1、 European Union Institute for Security Studies, 2021.The views expressed in this publication are solely those of the author(s) and do not necessarily reflect the views of the European Union.BRIEF / 21Oct 2021CHINAS DATA STRATEGYCreating a state-led marketbyCamille BoullenoisProject leader/Head of Br

2、ussels office at SinolyticsINTRODUCTIONIn 2019 and 2020, the European Union (1), the United Kingdom (2) and the United States (3) issued strategy papers on data governance acknowledging the im-portance of data to their economic development and national security. With different emphases, four competi

3、ng objectives dominate these data strategies: innovation (using data to create new business models and boost economic growth); security (ensuring that sensitive data is not used by a hostile foreign power); privacy (protecting citizens from abusive use of per-sonal data); and surveillance (using dat

4、a to monitor and control citizens and companies behaviour).In the past two years, China has been defining its own data strategy and governance regime and, while juggling the same four competing objectives as its Western counterparts, is taking an innovative ap-proach. While the specific data governa

5、nce framework is still being debated among scholars, policymakers, industrial lobbyists and state institutions, local pilot regulations on data and stakeholders public posi-tions have already hinted at its future characteristics.This Brief aims to shed light on these debates over Chinas emerging dat

6、a governance framework. It starts by describing the objectives of the framework, Summary Chinas data strategy creates risks of abu-sive data collection on EU nationals and companies and challenges the European Unions strong emphasis on individual data rights. Chinas data governance frame-work also e

7、ntails a risk of deepening data protectionism, where countries hold on to their data resources and do not share them with foreign actors. As for other factors of production, such as land, labour and capital, China has em-barked on a process of carefully defining property rights for data; these right

8、s de-pend on the type of stakeholder, the pur-pose of usage and a granular categorisation of data types. Chinas data governance framework, as discussed by policymakers and illus-trated in local pilot schemes, emphasises corporate data rights and state-led data collection.2CamIllE BoUllEnoISthen summ

9、arises the debates around the new data rights that Chinese policymakers are establishing and analyses Chinas first local pilot regulations defining those rights. The Brief then focuses specifically on health data to illustrate how Chinas data governance regime is designed to work. Finally, the Brief

10、 gives an overview of the challenges that Chinas data governance framework presents for EU governments and companies. Ultimately, Chinas data governance regime will have impor-tant implications for the protection of EU citizens data and creates a risk of data protectionism. It is therefore crucial t

11、hat the EU under-stands early enough the direction that China is tak-ing, so that it can respond appropriately.UNLEASHING THE POTENTIAL OF DATA RESOURCESAs in many countries, the objectives of Chinas data governance policy have been evolving rapidly. Originally more concerned with data security and

12、us-ing data as a tool for surveillance and control, the Chinese government has in the past five years built a comprehensive data privacy protection regime and established a strategy to create a data market encour-aging innovation and digital economic growth.The Chinese government has long pursued a

13、security-centred approach to data. Soon after the country opened up to the internet in the 1990s, the government took drastic steps to control access to the Net with its infamous Great Firewall. In subsequent decades, protecting the countrys cyber infrastruc-ture and preventing cyberattacks and data

14、 leaks have become key goals of Chinas data governance system, with regulations such as the 2017 Cybersecurity Law and the 2021 Data Security Law.Gaining an in-depth knowledge of its population for governance purposes has also long been part of the Chinese governments strategy. The digital policing

15、Golden Shield project, started in 1998 and oper-ated by the Ministry of Public Security, included the establishment of a centralised criminal information system. A police data system known as the Integrated Joint Operations Platform later became infamous for its role in mass surveillance and human r

16、ights viola-tions in Xinjiang.The objective of protecting individuals privacy, by comparison, made its appearance more recently. It was only in 2018 that China, following in the EUs footsteps and responding to citizens concerns, start-ed to put in place a systematic le-gal framework protecting data

