They may be geopolitical opponents, but Presidents Xi and Trump have done a lot for the other’s approval ratings. For nationalist, authoritarian presidents, having an external enemy is a must. But in forcing the Chinese internet company ByteDance to find an American partner in order to keep its short-video app TikTok alive in the US, Trump has gone further in advancing Xi’s agenda. Unwittingly, he has helped Xi export China’s vision of cyber-governance.
Since the start of Xi’s rule in 2013, China has tried to convince the world of the legitimacy of its way of governing cyberspace through censoring information and controlling foreign competitors’ access. In 2014, Xi’s newly appointed internet tsar brought together tech executives from around the world at the inaugural Wuzhen World Internet Conference.
Just before midnight on the final day, copies of a draft manifesto were slipped under the doors of attendees. The “Wuzhen Declaration” announced that the participants had agreed to “respect [the] Internet sovereignty of all countries”. Attendees were told to get back to the organisers with any changes by 8am. The next morning, after opposition from delegates, the declaration was killed.
So far, China’s advocacy for internet sovereignty has largely been a defensive move against foreign criticism of its tightly guarded domestic internet. But there are legitimate reasons for any country to want control over the flow of its citizens’ data: to prevent foreign snooping and to prevent malpractice by companies — whatever their national origins — seeking to profit from the abuse of user data. Over the past four years, Beijing has been building up its regulations over Chinese citizens’ data, trying to keep it mostly in China, guarded by groups it trusts.
As a result, Apple was told in 2017 by Beijing that in order to operate iCloud — which stores everything from photos to bank details — in China, the group had to find a local partner to operate its data centre. The government even lined one up for the tech giant: a state-owned company, Guizhou‑Cloud Big Data. Apple is set to open its second China data centre this year, in Inner Mongolia.
As news broke of ByteDance’s “technical partnership” with Silicon Valley stalwart Oracle, Chinese social media commentators joked about the echoes with Apple’s situation in China, saying that ByteDance was partnering with “California-Cloud Big Data”. China’s state media was less keen to embrace the irony: one columnist bemoaned the deal’s “worrisome precedent”, and wondered whether it would become a blueprint for market access into the US.
If the Oracle-ByteDance deal does work out to be a good blueprint for safeguarding data, it will be by Trumpian accident rather than design. Were the US to stipulate that foreign groups handling sensitive data required local partners, it would bring its data governance regime more in line with China’s. But there are problems with an ad hoc “trust the locals” approach.
Although a local company is less likely to be the source of a foreign espionage attempt, it is not necessarily going to be better at protecting user data. Nationality is not a good guide to technical know‑how or sensitivity to users’ needs. In the case of TikTok, it is good that a social media company is having its data practices “audited”, but it would be better if the auditor — Oracle — did not have a stake in the unit it sought to audit. It would also be much better if the auditor were not in the business of selling data for profit, as Oracle is.
But there are better models for the US to learn from than the Chinese one. As the debate over TikTok becomes more polarised, any writing on the subject is inevitably accused of advancing a Chinese or an American agenda. I’d like to propose a European agenda: GDPR. The EU’s data-protection regime is by no means perfect, but having any regulatory model at all is better than randomly singling out a foreign company.
If the US is serious about data protection, it can do much better by erecting open legal standards over data storage and collection and building a qualified base of auditors. Arbitrariness opens the path to abuse: in Beijing’s case, you can punish a foreign competitor when you want a domestic company to gain market share or, in Trump’s case, when it serves your re-election chances.
As it happens, Oracle was hit last month with a GDPR lawsuit in Amsterdam for the way it tracks and sells data. I hope the case can serve as inspiration for everyone watching the TikTok deal.
Yuan Yang is the FT’s deputy bureau chief in Beijing