Skip to 美中全球议题对话项目 Full Site Menu Skip to main content
View of system hacking in a monitor
View of system hacking in a monitor
April 17, 2024

China’s Take on Digital Sovereignty

播客系列:

中美汇播客系列

The People’s Republic of China is on track to become the largest generator of data in the world.  With so much data being created, Beijing has been proactive in working to develop a cyber regulator system committed to “digital sovereignty”—the idea that states should have the right to control the Internet within their own cyber borders.

From the Chinese perspective, according to Kendra Schaefer, the Internet is an extension of the physical reality and the physical universe. Schaefer unpacks China’s approach to internet and data governance, the social credit system, and Beijing’s efforts to maintain its seat at the table to shape international cyber standards.

这次采访是用英语进行的。

Eleanor M. Albert: Today we are joined by Kendra Schaefer. Kendra Schaefer leads the tech division at research and analysis consultancy Trivium China, focusing on Chinese user behavior, China’s digital expansionism, and the social credit system. She is also a nonresident fellow at the National Bureau of Asian Research. Kendra Schaefer has been in China since 2002, beginning her career as a user researcher and developer for foreign firms entering the China market before moving into consulting on Chinese interfaces and user behavior.

Kendra, welcome to the show. It's a pleasure to have you.

Kendra Schaefer: Great to be here.

Eleanor M. Albert: We're going to start off talking about you before we dig into the meat of the conversation, but I was curious if you would be willing to share how you came to study China and the tech space?

Kendra Schaefer: The whole thing was a happy accident. I think, like a lot of people who end up with a specialization in China, you don't go into it expecting to specialize in China. I went to China when I was 19 in the early 2000s. I'm 41 now. When I went over, I ended up in college in Beijing and I was studying Mandarin and I was also a casual web developer at the time.

I had been a nerd kid playing around on the computer when I was a teenager and doing coding. But it was so interesting at the time, the late '90s, early 2000s, nobody knew that that was a job. None of the adults in my life said to me, "Oh, you should pursue this as a career."

So I went to China. I studied Chinese language in Beijing. But right around that time, the tech space in China was taking off, the Internet was taking off, and so I ended up in the right place, right time. There were a lot of foreign companies coming in. Long story short, I ended up doing web development. I started my own small, web development studio. I was working with everyone from SMEs to multinationals in the China space.

Then, right in the mid 2000s, the firewall started to come down, the great firewall, and everybody wanted to know what was happening and what the rules were. So I ended up working with a couple of policy researchers. I started getting asked for reports about that and digging into the law. I was working with some other friends who were policy analysts, and again, an accident, slowly over time, I started to pick up Chinese policies and look at them, and I got immediately fascinated, and so slowly, slowly, slowly ended up in that space.

Eleanor M. Albert: Well, that's an incredible story. I think as we transition our conversation, it'd be great if you could help us understand China and these ideas about digital sovereignty. Could you lay out what you see as the principles and pillars of China's cyberspace governance. So, how does the concept of digital sovereignty play out?

Kendra Schaefer: That's really interesting. It is a huge question. Maybe we can break it up into two parts. But I would define digital sovereignty, or cyber sovereignty as it's sometimes translated, as the idea that states should have the right to control the Internet within their own cyber borders. That basically means the Chinese internet is governed by China, and China has the right to decide what happens in its own cyber domain.

Obviously this idea gets a lot of flak in Western democracies for a few reasons. The first and most obvious of those reasons is that Beijing tends to use that idea to justify domestic censorship and online surveillance. “We have the right to make laws about what kind of content can be disseminated online in China and what content can't. Other countries shouldn't be saying anything, so butt out.”

The other reason it gets flak is because this goes against this frankly old idea, this pillar of the Internet, that it's a free and open global Internet, and by splitting the Internet into countries, essentially, you create a splinter net. The Internet gets fragmented into blocks and the flow of information is restricted.

