Download This PaperA Framework for Assessing U.S. Data Policy Toward China
18 Pages Posted: 9 Nov 2023
Date Written: October 13, 2023
Abstract
Access to and use of personal data has moved to the center of the U.S.-China technology conflict. TikTok is the most prominent but far from the sole example of this conflict. Republicans and Democrats have found common ground in the concern that unacceptable national security and privacy risks arise from Beijing’s access to Americans’ data through open commercial channels. Over the last several years, U.S. policymakers have expanded their earlier focus on cyber theft and industrial espionage to grapple with new risks posed by Chinese firms handling Americans’ data or data flowing to China by data brokers or other means.
The Biden administration and Congress are building on the effort, which started in the Trump administration, by proposing a range of measures that aim to create new guardrails for data flows to China. These include executive orders for reviewing “transactions” involving foreign adversaries’ access to Americans’ sensitive data, bans on Chinese software applications, creating blacklists of countries approved to receive Americans’ data as an export-controlled item, etc. The spate of proposals remains in draft form, unresolved amid debate that does not map onto political party lines. To date, we have not seen any systematic approach to address what limits on data flows should apply, and for what reasons.
In this article, we offer a framework that assesses the different approaches currently under discussion by U.S. policymakers. Our framework identifies four policy models and analyzes the costs and benefits of each, drawing on the perspectives of trade/economics, national security, and privacy. First, the Digital Free Trade model emphasizes the benefits to the U.S. from having robust trade in goods and services in general, and with China more specifically. Second, the Blocking Adversaries model emphasizes specific national security harms that can come from trade in which sensitive national security information goes into the hands of the Chinese government. Third, the Privacy Law model builds on the growing bipartisan consensus that the U.S. should enact comprehensive privacy legislation, with the goal of addressing collection by domestic companies, but with the more recent rationale that privacy legislation can also address privacy harms by transnational actors. Fourth, the Data Allies model provides a way to address specific national security and privacy risks posed by non-democracies, while retaining a willingness to engage in global trade when such risks are manageable.
This article does not seek to advocate for particular policy outcomes; instead, we offer an intellectual framework for systematic analysis of the risks and benefits of different solutions across economics, security, and privacy standpoints. U.S. limits on data transfers to China are likely to help shape the limits other governments set on cross-border data transfers. Our aim is to inform the policymaking process to account for the ripple effects now impacting not only the U.S.-China relationship but also the future of global data governance. This report was published by the Cross-Border Data Forum.
Keywords: China, data, privacy, national security, cybersecurity, trade
Suggested Citation: Suggested Citation
Georgia Institute of Technology - Scheller College of Business ( email )
800 West Peachtree St.
Atlanta, GA 30308
United States
(404) 894-2000 (Phone)