The United States and China are engaged in a global contest to shape how digitized information—data—will be distributed and controlled for the foreseeable future. For the Biden administration, the contours of this contest are only just becoming visible. While officials have addressed the importance of data in US-China competition, there is not yet a clear set of laws and policies that would support a strategy of protecting Americans’ data from our biggest global rival. The opposite is true in Beijing, where Xi Jinping’s Party-state is building a massive institutional architecture to draw more and more of the world’s data resources toward China.
This report, based on the Chinese Communist Party’s own documents, dissects how the CCP has created a policy and regulatory architecture to maximally exploit data as the fundamental resource of the future global economy and governance system. It illustrates how People’s Republic of China (PRC) technology companies that are now omnipresent in foreign markets are increasingly integrated with the Party’s data storage and processing—and control and security—systems. This embedding potentially exposes huge swaths of the world’s population to a broad spectrum of data accumulation, espionage, and manipulation.
- Under Beijing’s new data hierarchy, all companies are forced to integrate into a centralized national data infrastructure controlled by the Party, structured to serve Party objectives in strategic competition with the West, and based on the fundamentally nonreciprocal premise that China maximizes the absorption of data from around the world while exporting as little of its own as possible.
- The logic of China’s interlocking data-security laws and the ubiquitous nature of China’s surveillance systems means that all customer data held by China-controlled companies will be potentially visible and accessible to China’s security services.
- Party-state requisitioning of data from commercial handlers is already being used to
- build databases of individual human genomes;
- map sensitive areas of other countries’ economies and borders;
- mine telecommunications networks for commercial secrets and intelligence;
- manipulate the online information environment;
- profile foreign citizens through social media; and
- target journalists who critically cover China and PRC companies.
This challenge requires an urgent response by the United States and other democracies. To that end, this report makes the following policy recommendations:
- Restructure the Commerce Department’s Information and Communications Technology and Services (ICTS) process to block commercial operations that threaten the security of critical and personal data.
- Reinvigorate the Committee on Foreign Investment in the United States (CFIUS) and update the Foreign Investment Risk Review Modernization Act (FIRRMA) to restrict the ability of China-linked companies within the United States to operate in critical supply chain areas.
- Join multilateral frameworks for coordinating and strengthening data protections and scrutinize China’s efforts to hollow emerging global digital trade standards.
- Pressure Beijing to agree to reciprocity by limiting US companies from investing in PRC companies engaged in data exfiltration and abuse and supporting corporations seeking to relocate operations from China.