17、pri-vacy, with the Personal Information Security Specification (4) (a revised version of which was released in 2020) and the flurry of personal information protection regulations that followed, culminating in the Personal Information Protection Law (5) issued in August 2021.The push to develop the d

18、igital economy has also started to be integrated into Chinas data governance framework in the past five years. In 2015, the State Council issued the Outline of Actions to Promote Big Data Development (6), and the 13th five-year plan (7) issued in 2016 dedicated a whole chapter to the national big da

19、ta development strategy. Encouraging the digital economy is important to the Chinese gov-ernment for two reasons. First, China lags behind Western countries in smart manufacturing and in-dustrial digitalisation. China, for instance, spends about six times less on IT as a proportion of gross domestic

20、 product (GDP) than the United States and three times less than Germany (8). Chinas manufac-turing is still largely low-tech, low-skilled and based on cheap labour, and data is seen as crucial to in-novation and economic upgrading. Second, Chinas fast-growing e-commerce market is exceptionally stron

21、g, accounting for about 45 % of global transac-tions in that sector (9), and Chinese leaders want to capitalise on that strength.To unleash the potential of data resources, the Chinese government has embarked on an unprec-edented approach with regard to data governance. In October 2019, the Fourth P

22、lenary Session of the 19th Central Committee of the Communist Party charac-terised data as a factor of production (10). This rec-ognition paved the way for discussions about how to create a state-led data market, which would boost the digital economy by reducing transaction costs and allowing a smoo

23、ther circulation of data. In 2020, an important State Council policy announced more market-oriented allocation of factors of production, including data (11).Such a legal regime would have to balance the inter-ests of three different stakeholders. Businesses, on one side of the triangle, are seeking

24、easy collection of personal data; cheap, legal and fast access to data-bases with accurate data; and protection of their data from the governments reach. They also seek oppor-tunities to exchange data with other businesses and to monetise data, low compliance costs for storing and using databases, a

25、nd the right to analyse and use Chinas data governance regime will have important implications for the protection of EU citizens data.3ChInaS daTa STRaTEgy | CREaTIng a STaTE-lEd maRkETdata to enhance their business models. On another side of the triangle, individuals want restrictions on data colle

26、ction to better protect their privacy, and they need guarantees that the data that companies and governments hold on them will not be used to harm or control them. On the third side of the trian-gle, various government agencies, as in many coun-tries around the world, are pushing for increasing data

27、 collection on the population so that they can better oversee and control citizens and companies behaviour. Governments also seek to arbitrate be-tween corporate and individuals interests (12).WHO WILL OWN CHINAS DATA?A data market, like other sectors of the Chinese econ-omy, is understood in a very

28、 specific way: under Chinas socialist market economy (13), the govern-ment has a significant role in defining rights and rules but recognises that letting players freely inter-act within this state-defined framework is most ef-ficient. With this in mind, Chinese policymakers are now starting to call

29、 for a legal system that creates and defines data property rights, thus allowing data to become a tradable commodity that can be bought and sold on data trading platforms.Creating a data ownership regime is controversial. Data has unique properties that make such an en-deavour difficult: unlike tang

30、ible goods, data can be reproduced and disseminated at will. A creative and original effort, which is often the legal prerequisite for an object to be recognised as intellectual prop-erty, is not necessarily required to assemble a database. After years of heated discus-sions, the United States and t

31、he EU have not yet cre-ated such a data ownership regime. While proponents of the idea argue that it would create incentives to generate and share data, critics contend that it would stifle the growth of the digital economy, hinder the movement of data and accelerate data monopolisa-tion (a process

32、whereby a company acquires a domi-nant position across multiple sectors as a result of its capacity to hoard data on a very large scale) (14).The topic is also contentious within China. As it is a technical issue on which legislation is still in the early stages, there is room for public discussion

