Ever since 2010, China has been advancing its vision for cyber sovereignty. Instead of viewing the Internet as global and borderless, this vision instead calls for China being able to govern, regulate – and perhaps even censor – the Internet as it requires. Recent Chinese initiatives – such as the enactment of China’s Cybersecurity Law in June 2017 – would seem to suggest that China views cyber sovereignty as a way to clamp down on Internet companies within the country, especially foreign network operators.
Most recently, Chinese delegates attending the Beijing-sponsored World Internet Conference in Zhejiang province pushed the cyber sovereignty notion that all nations (not just China) should have the right to regulate the Internet within their own borders. The big question, of course, is what this cyber sovereignty vision implies for the future of the Internet – including data privacy, intellectual property, and cross border data flows.
Why China’s Cybersecurity Law is so controversial
According to the framework of China’s Cybersecurity Law, Chinese authorities have the ability to conduct spot-checks on any company’s network operations at any time. Moreover, China’s Cybersecurity Law includes a provision for data localization, in which sensitive personal data about Chinese citizens would need to be stored within mainland China itself rather than outside its borders.
Already, there has been some pushback from service providers within the foreign community about what these two provisions of China’s Cybersecurity Law could mean for intellectual property and cross border data flow. For example, the intellectual property risk of China’s Cybersecurity Law is that random security assessment spot-checks required by the Chinese authorities could be used to force foreign companies to hand over source code, encryption information or sensitive network security data to the Chinese government. In turn, this intellectual property from information technology companies might eventually find its way into the hands of government-backed corporate rivals.
While these intellectual property risks might be exaggerated, the risks concerning cross-border data flow stemming from China’s Cybersecurity Law are not, because they would fundamentally require companies to re-think how they operate within China, as well as the network products and services they are able to offer.
If a company views the Internet as global and borderless, then it doesn’t matter if the data is stored in Beijing, London or San Francisco. However, if the Internet is subject to China’s cyber sovereignty vision, then the data most assuredly must be stored within China. That would force the world’s largest tech companies operating in China either to outsource domestic data storage to Chinese companies, or to commit to massive new infrastructure costs to ensure compliance with data transfer requirements.
Foreign companies speak out against cyber sovereignty
Interestingly, Apple CEO Tim Cook and Google CEO Sundar Pichai attended the 2017 World Internet Conference in person. This is a clear sign that China’s vision for cyber sovereignty has the ability to reverberate through the hallways of the world’s top tech companies. Both Google and Apple have already had run-ins with the Chinese government before, and it can only be assumed that China’s Cybersecurity Law is only adding to their concerns. For example, as the result of China’s push for cyber sovereignty, Google’s search engine is still blocked within China, while Apple has had to remove apps like Skype from the App Store.