China's Initiative to Set Global Data-Security Rules

1. Introduction. In August 2020, USA announced an expanded five-pronged “Clean Network” initiative (CNI) (The Clean Network) with the aim to lower Chinese access to data on Americans. It would include removing “untrusted” Chinese apps such as TikTok and WeChat from American apps stores (Raj, 2020). In response China has launched its own initiative in the month of September 2020 to set global initiative on data security (GIDS) (Wong, 2020), countering US efforts to persuade like-minded countries to ring-fence their networks from Chinese technology.

China’s Global Initiative on Data Security

2. China has launched an initiative to address global data security issues, a countermove to the U.S. “clean network” program that is aimed at discouraging other countries from using Chinese technology. Key Provisions of the Initiative are (Agarwal, 2020).

(a) Don’t engage in activities that undermine other countries sovereignty.

(b) Oppose mass surveillance against other countries.

(c) Data generated by companies should be stored in the country where it is collected.

(d) Don’t hack into data located in other countries.

(e) Cross-border access to data for law enforcement purposes should be given on the basis of bilateral/multilateral treaties that do not affect the security of a third state.

(f) Companies must not install backdoors in their products.

(g) Planned obsolescence should be discouraged and companies should disclose security vulnerabilities to users.

(h) Countries should maintain open and secure supply chain of ICT products and services.

Analysis

3. The GIDS prescription, such as call for data localisation can also be termed as anti-US, as US companies have much more global presence with data stored in US and other regional locations. Chinese companies are relatively new in this field and are in no position to match US companies and hence would not be adversely impacted on a similar scale.

4. The Chinese initiative purports to conduct data security in ‘an evidence-based manner’ and maintain transparency about its information technology protocols. It sounds good in principle but is arguable in practice. The evidence-based mechanism is not laid out in the initiative. No provision of judicial measures is mentioned to penalise companies installing backdoors in their products or transferring user data to their state government.

5. As compared to the EU’s General Data Protection Regulation (GDPR)[1] and Global Digital Cooperation Strategy (GDCS) (Shaping Europe's Digital Future, 2020), China’s data security regulations are more vague and conflicting. This initiative would disrupt, deter and in many cases, prohibit cross-border data transfer that is routine in the ordinary course of business.

6. China’s 2017 Cyber security law (Wagner, 2017) raised concerns about the protection of personal data, as the law requires companies in China to hand over data if requested by the authorities. This law does not signal the right tone for digital governance as mentioned in GIDS.

7. Through OBOR, Chinese firms command significant market shares and Beijing will be using this leverage to try to internationalise its domestic standards. If significant numbers of OBOR countries begin to adopt the standards by Beijing, this will impinge on even countries like India or those in the EU , which are not party to the initiative.

8. Success of Digital Silk Road (DSR) (Wheeler, 2020) depends on how the apprehensions of partnering countries are addressed specifically to the issues related to digital hygiene and cross border network and data security. The GIDS tries to create a framework under which these issues can be addressed. However, practical implementation of the same will depend on the domestic data privacy and security laws, which are largely absent or in draft legislation state in non-European countries (Data Protection and Privacy Legislation Worldwide). The adoption of GIDS will also depend on how EU’s GDCS and USA’s CNI unfold.

9. It is likely that some member states of the Shanghai Cooperation Organization (SCO) may join this initiative as there is correlation between the initiative and the International Code of Conduct 2015 (McKune, 2015).

10. Conclusion. China is right that global governance on digital issues lags, far behind today’s technology. A serious effort to cobble together a framework of guiding principles is long overdue, and Beijing is looking to seize the initiative by offering its own proposal. It remains to be seen how convincing other countries will find this pitch. So, while trying to signal the right tone for digital governance, the initiative appears to lack credibility. The GIDS, though couched in technical language, is in reality more like an effort to counter the US narrative of China.

(The views expressed in the article are that of the author.)