This article was published in the Bulletin of the Chinese Academy of Sciences, Issue 3, 2024.
Qiao Han * Xu Junru
1 School of Economics and Management, University of Chinese Academy of Sciences
2 Laboratory of Philosophy and Social Sciences, Ministry of Education, University of Chinese Academy of Sciences, Digital Economy Monitoring, Prediction, Early Warning and Policy Simulation
In the context of the development of the digital economy and the overall concept of national security, data sovereignty has become an important part of national sovereignty. Major countries and regions have actively carried out strategic deployment of data sovereignty, and launched fierce competition and games in data resources, data technology, and data rules. This paper uses the policy text analysis method to study the data sovereignty policy in mainland China, uses the Latent Dirichlet Allocation (LDA) topic model and policy tools to quantitatively analyze the process evolution and thematic characteristics of China's data sovereignty policy, and comprehensively considers the global data sovereignty situation, and puts forward four policy recommendations: actively leading and participating in the formulation of international rules, optimizing the security assessment process of data export, improving the standard contract template for personal information transfer, and strengthening the legal guarantee of data security.
Data sovereignty refers to a country's dominance over the generation, dissemination, management, control, utilization and protection of network facilities, data subjects, data behaviors, data resources and related data products within the jurisdiction of its regime, which is becoming an important part of national sovereignty in the digital age. Countries and regions such as the United States, the European Union, and China have recognized the strategic value of data resources and actively carried out strategic deployment of data sovereignty. Due to factors such as different technological capabilities and economic development, countries have adopted differentiated data sovereignty policies. Data sovereignty policy plays an important role in safeguarding national security and safeguarding national interests, and has attracted extensive attention from the academic community in recent years.
This paper uses the policy text analysis method to study the data sovereignty policy in mainland China, uses the LDA topic model and policy tools to quantitatively analyze the evolution and situation of China's data sovereignty policy, and puts forward countermeasures and suggestions considering the development trend of global data sovereignty policy. This study not only expands the application field of policy text analysis method, but also provides methodological guidance for the optimal design of continental data sovereignty policy.
1 Framework construction of data sovereignty policy research in China
From the perspective of policy tools, this paper uses the LDA thematic model to analyze and quantify China's data sovereignty-related policies from 2010 to 2022. The framework of the study is as follows:
1. Conduct statistical analysis of policy texts, focusing on the distribution of policy time, policy institutions and policy types, and explore the evolution process, institutional distribution and policy effectiveness of data sovereignty policy.
2. The dimension division of demand-based, environmental, and supply-based policy tools is used to code and analyze data sovereignty policies.
3. Use the LDA topic model to mine the core subject terms in the data sovereignty policy text and display them visually.
This article was published in the Bulletin of the Chinese Academy of Sciences, Issue 3, 2024.
2 Overall situation of China's data sovereignty policy
Temporal evolution of policies
China's data sovereignty strategy has undergone the evolution of "Internet sovereignty, information sovereignty, cyberspace sovereignty, and data sovereignty", and the overall policy characteristics are to take security as the key link, promote the establishment of rules and regulations, promote the orderly flow of data, and strengthen the process of cross-border data flow and risk assessment and supervision after leaving the country.
1
Internet Sovereignty Stage (2010-2013)
In 2010, the State Council Information Office issued a white paper entitled "The State of the Internet in China", stating that "the Internet within the territory of the People's Republic of China falls under the jurisdiction of China's sovereignty, and China's Internet sovereignty should be respected and upheld". China has gradually improved its laws and regulations on the Internet, actively promoted the construction of Internet infrastructure, strengthened the management and supervision of the Internet, ensured Internet security, and promoted the development of the Internet industry.
2
Information sovereignty stage (2014-2015)
On July 16, 2014, President Xi Jinping delivered a speech entitled "Promoting Traditional Friendship and Sharing a New Chapter of Cooperation" at the Brazilian Congress, emphasizing that every country's sovereign rights and interests in the field of information should not be infringed upon. At this stage, the relevant policies emphasize strengthening information autonomy and control, building information infrastructure, promoting the research and development of information security technologies and standards, and enhancing China's actual management and control capabilities and international discourse power in the field of information sovereignty.