33、and disa-greement, which have been expressed openly in aca-demic and news articles. But there has been, over the past two years, consistent and high-level support for introducing data property rights. The 14th five-year plan released in March 2021 a high-level roadmap of the countrys development cov

34、ering 20212025 called for establishing and improving data proper-ty rights transactions (15). The ninth meeting of the Central Finance and Economics Committee in March 2021 once again called for strengthening the con-struction of the data property rights system (16).Defining data ownership rights, a

35、ccording to pro-ponents of this legislative effort, would have sev-eral benefits. It would encourage the circulation and sharing of data and help eliminate barriers to data usage. Companies would not be afraid to share data if they knew property over it was protected by law from appropriation and ab

36、usive copy. In addition, it would lead to a better distribution of wealth and benefits derived from data usage, by enabling the es-tablishment of a taxation system based on data as-sets, for example. It could also break down natural data monopolies and ensure fair market competition by allowing smal

37、ler players to monetise their data rather than losing it, or to buy data they need from tech giants.Although Chinas data ownership regime is still in its early stages, discussions among scholars, speeches by policymakers and local legislation hint at what it could look like. Most commentators agree

38、that a data ownership regime should allow for non-exclusivity and multistakeholder joint ownership, with differ-ent data subjects and data processors exercising dif-ferent rights over data according to their role in generating, maintain-ing and using it.Under this framework, individuals have been gr

39、anted substantive pro-tection from harmful corporate data practices, with privacy provisions very similar to the EUs general data protection regulation (GDPR). But Chinese experts and policymak-ers also advocate a business-minded framework in which data ownership rights sensu stricto would be re-ser

40、ved to large databases held by businesses and not extended to individuals personal data. This would mean that individuals would not be able to monetise or derive income from their personal information, but they would enjoy negative rights, for example the rights to refuse to grant authorisation to u

41、se their information, to delete it, to access it or to rectify it.By contrast, enterprises collecting data would enjoy the rights to manage, use and derive income from the data they held under certain conditions. One such condition is that the data collection either was authorised by the individuals

42、 that the data concerns (the data subjects) or responded to a limited set of necessary business purposes. Alternatively, busi-nesses can freely use the data they have collected as Chinese policymakers are now starting to call for a legal system that creates and defines data property rights.4CamIllE

43、BoUllEnoISlong as it has been anonymised and can no longer be used to re-identify their data subjects.Recent court cases such as Weibo v Maimai (2016) and Tencent v Douyin (2019) demonstrate that companies collecting and using large, anonymised data sets are already granted the right to protect them

44、 from unfair appropriation by other companies, even before China has enacted fully fledged legislation on this issue (17).Nonetheless, Chinese policymakers have been careful not to endorse the monopolistic and unfair competi-tion practices of Chinas tech giants and have recent-ly embarked on a massi

45、ve crackdown targeting them. Data resources, they argue, often form natural mo-nopolies that need to be broken down to allow fairer market competition. Recent regulations thus strive to protect consumers from collective harms arising from data technologies. The Personal Information Protection Law, f

46、or instance, bans AI-powered dif-ferentiated pricing and allows data portability from one platform to the other, so as to avoid lock-in ef-fects. A recent restructuring required of Ant Group, in April 2021, was another move in that direction: al-though the specific rules are still unclear, it is lik

47、ely that the company will no longer be able to share data freely and opaquely between different industries and different subsidiaries of the group. Most recently, in September 2021, media reports indicated that Ant Group would be forced to create a separate loans app and to turn over user data to a

48、new entity jointly owned by state companies (18).The system of joint usage rights that would result from such rules is seen as a prerequisite for assetisa-tion and monetisation of data sets. Since 2014, China has experimented with big data trading platforms for data transactions (19). Furthermore, t

49、he proposition for a data property rights system put forward at the 2021 annual session of the National Committee of the Chinese Peoples Political Consultative Conference suggested the creation of a national data bank from which users could purchase data sets; the income in-curred would be distribut

