[insight]
Author: Tian Linan (Assistant and Associate Professor, Dean of Law School, People’s Public Security University of China)
In the information age, under the background that data is an important factor of production, social wealth and strategic resources, some western countries, led by the United States, pursue "data hegemony" and act as the "data police" of the whole world, making great efforts to double standards and be exclusive in data open flow and protection blockade. We should adhere to the overall national security concept, be alert to data hegemonism, constantly improve data security governance capabilities, defend data sovereignty, and promote foreign-related rule of law.
one
In 2018, the United States passed the Clarifying the Legal Use of Data Abroad Act (hereinafter referred to as the "Cloud Act"), which directly aims to solve the problem of cross-border data retrieval in the case of "United States v. Microsoft Corporation" and empower the US government to require electronic communication and remote computing service providers to disclose the domestic and foreign data of users under their control; The deeper purpose is to expand the jurisdiction of the United States over data and expand the right of the United States to obtain overseas data. On the surface, this kind of acquisition right is two-way. For example, in 2019 and 2021, the United States signed the "Cloud Act" agreement with Britain and Australia respectively. However, this two-way is extremely severely restricted. The United States can force its enterprises to provide data collected and stored in any country according to the "Cloud Act", but if other countries want to access data in the United States, they will be restricted by the "Cloud Act". It must not only meet more than ten harsh conditions of "qualified foreign government", but also pass several rounds of review in the United States and finally be decided unilaterally by it; Even if the agreement is signed, the procedure of obtaining data from the United States is extremely complicated and long, and there is a risk of being rejected at any time. It can be seen that in the acquisition of data resources, the United States implements "long arm jurisdiction" over other countries’ data; In terms of data sovereignty, the United States implements double standards; In "data diplomacy"In fact, the United States pursues data hegemony.
In fact, American "data hegemonism" is no longer news, and the predecessor of "data police" is "data theft". At least since 2007, the National Security Agency has been implementing the top secret electronic monitoring program "Project Prism" to provide data for the president’s daily briefing. After being exposed in 2013, countries have accused the United States of stealing other countries’ data and eroding other countries’ sovereignty, but the United States still does not give up "data hegemony." On the one hand, the United States makes great efforts to promote data to flow into the country. For example, the "Three-Country Agreement between the United States, Mexico and Canada" signed in 2020 ostensibly ensures the free transmission of data across borders, and actually facilitates the flow of data to the United States; Legislation such as the Health Insurance Circulation and Responsibility Act, the Financial Services Modernization Act, and the Family Education Rights and Privacy Act in the United States have given the corresponding data extraterritorial enforcement power. On the other hand, the United States tries its best to prevent data from flowing out. For example, in 2020, the United States adopted the so-called "Clean Network Plan", which further restricted data from being accessed by foreign countries and "non-Americans" through national security exceptions while "de-China" data software and hardware. In addition, the "made in America" goods are transported to other countries, accompanied by user and environmental data collection, and there is no doubt whether they will be provided to the US government.
two
Data hegemonism is often disguised as equality, cooperation, freedom, democracy, rule of law, security and so on, which is somewhat confusing. Beware of data hegemony and say no to it, we must recognize its essence, form and harm.
The essence of American data hegemony is "American priority" and data colonialism. After political hegemony, military hegemony, economic hegemony, cultural hegemony, public opinion hegemony and scientific and technological hegemony, the United States began to promote data hegemony. Data hegemony is a new form based on the integration of many former forms, and it pays special attention to the combination and application with technological hegemony. In-depth analysis of data will be derived far beyond the value of data itself, and even play a great role in manipulation. The power to control data not only involves leading the development of big data, artificial intelligence, 5G, Internet of Things and cloud computing, but also includes the comprehensive utilization of personal privacy, social dynamics and even state confidential information. After being monopolized by one country, it will lead to the seizure of other countries’ wealth, ideological control, even regime subversion and national slavery.
Data hegemony is not only manifested in long-arm jurisdiction legislation, bilateral or multi-party agreements, but also in the form of unilateral or joint sanctions and malicious control. The United States and its allies are playing the "data security" card, discrediting some scientific and technological products in China and being suspected of stealing data. If they all threaten national security, Huawei and its 70 affiliated companies will be included in the US "entity list" ban; Later, it was also said that the UAV made in China had data risk, and issued a "threat warning" to China equipment. In fact, with regard to industries such as China’s 5G technology and artificial intelligence, the United States shows not so much hegemony in technology or data as only allowing "one dominant company" to panic in technology or data.
