Cloud Control: China’s 2017 Cybersecurity Law and its Role in US Data Standardization

32 Pages Posted: 29 Jul 2019

Date Written: July 26, 2019


This paper contends that by influencing the security issues presented by global corporate data investments through a combination of domestic policymaking, dominance in key market sectors, and leadership in international standards-making organizations, China is establishing new global standards for the data trade. In 2017, Apple Inc. was one of the first firms to build a new joint venture data center in China to comply with China’s Cybersecurity Law of the same year. This law requires all firms that maintain “critical information infrastructure” to store their data on a Chinese-owned server. Apple, like many firms operating in China, relies heavily on data centers to function in the Chinese market. However, for Apple, as for many other companies in areas ranging from engineering services to enterprise computing, the decision to open a data center with major ownership by a Chinese firm transforms the politics of power and access to data within the company and among its consumers. Indeed, shortly after Apple began migrating the data of Chinese users to its new Chinese servers, some US-based users reported the migration of their data to Chinese servers as well.

The effects of Chinese influence on data security standards in the United States have yet to be thoroughly explored in the communications scholarship. No one has done so in relation to data storage for firms that are not explicitly in the digital economy such as white goods providers and home monitoring systems,. Drawing on reviews of Chinese corporate filings and government documents, as well as U.S. corporate filings this paper concludes that China’s Cybersecurity Law and the related technology regulatory framework have fundamentally transformed the ownership and the circulation of the data within the US market. The findings of this paper suggest that the United States should change its approach, because its current laissez-faire policies ultimately protect neither consumers nor national competitiveness.

China’s influence on global data governance lies at the core of the future of global communications policy. Targeted, critical perspectives on the country’s specific policies and their effects on firms across a wide range of sectors will help regulators to plan for mid- and long-term strategic challenges not just in the technology industry, but across sectors. As more industrial sectors become data-driven, communications policy will take an increasingly central role in industrial regulation writ large.

Keywords: China, Cybersecurity, Data, Apple, DJI, Cybersovereignty

Suggested Citation

Kokas, Aynne, Cloud Control: China’s 2017 Cybersecurity Law and its Role in US Data Standardization (July 26, 2019). TPRC47: The 47th Research Conference on Communication, Information and Internet Policy 2019, Available at SSRN: or

Aynne Kokas (Contact Author)

University of Virginia ( email )

1400 University Ave
Charlottesville, VA 22903
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics