Beyond security crackdown, Beijing charts state-controlled data market
China's sweeping regulatory action against internet giants such as ride-hailing firm Didi Global Inc, which has sent chills through the industry, is part of a broader national project to create a domestic marketplace for the country's vast troves of big data.
The plan, fermenting for years but rapidly gaining momentum, is designed to help support China's economy in the coming decades and includes pilot projects for state-supervised data trading markets, policy documents show.
It also threatens to further isolate China's internet industry globally, and ratchet up tensions with Washington.
Data is becoming a critical battleground between China and the US, compelled by fears on both sides that unchecked collection by private firms could allow state actors to weaponise information on infrastructure and other national interests.
This September China is set to implement its Data Security Law, which requires companies that process “critical data” to conduct risk assessments and submit reports. Organisations that process data affecting national security must submit to annual reviews.
Earlier this month, Chinese regulators pulled Didi from the country's app stores, days after its US initial public offering, citing security concerns, sending its stock plummeting.
BROADER STRATEGIC PLAN
But China's efforts to seize control of data for national security reasons are just one aspect of a strategic goal to create a state-supervised market for such information, including government data as well as that collected by private companies, and help buoy slowing economic growth, experts say.
Such information could encompass just about any type of data — from health records and court documents to maps and shopping histories.
“Overseas IPO audits, cross border transfers and open access to certain types of data stand in the way of Beijing's goal to not only take over supervision of the county's vast data assets but to commoditise them,” said Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China.
The plans require a huge bureaucratic effort to categorise, standardise and value data, policy documents show, setting foundations for it to be traded domestically while preventing overseas access to the most sensitive information.
“The user data obtained by a large number of Internet service platforms ... are public resources and should be included in the national unified and hierarchical supervision system,” the state-run China Internet Information Center said this month.
THE FIFTH FACTOR
Plans for a state-controlled data market have been in the works for years.
In a closed-door 2017 meeting, President Xi Jinping urged policymakers to research global data governance and “propose a Chinese plan” for “opening, transacting, and confirming the ownership and property protection rights for data.”
The project was supercharged in April 2020, when a State Council document declared data would be the fifth “factor of production” — on par with labour, technology, land and capital in terms of national economic resources.
That was quickly followed by the draft Data Security Law, which mandates mass auditing of big data.
“They're playing four-way chess here,” said Samm Sacks, a cyber policy fellow at think-tank New America.
“It's not just a national security policy, it's a much more deliberate plan asking 'how do we really tap into the value that flows from data from an economic standpoint?'”
A digital economy development plan released by the State Council in March lays out a five-part plan for “experimental stage data markets” and calls for authorities to “implement and strengthen the economic supervision” of internet platforms.
The powerhouse province of Guangdong last week announced plans to launch one such platform by year-end to trade and oversee the movement of data, including a customs hub for international transfers.
Globally, governments have been wrestling over how to manage internet platforms and their vast power, based on their extensive collection of user data.
In China, which exerts tight control over private companies, such efforts are more straightforward, in principle.
“The government long wanted to regain control over data that's held by these private platforms as a strategic asset, and then Didi gave them the perfect opportunity because they flouted these important stakeholders who weren't ready for the IPO,” Sacks said.
But China's efforts carry risks, Sacks said.
The data law's broad definition of what could be considered “national key data” is vague, adding to uncertainty for companies, their customers and investors.
One Chinese tech stock index has tumbled 40% from highs early this year on a widening regulatory crackdown ranging from anticompetitive practices to data security.
“They're undermining the trust of customers wary of Beijing having that data. That ultimately is going to make it harder for these companies to be truly global players and succeed outside China's closed system,” Sacks said.
Foreign firms that collect data within China are required to undergo the same security reviews when transferring data outside the country. “Chinese Internet companies must step out of the comfort zone of barbaric growth in the past and adapt to China's new institutional environment,” said Fang Xingdong, a Zhejiang University academic in a recent editorial in state-owned Global Times.