China Power | Diplomacy | East Asia

China’s Bid to Write the Global Rules on Data Security

The new “Global Initiative on Data Security” is an attempt to wrest control of the data security narrative away from the U.S.

Shannon Tiezzi
China’s Bid to Write the Global Rules on Data Security
Credit: Illustration by Catherine Putz

On September 8, speaking at an international seminar on digital governance, China’s Foreign Minister Wang Yi unveiled a new “Global Initiative on Data Security.” In the words of Foreign Ministry spokesperson Zhao Lijian, the new initiative is an attempt at “contributing Chinese wisdom to international rules-making” on data governance.

The initiative, as outlined by Wang, involves eight points:

First, approach data security with an objective and rational attitude, and maintain an open, secure and stable global supply chain.

Second, oppose using ICT activities to impair other States’ critical infrastructure or steal important data.

Third, take actions to prevent and put an end to activities that infringe upon personal information, oppose abusing ICT to conduct mass surveillance against other States or engage in unauthorized collection of personal information of other States.

Fourth, ask companies to respect the laws of host countries, desist from coercing domestic companies into storing data generated and obtained overseas in one’s own territory.

Fifth, respect the sovereignty, jurisdiction and governance of data of other States, avoid asking companies or individuals to provide data located in other States without the latter’s permission.

Sixth, meet law enforcement needs for overseas data through judicial assistance or other appropriate channels.

Seventh, ICT products and services providers should not install backdoors in their products and services to illegally obtain user data.

Eighth, ICT companies should not seek illegitimate interests by taking advantage of users’ dependence on their products.

These priorities include an interesting mix of China’s concerns (for example, being cut off from access to Western technology and the growing power of foreign technology companies) and attempts to address concerns about China (that Chinese ICT firms like Huawei could install “backdoors,” steal data or damage tech infrastructure at Beijing’s behest). Of course, China has its own reasons to be concerned about data security – the Snowden leaks revealed the extent of U.S. digital surveillance around the globe.

Predictably, the initiative highlights China’s preferred points on data security, including requiring that data gathered locally be stored locally (a requirement criticized by both tech firms themselves and human rights groups). China has pushed for these positions at international talks, but now is formally attempting to solidify them into global rules for data security. According to Zhao, “China has put forward the initiative with the aim of safeguarding global data and supply chain security, promoting development of the digital economy, and providing a basis for international rules-making in this area.” China’s own rules for data security (including on cross-border data transfers) are still very much a work in progress, however.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

The stated purpose of the initiative is to “find a path of mutual respect and shared governance for addressing the challenge of digital security.” In Chinese diplomatic parlance, “mutual respect” translates to “respect for China” (because of course China, in its own narrative, has nothing but the utmost respect for other countries and their interests). And Wang made it very clear that this was China’s pushback against the United States:  “Bent on unilateral acts, a certain country keeps making groundless accusations against others in the name of ‘clean’ network and used security as a pretext to prey on enterprises of other countries who have a competitive edge. Such blatant acts of bullying must be opposed and rejected.”

Wang was referring to the “Clean Network” program, announced by U.S. Secretary of State Mike Pompeo in August to protect “citizens’ privacy and companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party.”

Based on Wang’s own framing, the Global Initiative on Data Security is China’s attempt to wrest back the narrative on data security issues. To that end, Beijing is making the most of the fact that, in true Trumpian form, the United States has approached data governance with a unilateral solution. By contrast, China has unveiled a global initiative – one that leans heavily on Beijing’s narrative that it is the true defender of multilateralism. In fact, the title of Wang’s address did not mention data directly, but instead called for “Upholding Multilateralism, Fairness and Justice and Promoting Mutually Beneficial Cooperation.”

“It is important to develop a set of international rules on data security that reflect the will and respect the interests of all countries through broad-based participation,” Wang said. With the United States content (under the current administration, at least) to make its own rules, China sees an opening to try to shape global norms, and claim the mantle of being a good faith actor in the system.

It remains to be seen how convincing other countries will find this pitch, however. While China is good at rhetorically trumpeting the values that underline much of the multilateral system, its actions don’t match up. Given China’s long history of banning foreign tech firms, for instance, Wang’s comment that “[p]rotectionism in the digital domain runs counter to the laws of economic development and the trend of globalization” rings more than a bit hollow.

China is right that global governance on digital issues lags far, far behind today’s technology. A serious effort to cobble together a framework of guiding principles is long overdue, and Beijing is looking to seize the initiative by offering its own proposal. Whether that will actually lead to global consensus on an contentious issue, however, is another question.