Both of those criticisms are very valid, but I think it's also probably worthwhile to examine the idea of digital sovereignty or cyber sovereignty, but taking censorship and surveillance out of the equation and just looking at does the government have the right to make decisions about what happens online in its own borders? I think maybe yes—governments do that anyway.

We've lived through a very utopian era of internet development in many ways. I'm 41, I lived through the early days of the commercial internet, and it was a total Wild West, no regulations whatsoever. Internet regulations everywhere have tightened over time, and they have started to fragment a bit. The EU takes a different approach than the U[nited] S[tates] to internet governance, for
example.

These domestic decisions that are being made about how the Internet works and what companies are allowed to do there have started to fragment, but ultimately the Internet's still pretty unregulated and taking a cynical view of governments in general over time, governments can't really resist the siren song of writing rules and especially rules that exert greater control over something as powerful as the Internet.

That's being kind to Beijing's idea of cyber sovereignty. Looking 50 years or 100 years into the future, I think states [will] impose increasingly divergent rules. You're inevitably going to see some degree of network fragmentation or data flow restrictions.

Eleanor M. Albert: So there'll be some semblance of digital sovereignty with Chinese characteristics, perhaps the American version of digital sovereignty, and clearly there is some development of a European, EU perspective.  

I want to dig into this idea of its application in the Chinese context. You talked about the role of the state. Now in the Chinese context, when we say the state regulates all of these things, who are those actors? In a country that has a party-state system, how is the thought process behind some of these policies created and disseminated?

Kendra Schaefer: That's really interesting to get into actually. The idea of digital sovereignty, how does that play out in practice and internet regulations is one question, but the other question is who's making these decisions, who's regulating the Internet?

The most important internet regulator in China is the Cyberspace Administration of China or the CAC. The CAC, we spent considerable time at work reading pieces that the CAC puts out. I'm fascinated with this body because the CAC is relatively new. It was formed in 2011. It was really officially formed, solidified in 2014, so only 10 years ago. It's a pretty new agency relatively speaking, but it is an offshoot of the propaganda department.

When you look at these early CAC policies, it was clear that regulators thought of the Internet as a digital newspaper. So they handed over ownership of this giant digital newspaper to the censorship bureau—the people responsible for controlling the dissemination of news.

At first, this body was just responsible for censoring information online and now they're responsible for data security, which is a much more technical topic. It is much more difficult to wrap your head around. And to be perfectly honest, they haven't done the greatest job. They've struggled to write great data security rules. They've learned a lot in the last 10 years and they've gotten a lot more sophisticated.

Eleanor M. Albert: I would also assume that as a country with as many people who are as online as everyone is in mainland China, that that's also just a lot of data to be responsible for. It's not just that they don't necessarily have the technical knowledge and capacity to do it, but the volume of data is just so large.

Kendra Schaefer: A hundred percent. China is predicted to be the largest data generator by volume by 2025. In a couple of years, between 2025 and 2027, China will generate more data than any other country on Earth. Yeah, it's a huge amount.  And let's be fair to the CAC, no regulator on Earth is doing a wonderful job of handling data flows and internet governance. It's been a new process for everybody.

Why don't we talk about the principles now, the second part of that? Because they have struggled to really apply these old school ideas of how to govern the information environment back in 1999 versus the information environment now.

More regulators have since come into the mix. It's not just the CAC governing the Internet. There's also the Ministry of Industry and Information Technology. They're more of the hardware and networks regulator. The CAC is a body of propagandists. Then you have MIIT, it's a body of engineers. They do maybe more of the hard tech governance.

And then you  just last year, had the emergence of a new bureau called the National Data Bureau, and their job is to govern the development of the data economy. This is a brand-new idea in Chinese Internet. This idea that data is an economic resource and we can't just focus on data security or cybersecurity, we also have to focus on “is that data being used in a way that benefits society that generates wealth and value.”

Eleanor M. Albert: Develop a consumer market.

