Deep Dive
Shownotes Transcript
China has emerged as one of the 21st century's most consequential nations, making it more important than ever to understand how the country is governed. Welcome to Pekingology, the podcast that unpacks China's evolving political system.
I'm Jude Blanchett, the Freeman Chair in China Studies at CSIS. And this week, I'm joined by Li-Jie Liu, Assistant Professor in the McDonough School of Business and a faculty affiliate of the Department of Government at Georgetown University. Today, we'll be discussing her recent paper, "The Rise of Data Politics: Digital China and the World."
Lijie, thanks for joining the podcast. Jude, thank you very much for having me. I wanted to start, if I may, by asking about your research trajectory and how it ended up that you were studying data politics, China's digital economy, all of which in many ways come together in this really excellent paper. So how did you get here? So my main research in the past 10 years is about the politics of data with the rise of the digital economy in China.
I'm particularly interested in how large platforms interact with the state. And in this process, I realized that data is really the major source of power for both tech companies and also the state. And also data becomes a realm of competition between the two.
But what really specifically inspired this paper was Trump administration's ban on TikTok. So the argument then by the Trump administration was that this is a Chinese app collecting American user data and this will compromise U.S. national security.
While most of the people during that time were saying that this is just driven by the growing U.S.-China tensions, but I realized that such argument is very, very familiar, actually. You hear about this not just in the U.S., but also in China when Chinese government and also citizens expressed concerns about, for example, Apple and Tesla collecting Chinese user data.
And also, if you look at Europe, European leaders were emphasizing about how important it is to build their own data infrastructure and data sovereignty, reducing the reliance on U.S. firms. So I realized that this kind of political dynamics really goes beyond those kind of U.S.-China tensions and also geopolitical concerns. There's a deeper logic to all these events.
So this is why I wrote the paper and I point out these deep logic as data politics. Even though this paper is using Chinese cases, but I really hope it reveals some of the general trend international relations that we're seeing right now. It could be between any countries. Yeah, one of the things I really liked about your paper is identifying that in areas of regulating, legislating and thinking about data, China is really the pace setter and the trend setter here, but feels like it's
come to conclusions about data that other countries, including countries that are at the other end of the ideological spectrum, are likely to agree with Beijing on in many core ways. I wanted to pick up on something you just mentioned. I wonder if you could just
unpack it a little bit for us, which is this idea of data politics. On the one hand, it seems quite obvious, data politics. But as I was reading your paper, it occurred to me that I actually had underappreciated that this was a new field. So could you just unpack that term a little bit of what is data politics and why has it heretofore been relatively understudied until recently? So
So by definition, data politics concerns the strategic interactions between sovereign states or between the state and companies or other non-state actors over the collection, processing, transfer, sales of the data or the data use. So it is really part of the broader concept of digital politics that also concerns not just data, but also algorithms, you know, the Internet and others. I do think it's an underappreciated realm.
because data has increasingly become important strategic asset for not just firms, but also countries. I think the reason why we're under appreciating the value of data politics is that data or information has always existed in human history as an important economic input. But it was not until recently when you have this digital technologies that can have mass collection and also mass usage of data and the processing of the data
then the data has become more and more important to modernize the economy and the society. That's why it's underappreciated. And the second reason for that is that actually data is very different from other traditional strategic inputs that we're seeing in the past, such as
oil, land, or others. So it has a very different nature. That's why when we're discussing about data politics, it's important to focus on yourself because it is a little bit different from the other strategic assets that creates a lot of international conflicts, such as oil. Can you just dig down a little bit deeper on that? What is different about data from an asset like oil?
Yes. So I think a common saying is basically data isn't the new oil, right? A lot of people have said that. I think on the one hand, it's true because data has a lot of strategic value and countries always fight for data. And there has been a lot of political conflicts over the control of data. But on the other hand, data is really not the new oil because in economic characteristics,
data are inherently different from oil. So in economics, we talk about the two dimensions of characteristics. One is whether a product is rival or non-rival. So rival product, for example, such as oil or food such as apple, which means that once you have consumed it, the other people cannot consume it. In other words, the
quantity of that product will be reduced over time once you consume it. But for data, the central feature is it's a non-rivalry, which means that data can be used in infinite times and by many parties simultaneously. So say if you're an individual consumer, once you give your data to a company, the company has the data, you have the data.