50、ed among all stakeholders according to their participation in generating, col-lecting, maintaining and exploiting the data.The ideas surrounding the creation of a data owner-ship regime in China also tend to envisage significant powers for the state as a key regulator and actor in data collection an

51、d sharing. Policymakers and ex-perts are exploring different paths to encourage or force companies to grant the government access to their data resources, for example tax deduction poli-cies for companies willing to share data or financial compensation for mandatory data sharing.Circular transfersRi

52、ghts and transfers in Chinas emerging data governance regime between government, companies and citizens GOVERNMENTCITIZENSCOMPANIESGOVERNMENTCITIZENSCOMPANIESGovernments can request and use companies and individuals data for public interest purposes.Companies data assets are protected from unfair ap

53、propriation. They can be sold or used to improve business performance.Individuals have the right to access, modify and delete personal data held by companies. They can deny collection, use, and transfer of personal data to companies.Forced transferCustomer data collectionMonetised transferConditiona

54、l oncitizens approvalConditional on governments and citizens approvalAggregated/annonymisedAggregated/anonymised5ChInaS daTa STRaTEgy | CREaTIng a STaTE-lEd maRkETEqually important in these propositions, however, is the Chinese state opening its own data resources to the public. According to a state

55、ment by Chinese Premier Li Keqiang in 2016, more than 80 % of Chinas information and data resources are in the hands of government departments at all levels, but very little of this data is centralised, used or shared in a meaningful way (20). The Chinese government wants to share some of this data

56、with the public, but also to offer some for paid, conditional use by companies.The last, but not least important, mission of the state is to protect national data resources, subject to fierce competition between countries. The Data Security Law released in June 2021 gives indications as to how these

57、 strategic resources will be protected. The law defines important data that, if leaked, would be damaging to Chinas national security, public health, or economic and social development. This data would be subject to cumbersome export controls, including approval from local public security authoritie

58、s.All the ideas surrounding the creation of a data mar-ket have been synthesised in Chinas first draft local regulation defining data rights. This regulation, is-sued in Shenzhen in 2020 and revised in June 2021, will serve as a pilot and potentially a blueprint for a national definition of data rig

59、hts, and it therefore of-fers invaluable insights into what Chinas data gov-ernance regime will look like in coming years (21).The Shenzhen regulation defines three kinds of data rights for three types of actor: individuals, compa-nies and the government. The per-sonal data rights enjoyed by indi-vi

60、duals obey a different logic from ownership rights they are civil rights as defined in Chinas Civil Code. By comparison, companies enjoy rights closer to traditional ownership rights. They can buy and sell legally obtained data through legally established data trading platforms. The Shenzhen regulat

61、ion also defines public data as a new type of state-owned asset, held and collected by government authori-ties and public institutions such as those responsible for health, water supply, finance, telecommunica-tions and transportation. Individuals and companies whose data is being collected by the s

62、tate must com-ply, although they may raise objections if they believe the data collection is inaccurate or infringes on their personal privacy, business secrets or other legitimate interests. Some of this public data, then, is to be pro-vided free of charge to the public, while some will be conditio

63、nally open or for state use only.The Shenzhen regulation also provides for the estab-lishment of a data transaction platform which will construct data asset pricing indicators from multi-ple dimensions such as real time, time span, sample coverage, completeness, data type and level, and data mining

64、potential and for the setting up of data evaluation agencies tasked with professionally as-sessing the value of data assets according to these indicators.Finally, the regulation also outlines rules for interna-tional cross-border transfer and protection of stra-tegic data resources. Although any tra

65、nsfer of per-sonal information or important data must be reported to the local cyberspace authorities, the regulation leaves space for bilateral and multilateral coopera-tion mechanisms for free cross-border data circula-tion with other countries. A whitelist of countries, regions and international

