In the world’s number-two economy, China, the party-state retained control over its national internet from the outset (the 1990s). During recent years, China’s Data Security Law, alongside its Personal Information Protection Law and its high-level regulator, the Cyberspace Administration of China, have constructed an evolving framework for close supervision of China’s internet – and for data flows out of and into China. Other nations, notably in southeast and west Asia, are adopting elements of the Chinese model of internet governance.[1] Additional countries, including Russia, have strengthened state controls over their national internets. Meanwhile, citing a variety of factors, at least sixty states have staged internet shutdowns.[2] Thus, obstacles to unrestricted commercial data flows from and to the US have proliferated.
In addition, alongside a growing number of other states China and Russia also have been trying to win governmental authority to regulate the global internet – as previous telecommunications networks have been regulated – through multilateral organizations, especially the International Telecommunication Union. Thus far, they have not succeeded: the US model of “multi-stakeholderism,” which signifies loose control by big corporate capital and the US government – retains its hold. But the US approach of multi-stakeholderism has been placed on the defensive. The world economic crisis of 2008 and the historic process of geopolitical-economic redivision that followed it are strengthening divergent nation-state interests.
Evident as well are structural changes, of varied kinds. During the 1990s – the second highpoint of US global power – the infrastructure of the cross-border internet was based largely in the United States, and most international internet data was transported through the US no matter its origin or destination. However, by the late 2010s the morphology of this worldwide distribution system no longer looked as it had a quarter-century before. The internet’s infrastructure had been expanded and reconfigured. The network of subsea cables and internet exchanges was extended and thickened. US social media companies had set up data centers outside the United States, to attain faster and cheaper access to foreign markets. Some powerful new internet companies became established in China. National regulations had mandated that data collected within a country be stored within that country’s jurisdiction; by 2023, 75% of all nations had implemented some kind of data localization rules.[3] Economic policies and antitrust protections, privacy strictures, and national security measures crisscrossed and combined in complex ways to engender these assertions of jurisdictional sovereignty.