With the launch of its Global Data Security Initiative in 2020 and the recent negotiation of two plurilateral frameworks, one with Arab states and the other with Central Asian economies, China is signaling that it aims to be a standard setter in global data governance, writes Li Xirui of the S Rajaratnam School of International Studies at Nanyang Technological University in Singapore and the Intellisia Institute in Guangzhou. Beijing’s moves, she argues, will intensify the already heated China-US strategic rivalry.
Peering into the future at an ICT and artificial intelligence fair, Jinan: China has begun to put substance onto the concepts outlined in the Global Data Security Initiative announced in 2020 (Credit: Xinhua)
At the recent “China + Central Asia" (C+C5) foreign ministers' meeting, China’s Wang Yi and his counterparts from five Central Asian countries (C5 – Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan) signed the Data Security Cooperation Initiative of China + Central Asia (C+C5 DSCI). It is the second data security pact that China has inked in the world after it launched the Global Data Security Initiative (GDSI) in 2020; the first was China-League of Arab States (LAS) Cooperation Initiative on Data Security (China-LAS DSCI), which was launched on March 29, 2021.
Some technology analysts have argued that China’s promotion of GDSI slowed down in 2021, but the new cooperation initiative with Central Asia indicates that China is not only still building its global network on data security but it is also becoming clearer and more concrete in setting out the details of cooperation. The C+C5 DSCI puts flesh on the skeleton of the GDSI and builds on the China-LAS DSCI. It also presents more details on China’s construction of its global network on data governance and has major implications for Beijing’s engagement on the issue of global digital governance.
China’s data governance efforts: Adherence to multilateralism?
First, unlike the previous two initiatives which focused on bilateral and multilateral cooperation centering on China, the C+C5 DSCI mentions the role of the United Nations. In their initiative, China and the C5 recognize the dominant role of the UN in cyber governance. Moreover, they express their support for the establishment of an open-ended ad hoc inter-governmental committee to shape a comprehensive international convention which was decided on in UN Resolution No. 74/247. Although China submitted the GDSI to the UN General Assembly, this is the first time that China has incorporated the UN resolution into its expanding data security cooperation framework outside the structure of the global body.
In addition, the C+C5 DSCI makes it clear that the cooperative framework is based on international law. By explicitly mentioning the UN and international law, China appears to be aiming to integrate and safeguard the UN-centered international system or at least demonstrate that intention. Beijing seems to want to reiterate its commitments to the existing multilateral order, thereby showing that China is a true defender of globalism.
Second, the previous two initiatives are broad and more about consensus building, but C+C5 DSCI highlights three areas of cooperation:
Third, the C+C5 DSCI clearly states that China and C5 will explore the possibility of setting out a unified code of ethics to guide suppliers of ICT products and services in their respective countries. In past years, China’s efforts in constructing a Digital Silk Road have concentrated on enhancing infrastructure connectivity. Nowadays, as a part of “contributing Chinese wisdom to world development”, Beijing has made setting international norms and standards on digital governance one of the key goals in its 14th Five-Year Plan for National Informatization. In this context, the C+C5 DSCI is one of the first steps in this effort. Going beyond the international regulations ensuring the security of data and ICT-based business operations, China is more interested in shaping a moral ground on which the digital economy and newly emerging technologies should be regulated, guided by principles of governance as well as plain regulations.
Fourth, the C+C5 DSCI puts more emphasis on the protection of private property and the public interest. For instance, both the GDSI and the China-LAS DSCI assert that ICT enterprises must not force users to upgrade product systems. The C+C5 DSCI, however, adds a precondition: Those companies can push for mandatory system upgrades if it is to protect users’ private property and was in their public interest. The C+C5 DSCI adds that countries should enhance cooperation in combating ICT which threaten national political, economic and social security. With these additional terms, the C+C5 DSCI arguably indicates at least an intention to protect both individual human rights and national security at the same time. It is a manifestation of Xi Jinping’s “holistic view of national security” and an integral part of the country’s Global Security Initiative (GSI).
China’s activism for global digital governance
In recent years, China has focused on global digital governance. The number of Chinese officials in the secretariats of international standard-setting organizations has increased dramatically. China, meanwhile, has actively participated and even led in the negotiation of the Regional Comprehensive Economic Partnership (RCEP), which represents the first attempt to craft a data governance framework without the dominating presence of either the European Union (EU) or the United States. In signing the RCEP, includes a chapter on e-commerce, China has essentially departed from its longstanding hard stance on data sovereignty, making its first-ever commitment to binding prohibitions against the localization of data facilities and data.