66、organisations with which cross-border flow of personal data is permitted will be released.THE CASE OF HEALTH DATAThe case of medical data illustrates particularly well the complexity of establishing a data governance framework and the direction that the Chinese gov-ernment is taking with regard to s

67、uch a framework.Medical data is especially sensitive when it comes to personal information, as it touches upon some of the most private and confidential pieces of information concerning indi-viduals lives. Regulations such as the Personal Information Protection Law qualify health data as sensitive a

68、nd therefore strictly protected.Medical data is also particularly valuable from a corporate perspec-tive. Pharmaceutical companies, for example, crave access to large-scale data sets to develop and test new drugs, create personalised treatments and better tar-get clients. China has acknowledged the

69、potential of big data in developing the national health indus-try. In 2017, for instance, China planned the estab-lishment of three national health big data industry groups, bringing together local governments, medi-cal institutions and insurance companies (22).Furthermore, medical data is crucial f

70、rom both public health and national security perspectives. Most re-cently, the Chinese government saw the Covid-19 crisis as evidence of the importance of collecting de-tailed and granular data on citizens health in case of health emergencies. In early 2020, Chinese cities started using a health cod

71、e, which opened access to public buildings and transport (23). So far, however, medical data integration and centralisation in China are far from the levels observed in Western European countries. This is mainly due to a lack of common The Shenzhen regulation will serve as a pilot and potentially a

72、blueprint for a national definition of data rights.6CamIllE BoUllEnoISstandards: different provinces, municipalities and hospitals have different ways of labelling and catego-rising medical information.To incentivise the use of health data, China has started defining rights over medical data, tying

73、them to very granular classifications of stakeholders, data types and situ-ations. By defining the rights and responsibilities of every actor in a given situation and for a given cat-egory of data, the state hopes to es-tablish a data regime that can both protect everybodys rights and en-courage dat

74、a usage.New guidelines on healthcare data security, which were passed in December 2020 and came into ef-fect in July 2021, are meant to do just that (24). They distinguish between standard personal health data and data obtained after basic de-identification pro-cessing the latter can be used without

75、 individu-als authorisation for purposes of health research and education, public health, and medical care. Medical providers can rely on their own judgement to deter-mine what personal health and medical data to use and disclose and are not obliged to agree to subjects requests to restrict use of t

76、heir data.This provision is important, as it effectively gives strong, property-like rights to corporate actors as long as the data is used for certain purposes. It gives pharmaceutical companies more leeway to collect and use data for clinical trials: for post-market research or retrospective studi

77、es, for instance, the guidelines stipulate that no informed consent is needed provid-ed the data has been through de-identification pro-cessing. This is crucial, as China is increasingly en-couraging the use of real-world data (data obtained throughout the life cycle of a drug or medical device) as

78、evidence for the approval of new products.Data rights attached to state institutions override other rights granted in the guidelines and no au-thorisation is needed from the data subject if data is collected for public health purposes. In practice, the government has started creating extensive lists

79、 of data that need to be collected for public health purposes. Regulations such as the national hos-pital data reporting management plan issued in 2019, for instance, list and standardise the data that health providers must submit to the National Health Commission (25).The state also defines categor

80、ies of health data that are especially protected from foreign collection and use. Human genetic resource data, which refers to information on genetic materials such as organs, tissues, cells, blood and DNA, is such a protected category: foreign institutions cannot collect human genetic resource data

81、 unless in partnership with Chinese institutions; strict rules define the role and responsibilities of the Chinese counterpart (26).In other words, Chinese lawmak-ers are building a data governance regime in which the nature and roles of stakeholders, as well as the categories and purposes of data h

82、andling, play a part in determin-ing their property rights. To better understand how this market would work, a fruitful comparison can be drawn between the data governance regime and Chinas land owner-ship regime. In both cases, multiple property rights coexist pertaining to the same object. In both

