What does China’s newly launched National Data Bureau mean to China and global data governance?

On 16 March 2023 the Chinese Communist Party (CCP) Central Committee and the State Council formally released the plan on reforming Party and state institutions which was endorsed during the annual National People’s Congress in early March. The reconstructing plan is widely seen as the CCP’s strengthening control over key sectors that determine China’s continued economic growth and political stability, including finance, science, technology, cyberspace, foreign affairs, grassroots governance and more, in the name of “promoting the modernisation of the nation’s governing system and capacity” (Gov.cn, 2023; Wong, 2023).

One of the most attention-grabbing reforms outlined in the plan is to set up a new state-level regulatory body called National Data Bureau (NDB), overseen by the National Development and Reform Commission. According to the plan, the NDB will be responsible for “coordinating the integration, sharing, development, and utilisation of data resources” as well as for “coordinating the promotion of China’s digital economy and the construction of digital China” (Gov.cn, 2023). Why is a central data regulatory body needed in China? How is it different from the Cyberspace Administration of China (CAC) in terms of functions? What potential impacts may this new national strategy cause on China’s and the global data governance? These questions are worth pondering before the NDB comes into play soon.

Background

China has the second largest digital economy in the world. In 2021, the value of China’s digital economy (about $7.1 trillion) accounted for nearly 40% of China’s GDP (Zhao and Mohanan, 2022). However, there is no dedicated state-level data regulatory organisation. About 15 government organisations are currently involved in data regulation and governance, which has caused barriers, incoordination and inefficiency in the regulatory process. To solve the problem, the State Council approved the implementation of the inter-ministerial joint meeting mechanism for the development of the digital economy in July 2022. Led by the National Development and Reform Commission, 20 central government organisations participate in the mechanism, such as the Ministry of Industry and Information Technology, the Ministry of Science and Technology, CAC and etc (Gov.cn, 2022). In fact, centralised data governance has been practised at the province level in order to promote the nationwide smart city construction. So far, 18 province-level data management bureaus have been set up since 2015, including Guangdong, Zhejiang, Shanghai and more(Secrss.com, 2018). These have provided local experiences and a solid foundation for the establishment of the NDB.

Externally, China’s top-level design of data governance in recent years also aims to keep pace in data governance with its Western competitors, especially the EU and the US. For example, the EU General Data Protection Regulation (GDPR) which was adopted in 2016 and took effect in 2018 has provided a useful reference for China’s making of its Data Security Law enacted in 2021. This can be seen from many journal articles and news commentaries published in Chinese whose titles are about the enlightenment of EU GDPR on China’s legislation on data security (see Zhang, 2020). The release of regional and national data strategies by the EU and the US also pushed China to develop its own national data strategy and governance framework. Since mid 2022, China has been releasing a series of top-level policies to formalise and institutionalise data governance, including the 20 Measures to Construct a Data Base System and the Plan for the Overall Layout of Building a Digital China, among others. They aim to activate the factor value of data, improve and standardise the governance and regulation to ensure an open, safe, fair and vibrant data market, and strengthen the competitiveness of China’s data economy globally. The NDB is such a dedicated state regulatory body which is expected to lead and coordinate China’s data strategy and governance.

Function

Before the establishment of the NDB, CAC has been playing the most important role in China’s internet and data governance. It is the most authoritative state agency that formulates and implements policies to regulate China’s internet and digital media with a particular focus on monitoring, censoring and guiding online content to ensure cybersecurity. With the dramatic development of the data industry, CAC has also taken the lead role to protect data security in the past few years, especially since the implementation of China’s Cybersecurity Law, Personal Information Protection Law and Data Security Law. It has already been overloaded with multiple tasks related to its “security” focus and has limited capacity to engage in the promotion of China’s data and digital economy.

The NDB is such an agency to fill the gap. It will play an important coordinating role in data infrastructure construction, managing, exploiting and utilising data resources. It has a “coordination” focus that aims to better coordinate the works of multiple state organs involved in the development of China’s data-driven society and increase the efficiency and vitality of China’s data economy. The NDB may replace or lead the inter-ministerial joint meeting mechanism for the development of China’s digital economy established in 2022. The CAC and NDB will constitute two wings of China’s data governance with one concentrating on data security and the other focusing on data economy. But the boundary is not clearly drawn. The NDB is likely to take over some tasks related to data security that the CAC is largely in charge of at the moment. In the future, we can envision the two agencies may jointly release policies regarding China’s data regulation and economy.

Implications

The establishment of the NDB demonstrates a shift from an earlier emphasis on security issues to a dual stress on both security and economic development in China’s data governance. It also helps streamline regulatory structure over data-related issues. Referring to the strategies for data in the EU and the US, but also sustaining China’s state-centric model of internet and data governance, the launch of the NDB marks the escalation of China’s data strategy and governance regime that suits China’s economic development and national security. Though China’s data strategies share some common aspects with its Western counterparts, such as security (e.g. Guidance on the Security Assessment of Outbound Data Transfers issued in 2022), privacy (e.g. Personal Information Protection Law issued in 2021), modernising data infrastructure (e.g. 20 Measures to Construct Data Base System issued in 2022), the governing philosophy behind China’s data strategy and governance varies, that is, the power and benefits of the government are always put above those of other stakeholders, such as the individuals and business entities.

Moreover, the NDB is very likely to become the leading state agency to promote China’s global data governance norms, which resembles the role that the CAC has been playing to build consensus on global internet governance. In September 2020, China released its Global Initiative on Data Security that demonstrates China’s ambition to compete with the Western democracies on the making of international rules and standards for data. The initiative has been endorsed by some countries that also practice the state-centric multilaterial approach of internet governance advocated by China, including Russia, Tanzania, Pakistan, the Arab League, among others (Park, 2022). The initiative requires that data gathered locally should be stored locally for the protection of data sovereignty and national security, while opposing the US’ weaponisation of data against China in the name of protecting its citizen privacy and companies’ most sensitive information (Tiezzi, 2020). The CAC and NDB which promote China’s “cyber sovereignty” and “data sovereignty” respectively will work hand in hand to help achieve China’s ambitions to become a cyber and data superpower.

The launch of the NDB is a sign of the CCP’s attempt to consolidate China’s data governance regime. China’s further engagement in global data governance and the promotion of its data governance framework, standards and measures worldwide will form a strong competing force against those set up by the US and the EU. The competition is arguably to make the global data policies more fragmented and the global data market more balkanised as a splinternet. The ongoing TikTok controversies in the US and Australia that involve concerns about data privacy, ownership and security over the Chinese-owned digital platform vividly demonstrate “the rise of data politics” caused by “clashes over data sovereignty” between China and the West (Liu, 2021, p. 45). China’s tightening control over data at home and its proactive advocacy of its global data governance norms abroad have made China’s going-global tech giants more controversial and vulnerable in foreign markets. The security-and-sovereignty-focused data policies and governance may hinder the global expansion of China’s digital economy in the long term.

With more countries and regions making progress in releasing their own data strategies and pursuing discursive power in global data governance, the contentions among different data principles and frameworks are arguably to mount. Therefore, an effective global data governance framework beyond the national and regional approaches is exigently needed to cope with the emerging challenges. As Kuzio et al. (2022) argue, the global framework should maximumly “incorporate common goals” of multiple stakeholders, and “remain flexible to the different data environments across nation-states while maintaining a global scope to ensure data protection” (p. e25-1). The US, China and the EU as three data powerhouses should lead the initiative of building an effective global data governance system through dialogues and co-operations.