Cloud Control: China’s 2017 Cybersecurity Law and its Role in US Data Standardization

Abstract

This paper contends that by influencing the security issues presented by global corporate data investments through a combination of domestic policymaking, dominance in key market sectors, and leadership in international standards-making organizations, China is establishing new global standards for the data trade. In 2017, Apple Inc. was one of the first firms to build a new joint venture data center in China to comply with China’s Cybersecurity Law of the same year. This law requires all firms that maintain “critical information infrastructure” to store their data on a Chinese-owned server. Apple, like many firms operating in China, relies heavily on data centers to function in the Chinese market. However, for Apple, as for many other companies in areas ranging from engineering services to enterprise computing, the decision to open a data center with major ownership by a Chinese firm transforms the politics of power and access to data within the company and among its consumers. Indeed, shortly after Apple began migrating the data of Chinese users to its new Chinese servers, some US-based users reported the migration of their data to Chinese servers as well. The effects of Chinese influence on data security standards in the United States have yet to be thoroughly explored in the communications scholarship. No one has done so in relation to data storage for firms that are not explicitly in the digital economy such as white goods providers and home monitoring systems,. Drawing on reviews of Chinese corporate filings and government documents, as well as U.S. corporate filings this paper concludes that China’s Cybersecurity Law and the related technology regulatory framework have fundamentally transformed the ownership and the circulation of the data within the US market. The findings of this paper suggest that the United States should change its approach, because its current laissez-faire policies ultimately protect neither consumers nor national competitiveness. China’s influence on global data governance lies at the core of the future of global communications policy. Targeted, critical perspectives on the country’s specific policies and their effects on firms across a wide range of sectors will help regulators to plan for mid- and long-term strategic challenges not just in the technology industry, but across sectors. As more industrial sectors become data-driven, communications policy will take an increasingly central role in industrial regulation writ large.