Kendra Schaefer: Exactly.

Eleanor M. Albert: It seems very American capitalist in some ways to think about trying to monetize the amount of data that we have. For me, as someone who, obviously American, has spent a lot of time in China, it's so interesting when there's these strong criticisms about state control over the Internet and our data. And I think, well, “I also have problems about private companies having all of my data and trying to monetize it all the time.”

Kendra Schaefer: That's actually a wonderful segue into the principles that you asked about earlier—those principles of digital sovereignty and how do these regulators apply their ideas to the Internet. There's a couple of fundamental ideas that no matter what area of internet governance you're looking at, those fundamental ideas apply.

One of those ideas is that China's got a very different conception of what privacy means.

Another one of those ideas, and maybe the critical one that’s quite different, is that the Internet is not a place beyond the law. That's what regulators often say. What that means is that you shouldn't be doing things online that you're not allowed to do offline—the online digital world is the same as the offline world. You are held accountable for the things you say on the Internet as you would be held accountable for the things that you say offline. If you're not allowed to print your own newspaper offline, you're certainly not allowed to disseminate your own news online. You're not allowed to distribute violent or pornographic material offline, you certainly can't do that online. It's this idea that the Internet, you don't get to go on there and do whatever you want.

Eleanor M. Albert: It's not an alternate reality.

Kendra Schaefer: It's an extension of the physical reality and the physical universe. That makes a lot of sense when you think about under the concept of cyber sovereignty, the physical borders of China and the digital borders of China's internet are the same. They're mirror images of each other, they're extensions of each other. The online world is a mirror image of the offline world. That's this fundamental idea that sits under all of this regulation.

Then, in order to actually write enforceable rules, to follow on from that thinking, you can't allow anonymity online. You're not anonymous offline and you're held accountable for your behaviors offline. Therefore, you must be tracked, and you can't have any anonymity online because then it is an alternate world.

What you see is that rules have been put in place where every device, every user account is tied to your real ID. Your mobile phone number is tied to your real ID. Your mobile phone number gets used as the identification method or the user account number to sign up for most accounts online. Those accounts online must check that they have gotten real name registration from you.

There's no such thing as opening an email account without a personal ID tied to it, no such thing as opening a social network account with an anonymous email address. These things are prohibited. It still happens. The Internet's full of holes and it's a sieve. It's hard to implement these things, but not supposed to happen.

So you've created this digital governance space where what has happened on the Internet can be tracked back to source in some way because an account initiated this activity or said this thing or disseminated this piece of content and we can find out who did that.

So one: the Internet's not a place beyond the law  Two, no anonymity. And three, as I said earlier, the concept of privacy is real different. Those are the three big pillars, I think, of the thinking behind some of this internet regulation.

I would say that in the Western world, the idea we have of privacy is the law protects me and my data from governments, hackers, and marketers. In China, the idea is the government and I protect my data from hackers and marketers. I think it's wrong to say China does not have a conception of privacy. It's just that the government gets a pass and the government still imposes privacy.

Eleanor M. Albert: I also feel like in some ways that analogy can be “the government and I protect my data and society, right? Because their unit of analysis tends to be the most amount of people at the sacrifice of some individuals. But I think that fundamentally is also very different in thinking about the individual application of the concept of privacy.

Kendra Schaefer: I would completely agree. We should underscore that because in most areas of Chinese law or Chinese regulation, the idea is you don't get the right as an individual to do things that harm the group. We would rather squash your rights as an individual than allow you to run wild and destroy the group, and that also means saying things that damage social stability as defined by the state.

That's obviously problematic, right? In practice, extremely problematic. But I think we could also understand the thinking, living in the information environment we live in now, where everybody's right to say whatever they want ... And we [in the United States] don't have a good answer for this at all—everybody's right to say whatever they want on the Internet anonymously has led to a pretty toxic information environment that is corroding social stability slowly over time.

