Data governance: EU-China competition approaches

Data governance. Image of a racked Mac Minis in a data center in San Francisco (US). Photo: imgix (@imgix). Elcano Blog
Data governance. Image of a racked Mac Minis in a data center in San Francisco (US). Photo: imgix (@imgix)
Data governance. Image of a racked Mac Minis in a data center in San Francisco (US). Photo: imgix (@imgix). Elcano Blog
Data governance. Image of a racked Mac Minis in a data center in San Francisco (US). Photo: imgix (@imgix)

To talk about technologies is to talk about data. Discussions on global political positioning and economic competitiveness are intrinsically related to data. However, this departure point –the founding asset of other applications, is often overlooked. Data is a geopolitical and foreign policy dimension by itself.

The European Union has identified China as a cooperation partner, an economic competitor in the pursuit of technological leadership, and a systemic rival promoting alternative models of governance. The EU has turned into a pragmatic, topic-based, flexible approach to China. With regards to data, the European Commission’s President, von der Leyen, announced, in the aftermath of the EU-China virtual summit –held in September 2020–, common agreement on forced technology transfer, but still to be done in two paramount areas: market access and sustainable development. Data plays a major role in all these domains.

Dissent in data governance approaches

The European Union released its first-ever European Data Strategy in February 2020. Under the motto of searching for a single framework for the design, management, access, use, and sharing of data, the EU ambitions to build up a European data common market with reused, interoperable, and replicable data (pooling and sharing) across all strategic sectors. Data would certainly improve EU’s both internal and external competitiveness: through renewed innovation ecosystems –such as the 5G European Corridors for driverless vehicles and precision agriculture–, an adapted European Industrial Policy; or by becoming a trustworthy partner worldwide at data standardisation bodies or when deciding on data cross-border flows market value.

China announced, in September 2020, its Global Data Security Initiative: an attempt to introduce an alternative to the Western-led rules-based order on data governance –although the EU and the United States often differ with each other on personal data access and data-based surveillance usages. This China’s proposal went unnoticed by an important number of media, but its relevance cannot be questioned. It prioritises the guarantee for an open, secure, and stable global supply chain, and at the same time it opposes abusing ICT to conduct mass surveillance against other States and promotes the respect to the State’s sovereignty.

Regardless of the explicitly mentioned support of multilateralism, still the EU labels China’s data governance approach as constraining and limiting. First, China regulates personal and non-personal data processing through the conflation of disjointed and sector-specific laws and regulations. China has articulated three documents: the 2017 Cybersecurity Law –which might be the European GDPR’s equivalent; it is not strictly related to data though–, the Data Cross-Border Transfer Security Evaluation Measures, and the Transfer Security Assessment Guidelines. The EU rather centralises data governance under a single strategy, alongside the legal GDPR backdrop.

Second, China’s data localisation requirement is not favourably seen in the EU. De-facto existed from early 1990s, it was formalised in the 2017 Cybersecurity Law. It obliges all businesses operating within China to store all “significant data” on servers located inside the country. If a certain company needs to transfer data outside the country for business purposes, the government conducts a security assessment whose concepts and requisites remain vague –“public interest”, “economic development”, “essential livelihood”, thus triggering the decision to be political rather than purely legal-based.

The competition over the global data governance approach has been materialised through the “personification of public figures”. In the European Commission, data governance institutional architecture is pluralistic: from Directorate-General, such as Communications Network, Content and Technology, Competition, and Research and Innovation, to Service Departments such as Foreign Policy Instruments. On the contrary, China’s form of proceeding is rather centralised under the Internet Information and Security Management Leading Group, which is in turn led by the President Xi Jinping. While in China there is a single figure –the President–, in the European Commission there are two main Commissioners in charge of this topic: Margrethe Vestager, for Competition; and Thierry Bréton, for the Single Market. However, they do not always share the same vision on how to regulate larger technology companies. This might likely slow down the EU’s decision-making on how to overcome the explicitly declared unfair competition which the EU suffers when trying to access China’s market.

Power tools: beyond regulation

Data geopolitics is undeniable. China’s top priority on digital connectivity is the backbone of its Digital Silk Road: the expansion of its Internet infrastructure, its e-commerce model, and its data standardisation rules for technology transfer. As of 2019, China has invested more than 80 billion dollars in digital projects, including optic fibre cables agreements through Russia and Iran, and data centres in Sub-Saharan African countries. The United States disputes China’s data governance approach by means of the World Trade Organisation –by arguing that China violates free trade clauses–, but China still continues to take gain positions in the highest spheres of decision-making at the International Telecommunications Union or the UN Industrial Development Organisation.

The European Union understands that, to be a major player at the global arena, it needs to build up its own data governance approach. The EU is moving forward in this regard –and effectively through regulations–, but it is not enough. The EU needs to promote an own line of technology diplomacy, reduce the labour division between the EEAS and Member States, and design a EU’s Special Representative for Global Digital Affairs. Only then will the EU be able to “speak the language of power”.