China’s bid to join digital economy pact hinges on clarification of data laws, experts say
South China Morning Post | 27 August 2022
China’s bid to join digital economy pact hinges on clarification of data laws, experts say
by Kandy Wong
China will be able to negotiate carve-outs in the Digital Economy Partnership Agreement (DEPA) that allow it to maintain digital sovereignty, analysts say, but it will have to clarify its data security regime to reduce barriers for businesses.
DEPA, which currently covers Chile, New Zealand and Singapore, builds upon the digital or e-commerce chapters of existing free-trade agreements, such as the Comprehensive and Progressive Agreement for Trans-Pacific Partnership, adding commitments to help digital trade and cooperation on advanced technologies.
After applying to join last year, it was announced in August that a special task force had been set up to help negotiate China’s membership application.
“The participation will help open up the development of the digital economy,” said a spokesperson for the commerce ministry. “DEPA can benefit members through establishing connected rules and regulations, which creates business opportunities for the industry.”
A possible stumbling block for entry, though, is China’s data and cybersecurity regime, which shields its domestic internet from outside influences, and requires companies keep data related to local customers and operations inside the country.
DEPA aims to promote a free and harmonised space for members to build the digital economy.
Beijing elevated its requirements concerning data last year, particularly additional assessment requirements for cross-border transfers, with the introduction of laws on data safety and the protection of personal information.
“DEPA has carve-outs that would allow China to join the pact while still maintaining these practices, even if some of its cyber mandates go against the ‘spirit’ of the agreement,” said Nick Marro, lead for global trade and analyst, Asia and Access China at The Economist Intelligence Unit.
“The risk, however, is whether those carve-outs undermine DEPA’s significance in the eyes of foreign companies, most of whom care less about the technical justifications for those carve-outs, and more about reducing real barriers to business.”
A US-China Business Council report released in April said that China’s data and cybersecurity regime is creating a “uniquely restrictive” business environment and American companies face higher operating costs due to its complexity.
Though Beijing said the laws are needed to protect personal data and strengthen national security, the US business lobby said the “ambiguous” regulations have made compliance difficult and created policy uncertainties for US firms.
Foreign companies will only be able to formulate better strategies concerning China when Beijing clearly defines “important data” under its cybersecurity law, said an Asian diplomat, who declined to be named.
“China hasn’t yet delivered a clear explanation so far, which will make the DEPA negotiation difficult,” said the Asian diplomat. “Moreover, who is going to join the negotiation? If the Cyberspace Administration takes charge of data [security], it should get involved in the talk.”
Aligning regulatory action with domestic policy objectives is vital for China, according to Marro, especially when several government departments are involved in a multifaceted issue.
“All signs suggest that, at the end of the day, it’ll be [Cyberspace Administration of China] who will set the guidelines for the development of China’s domestic industry,” he said. “Other agencies, like [State Administration for Market Regulation], will play a complementary role in technical topics like standardisation and antitrust enforcement.”
As an example, he said cross-border data export restrictions and data localisation mandates required by the Chinese laws set up a conflict of interest between China and frameworks like DEPA, and it is unlikely that the commerce ministry will be able to successfully bridge those differences.
DEPA is a stand-alone, open plurilateral agreement to which other World Trade Organization members are eligible to join. The pact also allows for continual updates and modernisation.
Alex Capri, a research fellow at the Hinrich Foundation, said DEPA’s glaring omission is that it does not protect against the forced transfer of source code, algorithms and data localisation laws, all of which are central to China’s national security and cybersecurity regime.
“No one would realistically expect Beijing to waive its cybersecurity laws, particularly at a time when the international landscape is fragmenting and coalescing around opposing rule frameworks,” he said.
China’s digital economy was worth 45.4 trillion yuan (US$6.6 trillion) in 2021, local media have reported. The sector’s share of gross domestic product rose to 39.8 per cent last year from 15.2 per cent in 2018.
China’s interest in DEPA is driven primarily by geopolitical aims, Capri said, and existing members would still sign bilateral digital economy agreements with other countries.
“Such as the case with the UK-Singapore Digital Economy Agreement, which by design, carves out specific prohibitions regarding data localisation laws, the forced transfer of source code and encryption keys,” said Capri, who is also a lecturer at National University of Singapore’s business school. “This is clearly aimed at China.”