Obviously, nobody is willing to give up the right to free speech to handle that problem. And I don't think it's the right answer for Western democracies, but you can see that that's not necessarily an incorrect assessment, that this wild marketplace of ideas that we love so much has these toxic traits as well. And China's the other extreme of trying to deal with those toxic traits.

Eleanor M. Albert: Absolutely. I want to shift us a little bit more to the application of some of these principles. And I think your introduction of some of the regulatory bodies paints some picture of how this strategy has evolved over time. But I thought it would be helpful if you could also tell us about the tools that China uses for this regulatory environment. How does having everything be verified by a real account with a real ID come into play? What are the types of restrictions that then imposes? What are the tools of control over the information environment?

Kendra Schaefer: The state essentially, and I'm way simplifying here, but I think what people tend to imagine happens is that the Chinese government censorship body, the CAC, has a million staff members and they all sit in a windowless office reading internet posts all day long, which I thought when I first got there. It's an understandable question, how does this environment work?

Instead, the state imposes lots of pressure on certain market actors within the information and internet environment. What I mean by that specifically is that platform and social media companies bear the brunt of all these rules. So if you run a social media platform, man, you got a lot of rules that you have to abide by, and the CAC then checks that those companies are doing that or not, and MIIT and these other regulators, too, weigh in on that point.

And two, hosting and cloud companies. Cloud providers or hosting providers or internet service providers in various ways—ISPs—have a bunch of rules that they have to adhere to. So platforms are responsible for hiring a ton of sensors to ensure that. You can see that to keep costs down, of course, they'd be interested in writing AI [artificial intelligence] tools to also automatically censor some of these things.

From what we understand, all these platforms have certain keywords that you cannot use. Some of those keywords are given to them by the CAC. Some of them, they decide themselves in the spur of the moment. There are automated tools on those platforms that remove negative content or disallowed content automatically. If there's a big uproar over something and the state wants to squash it, any picture or text related to that particular uproar will get added to this automatic censoring system. All the platforms have a different system that they built. When a platform is not doing a good job of removing content that the CAC finds objectionable, the CAC will discipline the platform.

Then the platforms are also responsible for doing real name registration of users and collecting all the information that they need and then putting the systems in place to track users back to source. And everybody's on the same two to five platforms. So this is a centralized point where pressure can be applied.

Then for ISPs, same kind of deal. They're not responsible for content, but they are responsible for ensuring that anybody who wants to open a website has to get a license from the internet service provider. You get a license number, you have to display your license number on your website. Anyone who wants to start a blockchain now—they've launched a new licensing system for blockchain networks that might not even be user facing. It's just a backend network system that you've set up and launched, and you have to get a license for that. And even more modern, there's now a licensing system for algorithms. Are you launching an AI tool? You got to go get a license.

This is a regulatory pressure point or point of control on the network provider and the service provider, and then also in these places where users are going to disseminate content.

Eleanor M. Albert: The bureaucratic apparatus creates a lot of hurdles. So if you are a malign actor and you have all these hurdles, why bother, right? It's too much work.

Kendra Schaefer: You'd think, but of course the reality of the situation is that there's still a ton of disallowed content that doesn't get deleted. The net is not perfect. I think it was Clinton who said, when China started to censor the Internet, "You can't control the Internet. It's like trying to nail JELL-O to a wall." That was the quote. And everybody was like, "Well, China's been nailing the JELL-O for 20 years now, and it's kind of working."

It is and it isn't. It's still JELL-O, I mean, it's still quite hard, and every time there's a new technological development, it's not perfect. It gets better every year. It gets more technologically advanced every year. As these platforms are worried about getting in trouble for not doing this or that. It'll get even tighter with the development of advanced AI. But the government, no matter where they are, are always behind technology, whether it's a new technology or a new frontier.