Data hegemony hinders countries from realizing data interests and sharing the dividends of scientific and technological progress, and even harms national sovereignty, resulting in the retrogression of pluralistic and stable world order. Data hegemony such as "preemptive sovereignty" and "exclusive possession" has nothing to do with international justice, but only serves American self-interest; It has nothing to do with global common development, but only to safeguard American hegemony. The United States will impose its own data standards on others, suppress other countries, and "prosper and perish", which will limit and deprive countries of data sovereignty, network sovereignty and even national sovereignty. In particular, the vast number of developing countries will lose the opportunity to develop the digital economy and make use of the advantages of backwardness, and the uneven development of the world will intensify.
three
China is not a "data hegemonic country", but it must not become a "data vassal country". To oppose data hegemony and defend data sovereignty, we should uphold the data concept of equal data sovereignty, safe data flow, and desensitized data sharing and governance, and explore data governance rules that can win the recognition of the widest countries.
Establish a data security concept. General Secretary of the Supreme Leader pointed out that "there is no national security without cyber security" and "national data security must be effectively guaranteed. It is necessary to strengthen the security protection of key information infrastructure, strengthen the national key data resource protection capability, and enhance the data security early warning and traceability capability. " Data security is the foundation of cyberspace security, which involves not only individual information rights and property rights, but also group interests and national security. In 2020, the Government of China launched the Global Data Security Initiative, which promoted the formulation of global data governance rules based on the principle of respecting the sovereign equality of cyberspace and the concept of building a community of human destiny. China’s data security is different from the "data risk prevention" of data hegemony, which often makes unwarranted accusations and carries out targeted so-called blockade and sanctions. China’s data security concept adheres to the overall national security concept, aiming at establishing and improving the data security governance system and improving the data security guarantee capability.
Establish a view of data sovereignty. General Secretary of the Supreme Leader pointed out that "the principle of sovereign equality established by the Charter of the United Nations is the basic norm of contemporary international relations, covering all fields of state-to-state exchanges, and its principles and spirit should also be applied to cyberspace". As a special type of network sovereignty, data sovereignty should be established as well. China has always been a staunch advocate and supporter of network sovereignty, and opposes data long-arm jurisdiction, because it belongs to expansive jurisdiction with no basis in international law, and ignores one country’s judicial or law enforcement sovereignty and even interferes with other countries’ sovereignty. In 2015, the Action Plan for Promoting the Development of Big Data issued by the State Council expressed "data sovereignty" at the official level for the first time, demanding to enhance the ability to protect cyberspace data sovereignty and safeguard national security.
Protect local data, standardize cross-border data flow, and achieve a balance between the two. We oppose data hegemony, and at the same time give consideration to data security and free flow through data classification management, partial data localization, and partial data exit security review. The Measures for Network Security Review, which came into effect on February 15th, 2022, added provisions on data processing activities and data security review for network platform operators who have a large number of personal information listed abroad, so as to prevent China users’ data from becoming a tool for other countries to analyze and monitor China. This is not only a manifestation of data sovereignty, but also conducive to ensuring the safe flow of data to the maximum extent. At the same time, it is helpful to support the data security law, network security law, personal information protection law, etc., and build a sound data security governance system.
Promote the rule of law concerning foreign affairs in data. General Secretary of the Supreme Leader pointed out that "the global governance system is in a critical period of adjustment and change, and we should actively participate in the formulation of international rules and be participants, promoters and leaders in the process of global governance reform". At present, when dealing with cross-border data flow, developed countries are the dominant rule makers. We should speed up the strategic layout of foreign-related data rule of law work, take the fundamental interests of China and the common interests of most countries as the basic starting point, and at the same time consider the combination point with the rules of developed countries, actively influence, participate in and even lead the formation of the international governance framework of data rules, so as to achieve an equal and mutually beneficial data governance pattern. At the same time, actively promote the formulation of bilateral agreements and multilateral treaties on data, and drive the transformation to a global cooperative governance model with more regional rules.
