CHINA: THE NEW DATA WAR

China is embarking on a race to control crucial data and reshape global technology networks. Many believe that the United States has initiated an economic and technological decoupling from China. However, recent policy changes indicate that China itself is accelerating this process.

The technology race will determine whether China can “overthrow” the dominance of the United States. But technology encompasses not only inventions and innovations but also data systems, information, and the necessary materials for manufacturing. Technology has both inputs and outputs.

In terms of essential materials, China is demonstrating agility in searching for and acquiring resources worldwide, as well as actively developing technologies to extract resources from challenging locations like the ocean floor. The United States has expressed concerns, leading to the issuance of the U.S. Department of Energy’s 2021 Critical Materials Strategy. This document outlines detailed steps, actions, and tools across three pillars: (1) diversifying supply sources, (2) developing substitute products, and (3) improving reuse and recycling capabilities. These efforts aim to achieve four main objectives:

1. Ensuring a sustainable and independent supply chain of critical materials and minerals, free from foreign dependence.
2. Facilitating and supporting private sector involvement in building sustainable domestic supply chains for essential raw materials and minerals.
3. Establishing a long-term innovation ecosystem for materials and minerals.
4. Coordinating with international partners and allies to diversify the global supply chain.

Recently, the U.S.-China relationship seems to be deteriorating further, despite China’s efforts to attract multinational companies back. Data and information have become particularly contentious. Regarding data and information, there are three topics that can be deeply discussed: (i) China’s data governance model, (ii) legal frameworks and initiatives related to domestic and cross-border data pursued by both sides, and (iii) internet platforms and their impact from China’s perspective. In this section, I will discuss updates related to China’s data governance model and mechanisms. Overall, there have been notable changes in the months following the 20th Congress.

The concept of “comprehensive national security” or “overall national security” (总体国家安全) introduced by Xi Jinping in 2014 is considered essential for China’s development and the survival of the party. Initially, this concept included 11 types of security, but it has now expanded to 16, adding areas such as biological security and space security. The publication of President Xi’s speeches on comprehensive national security in March 2018, followed by a summary in 2022, demonstrated China’s efforts to turn this concept into an immutable principle of the party. It is worth noting that in 2014, China changed the field of “information security” to “cybersecurity,” but at the 20th Party Congress in October 2022, President Xi reused the term “information security.”

For the CCP, data is considered a “means of production” along with land, labor, capital, and technology. Chinese leaders believe that “allocating factors based on the market” (要素市场化配置) cannot be safely and effectively carried out without supervision. In the “socialist market economy,” the state sees itself as the central entity for data transactions. Chinese leaders view controlling the data of government agencies, state-owned enterprises, and private companies, as well as the existence of “data warehouses,” as a solution to the failures of the market.

President Xi Jinping has sought to enhance China’s “information security” primarily by establishing additional management and oversight mechanisms for data security. At the National People’s Congress (NPC) in early March 2023, the National Data Bureau (NDB; 国家数据局) was established as a central-level agency within the hierarchical system of the CCP. The NDB will be responsible for data protection and collection, including reporting information collected from close multinational ICT companies such as Alibaba, Ant Group, Tencent, and Didi Chuxing. Although there are no clear laws or regulations, government entities like the NDB, as well as state police and security departments, can always compel private companies to provide all personal and business information of users. The NDB is under the management of the National Development and Reform Commission (NDRC) of the State Council. Although part of the government system, the NDB will also take on some tasks of the Central Cyberspace Affairs Commission (CCAC), including coordinating the development and sharing of critical information sources and promoting connectivity of information sources. The NDB will report directly to the CCAC.

The restriction of access to information and data has been prescribed in many previous documents for Chinese companies. For instance, companies with data from more than one million customers must pass strict scrutiny before being listed or conducting transactions abroad. However, at present, the issue of restricting access to information has extended to individuals and foreign organizations, first and foremost, scientific data and information. The National Knowledge Infrastructure of China (CNKI) has suspended foreign access to some online repositories since April 1, 2023. CNKI is China’s leading academic database containing government articles, theses, and statistics across the country. The suspension came after a months-long national security investigation into the platform conducted by China’s Cyberspace Administration. This move is part of broader management efforts to control cybersecurity. CNKI is not the first platform to cut off foreign access, and the suspension seems to be part of an escalation trend. In March 2023, China’s Supreme People’s Court withdrew hundreds of thousands of administrative judgments from its online portal, reducing 99.99% of the total available judgments. And a few months earlier, the detailed information database of Qichacha, which can be compared to Crunchbase, cut off access to anyone without a Chinese phone number.