Eleanor M. Albert: I also would assume that thinking about the Chinese government, it's one thing to create ideas at a centralized, top level, and then the implementation down the line is always a challenge. In general, I think a lot of policies are given guidelines and then it's up to the implementer to really figure out what the boundaries are because they're not set in stone. As you said, sometimes they're creating their own lexicon of topics or words that can't be allowed. And that's a hard barometer to gauge when the pressure points are from above, but you don't necessarily know what the risks and rewards are for how you engage.

Kendra Schaefer: That's exactly what's happening in the data security space now, particularly with cross-border data transfer. The state imposed basically guidelines. I think the state thought they were being specific, but they weren't. And then all these companies trying to export data from China tried to follow those guidelines and found them impossible to follow, and everybody's just been guessing.

So there's been this big geopolitical kerfuffle as foreign companies operating in China have said, "Hey, can you give us clearer guidelines on this data export thing? It's a serious problem." And a couple weeks ago, the state said, "Okay, sorry." And they tried to put in more guidelines, but we've spoken to companies who said, "This is great, but it's still not super clear."

Eleanor M. Albert: That ends up having so many ripple effects, especially in a time when China's economy is struggling and they're realizing that they really need the foreign companies to stay. And if they have all these restrictions, well, it makes it a lot harder to stay.

Kendra Schaefer: Exactly.

Eleanor M. Albert: I can't not ask about the social credit system and how it fits into this? How does this work? To what extent is it in place? Where does China's social credit system fit into the cyber regulations and where does it stand as a system?

Kendra Schaefer: We did a big study on this and we spent about a year digging into it. I had been in China for 20 years. I was reading all of this stuff about social credit in Western media. I'm sitting in my office in Beijing, and I thought, "I have never heard a single person here say the words social credit score, social credit system." I was like, "What is this?" And I realized that I had this weird superpower, which is that I read Chinese government documents and I was like, "well, I'm going to go read some documents."

There's a lot of misconceptions, so we did a bunch of research. Number one, there's this idea that the social credit system is a secret government project that's this black box, and China would never talk about it. There are thousands of documents on social credit, public documentation, just piles of them because the state's very proud of the social credit system because the social credit system was not developed as a citizen scoring mechanism.

We have this understanding that it's like Black Mirror and everybody's walking around, and if you don't say that Xi Jinping is the most beautiful soul you've ever heard of in your whole life, then your social credit score comes down and you can't get into school, all this kind of stuff.

But we found the first ever document, treatise written about social credit. It was written in 1999 before AI or big data or any of this kind of stuff was around. You have to remember the social background at the time, this was 1999 when they came up with this system. China was preparing to join the WTO at the time, and the WTO had rightly said, "Your corporate environment is a mess. You have so much fraud and scams and cheating and corporate misbehavior. It's a terrible business environment to exist in. How are you going to fix this?"

What this treatise basically said was, "Yeah, our legal system is very weak and we can't use the law to control all of these companies who are dumping toxic waste in the river and stealing money from customers, making unsafe products, and doing all of this kind of stuff. The legal system is not equipped for this. How can we use data to fix this problem?" That was the original idea behind the social credit system.

The solution that they came up with was, “okay, all of these different government departments that don't talk to each other have data about these companies' behavior in the marketplace.” The environmental regulator might know if this company's ever been fined for dumping toxic waste, and the tax people know if this company pays their taxes, and the court system knows if this company has been prosecuted or has lawsuits against it.

So they thought, "Well, what we're going to do is we're going to put all this data in a pile and we're going to call that a corporate social credit file." That way regulators can look at that record set and they can say, "Oh, this company is misbehaving."

So where did this idea of the social credit score come from for individuals? Well, over the development of the social credit system, some regulator along the line essentially went, "Well, companies are made of people. It's the individuals who run these companies [that] are making these decisions. A company is not bad. It's the people that run it that are doing all of this illegal stuff. And so what we're going to do is keep files on people and their professional data. “Has that individual not paid their bills?"

