Beijing’s watchful eye on all data flowing in and out of China
Data ports concentrate data for cross-border transfer and make oversight easier, says Kai von Carnap. They are already being called data supervision with Chinese characteristics.
This piece is the last part of a three-part series on data as a factor of production and a national resource in China, written by analysts in the MERICS Research Team on Science, Technology and Innovation Policies.
The flow of data into and out of China is facing ever more restrictions. New requirements regarding data transfer, localization and security have made the cross-border exchange of digital strings of information more difficult than perhaps in any other country in the world. Some of these restrictions are the result of legal requirements intended to protect China’s national security interests and the privacy of the country’s users. Yet some are the result of conflicting policy goals and the slow implementation of incomplete laws.
Since China’s Data Security Law (DSL) came into effect in 2021, for example, security reviews by the Cyber Administration of China (CAC) are mandatory if “important data” is exported or data collected in China might reach “foreign judicial authorities”. This enables the CAC to protect national security interests, yet the terms “important data” and “foreign judicial authorities” are legally not clearly defined. Similarly, the Personal Information Protection Law (PIPL) stipulates that consent of online users is required before their “personal information” can leave the country. This in theory protects individuals’ rights – and in practice hampers data shipments because export rules are still unclear.
Some US tech companies have already decided that data exports have become too burdensome and ended operations in China. Behemoths like Yahoo and Microsoft, owner of LinkedIn, have thrown in the towel alongside the private vacation matchmaker AirBnB and gaming giant Riot Games. As compliance costs will continue to rise, more companies are likely to retreat from China – especially as on-shore data-storage deals like the one Apple agreed with a Chinese state-owned company are controversial in the West.
Data ports – the new digital interfaces between China and the world
Chinese policymakers have recognized the challenges its new data regime poses to digital economies, not least its own. One possible solution are so-called data ports: designated areas equipped with information and communications technology (ICT) and experts, and a special legal status, in which the management of cross-border data transfer can be concentrated. Their construction was initiated when China’s Ministry of Commerce in August 2020 issued a plan to upgrade some existing pilot areas with “safe and convenient channels for international internet data”. By protecting national security interests and users’ privacy, it also ensures that China’s data doesn’t become another countries’ “factor of production”.
Five data ports are currently under construction within existing Free Trade Zones (FTZs). Most of them aim to be operational by 2025 and will focus on different issues of cross-border data flows – ranging from digital trade to protecting security interests and increasing soft-power – and so address different stakeholders and industries. They will make use of the existing infrastructure to provide designated territorial interfaces for cross-border data exchange and establish localized systematic data reviews, security assessment processes and export-certification systems. Such “data supervision with Chinese characteristics” is necessary to ensure long term compliance, as cyber-law professor Luo Wenhua argues.
The municipal government of Shanghai announced in 2018 that it would focus on the development of digital services of various kinds. It aims to expand its Lingang FTZ to become a special commercial area in which Chinese and foreign data can be stored and processed for digital services and other commercial uses. In 2020, the city further clarified that it wants its data port to attract 100.000 foreign and domestic firms and allow exabytes (or millions of terabytes) of data exchange. The state-owned New Area Cross-Border Data Company (新片区跨境数据公司) will be in charge of legal oversight and focus on serving the finance, automobile and industrial internet industries as well as medical research.
The FTZ in Hainan in June 2020 declared it wants to ensure “safe and orderly” data exchange with the outside world. The zone aims to specialize in telecommunication services and allow foreign digital companies to set up shop. It should also be ideally placed to host Chinese websites that are currently inaccessible from abroad. Using Hainan’s data port, they could gain global relevance and significantly expand their influence in the Chinese-speaking world. The Nansha FTZ in Guangzhou launched its International Data Free Port in March. It connects to the Asia-Africa-Europe submarine cable network and aims to complement or even replace Hong Kong as the landing station for the submarine cables.
Data alliances – China hopes to build on regional trade agreements
Data ports will provide Chinese firms with officially supported arrangements to navigate China’s complex cyber laws and to facilitate cross-border data exchange. Whether data ports will enable foreign companies and platforms to maintain or resume their business operations in China is unclear and will depend on a variety of industry-specific factors. For AirBnB and others, they offered insufficient means to deal with the burdensome compliance or came too late. Besides, foreign companies will also depend on the data laws in their home jurisdictions – and whether China’s data ports are globally recognized as the compliance interfaces that their municipalities and Beijing want them to be.
But as the EU and the US just signed a data sharing agreement, recognition of China’s data ports by or convergence on data governance with Western democracies seem unlikely for now. China is promoting its data ports in Asia Pacific and as part of trade agreements. On a recent visit to Pacific islands, foreign minister Wang Yi sought support for a communique stressing the importance of data networks, cyber security, smart customs systems as well as free trade negotiations. Beyond that, Beijing’s attempt to forge data-alliances as part of regional trade agreements, such as Digital Economy Partnership Agreement (DEPA), seems unlikely – in no small part precisely because of China’s restrictive data laws.
This piece is the last part of a three-part series on data as a factor of production and a national resource in China, written by analysts in the MERICS Research Team on Science, Technology and Innovation Policies. This series entails also the following short analyses:
China activates data in the national interest by Rebecca Arcesati.
Oceans of data lift all boats: China’s data centers move west by Jeroen Groenewegen-Lau.