In the world’s number-two economy, China, the party-state retained control over its national internet from the outset (the 1990s). During recent years, China’s Data Security Law, alongside its Personal Information Protection Law and its high-level regulator, the Cyberspace Administration of China, have constructed an evolving framework for close supervision of China’s internet – and for data flows out of and into China. Other nations, notably in southeast and west Asia, are adopting elements of the Chinese model of internet governance.[1] Additional countries, including Russia, have strengthened state controls over their national internets. Meanwhile, citing a variety of factors, at least sixty states have staged internet shutdowns.[2] Thus, obstacles to unrestricted commercial data flows from and to the US have proliferated.
In addition, alongside a growing number of other states China and Russia also have been trying to win governmental authority to regulate the global internet – as previous telecommunications networks have been regulated – through multilateral organizations, especially the International Telecommunication Union. Thus far, they have not succeeded: the US model of “multi-stakeholderism,” which signifies loose control by big corporate capital and the US government – retains its hold. But the US approach of multi-stakeholderism has been placed on the defensive. The world economic crisis of 2008 and the historic process of geopolitical-economic redivision that followed it are strengthening divergent nation-state interests.
Evident as well are structural changes, of varied kinds. During the 1990s – the second highpoint of US global power – the infrastructure of the cross-border internet was based largely in the United States, and most international internet data was transported through the US no matter its origin or destination. However, by the late 2010s the morphology of this worldwide distribution system no longer looked as it had a quarter-century before. The internet’s infrastructure had been expanded and reconfigured. The network of subsea cables and internet exchanges was extended and thickened. US social media companies had set up data centers outside the United States, to attain faster and cheaper access to foreign markets. Some powerful new internet companies became established in China. National regulations had mandated that data collected within a country be stored within that country’s jurisdiction; by 2023, 75% of all nations had implemented some kind of data localization rules.[3] Economic policies and antitrust protections, privacy strictures, and national security measures crisscrossed and combined in complex ways to engender these assertions of jurisdictional sovereignty.
Through the second Obama Administration (2016), the US attempted to stand pat. It issued ringing rhetorical defenses of free flow as a matter of human rights, while lobbying fiercely in support of the existing US-centric global internet. However, the Snowden exposures of 2013 demonstrated beyond doubt that interlocks between US internet companies and spy agencies enabled the US to interfere with the economic and diplomatic interests of other countries. And, in the wake of 2008-09, US political-economic power continued to ebb, as China’s grew. Its hegemony eroding, in 2022 an influential segment of the US foreign policy establishment recognized that a turning-point had arrived.
In 2022, the US Council on Foreign Relations – for a century, the nation’s leading foreign policy think tank – issued an extraordinary report. The document conceded that “the era of the global internet is over”; that “U.S. policies promoting an open, global internet have failed”; and that, specifically, “the United States has been unable to counter the persistent advance of the concept of cyber sovereignty.”[4] The Report recommended that the US pursue the formation of “digital trade blocs.” Within these protected communities, free flow policies should continue to prevail. This was not an official policy change; nevertheless, it signaled that the status quo was being re-thought.
In fact, the US had already begun to negotiate with trading partners, attempting to install free flow provisions into trade treaties. Yet in these coalitions, the US enjoyed only mixed success.
On one side was the US-Mexico-Canada Agreement of 2020, a free trade pact negotiated by the Trump administration between the gigantic US economy and the two countries that have the misfortune to share long borders with it. Mexico and Canada are the two top trading partners of the United States. Chapter 19 of this agreement spells out that consumer access to the cross-border internet is beneficial (Article 19.10); that “No party shall prohibit or restrict the cross-border transfer of information, including personal information if this activity is for the conduct of the business of a covered person” (Article 19.11); and that “No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.”[5] The US-Japan Digital Trade Agreement also supports the flow of cross-border data and forbids data localization requirements for business.[6] However, because the US-Mexico-Canada agreement is stricter in these respects, former US Trade Representative Robert Lightizer characterizes is as “the absolute gold standard.”[7]
With respect to other major trading partners, however, the patterns are complex and remain in flux. Beginning in 2018, the European Union has implemented a multifaceted regulatory framework for data, encompassing antitrust, privacy, economic, and sovereignty measures.[8] Hefty fines have been levied against US tech giants for transgressing against these new European strictures,[9] while a mandate that companies store their data in the EU has grown more substantial. Privacy advocates have repeatedly, and successfully, challenged attempts to agree free flow provisions with the US in the courts.[10] Australia, Brazil, Chile, and other countries have all adopted elements of the EU’s data policy model. Over several years, meanwhile, Japan has built on its bilateral pact with the US to advance a more ambitious initiative within the G7. This aims to define and operationalize an approach called “Data Free Flow with Trust,” in order to increase interoperability across national data governance systems rather than to increase fragmentation. What, however, is “trust”? – so far, no “Data Free Flow with Trust” initiative has been agreed.[11] Nor has the Indo-Pacific Economic Framework, a significant element in Biden’s larger endeavor to contain and suppress China, yet endorsed free flow.[12]
For all the saber-rattling, US-China trade hit an all-time high of US $691 billion in 2022, making China the US’s third-largest trading partner overall.[13] China’s stringent data and anti-espionage laws have, however, engendered a trend among Western transnationals to decouple their operations in China from those in the rest of the world – that is, to drive toward full or at least substantial localization of data held in China and the separation of information technology systems there from those they use elsewhere. One US company has banned staff from taking their China-issued laptops out of the country, and is installing Chinese servers and second email addresses ending in “.cn” for local employees.[14] Such measures are only feasible for a market – and/or a production site – as large and vital as is China.