3
Cyberspace Sovereignty Phase (2015-2018)
The National Security Law of the People's Republic of China, promulgated in July 2015, clarified the concept of sovereignty in cyberspace for the first time. In May 2018, the Cyberspace Administration of China (CAC) released the Report on the Construction and Development of Digital China (2017), which regarded "safeguarding cyber sovereignty" as the situation and direction of efforts for the construction of Digital China. At this stage, relevant policies emphasize strengthening cyber security protection, establishing cyber sovereignty management mechanisms, and promoting cyberspace governance, so as to ensure that countries have the right and ability to protect national security and safeguard national interests in cyberspace.
4
Data sovereignty phase (2019-present)
In July 2019, the "Guiding Opinions on Strengthening Industrial Internet Security" pointed out that a hierarchical and classified management system for industrial Internet data should be established according to industrial categories, data types, data values, etc., and security assessment and monitoring of important data should be carried out across the country. In September 2020, China launched the Global Initiative on Data Security, calling on countries not to directly access data from companies or individuals without the permission of their laws. The Personal Information Protection Law of the People's Republic of China in 2021 also provides relevant provisions on the cross-border flow of personal information, localized data storage and extraterritorial effect. At this stage, the relevant policies emphasize the establishment of a hierarchical and categorical system for data, clarifying the requirements for security assessment of data exports, and promoting a data protection capability certification mechanism to ensure that data is effectively protected and used in compliance during cross-border flows.
Distribution of policy issuing institutions
The mainland data sovereignty policy issuing institutions as a whole show the structural characteristics of the State Council, the Ministry of Industry and Information Technology, the Ministry of Commerce, the Standing Committee of the National People's Congress, and the Cyberspace Administration of China.
Table 1 Distribution of core issuers of data sovereignty policy in mainland China from 2010 to 2022
Distribution of policy types
The mainland's data sovereignty policy has been released in nine different forms, including plans, opinions, plans, laws, notices, outlines and measures, etc., showing a diversity of forms.
Table 2 Distribution of the types of data sovereignty policies in mainland China from 2010 to 2022
3 An empirical analysis of the thematic dimension of China's data sovereignty policy
Application of policy tools for China's data sovereignty policy
The mainland has adopted a variety of policy tools to jointly promote the safe flow of data across borders and the protection of data sovereignty, with demand-oriented, environmental, and supply-oriented policy tools accounting for 21.6%, 59.6%, and 18.8%, respectively.
Fig. 2 Frequency distribution of data sovereignty policy tools in mainland China from 2010 to 2022
1
Application of demand-based data sovereignty policy tools
Among the demand-based data sovereignty policy tools, emphasis is placed on the first trial of development models such as pilot demonstrations and international cooperation, accumulating effective experience in data security management and data sovereignty protection and popularizing it throughout society, focusing on guiding the participation of social forces and carrying out publicity and promotion, so as to promote the standardized development of the industry and improve the awareness of data sovereignty protection.
2
Application of environment-based data sovereignty policy tools
As an indirect means of regulation, environmental policy tools are favored by policy subjects. With the development of new technologies, the scale of data continues to expand, and issues such as threats to international data sovereignty are becoming increasingly prominent, and it is necessary to strengthen regulations and actively respond to issues such as extraterritorial effectiveness. Standards and norms, security norms, safeguard measures, and review and evaluation are policy documents that are gradually being improved to guide the standardized development of emerging digital industries and ensure the safe and orderly flow of data, including cross-border circulation guidelines, security assessments, and safeguard mechanisms. Strategic measures complement the policy system. At present, IP policy tools are rarely used and are a glaring gap in data sovereignty policies.
3
Application of supply-oriented data sovereignty policy tools
Among the supply-oriented policy tools, information infrastructure construction, technical support and organizational construction account for a relatively high proportion. With the emergence of new technologies such as big data, cloud computing and blockchain, information facilities have become an important basic condition for the development of the digital economy. The "Outline of the 14th Five-Year Plan for National Economic and Social Development of the People's Republic of China and the Long-Range Objectives Through the Year 2035" and the "Cybersecurity Law of the People's Republic of China" both propose to establish and improve the protection system for critical information infrastructure. Technical support is an important force to ensure the safe flow of data, and a safe and reliable data circulation environment should be built through the development of core technologies. Under the overall coordination of organizational construction, the construction of information infrastructure and technical support complement each other, providing continuous impetus for the safe flow of data and the protection of data sovereignty. At present, there are few policy tools for talent support and financial support. Financial support has the advantage of orientation, and talent training has long-term benefits, and the application of these two policy tools should be appropriately increased.