And you can then give the same set of the data to other companies or to the state. So I think that the issue of the data's non-rivalry actually creates a lot of phenomenons we've seen right now, which is you want to facilitate some sort of data diffusion because then most of the parties can use the same set of the data that creates a lot of economic welfare. But at the same time, because data is non-rival, it can be used at the
time, which means that there is privacy concerns as well, because what if the other party does not really delete your data? I think another issue about the distinction between data and oil is that usually oil is a private good. In other words, it's excludable. Once it is owned by someone, it's hard to be still stolen by others. But for data, it's partial excludability, which I said in that paper.
Of course, sometimes you can use a lot of data security measures to make it really encrypted than others. But on the other hand, the data's value can only be elevated by transferring it. And sometimes it's during the data transfers, it's very easy to be getting hacked and others. So data really is sometimes it's harder for the state to exclude
other unwanted parties to get access to that data. So that creates also a lot of like the leak concerns and some of the other concerns we're facing in the world right now.
Maybe shift to now, I mean, that was really helpful background. Can we now move to Beijing and can you help us understand at a high level how Beijing's thinking about data as a strategic asset or thinking about the strategic value of data has evolved over time? Again, maybe...
connecting this with our discussion a few minutes ago about Beijing in many ways being out ahead of almost any other country in terms of its regulatory and legislative and
and legal tools that it's creating to control, protect channel data. How did it come to be that Beijing is in this position of being out ahead from, you know, the United States and the EU on this? I wouldn't say it's, you know, sort of ahead of curve of all other countries. Definitely, I see like the US, EU are doing a lot of regulations in this realm, but China definitely is one of the, I guess, forerunners for this.
I think for Beijing, definitely back in mid-2000s, you already see that the government has been promoting the strategy of different aspects of digital economy. They think this is very important.
But it's really like not until the past 10 years, right, you see that data in itself has been elevated to a very important status. So you see a very clear trajectory of Beijing's increasing emphasis on the strategic value of data. For example, in 2014, Beijing basically made big data a national strategy.
encouraging the collection and the use of big data to modernize the economy and also governance. This also includes, very interestingly, the construction of a massive national data center in Guizhou province. I know you're interviewing me, but can I ask you a question? Why Guizhou? I know Jun knows China very well.
No, you put me on the spot. I mean, I only remember that because I remember that Chun-Min R was a big proponent of bringing big data collection capabilities there. And he was really pushing it, I think, as a way to move up the system. But why else? I'm sorry to put you on.
No, no, it's great. I don't mind just displaying my ignorance. No, no, no. I think this is actually a question I always ask my students. I think because Guizhou is actually a, first of all, it's a province, even though in terms of per capita GDP is kind of like a low compared to other provinces, but it has two advantages. One, it has a lot of water resources.
And second, the temperature of that province is also like a relatively low than most of the eastern provinces. Once you have a massive national data center there, you need those kind of electricity, you need water and also low temperature to cool down all these servers that haunt a lot of data. So that's why like Guizhou really becomes a center of China's big data. You know, actually Apple's Chinese citizens data, like Apple also like a store, the Chinese data,
citizen user data in Guizhou. Did Guizhou also take advantage of, was there also a big push for crypto mining in Guizhou as well for the same reasons? Also Sichuan, it used to be that case, but I think right now it has been banned. Not anymore, but yeah, but just was that initially seen as an advantage of Guizhou for Bitcoin mining?