83、 cases, the nature of stakeholders (rural or ur-ban, Chinese or foreign, individual or collective) de-fines the kind of rights they can claim on the object. Rural residents, for instance, have specific claims to land property that urban residents do not. For both data and land, rights also depend on

84、 specific purpos-es: some property rights in relation to land, for ex-ample, are restricted to it being used for agricultural purposes. This multifaceted ownership regime allows the government to balance the interests of different groups while maintaining overall control over impor-tant resources.CH

85、ALLENGES FOR EUROPEAN GOVERNMENTS AND COMPANIESThe specificities of Chinas data governance regime have several important implications for European governments and companies.A first set of challenges and risks arise from the Chinese governments propensity to collect and use data from individuals and

86、companies. China is not unique in this respect: all governments do this to some extent. The EUs GDPR includes provisions al-lowing Member States to collect personal information in the public interest, if such collection is necessary and proportionate. But Chinas debate around public ownership of dat

87、a indicates that the government is willing to go well beyond such limited data collection. Massive amounts of data may be routinely obtained from individuals and companies and be used without much restriction based on a broad understanding of the public interest.This poses challenges to EU citizens

88、in China, whose personal information may be abusively collected and used by the Chinese state. It also poses challenges The Chinese government saw the Covid-19 crisis as evidence of the importance of collecting granular data on citizens health.7ChInaS daTa STRaTEgy | CREaTIng a STaTE-lEd maRkETto co

89、mpanies, such as pharmaceutical and health-care companies, that may be required to give away valuable or sensitive data to the Chinese government. Laws such as the National Security Law (2015), the Cybersecurity Law and the National Intelligence Law (2017) already give the central government sweep-i

90、ng powers to access foreign companies sensitive data, including source code and intellectual property. Many companies report that routine data transfers to the Chinese government have increased over the past few years.The Chinese strategy also poses a strategic and ideo-logical challenge to the EU.

91、In the triangle of stake-holders (businesses, government and individuals) presented earlier, the EU has so far strongly posi-tioned itself on the side of individual rights, with the GDPR as a world-leading and world-shaping item of legislation. Chinas legislation, weighing rather on the business and

92、 government sides, might lead other countries to follow suit and put pressure on the EUs approach. Although China has adopted a personal information protection legal framework very similar to the EUs GDPR, the phi-losophy behind each approach is ar-guably different. While the EU is mostly concerned

93、with human and consumer rights, China approaches personal information protection from a more holistic perspective, including economic growth and social stability as key factors. Chinas good performance in reining in the rise of Covid-19 infections, believed to be linked to massive collection and pro

94、cessing of individual data, could further in-fluence other countries to follow suit. In September 2020, China unveiled its Global Initiative on Data Security, showing its ambition to set the global rules on data governance.A second set of challenges arises from Chinas data protectionism. While the E

95、U has been very protective, from the outset, of citizens personal information, Beijing has extended state data protection to im-portant data deemed valuable for Chinas economic and social development. Cross-border data transfer is likely to be subject to tit-for-tat strategies. The 2021 Data Securit

96、y Law specifies, for example, that China will adopt corresponding measures in its trading of data assets. In the context of growing tensions be-tween China and the United States, recent data secu-rity investigations into Chinese companies following their initial public offering in the United States

97、also hint at potential restrictions on overseas listing when sensitive data is at stake (27).This creates a risk of deepening data protection-ism, where countries hold on to their data resourc-es and do not share them with foreign actors. More broadly, it would also endanger digital trade, as tech c

98、ompanies would have to operate within data is-lands instead of offering products across countries. This could have a heavy economic impact: data flows, valued at USD 7.8 trillion in 2014, were expected to nearly quadruple from 2017 levels by 2022 (28).POLICY RECOMMENDATIONSFor EU governments, there

99、may be room to influence Chinas data legislation through bilateral and multi-lateral trade negotiations. The Personal Information Protection issued in August 2021 indicates that China will follow provisions on cross-border personal data transfer included in treaties or international agree-ments. The

