China’s nationalization and pursuit of preferential access to data have raised the possibility of the US and EU ‘disengaging’ from data flows to China in the name of their security. Europe has not yet responded, but complete disconnection is not the solution.
The future of data flows between Europe and China is uncertain. By prioritizing national security in its data governance regime, China is interfering with the free, efficient, and secure transmission of data across borders the world has come to know. US policymakers are responding to this danger, though calls to ban China’s established internet platforms risk further fracturing the digital economy. European policymakers are not responding, but they might have better solutions if they broaden their focus beyond data privacy.
The good news is that China is not becoming a data fortress. A small but important sign came in January, when a joint study of cancer treatment by researchers in Beijing and Amsterdam became the first project to pass the strict new data export evaluation of the Cyberspace Administration of China. This shows that Beijing is working to ensure that China’s economy, society and innovation system continue to benefit from cross-border data sharing.
The bad news is that the country’s data economy is coming to resemble an island whose government tightly controls which ships come to dock and – more worryingly – which can set sail. New laws, regulations, and policies seek to retain vast amounts of data within China’s borders in pursuit of digital sovereignty. Leaders are obsessed with the risk that foreign governments could undermine national security by exploiting Chinese data, from strategic industrial data until taxi rides of users and information found in academic studies.
Beijing wants access to data for social and economic control
Parallel to the “nationalization” of the data, the Chinese Communist Party wants preferential access to it. It has lobbied private tech giants, from Manzana to AntGroup, to share consumer data with authorities. also follow striving to integrate the tons of personal information it obtains from citizens to refine social and political control. In addition, it is seeking to collect data abroad to control public opinion, gather intelligence and get foreign technology. No wonder Washington wants to limit the transfer of sensitive data to China.
The Biden Administration has entrusted the Department of Commerce to examine the risks associated with the appropriation of data of US citizens by “foreign adversaries”. Petitions to Ban Chinese Video Streaming Platform TikTok They multiply in Washington, to the point that it is not clear if the plan of the enterprise to appease the American national security community will succeed in winning enough hearts and minds. The United States has canceled or diverted four oil projects submarine cable to Hong Kongand online information sharing could be a similar victim.
But China’s data island is not going away anytime soon. Instead of making the situation worse by resorting to total disconnection, democracies can certainly approach the problem more sensibly, looking for ways to live with it. For example, a TikTok ban would be seen as an overreaction in Brussels. After all, evil actors can buy the data of US citizens from data brokers (data brokers) unregulated in the country and American social networks are a proven target for Beijing.
The often discredited technocratic approach of the EU may have real advantages in this case. His slow reaction to TikTok and The delay of the company in the opening of a European data center have made headlines. But the risk of TikTok manipulating the information is arguably much greater than its mismanagement of the data. Once the EU Digital Services Law is properly implemented, all online platforms, regardless of where they are based, will have to show how their algorithms “push” the content. These transparency requirements should ensure better governance.
Europe is left behind
Before Europe can take advantage of its strengths, it has to understand its weaknesses. It still lags behind both China and the US when it comes to considering their security and the strategic implications of the data. The Polish Academy of Sciences marked a notable exception, when in 2021 it decided cancel a partnership to create a genomic map of Poland with BGI Group, who allegedly collaborate with the Chinese military in genetic research. Examples of potential data exfiltrations abound in Europe, while China’s Data Security Law and other regulations oblige Chinese organizations to collaborate with state security and intelligence if requested.
The Union is also caught between ethical questions. In the past, European researchers have collaborated with Chinese police on scientific studies using DNA collected from the persecuted Uyghur and Tibetan minorities. These samples were probably taken without consent and some remain stored in an online repository in Germany. The question is whether policy makers should worry about data privacy only when it affects Europeans.
The EU and its Member States need a comprehensive strategy to deal with China in the data space. They should review the risks linked to the activities of Chinese companies in Europe and incentivize researchers to prioritize data ethics in collaborations with their Chinese counterparts. They should strengthen cyber defense, critical infrastructure protection, investment control and research security against Beijing’s efforts to acquire data and information. As social media and open source intelligence techniques make some data collection unavoidable, technical solutions such as new AI methods to counter misinformation and cyber attacks should come into play.
European companies will still have to find their own ways of browse by China data island. They will have to decide if they are comfortable with Beijing’s pressure to access corporate data and let interfaces State-backed entities manage cross-border data transfers. Beyond companies, Beijing’s commitment to digital sovereignty is already reshaping what the world knows about china. What comes out of the data island will increasingly be decided by the state.
Article originally published in English on the website of MERICS.