Yeah, I think it's basically in China, there is an uneven distribution of water resources and also electricity. In some areas, you see shortage of electricity, but in other places, you do see a surplus of electricity. And
In those places, the local government in the past encouraged some of the mining of the cryptocurrency. But I think right now it's no longer there. But it's a very interesting thing that we're looking at right now. And also like in Guizhou, you see that there is a big data expo. So basically they're having this facilitating the exchange and sales of data. So I think that is also a very important move because firms do want to like expand.
sell their data also to profit from it. So the later on, I think right now there has been, you know, the establishment of the legal framework, you know, especially legal status of a data. For example, in April 2020, you do have a very important policy document, which I think is a milestone.
listed data as one of the five basic factors of production. So the other four is land, labor, capital, and technology, and data is the fifth. So I do think that the party pays a lot of attention to the strategic value of this. Actually, most recently, I think the two
Very interesting changes is that first under the pressure of the trade war and also the pandemic, China in 2020 actually had a new campaign called New Infrastructure. And this is to increase the infrastructure expenditure
on digital infrastructure such as 5G networks and data centers and AI. And also a very interesting idea that just came out recently is about this Dongshu Xisuan, processing Eastern data in the West. So this is related to Guizhou that we mentioned. So the motivation behind this is that most of China's internet and big data companies are located in the Eastern and coastal areas, right? Zhejiang, Shanghai, Jiangsu.
But naturally, they want to, that's where they base the data centers to. But the electricity cost was high and there was like a shortage and others. So the government was trying to coordinate the West and the East. So basically, the companies on the East Coast will be processing all these data in the national data centers located in the West provinces, such as
So I think that's the idea of all these major movements that I've seen in this area. Can I ask just a follow-up? In addition to some of the, you just mentioned data as a new factor of production, so some of the drivers on the economic side for how Beijing is thinking about data, have there been any security considerations that have shaped how Beijing thinks about data and
Any insights on to what precisely is driving Beijing's thinking about data from a security perspective? Well, there are two aspects. One is basically the commercial collection of data by firms. In the past, I think there was very little regulations on how firms collect data, but there has been a lot of incidents where you see that it's extremely easy, for example, to
buy a very big data set of people's national IDs in it. In China, used to be the case on the internet. So there has been a lot of data leaks and how people's data got leaked. So I think a security part, one of the concern is definitely how to have a better data security measures domestically.
The other part is, I think, about the foreign surveillance perspective, which is basically inherently connected to the cases that we mentioned, such as TikTok or Apple. So that one is really about foreign company surveillance part. That's why maybe later we can talk about how Chinese government were having all these regulations, for example, cybersecurity law. So those kind of regulations are basically related to those concerns.
Maybe building towards the cybersecurity law, if I can ask as a next question about China's conception of cyber sovereignty, which of course, one of the downstream conceptions is data sovereignty. What is cyber sovereignty and how does that framework conception affect how Beijing thinks about and treats data?
Yeah, so actually China's concept of cyber sovereignty or data sovereignty is not too much different from other countries. For example, the data sovereignty basically says that data should be subject to laws and regulations of the country where it is generated and processed. So it is basically a political effort to restrict and regulate cross-border data flows across national borders. It's not that easy because, you know, data is very easy to be replicated.
and also transferred across border, much more so than physical products. So it's really a government's regulation feeling that they have to get control of these within their jurisdictions. Cyber or digital sovereignty is related, but also broader than data sovereignty because it emphasized not only the state should control data, but also the internet and other digital infrastructure algorithms, content within their jurisdiction.
But I think what I want to point out that even though the concept of data sovereignty is more or less the same across countries, but the way that different countries exert data sovereignty is quite different. And China is kind of, I wouldn't say unique.
But China is definitely different, quite different from the US and EU in how they exert such power. So I think it will be helpful to actually understand the Chinese way of regulating data by comparing it with the US and EU. So let's just start with EU. So EU's data sovereignty model is citizen-based.
It has a huge emphasis on protecting individual users' privacy and data rights. This is partly because all the dominant digital platforms that collect EU citizen data are non... Most of them are non-EU firms, right? And EU has offered
So that's why they're offering their users or citizens all these individual rights to empower them, especially through GDPR, which is Europe's personal information protection law. Some people will even call this like a digital protectionism, which I think there is definitely a need to protect privacy. But definitely one of the strategic considerations is to fend off big techs from elsewhere, including from the US or China.
But for the US, it's also a very interesting, you know, a model, which is firm based or like market based. And this is because in the US, you have a long tradition of corporate self regulation so that in the US, there's no federal level privacy law.