100、 Regional Comprehensive Economic Partnership (RCEP) signed in November 2020 con-tains such provisions. China also recently signalled its desire to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership, which stipulates that parties cannot require data locali-sation as a cond

101、ition for conducting business, thus proving its willing-ness to negotiate on these issues. Chinese local governments, although not autonomous from central gov-ernment, could also constitute partners for discus-sion for both European governments and European companies, as they have started competing

102、to attract investment in the local digital economy. The Hainan free trade zone, for instance, is experimenting with easier personal information transfer abroad and sim-plified procedures, along with physical infrastructure to facilitate quicker international data flows.At this early stage in the deb

103、ate, researchers, uni-versities and government-run think tanks could fruitfully be involved in discussions around global data rules and norm-setting. For example, one cru-cial aspect of the protection of personal informa-tion is to certify that the data has been sufficiently anonymised. Although Chi

104、na has recently issued a standard on anonymisation processes, it is often im-possible to define an a priori threshold beyond which anonymisation is sufficiently efficient. Without inde-pendent auditing, companies will do the bare mini-mum to avoid reducing the value of the data, incur-ring a higher

105、risk of the data being re-identified if leaked. The EU has an important role to play in set-ting global rules in this respect.More broadly, European governments and compa-nies should closely follow the fast-evolving debates, legislation and law enforcement events surrounding Chinas data governance r

106、egime and monitor their potential impact on EU citizens and businesses.Beijing has extended state data protection to important data deemed valuable for Chinas economic and social development.8PRInTISBn 978-92-9462-031-6 CaTalogUE nUmBER Qn-ak-21-021-En-C ISSn 2599-8943 doI 10.2815/32866onlInEISBn 97

107、8-92-9462-030-9 CaTalogUE nUmBER Qn-ak-21-021-En-n ISSn 2315-1110 doI 10.2815/19300Published by the EU Institute for Security Studies and printed in Belgium by Bietlot.Cover image credit: maxim hopman/UnsplashCamIllE BoUllEnoISReferences (1) European Commission, European Data Strategy, February 2020

108、 (https:/ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-data-strategy_en). (2) UK Government, National Data Strategy, September 2020 (https:/www.gov.uk/government/publications/uk-national-data-strategy/national-data-strategy). (3) US Government, Federal Data Strategy

109、, June 2019 (https:/strategy.data.gov/). (4) State Administration for Market Regulation and the National Standardization Administration, Information Security Technology Personal Information Security Specification (信息安全技术个人信息安全规范), GB/T 35273-2020, March 2020 (http:/ (5) China National Peoples Congre

110、ss, Personal Information Protection Law of the Peoples Republic of China (中华人民共和国个人信息保护法), August 2021 (https:/digichina.stanford.edu/news/translation-personal-information-protection-law-peoples-republic-china-effective-nov-1-2021). (6) State Council, Notice of the State Council on issuing the actio

111、n plan for promoting the development of big data (国务院关于印发促进大数据发展行动纲要的通知国发), August 2015 (http:/ (7) Central Committee of the Communist Party of China and National Congress of the Chinese Communist Party, Outline of the 13th five-year plan for the national economic and social development of the Peopl

112、es Republic of China (中华人民共和国国民经济和社会发展第十三个五年规划纲要), March 2016 (http:/ (8) Brinda, M. and Shin, M., How Chinas cloud market differs from others, Bain and Company, August 2019 (https:/ (9) Kharas, H. and Dooley, M., The digital transformation of East Asian trade, East Asia Forum, Vol. 13, No 2, AprilJ

113、une 2021, pp. 1416. (10) Fourth Plenary Session of the 19th Central Committee of the Communist Party of China, Decision of the Central Committee of the Communist Party of China on several major issues concerning upholding and improving the socialist system with Chinese characteristics and promoting