Evident overall, then, is increasing fractionalization. Though both official Washington and influential business groups continue to hail the free flow rhetorically, in fact, trans-border data flows are, increasingly, an institutional patchwork. “It’s an uncomfortably jury-rigged arrangement subject to judicial challenges, regulatory whim and governments bent on data protectionism,” sums up one commentator.[15] How may big capital negotiate this freshly uncertain era?
*
Can transnational capital survive when its voluminous and constant cross-border data flows are subject to interruption; or stranded on islands by data localization requirements; or simply institutionally unstable and insecure? Will global digital platforms survive?
One thing appears certain. The age when appeals to corporate efficiency were sufficient for nations to hand over the keys to their kingdoms is at an end: in themselves, they are unlikely to prevail when faced with considerations of national sovereignty, personal privacy, national security, and economic policy. This will only become more true as the paramount trend of our era deepens. For, even if US leaders refuse to recognize it publicly, the historical change that is ultimately conditioning the decline of the US free flow policy is the downward curve of US world power and its replacement by multipolarity.
— Dan Schiller
[1] See Chinese Internet Research Conference 2023, The Chinese Internet in the Global South: Flows, Frictions, and Futures,” July 12-14, Chiang Mai, Thailand. Circ.2023.asia
[2] Council on Foreign Relations, “Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet,” Independent Task Force Report No. 80. New York: Council on Foreign Relations, 2022: 18.
[3] Restricting the flow of data out of a country or requiring copies of data be stored in that country. “Localization of data privacy regulations creates competitive opportunities,” McKinsey & Company, June 30, 2022 at ; David Medine estimates that “over 100 countries” have imposed data localization rules in “Data Localization: a Hidden Tax on the Poor,” Center for Global Development, March 27, 2023 at
[4] Council on Foreign Relations, “Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet,” Independent Task Force Report No. 80. New York: Council on Foreign Relations, 2022: 15, 19.
[5] Office of the United States Trade Representative, United States-Mexico-Canada Agreement 7/1/20 Text, Chapter 19 “Digital Trade.” USTR.gov.
[6] As does The Comprehensive and Progressive Agreement for Trans-Pacific Partnership, from which the Trump Administration withdrew the US.
[7] Kevin Chen, “The Case for a US Digital Trade Deal in IPEF – and Why It’s an Uphill Battle,” The Diplomat June 5, 2023
[8] These include the General Data Protection Regulation (2018); the Digital Markets Act (2022); the Digital Services Act (2022); the Data Act (2023); and other legislation still in process. For a hostile US response, see Meredith Broadbent, “The EU Data Act: The Long Arm of European Tech Regulation Continues,” CSIS, June 29, 2023.
[9] Javier Espinoza, “Facebook suffers fresh setback after EU ruling on use of personal data,” FT July 4, 2023
[10] Kelvin Chan, “Europe signs off on a new privacy pact that allows people’s data to keep flowing to US,” AP, July 10. 2023
[11] Aidan Arasingham and Matthew P. Goodman, “Operationalizing Data Free Flow with Trust (DFFT),” CSIS April 13, 2023.
[12] Ibid.
[13] Arendse Huld, “US-China Trade in Goods Hits New Record in 2022 – What Does it Mean for Bilateral Ties?” China Briefing February 15, 2023.
[14] Ryan McMorrow, Joe Leahy and Sun Yu, Eleanor Olcott, “Multinationals in China Accelerate Push to Decouple Data,” FT July 15, 2023.
[15] Alan Beattie, “The global order of digital empires is only just holding together,” FT 19 July 2023
Great points here, Dan. I always encourage my Chinese students to do comparative internet policy research in my media law and policy class. The documents I’ve glimpsed from these research projects underlines how difficult it would be to compose a unified internet/information policy. As you note, Russia and China have carved out internet fiefdoms to retain informational sovereignty (as Monroe Price might label it). Ultimately, differing approaches to controlling the public sphere will undermine the openness espoused (but never really desired, imo) by the U.S. “free flow” doctrine.
One enterprising student had her work on content moderation criticized by her Chinese advisor . . . meaning she was asking questions that leaned too heavily into freedom of expression and right-to-information ideologies. She was forced to redirect her research efforts to avoid, I believe, having her project spiked by authorities, but not before drafting a translation of some proposed legislation regarding content moderation: “Regulations on the administration of Internet posting and commenting services.”
What struck me about the proposed law was how the federal level regulatory agency was creating a decentralized system of accountability within China and empowering local network administrators and platform owners to ban, censor or otherwise moderate politically sensitive subject matter. Some highlighted quotes below.
“Commenting service providers shall strictly implement the main responsibility for the management of follow-up comment service, in accordance with the law to fulfill the following obligations . . .
(C) Implement a system of reviewing before publishing comments on news information.
(D) to provide a pop-up way to follow the comment service, should be on the same platform and page at the same time to provide a static version of the corresponding information content.
(E) to improve a series of information security management systems such as comment moderation and management, real-time inspection, emergency disposal, report acceptance, etc. Timely discovery and disposal of illegal and undesirable information, and report to the Internet information department.”