Last year, China took further steps in this direction by filing applications for memberships in Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the Digital Economy Partnership Agreement (DEPA), both of which are known to have even higher standards in their data and digital trade provisions than the RCEP. China’s increasing enthusiasm in existing international standard-setting organizations and the mega-FTAs is part of its efforts to influence the shaping of global digital governance, as demonstrated by Beijing’s launch of the GDSI and its pursuit of the China-LAS DSCI and the C+C5 DSCI.
When China announced the GDSI in 2020, the initiative was more of a broad and vague consensus-building framework which lacked content. Gradually, however, China has started putting substance onto the concepts, with the C+C5 DSCI one of the very first efforts to do so. It thus has important implications for Beijing’s approach to global digital governance.
First, China is intent on showing firm support for UN-based global governance, even with regard to newly emerging technologies. In future, the role of the UN may be given greater emphasis in frameworks of digital governance initiated by Beijing. Its inclusion of data governance in free-trade arrangements and its pursuit of plurilateral data governance frameworks are two parallel lines in the effort to global digital governance.
Second, China will integrate elements relating to data and emerging technologies into existing regional and global cooperative frameworks. In other words, China is willing to tailor the contents of data and broader technology cooperation according to the needs of its partners and the characteristics of existing partnerships such as its cooperative and integrative initiatives with ASEAN such as RCEP.
Third, China will beef up its efforts to set not only international standards and regulations in technology but also norms and ethical principles. Such efforts go beyond the details of the mechanisms it negotiates and are founded on governance ideology, which is more fundamental and critical to how the new technologies and digital economy should be regulated.
Fourth, data sovereignty or cyber sovereignty will still be a major feature of China’s approach in governing digital technologies, both domestically and internationally. Beijing, however, may seek to uphold and promote this principle more smartly and less noticeably. For instance, China is no longer insisting on imposing strict data localization requirements but is advocating the principle of storing data in the countries where the data are generated.
Fifth, at least in the short term, China is unlikely to let non-state actors set the tone for the negotiations over digital governance. Although the Chinese government has been encouraging non-state actors to contribute more to digital governance, they will remain in supporting roles.
Finally, since data security is a pillar of China’s national security, expecting Beijing to make significant changes in the short term in its approach to regulating data flows would not be realistic.
China enters the standard-setting game
Given the significant impact of emerging technologies in geopolitics, digital governance, especially of cross-border data flows, has been a hot playground even before China stepped up its activism in the area. The EU and the United States, for example, have struggled to set the rules for transatlantic data flows for years. Nowadays, China’s ambitions and activities signal that Beijing has joined the game, which the West has dominated so far. Although China has used the EU’s General Data Protection Regulation (GDPR) for reference in many of its own data-governance efforts, it has been accused of promoting so-called “digital authoritarianism”, a third model of data governance and broad digital governance in addition to the EU’s human rights-focused model and the American market-oriented one.
China’s entry into the game has already provoked countermeasures from the West, especially the US, further complicating landscape. In May, while on a trip to Japan, American President Joe Biden announced his administration’s long-awaited Indo-Pacific Economic Framework (IPEF). One of major goals of the IPEF is to build a global network of partners and allies to compete with China’s economic influence and power in the Asia Pacific and beyond.
The IPEF, which now includes the US and 13 other countries in the region, identifies the setting of standards for cross-border data transfers and data localization and addressing issues relating to the connected economy such as privacy, discriminatory and unethical use of artificial intelligence (AI) as one of the initiative’s four major pillars. (The other pillars are supply chains, climate, and taxation and corruption.) This seems designed as a direct response to Beijing’s efforts and its achievements so far in global data and digital governance. With the China-US geopolitical rivalry heating up, Washington’s steadfast advocacy for the free flow of data and its insistence on letting market forces direct data governance will only widen the gap between the two countries on this critical issue.
Li, Xirui. (April 13, 2022) “Behind the US Concessions to the EU on Transatlantic Data Transfers”, AsiaGlobal Online, Asia Global Institute, The University of Hong Kong.
Li, Xirui. (October 7, 2021) “Can the US and EU Cooperate to Set International Standards for Emerging Technologies?”, AsiaGlobal Online, Asia Global Institute, The University of Hong Kong.
Park, Chaeri. (March 31, 2022) “Knowledge Base: China’s ‘Global Data Security Initiative’ 全球数据安全倡议”, DigiChina, Stanford Cyber Policy Center, Stanford University, Stanford, CA, USA.
Webster, Graham; Toner, Helen; Ding, Jeffrey; Berger, Blake; Russel, Daniel R; Lozada, Patrick; Rühlig, Tim; and Seaman, John. (March 22, 2022) “Will China Set Global Tech Standards?”, ChinaFile Conversation, ChinaFile, Center on US-China Relations, Asia Society, New York, NY, USA.
S Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), and Intellisia Institute