Now, there is a California Consumer Privacy Act that's very similar to the Europe's GDPR. But at the federal level, you don't have this kind of regulation. And I think in the US compared to the EU, it's really sort of a less regulation. This is because the US has the world's most competitive digital platforms. And they really want to minimize regulation to boost the global competitiveness of their firms.
So they really want to advocate this like open model, open competition model. For the Chinese model compared with the US and EU, it's quite interesting because it's state centered. It really prioritizes national security. So it has like this unique combination of data protection and the government's control over data flows. In other words, the government started to
regulate or prevent commercial firms to over collect personal data and you these firms have to have more stringent regulations over the data that they collected but on the other hand the government still has a more or less unrestricted access to citizens data so it's quite and also the compare with the europe
I think the Chinese data regulations focus more on national security rather than citizen privacy. But the Chinese government also are more active in setting these data regulation agendas than the U.S. government. So I think that's the difference between those. And speaking of this cybersecurity law,
I think it's part of the more specifically as part of China's sort of regulatory framework on data. China not only issued a cybersecurity law, but also issued some of the additional documents to implement the law. So basically the key criteria is I'm seeing right now is the requirement of data localization. In other words, if you're Apple, if you're Tesla, you're collecting Chinese citizen data, you have to store these data within China.
So basically the key was that you have local storage and you also have outbound assessment. In other words, not only the foreign firms have to store the data within China, if they want to send this data outside of China, they will have to go through some sort of security check by the government.
So it does provide the government with some of the spot check rights of foreign firms. And of course, like recently, you also see another milestone, which is the personal information protection law, which went into effect actually last year. So people call it a Chinese version of GDPR because it is very similar to the Europe version of the personal protection law. So that's basically the feature of the China's data sovereignty model and how China specifically implemented it.
Can I ask about just one final question on this, which is what sticks out to me when I hear the word sovereignty used in the Chinese concept is this is not purely a neutral scientific word. This is one that has deep historical and political connotations, right? And of course, very much ties into sensitive political issues around territorial sovereignty,
And it also begs the question of who claims the sovereignty when it comes to data. I think when you were mentioning some of the comparative differences between China and other countries, especially the United States, the reason we don't use a word like sovereignty, data sovereignty here is number one, the clear implication I think is it is the state that is sovereign over data in the Chinese conception. Whereas here, whoever produces the data has sovereignty.
you know, has ownership claims to it. And one of the things we're fighting for is to assert some state control over data. But can you, if you have any thoughts on it, I'm curious on the implications of the use of the word sovereignty in the Chinese conception over data. They could have chosen data regulation, data control, data privacy, but sovereignty strikes me as a very intentional word to use at a kind of a political framework level.
Actually, I don't think this is a China unique term. Data sovereignty, even in the US, people will use it. It probably just like a less, there's a less emphasis on this. Because sovereignty, there's a different ways that the state can exert sovereignty. In China is that the government is having a lot of power in the EU the same.
But in the United States, the government actually outsourced a lot of data regulatory terms to the platforms. For example, we know the content moderations on social media platforms. Basically, the US government, because of the constitutional constraints, cannot have a hate speech law. Therefore, they're actually given...
uh some of the the regulatory power to the platforms so the platforms can uh you know sometimes people call it censorship but it's really about the company level content moderation to delete some of the hateful uh speech on the platform so i would say like of course the sovereignty
That wording itself emphasizes the state power. I think even in the U.S., actually, you see a lot of like federal level data regulations. Maybe we can mention a little bit of that in the later discussion when we're talking about the firms specifically. But it's just like in the privacy realm, say like a personal data information. That part, you do see that the companies are taking a bigger role.
But this doesn't mean that the U.S. government is not controlling data at all.
