World leaders who gather in Osaka, Japan, for the G20 summit this week will begin a conversation on worldwide data governance—and though they are deeply divided on the question of who should control data, some nations could seek to devise a system that excludes China.
Japanese Prime Minister Shinzo Abe, who is hosting this year’s summit, says he sees data governance as a priority. Indeed, the fact that the internet has remained relatively global and open has enabled the growth of the digital economy. App stores on our phones, email accessible around the world, overnight shipping on our favorite goods, the sharing of news and medical research and stock information—they’re all part of this global connectivity. Underneath it lie data, 1s and 0s that form everything from bank ledgers to social-media posts. Exchanges of data between organizations (companies, universities, governments, etc.) across borders are what contribute to companies offering services around the world in near real time, or to allied countries sharing law enforcement and intelligence information.
At issue is how countries view data. Do companies own the information? Does an individual own it? Does a government have access to it? The problem is that governments across China, India, the European Union, Japan, and the United States have philosophical differences on how they view these issues. These are not merely technical problems, but deep divides that may not be possible to bridge. Add to this the fact that this conversation is taking place as the United States and China are locked in a rivalry focused on technology—and, by extension, data. Taken together, this means that the rules for who controls data—and therefore harnesses their value—are part of a bigger geopolitical competition that will shape the 21st century.
The Internet of Things and 5G communications will create an exponential increase in data, but from a geopolitical perspective, the greatest strategic impact arguably lies with machine-learning and artificial-intelligence (AI) systems. That’s because researchers need data to train AI systems, and AI development has the capacity to improve everything from transportation safety to disease diagnostics to lethal-weapon accuracy.
It’s not just the volume of data that’s important. In part, it’s also the kind of data and where they originate; data on, say, Spanish speech patterns will not make a system robust at identifying Mandarin characters. This is where data governance comes into play.
In a world increasingly underpinned and powered by AI, those looking to develop globally competitive AI systems—algorithms that will be precise and accurate in many parts of the world, across many demographics—will need access to data on those different demographics, from those different regions. The rules that governments put into place regarding such access will therefore influence AI competition, because not getting these data could limit how well tailored products are to different people. These rules will also determine the access that states have to data when it comes to law enforcement and domestic surveillance, making data an increasingly important element of national security as well as economic growth.
It is no surprise, then, that governments are clashing over setting the rules for who has access to certain kinds of data. Two countries—India and China—and their approach to data have particular significance, because together they account for more than one-third of humanity.
Indian draft rules would require companies that operate in the country or collect data on Indian citizens to process certain kinds of personal data on servers in India—even if the companies aren’t based in the country. Defenders of this approach see it as a pushback against so-called data colonialism. Critics, however, are concerned that this approach would give the Indian government unchecked power to surveil its own citizens. Last week at the U.S.-India Business Council, ahead of his trip to New Delhi, Secretary of State Mike Pompeo said the U.S. would “push for the free flow of data across borders.”
The Chinese government also wants certain kinds of data to be stored on local servers. U.S., European, and Japanese policy makers and industry groups have lobbied Beijing for years to change these provisions, because they could mean steep costs for foreign companies that would be required to build local data centers to store and analyze all company data. Chinese President Xi Jinping has spoken extensively about the importance of sovereignty in cyberspace, and data are clearly a related component of that vision.
Chinese law explicitly states that the government has a right to demand that companies turn over data for unspecified national-security reasons. As a result, EU officials have indicated that China may never be eligible for a legal arrangement under the General Data Protection Regulation (GDPR) called an “adequacy agreement,” which would allow for data exchange with the EU. (The GDPR, which went into effect last year, set up strict privacy rules for those handling EU citizens’ data.) Chinese companies may find that it’s impossible to comply with GDPR and China’s cybersecurity law at once. The irony is that those who drafted China’s data-privacy rules looked to GDPR as a model. But the version of GDPR they created for China’s political system—where the government has expansive surveillance authorities—makes it hard to imagine how the two systems could ever be reconciled.
The Indian government has concerns about Chinese firms misusing Indian data, despite some similarities in how both countries store data locally. For example, Indian military personnel aren’t allowed to install WeChat, the Chinese social-messaging app, on their phones, but can use Facebook’s WhatsApp. The historically tense relations between the two countries are likely driving India’s caution.
Trying to find consensus on global data governance may look like an elaborate game of Twister. And some of these divides at hand may simply be insurmountable—perhaps splintering the data economy as we know it.
Against this backdrop, Abe’s government has floated “data free flow with trust.” We may learn more from Abe at the G20 meeting, but one interpretation is that if the United States, Japan, and the EU perceive that Chinese access to their citizens’ data presents some degree of risk, they could build agreements to share data only with one another (or even a subset of that group), but restrict access for Chinese firms. This could make it much more difficult for Chinese internet platforms to develop AI platforms for places and demographics outside Chinese borders by cutting off access to necessary data. But such an arrangement would likely meet resistance in the U.S. if it looks too similar to GDPR in restricting U.S. companies.
The United States, for its part, is already pushing for new restrictions that would prevent Chinese companies and the government from getting access to sensitive data on U.S. citizens. For example, in March, the U.S. government told a Chinese gaming company called Beijing Kunlun Tech that it would need to sell Grindr, the U.S. gay dating app, because of the potential for blackmail if the app’s data fell into the hands of Chinese intelligence.
Privacy legislation being debated in the United States also plays a role in brewing geopolitical competition. India, Europe, and other places will increasingly use data to constrain market access for foreign-incorporated tech firms—for instance, requiring them to store citizens’ data within the country, or to not collect it at all—if the U.S. does nothing to dispel the notion that Big Tech cannot be trusted to handle individuals’ data in ways that are not exploitative. That means the United States will need to place privacy checks on companies such as Google and Facebook if these companies are to continue to have global reach and access to data. Creating policy that understands there is not necessarily a trade-off between privacy and innovation will go a long way toward restoring trust in U.S. Big Tech at home and around the world while also helping fuel advances in AI. Rather than a race to the bottom when it comes to privacy, this may be the better way to compete against Chinese internet companies for AI leadership.
The stakes are therefore quite high in the competition to set the rules for global data governance. Abe’s ambition to find consensus on these issues may seem ludicrous, but starting a conversation that gets at the conflicting perspectives on data at the center of geopolitics could be among his most important legacies.