Although the Data Security Law (DSL) supports the establishment of a “data exchange market,” it is enclosed in a “sensitive data for national security and public interest cannot be traded” iron cage. That includes personally identifiable information (PII), which is now more strictly protected under the new Personal Information Protection Law (PIPL).

Because there is no clear definition or listing of “national security” and “public interest,” the boundaries of wrongdoing are often vague. On April 24, the Standing Committee of the National People’s Congress began considering changes and is expected to pass the Anti-spy/counter-spy Law (amendment) on April 26. This is the first amendment since 2014, with six new areas that will be considered espionage offenses. The amended law will expand the scope of the law, currently limited to state secrets, to include all documents, data, or items related to national security.

Shortly after the founder of e-commerce giant Alibaba, Jack Ma, returned to China last month, it was announced that the conglomerate would be divided into six separate entities. Three of these entities, specifically Cloud Intelligence Group, Global Digital Business Group, and Digital Media and Entertainment Group, would handle data of companies and consumers who are customers of Alibaba and Taobao. Notably, these companies are no longer associated with the name of the parent company Alibaba, indicating a joint venture or continued ownership of the government’s golden shares within the newly established conglomerates.

In March 2023, the CAC (Cyberspace Administration of China) launched an investigation into the activities of Micron Technology, the leading memory chip manufacturer in the US, which operates in China and accounts for 11% of global sales revenue. The CAC cited the need to protect the supply chain of Chinese data and ICT companies. This is the beginning of a series of inspections targeting data-related, accounting, and information companies from abroad. Mintz Group and Chinese branches of the Big Four accounting firms are required to cease their operations in China due to concerns about potential data leaks and the disclosure of business information to foreign competitors. Earlier this year, the Chinese government also ordered state-owned enterprises (SOEs) and some private equity firms to gradually phase out the Big Four accounting and auditing firms: PricewaterhouseCoopers LLP, Ernst & Young, KPMG, and Deloitte & Touche LLP. This directive was issued despite Beijing’s agreement with US securities regulators that the financial statements of Chinese companies listed on the New York Stock Exchange could be audited by US-appointed auditors based in Hong Kong.

The evolving landscape of data in China To activate data as an economic and social resource, China is creating state-backed data markets — a way to provide legal certainty in a chaotic market but also potentially impose pressure on private companies to share more of their data. It is estimated that by 2025, the global volume of data will reach 175 zettabytes (ZB), up from 33 ZB in 2018. Many jurisdictions are striving to exploit the economic and innovation potential of this data. In February 2022, the European Commission proposed a new Data Act, while the Data Governance Act (DGA) is on its way to becoming law. Meanwhile, in China, the DCSTQ (Data Center for Science and Technology of Qingdao) issued important opinions in April 2022, calling for the acceleration of the creation of a unified data and technology market.

The data market in China is not new. A large data exchange was launched in Qidong in 2015, being the first of more than 30 such exchanges. China’s data market has recently entered a new phase of development, with major cities establishing their own exchanges under strong central guidance. The Shanghai Data Exchange began trading in November last year, following Beijing’s lead in March 2021. Its website lists dozens of different products, ranging from traffic flow information to corporate credit ratings. Companies can register as members to buy and sell, but they can also conduct joint queries (temporary data reference) or access services such as data analytics, modeling, and encryption.

These pilot programs have not met expectations due to a lack of motivation and legal certainty for businesses to transact their valuable datasets through an intermediary platform. Without unified regulatory standards and operational benchmarks for data authentication, valuation, trading, and security, these programs have struggled to achieve their goals.

By: Pham Sy Thanh
Supported by: Datalac.com
Everything you need to know about Datalac is in here:
https://linktr.ee/datalac