These ideas developed over time, but bottom line is that the social credit system was a data de-siloing effort. The idea was to take government records that already existed, that spoke to the legal compliance of a person or a company, to put those things into a pile and to use that to distribute rewards or penalties to put pressure on that company or person until that company or person falls in line with the law, complies. It's an add-on; it's a plugin to the legal system.

So the social credit system created this dataset. It didn't create a score. Some city governments came up with the idea that they would take these datasets and add their own local data to it. The idea was, let's say that a citizen doesn't have any bad marks in their social credit file and they also have contributed to the community locally, they donated blood, then you get some rewards for that, things like free city bikes, or free audio guides at the local museum, free tickets to the park.

Those were the benefits, but there's no penalty. There was no penalty from the scoring system, It's just that you don't get access to the shared city bikes. Not every city had this system. That is not a national law. There is no single social credit score for everybody.

So is this problematic? Absolutely. It's problematic because de-siloing data makes data more powerful. When the government has a big pile of data about you in one place, they can make decisions. It doesn't matter what they're doing with it now even. You can make decisions about who somebody is in a way that maybe reduces somebody's personal liberties and privacy. The government has incredible insight into your life.

In terms of digital sovereignty or internet governance, the social credit system doesn't plug into the way that the state governs the Internet. What it does do is indicate how powerful the state is at being able to collect data from various sources.

Here's a problematic future scenario. There's no evidence that this is happening now, but there [are] indications it could absolutely happen later. What if you use AI to do a future prediction about who is likely to default on child support payments in the future? And then you go to court for something and a judge gives you a higher fine or penalty because this AI has made that kind of decision.

So the collection of data in this way gives the state more power, but honestly, it doesn't bleed over into internet governance. I think the reason people think it does is because they think that social credit is tied to you walking around the street and facial recognition cameras are picking up on your face, and if you spit on the sidewalk, now you've got this record that goes into your social credit file and your score goes down. So it's connected to the amorphous Chinese internet, but unfortunately for sexy stories, that's not what's happening.

Eleanor M. Albert: That also plays into the idea about how this type of regulation is happening. You were talking about the platforms, it's the internet providers, and it's not the regulatory bodies themselves—they are regulating the larger businesses who are then providing the means for cyber data to be generated.

Kendra Schaefer: This is a state data issue, which is fascinating. There is a document showing what data is in the official social credit database. Like I said, the state is not afraid of this. In the state's mind, this is a wonderful tool to ensure corporate compliance and individual compliance with the law. It is not a social control mechanism, although there's an argument to be made there.

There's this document of “here's all the records we collect under the system.” It really is your records from the Ministry of Education. That's not your school history, like your grades, it's did you ever get caught cheating on an exam? Did you ever turn in academic paperwork that was false? Did you falsify academic papers? They contribute those records. The tax bureau: are you delinquent. These [are] files that the government already had.

I think this really speaks to how China thinks about the power of data. This is what we were talking about before, the data economy, the power of data aggregation, the power of data centralization. What power can the state get? What predictive power can the state get by putting more types of data in a single place?

The COVID data tracking system was just like this. You want to track where people are and what's going on, and if they're traveling during COVID? Great. We already had that data in a bunch of different government departments. But since you have this centralized authority in China, that centralized authority can walk in and say, "Okay, I'm demanding that all of you put these types of records into a pile. We're going to use them in this way."

Again, it makes the state sound very prescient. It's not. The way this plays out in practice ends up being messy and fragmented and ineffective in many ways, but over 20 or 30 years, problems get sorted out.

Eleanor M. Albert: Especially as priorities become clearer. Once you have access to more centralized data, you figure out over time what you want to do with it, how you want to use it.

I want to shift us from talking about solely the domestic environment [to] the interplay between China's domestic views on cyber governance and perhaps its influence on trying to shape international cyber regulations.

