They may be geopolitical opponents, but presidents xi and trump have done a lot for the others approval ratings. for nationalist, authoritarian presidents, having an external enemy is a must. butin forcing the chinese internet company bytedance to find an american partner in order to keep its short-video app tiktok alive in the us, trump has gone further in advancing xis agenda. unwittingly, he has helped xi export chinas vision of cyber-governance.
Since the start of xis rule in 2013, china has tried to convince the world of the legitimacy of its way of governing cyberspace through censoring information and controlling foreign competitors access. in 2014, xis newly appointed internet tsar brought together tech executives from around the world at the inaugural wuzhen world internet conference.
Just before midnight on the final day, copies of a draft manifesto were slipped under the doors of attendees. the wuzhen declaration announced that the participants had agreed to respect [the] internet sovereignty of all countries. attendees were told to get back to the organisers with any changes by 8am. the next morning, after opposition from delegates, the declaration was killed.
So far, chinas advocacy for internet sovereignty has largely been a defensive move against foreign criticism of its tightly guarded domestic internet. butthere are legitimate reasons for any country to want control over the flow of its citizens data: to prevent foreign snooping and to prevent malpractice by companies whatever their national origins seeking to profit from the abuse of user data. over the past four years, beijing has been building up its regulations over chinese citizens data, trying to keep it mostly in china, guarded by groups it trusts.
As a result, apple was told in 2017 by beijing that in order to operate icloud which stores everything from photos to bank details in china, the group had to find a local partner to operate its data centre. the government even lined one up for the tech giant: astate-owned company, guizhoucloud big data. apple is set to open its second china data centre this year, in inner mongolia.
As news broke of bytedances technical partnership with silicon valley stalwart oracle, chinese social media commentators joked about the echoes with apples situation in china, saying that bytedance was partnering with california-cloud big data. chinas state media was less keen to embrace the irony: one columnist bemoaned the deals worrisome precedent, and wondered whether it would become a blueprint for market access into the us.
If the oracle-bytedance deal does work out to be a good blueprint for safeguarding data, it will be by trumpian accident rather than design. were the us to stipulate that foreign groups handling sensitive data required local partners, it would bring its data governance regime more in line with chinas. but there are problems with an adhoc trust the locals approach.
Although a local company is less likely to be the source of a foreign espionage attempt, it is not necessarily going to be better at protecting user data. nationality is not a good guide to technical knowhow or sensitivity to users needs. in the case of tiktok, it is good that a social media company is having its data practices audited, but it would be better if the auditor oracle did not have a stake in the unit it sought to audit. it would also be much better if the auditor were not in the business of selling data for profit, as oracle is.
But there are better models for the us to learn from than the chinese one. as the debate over tiktok becomes more polarised, any writing on the subject is inevitably accused of advancing a chinese or an american agenda. idlike to propose a european agenda: gdpr. the eus data-protection regime is by no means perfect, but having any regulatory model at all is better than randomly singling out a foreign company.
If the us is serious about data protection, it can do much better by erecting open legal standards over data storage and collection and building a qualified base of auditors. arbitrariness opens the path to abuse: in beijings case, you can punish a foreign competitor when you want a domestic company to gain market share or, in trumps case, when it serves your re-election chances.
As it happens, oracle was hit last month with a gdpr lawsuit in amsterdam for the way it tracks and sells data. i hope the case can serve as inspiration for everyone watching the tiktok deal.
Yuan yang is the fts deputy bureau chief in beijing