In these early days of the regulatory renaissance for digital technologies, China, Europe, and the United States are competing over whose image will be most reflected in market-defining rules and norms. Despite new lows in the trans-Atlantic relationship in the era of Trump, Europe and the United States still have far more in common with each other about how technology should be developed, deployed, and regulated than they do with China. With China pulling into the pole position in this race, it is time for the United States and Europe to forge a digital governance alliance.
The regulatory renaissance has many dimensions: data protection, cybersecurity, antitrust, and tax, to name a few. European initiatives in these domains—such as the General Data Protection Regulation (GDPR) and antitrust investigations of major technology platforms—are relatively notorious and reasonably well understood. Their effects also reverberate well beyond Europe: GDPR, for example, is rapidly becoming a model law for other governments to follow for their own privacy regulatory measures. Europe has similar ambitions with respect to artificial intelligence governance.
What is much less appreciated is the ambition, in scale and scope, of China’s regulatory initiatives. These go far beyond the many overt market access barriers that China has maintained for years. China’s sweeping Cybersecurity Law, for example, went into effect in 2017 and has mandates such as real-name registration requirements for internet users, data security rules for critical infrastructure, and a new, vaguely defined category of “critical information infrastructure” providers subject to additional requirements. In 2018, China issued its first significant data privacy requirements in the Personal Information Security Specification. And so far in 2019, China has proposed new rules for cybersecurity reviews of information technologies, cross-border transfers of personal information out of China, data security and privacy practices of network operators, cybersecurity vulnerabilities management and disclosure, cloud security, and encryption.
The first-order goals behind measures such as Europe’s GDPR and China’s Cybersecurity Law—privacy, security, and safety, in these two cases—are obviously plausible targets for public policy. But measures such as these often reflect a divergent set of underlying values and interests, which inevitably shape how the measures are implemented.
For example, GDPR is concerned with safeguarding privacy, a fundamental right held by individuals under the European Convention on Human Rights and the European Charter of Fundamental Rights. China’s Cybersecurity Law also identifies upholding individuals’ privacy as an objective and specifies a series of protections and requirements for personal information. But it adds a second category of protected data, labeled “important data,” that recognizes a right held by the Chinese state to access “data affecting national security, the national economy, and people’s livelihood.” In this scheme, personal privacy, though specified as an important value and afforded meaningful protections, is not a fundamental right in the same way as it is in Europe—it is a contingent one, subject to the state’s higher interest in social stability. If the two ever clash, the state’s interest will surely prevail.
To China watchers, the Cybersecurity Law’s prioritization of the government’s interest in social stability over the fundamental rights of individuals will come as no surprise. Social stability has long served as the strategic imperative for Chinese policymaking, in such domains as regulatory rule-making and industrial policy.
What is unique about the current moment, however, is a confluence of four critical, mutually reinforcing factors that put China in a commanding position to influence the course of digital governance worldwide. The first factor is the size and attractiveness of its domestic market as both a vital node in global supply chains and, as China’s middle class grows, an increasingly voracious consumer of goods and services. It gives domestic Chinese companies a massive home-field market within which to cut their teeth and grow their businesses. And it is virtually irresistible for foreign companies in search of new markets.
The second factor is China’s muscular, multifaceted industrial policy. Chinese authorities tap the leverage that comes from having an attractive market to impose a variety of market access conditions on foreign companies aimed at bolstering indigenous production and innovation. The Chinese government has also poured enormous amounts of basically free capital into favored Chinese firms and sectors, developed ambitious research and development plans backed by substantial funding, engaged in large-scale theft of intellectual property, ramped-up its involvement and influence in international standardization forums, and made concerted efforts to recruit scientists and engineers to bring their talents to China. This industrial policy is also increasingly international, as Chinese firms in sectors as diverse as telecommunications (e.g., ZTE) and rail transportation (e.g., CRRC) seek foreign markets for their goods and services, often in tandem with Chinese government programs such as the Belt and Road Initiative to use infrastructure and other investments as a way of reinforcing trade relationships.
The third factor is China’s ascendant innovation ecosystem, whose development over the past decade can be traced in significant part to the first two factors. Chinese firms such as Huawei, Alibaba, and CRRC are increasingly competitive globally, not just on price (thanks to comparative advantages and in some cases the free capital from the government) and customer service (ask Huawei customers about this!), but on their innovative features, too. In 2017, Huawei applied for the most patents at the European Patent Office—a first for a Chinese company. China is no longer a passive observer of innovation but an active force driving it.
Why does this factor matter for China’s ability to influence technology governance worldwide? Because technology often reflects the values and interests of its sociopolitical context. It is probably no accident, for example, that Chinese companies are global leaders in facial recognition surveillance technologies. Or that Tencent’s WeChat, among the world’s most popular apps, has purpose-built functionality to facilitate censorship, surveillance, and social credit scoring. (Or, for that matter, that U.S. technology companies such as Facebook reflect U.S. values concerning consumer privacy.)