How does China's vision of digital sovereignty differ from some of the governance priorities of other major powers? Is China trying to influence broader cyber regulations, or does it just want to create a space where its own regulations can live and survive?

Kendra Schaefer: I would say that it's probably, at least in the near term, it's more of the latter. This has really emerged in the AI governance space. Over the last year, we've seen that all governments are suddenly in a panicked scramble to identify, start writing some international rules of the road on artificial intelligence. There've been a couple of major conferences about it. There's been a lot of top-level leadership discussion about it, and China is petrified of getting left out of that conversation.

So what China's mostly trying to do at the moment is get a seat at the table, which it has gotten for the most part, and maintain a seat at the table using cyber sovereignty as a reason why it should have a seat at the table and why other countries should not say, "You don't belong here because you do X, Y, and Z with artificial intelligence, or X, Y, and Z with your internet domestically."

Cyber sovereignty plays into a justification, I think, or a rationale for why other countries don't get to exclude China from this conversation. I don't know that I buy the idea that countries should be totally exempt from criticism no matter what they do in their domestic environment. But at the same time, I don't think it's right to leave China out of this conversation, mostly because we cannot. China is a major AI power at this point. China is home to some of the largest AI companies on the planet, and it would be a mistake to just ask them to sit in the back of the room. So that's the question on where Beijing's at in terms of what it wants.

In the long term, there are some indications that China's interested in growing its influence, but not really. I always take issue with the argument that if we take a slightly lighter touch to Chinese technological development that one day China's going to come impose censorship on everybody else.

China's never really been that interested, from what I can tell, on censoring everybody or turning every country into a communist country or imposing its idea of the Internet on other countries. It's "You let us do us, go away. We get to do whatever we want, go away." That seems to be the general trajectory of thinking there. "We're immune to criticism, it's none of your beeswax." I don't think that's a valid argument either, but that is where Beijing approaches that.

In terms of where it has conflicts with other countries' digital governance, China's actually tried quite hard to track with the EU [European Union]. That seems to be China's benchmark for international cyber governance issues. For example, data privacy and cross-border, “how are we treating personal
information?”

The EU's got the GDPR [General Data Protection Regulation] and China's got the Personal Information Protection Law. All the scholars [in China] were studying the GDPR very closely, and the consideration was, “Look, we want to develop a rule set that is specific to us and meets the needs of domestic regulation. At the same time, we don’t want to create a rule set that’s so different from what other major powers are doing that we cut ourselves out of global data flows because our rules don’t match up.” So they studied the GDPR very closely and used it as a model. And if you look at the two laws next to each other, you can see there's a lot of similarities.

There's really nothing to model yourself on in the [United States]. We've done a terrible job at writing any kind of cyber policy at all, so we don't have the federal-level data privacy law, one of my biggest pet peeves. There's a couple of state-level protections. So there's really nothing for China to model itself on or to try to fit in with.

But you can see that the state is concerned about getting left out of digital trade by accidentally going too far. So it really has a split view on what [they’re] doing domestically can be completely different to what everybody else is doing. This is the idea of digital sovereignty. “Inside our own borders we do whatever we want, but when it comes to data flow globally, we are worried about trade and economic issues. We don't want to be excluded.”

There's a lot of room for international cooperation. Not room, as you can see under this thinking, for China taking on board anybody's criticisms about domestic censorship, et cetera, but lots of room for China to budge or compromise or come to an agreement for digital trade issues and international data flow.

The views and opinions expressed are those of the speakers and do not necessarily reflect the position of Georgetown University.

Outro

The U.S.-China Nexus is created, produced, and edited by me, Eleanor M. Albert. Our music is from Universal Production Music. Special thanks to Shimeng Tong, Tuoya Wulan, and Amy Vander Vliet. For more initiative programming, videos, and links to events, visit our website at uschinadialogue.georgetown.edu. And don’t forget to subscribe to our podcast on Apple podcasts, Spotify, or your preferred podcast platform.