusion and a national security law that requires cooperation, a Chinese subsidiary’s access to U.S. customer data is significantly concerning.

Sharing data with a Chinese subsidiary means sharing it with the Communist Party of China (CPC). Data-sharing concerns led DoD to ban soldiers, sailors, airmen and Marines from using the TikTok phone app. Addressing the threat posed by TikTok, an August 2020 executive order states, “TikTok automatically captures vast swaths of information ... potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.”

Bans on use by DoD employees are prudential measures given the national security risks. While a DoD ban excludes a finite list of customers, U.S. firms would also be wise to calculate beyond the seemingly easy math of that finite potential loss versus the potential gain of a billion Chinese customers. The CPC’s proven track record when it possesses customer and proprietary data reveals a simmering danger to any U.S. company’s future survival.

The cruise industry serves as a fresh harbinger. Private firms, including Carnival and Royal Caribbean, spent a decade building a Chinese market with a vast and receptive pre-pandemic Chinese clientele. In late 2020, as cruise lines resumed business globally, the CPC limited licenses to operate in Chinese ports to state-owned cruise lines. Those Chinese cruise lines are well-situated to foreclose all competition even if non-Chinese cruise lines are allowed to return. Given the CPC’s history of monitoring Chinese citizens’ internet use, the state-owned cruise lines will surely have all the client data they need to contact, advertise to, and essentially target prospective customers.

The anaconda strategy the cruise lines are feeling has played out before. In 2001, Tang Energy, an American private company, jointly formed the HT Blade Company with the Aviation Industry Corporation of China (AVIC). As one of the CPC’s largest state-owned enterprises, AVIC supplies military aircraft to China’s armed forces. HT Blade was to use and protect Tang’s proprietary intellectual property and processes to make industrial blades for wind turbines. By 2010 the joint venture unraveled, and Tang won $70 arbitration award in 2015 for breach of contract based on a finding that AVIC acted alone to build a wind energy business instead of honoring the joint venture.

“Big-data is the new oil” is a common refrain. With the help of firms such as TikTok and Airbnb China, China is vacuuming up as much big data as possible for future use. Possession, even in the cyber realm and with data, is nine-tenths of the law. And in the CPC’s self-serving courts, possession by a state-owned venture becomes 10/10ths of the law.

As U.S. companies wade into the Chinese marketplace in the future, even when only relying upon Chinese subcomponents, they should tally the hidden price of a Faustian data deal. When sharing data with China, a U.S. firm not only endangers its customers, it endangers its own future. Client data, intellectual property, algorithms and proprietary processes, whether openly shared or reverse-engineered, will be mined to further Chinese economic interests. As it did with TikTok, the DoD should track the sharing of U.S. customer data with Chinese companies and ban the use when DoD employees’ data can be subject to storage and exploitation. Additionally, DoD should be aware of defense contractors or subcontractors in the supply chain that share their intellectual property with Chinese firms. Beyond ceding technological advantages, they risk a possible result of a Chinese state-owned, mirror business displacing the American venture globally.

Maj. Gen. Thomas Ayres (ret.), after a career in the U.S. Army, served as the general counsel to the U.S. Air and Space Forces.