Why don't we move on to talking about this at the company level or at the firm level? That, of course, the heart of your paper is looking at a few different case studies, one of a foreign firm in China, and then the other, interestingly, of a Chinese firm trying to navigate the international environment. But can you talk to us a little bit about how some of the effects of China's approach to data domestically have affected the
the operations of technology firms within the country. Your case study in the papers on Apple, happy to hear you talk about Apple or just more broadly on how firms have had to navigate this territory or terrain. So I do think in terms of some concrete examples to show how domestic regulations could affect multinationals
One important case is about Apple's operations in China. This is actually kind of similar to why Trump administration was having a problem with TikTok. Because back in 2014, the Chinese official media basically accused Apple of opposing a national security threat. And the problem they are picking on is iPhone's frequent locations feature. We know that they use it in the Weathers app and a lot of apps that buy applications.
So basically, the government was saying that this kind of function would reveal a lot of sensitive information of the individual and even some of the state secrets. So it will help the U.S. government to spy on Chinese citizens. So that was back in 2014. So basically, of course, Apple denied all the charges. But later, they want to assure the authority, Chinese authority, especially after China passed the cybersecurity law.
basically requires the data localization requirement that we talked about earlier. Basically means that if you as a foreign firm collect Chinese user data within China, you'll have to store that information within China. So what Apple was doing is that they basically relocated their Chinese citizen data
to a new data center in Guizhou province. And then they also handed the key needed to unlock the Chinese users iCloud accounts to a domestic entity within China. Of course, that also creates some of the controversy, especially in the Western market. Some people are thinking like Apple is just
surrender to the Chinese authority. But by law, it's from Apple's perspective, they're just being compliant with the Chinese regulations. And on the other hand, we see an opposite direction, which is that data regulations is not just creating problems for foreign firms operating in China, but also Chinese firms operating in the overseas market. I think another very interesting case is about Mobike in Europe.
So for people who haven't heard about Mobike, it's a bike sharing app that's collecting users' location information to help them to identify the nearby bikes.
So when mobile quickly expanded its business to Europe, it was reported that the company was under investigation by Germany's privacy watchdog for potential breach of GDPR. So the personal information protection law that I mentioned, the charge was basically two things. One is that
Even if you close the app, it will still track your location data. So that was an overcollection of personal information. And the second one is that because MobileBike stored the user data in Singapore and elsewhere, so it transferred the personal data collected within EU to outside EU.
So basically, people are saying that there is an investigation. And if this kind of charges were verified, it will be significant cost for Mobike because under GDPR, regulators can fine those companies up to 4% of their annual global turnover or 20 million euros, whichever is higher. So
Mobike later pulled out of Europe, so we never knew what's the outcome for the investigation or even whether there was one. But I think basically the case was showing that this kind of data regulations can become a trade barrier or a regulatory barrier for multinational firms operating in the world. Can you talk a little bit about where you think this is going?
One of the big questions right now is trying to think about owing to some of these geopolitical tensions between the United States and China, but also, and I think importantly, drawing on your own research here, how just because of some of the recent developments in technology, which have caused
created challenges around data that did not exist previously. Governments are thinking about how, where, and to what extent to remain globally integrated. So you're seeing China take steps to control and protect data. The United States is taking steps. The EU is taking steps, et cetera, et cetera. Where do you think this goes? I'm curious, are
on a spectrum of, you know, way on the left, we have autarky, peer separation, you know, bifurcation. And on the right, we had what we previously had of very high levels of integration. How do you think some of these trends, both in terms of how governments are erecting, uh,
barriers and legislative and regulatory measures to better control data, as well as the continuing evolution of technology, which will throw up new challenges around data. Can you take out a crystal ball and just tell us where you think this is going? Are we headed towards a new era where data is one of these wedge issues, which pushes economies further apart? Or do you think
this is maybe a temporary readjustment and that, you know, globalization and data globalization will be able to find a way to drive forward.
This is a very good question. In fact, we're now in an era that a lot of people would call a balkanization of the internet. So basically, you see a fragmentation of the internet along country borders or regional blocks. So in the past, basically, cross-country data flows were largely unregulated.