114、the modernization of the national governance system and governance (中共中央关于坚持和完善中国特色社会主义制度 推进国家治理体系和治理能力现代化若干重大问题的决定), 31 October 2019 (http:/ (11) State Council, Opinions on building a more complete system and mechanism for the market-oriented allocation of factors (关于构建更加完善的要素市场化配置体制机制的意见), 10 Apri

115、l 2019 (http:/ (12) Variants of this triangle have been proposed in various publications. See, for example, Deloitte Analytics, Open Data Driving growth, ingenuity and innovation, 2012 (https:/ (13) Xinhuanet, China to build high-level socialist market economy, 3 November 2020 (http:/ (14) Banterle,

116、 F., Data ownership in the data economy: a European dilemma, in Synodinou, T.E., Jougleux, P., Markou, C. and Prastitou, T. (eds), EU Internet Law in the Digital Era, Springer, Berlin, 2020, pp. 199225 (https:/doi.org/10.1007/978-3-030-25579-4_9). (15) Central Committee of the Communist Party of Chi

117、na and National Congress of the Chinese Communist Party, 14th five-year plan for the national economic and social development of the Peoples Republic of China and the outline of long-term goals for 2035 (中华人民共和国国民经济和社会发展第十四个五年规划和2035年远景目标纲要), March 2021 (https:/ (16) Xi Jinpings speech at the ninth

118、meeting of the Central Finance and Economics Committee, 15 March 2021 (http:/ (17) In the first case, Weibo won after a court decided Maimai grabbed Weibos user data without its authorization. In the second case, the court asked Douyin to stop sharing Wechats user data with Duoshan, an app also owne

119、d by ByteDance. The legal battle is still ongoing, as Douyin said in May it would appeal an April 2021 court decision ordering it to pay 1.2 million US dollars to Tencent for violating its copyright. (18) Yu, S. and McMorrow, R., Beijing to break up Ants Alipay and force creation of separate loans a

120、pp, Financial Times, 13 September 2021 (https:/ (19) Zihou, W. and Xi, Y. (王子侯、杨曦), Big data transactions have spawned a huge underground industry chain, illegal collection and trafficking are rampant (大数据交易催生庞大地下产业链 非法收集贩卖猖獗), Economic Information Daily (经济参考报), 25 August 2016 (http:/ (20) Min, G.

121、(郭敏), Only when data is open and shared can its value be released (数据只有开放共享 才能得到价值释放), DataYuan (数据猿), 3 September 2020 (http:/ (21) Shenzhen Municipality, Shenzhen Special Economic Zone data regulation (draft for comment) (深圳经济特区数据条例, 征求意见稿 ), June 2021 (http:/ (22) Xinhuanet (新华网), Plan already de

122、termined: the “national team” led the establishment of three major health and medical big data groups (格局已定 “国家队”主导筹建三大健康医疗大数据集团), 21 June 2017 (http:/ (23) Ee, S., We read the technical standards for Chinas “health code.” Heres what we learned, Technode, 10 July 2020 (https:/ (24) National Informat

123、ion Security Standardization Technical Committee, Health and Medical Data Security Guidelines (GB/T 39725-2020) (健康医疗数据安全指南), March 2021 (https:/ (25) General Office of the National Health Commission, National hospital data reporting management plan (for trial implementation) (全国医院数据上报管理方案,试行), May

124、2019 (http:/ (26) State Council, Regulations of the Peoples Republic of China on the administration of human genetic resources (中华人民共和国人类遗传资源管理条例), May 2019 (http:/ (27) Ping, C. K. and Ng, S., China widens data-security probe of U.S.-listed tech companies, Wall Street Journal, 6 July 2021 (https:/ (28) Cisco, Cisco Visual Networking Index: Forecast and trends, 20172022, White Paper, November 2018. Cited in the World Banks latest World Development Report, Data for Better Lives, 2021 (https:/wdr2021.worldbank.org/).