Thematic features of China's data sovereignty policy
Fig. 3 LDA thesaurus of China's data sovereignty policy from 2010 to 2022
1
Data security and personal information protection
Promote the establishment of a comprehensive data security protection system, including improving systems for hierarchical and categorical data and systems for authorizing the use of personal information. In order to form a benign development pattern of data elements in which data resources are collected and shared, and data flow is safe and orderly, the relationship between national security, cross-border data flow, and personal privacy protection should be properly handled.
2
Cross-border data and international cooperation
Clarify the effectiveness of the Data Security Law in its extraterritorial application, further improve the regulation of cross-border data flows, and implement pilot projects for cross-border data transmission and security control. Explore joining the formulation of regional rules for cross-border data flows, promote the formation of a global coordination mechanism for cross-border data flows, and strengthen security coordination and information resource sharing between China and other countries and regions in the world.
3
Data security assessment and data export
Complete hierarchical and categorical data management systems and security review mechanisms for data exports. Ensure that comprehensive pre-assessment, continuous supervision and risk self-assessment can be carried out before data is exported, effectively identify and prevent security risks caused by data export, and protect sensitive information of countries and individuals. Explore the design of data protection capability certification mechanisms, provide objective and credible assessment standards for data export, and ensure the legitimacy, security, and controllability of data.
4 Inspiration and Recommendations
1
Actively lead and participate in the formulation of international rules, establish a mutual trust mechanism, and enhance the international discourse
Actively lead and constructively participate in the formulation and improvement of international rules and standards in the digital era, establish various forms of data cooperation platforms with a wider range of countries, and provide technical support and capacity building in the construction of data infrastructure, the development and utilization of data resources, and data security guarantees, so as to promote data interconnection, sharing and win-win results. Promote cooperation and discussion with other countries or regions on data protection levels, standards, norms, etc., strive for more consensus and consensus, and achieve mutual recognition or reciprocal appropriateness of data protection standards and norms.
2
Optimize the security assessment process for cross-border data transfer, and improve the efficiency and accuracy of the assessment
Establish a risk-oriented data classification management system, adopt differentiated control measures for different types and levels of data, strengthen the formulation and implementation of data security assessment standards, clarify the requirements and guidance for data security assessment, and ensure the security and credibility of data in the process of data export. Use advanced technology to improve the efficiency and accuracy of security assessment of data export. For example, automated assessment processes such as artificial intelligence and big data analysis technologies can be introduced to quickly identify high-risk cross-border data transfers to improve the accuracy and reliability of assessment results.
3
Improve the standard contract template for personal information export to improve the efficiency of compliance operations
The Measures on Standard Contracts for Cross-border Transfer of Personal Information came into force on June 1, 2023, aiming to ensure the lawful, secure and orderly cross-border transfer of personal information. By using the standard contract template, the mainland can "extend" its jurisdiction to the outside world through the legally binding force conferred by the Standard Contract Measures for the Export of Personal Information, so as to achieve a certain effect of "extraterritorial application of domestic laws" and realize the protection of cross-border data flows. In the future, the standard contract template can be modularly expanded, and more optional modules can be formulated according to the business needs of organizations, enterprises or individuals, so as to reduce the compliance operation costs of relevant entities and improve efficiency.
4
Strengthen legal safeguards for data security and build a line of defense for data sovereignty
Guided by the overall national security concept, improve laws and regulations to ensure data security, and strengthen the data security governance system. Clarify legal responsibilities for data security, protect critical data infrastructure, establish data security risk assessment and emergency response mechanisms, carry out publicity and education on data sovereignty and security, and improve the awareness and ability of the whole people on data security, promote international cooperation, strengthen exchanges and mutual learning with other countries and regions on data security laws and regulations, jointly promote the formulation of international data security standards, and enhance China's voice and influence in global data governance.
Qiao Han is the director of the Department of Education and Degrees of the University of Chinese Academy of Sciences, and a professor and doctoral supervisor of the School of Economics and Management. His research interests include digital economy, technological innovation and business model innovation, venture capital and entrepreneurship.
Junru Xu is a Ph.D. candidate at the School of Economics and Management, University of Chinese Academy of Sciences. His research interests include digital economy, data elements, value creation, etc.
Article from:Qiao Han, Xu Junru. Research on China's Data Sovereignty Policy Based on LDA Model and Policy Tools. Bulletin of Chinese Academy of Sciences, 2024, 39(3): 498-508. DOI:10.16418/j.issn.1000-3045.20231115001