You see this very powerful tech firms basically can transfer data of different countries, you know, across border without any issue. But right now, because most of these, a lot of countries, you know, including China, US and EU are erecting data sovereignty, as I mentioned.
and the problem is that they're pursuing very different data models and they are not coordinated on how they regulate the data and then that leads to basically the rise of the barriers for multinationals to ship their data overseas and also you create because of these data regulations are designed by different countries they
oftentimes have clashes between those countries. So for example, to give you example, the US actually in 2018 had a act called Cloud Act for abbreviation. So basically authorized law enforcement agencies to compel US-based tech firms to hand over data to law enforcement.
and this is going to happen regardless of whether such data is stored in the u.s or on foreign servers so basically this gives the u.s actual territorial control over the data collected by their tech firms however in china as i said there's a data localization requirement in other words if this is a foreign company if they collect chinese citizen data the data should not leave china
So again, this kind of clashes in data regulations will create a dilemma for multinationals. Basically, firms are caught in the middle. So I think in the long run, right now, you do see that we're in the face of data having no regulations whatsoever to a phase of the balkanization of
of the internet and also the rise of data barriers. I think the next phase was actually that these firms realized that because of the clashes of data regulations, that actually creates a lot of economic costs, such as the firms they used to can have a lot of data and can have economies of scale. But right now, they have to only use one country's data. And that actually hurts the welfare of all the countries and all the firms.
So countries are going to negotiate how to make their separate data regulations compatible with each other. But then the problem also is because of the geopolitical divide that you see and also people's countries, different data models, the most likely scenario is that this kind of a negotiation will happen within a small regional blocks. For example, US and EU are having a lot of discussion about
how they exchange data, how to remove some of the data barriers. It's less likely for US and China to solve this issue in a very short time. And at the WTO level, even though there has been a lot of discussion and some work agenda on facilitating digital trade across countries, but because countries have so
a different interest. So it's very hard to come up with a global solution to it. So I would say you will see some of the original solution to this kind of a problem and remove some of the trade barriers in terms of data, but not so much at the global level at this moment.
Final question, just building on that. Do you think some of these data harmonization that you mentioned between regional blocks, might that also take harmonization along political or ideological lines? I'm wondering if there is a world in which, let's say,
market democracies find ways to harmonize or coordinate on cross-border data flows, but there is increasing friction along ideological lines between more authoritarian political systems and democracies. Do you see that as a potential? Oh, totally. I think actually EU, US, and China are advocating different methods of regional deals for the data trade.
In other words, they're basically exporting or amplifying their domestic model of data regulations and trying to elevate it to the regional level. If you look at the US, the deals between US, Mexico, the new NAFTA deal has some clauses on digital trade that was basically reflected the US interest of having minimal regulations on data or tech firms and facilitating this like open exchange of data.
But if you look at China's, for example, the role in RCEP and some of the other regional negotiations in which they do have some of the negotiation and discussion about data regulation, you see that China has been very interested in reducing some of the trade barriers, but at the same time still having a lot of exceptions in those terms. Basically reserve the space and autonomy for
the national states in those regional blocks to preserve their own authority, especially domestically, to regulate data for security issues. So I do think that there has been maybe ideological or just like systematic differences on how different countries advocate different international rules for data.
Ligier, I want to thank you. This has really been a fascinating discussion. And just for listeners, the paper was originally published in Studies in Comparative International Development, but you can also find the paper available to download without any gating on Ligier's personal website. If you go to the research section, you'll see all of her previous publications and including a link to a PDF of this. So I think for anyone who's
trying to understand evolutions in Chinese governance and how technology plays a role in shaping Beijing's thinking, but also how Beijing shapes technology on its own right. This is a really helpful and important paper. And of course, for anyone who's trying to understand, as we were just talking about,
I think the future of globalization and some of the barriers to maintaining high degrees of interconnectivity data is a really important locus of some of the challenges we're going to have to work through. So Liger's paper is just a really great contribution to that critical debate. So Liger, thank you so much. Really appreciate all your excellent research and for taking so much time out of your busy day to chat. Thank you so much, Jude. I really appreciate the opportunity to talk to you today.
If you enjoyed this podcast, check out our larger suite of CSIS podcasts from Into Africa, The Asia Chessboard, China Power, The Trade Guys, Smart Women, Smart Power, and more. You can listen to them all on major streaming platforms like iTunes and Spotify. Visit csis.org slash podcasts to see our full catalog.