Wang Huiyao: US concerns about China’s data security should be addressed, but not with a TikTok ban

SCMP | April 04 , 2023

From SCMP, 2023-4-4

 ■ US lawmakers pushing for a ban should first clear up misunderstanding about the relevant Chinese laws and policy.

■ Beijing’s Global Initiative on Data Security, in particular, clearly states respect for how other countries handle data, and could be the framework for work to bolster confidence in China’s data handling.

By Wang Huiyao | Founder of the Center for China and Globalization(CCG)


At the heart of the intense scrutiny surrounding TikTok in the United States is the question of whether the Chinese government could access US data through TikTok or its Chinese parent company, ByteDance. Amid the numerous reports and analyses following the House hearing on TikTok, one key Chinese initiative has been absent from the US debate, yet it could prove to be crucial.

While concerns about US TikTok data potentially falling into Chinese government hands are not unfounded, the evidence is lacking. A 2021 Citizen Lab report said there was no overt data transmission to the Chinese government by TikTok, although it could not determine what happens after data enters TikTok servers.

TikTok CEO Chew Shou Zi testified before a Congressional panel that “TikTok has never shared, or received a request to share, US user data with the Chinese government. Nor would TikTok honour such a request if one were ever made”.

Members of Congress largely remained sceptical, particularly regarding the last statement.

This is not surprising given the current climate of distrust between the US and China. Sceptics point to Chinese laws that state “all organisations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law” and interpret it as ByteDance being legally obliged to turn over TikTok data upon request.

Four points should be considered. First, the Chinese government has repeatedly stated that its laws do not permit the acquisition of foreign data in this manner. In March 2019, then premier Li Keqiang said during a press conference that asking Chinese companies to “spy” on other countries is “not consistent with Chinese law”.

Second, what many Congress members perceive as enabling Chinese government spying through its companies is a result of different legislative traditions. Chinese laws are often seen as broad and vague if viewed through the lens of common law because they are modelled after civil law countries’ legislation. China requires broadly drafted laws and regulations to accommodate local conditions.

Third, China’s position on data protection is actually stronger than the Cloud Act. Passed during former US president Donald Trump’s administration, the act says companies subject to US jurisdiction can be compelled, pursuant to a court order, to produce data subject to their control regardless of where the data is stored.

[Note: China says in the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes that “States shall not directly collect the data stored in foreign States from enterprises or individuals or by technical means bypassing network security protection measures if such measures are against the laws of that Foreign State.”]

Fourth, China has made an international pledge not to request overseas data from Chinese companies. In September 2020, China unveiled the Global Initiative on Data Security. It calls for, among other things, countries to handle data security in a “comprehensive, objective and evidence-based manner” and respect other countries’ sovereignty in how they handle data.

[Note: the Global Initiative on Data Security says-States should encourage companies to abide by laws and regulations of the State where they operate. States should not request domestic companies to store data generated and obtained overseas in their own territory.

-States should respect the sovereignty, jurisdiction and governance of data of other States, and shall not obtain data located in other States through companies or individuals without other States’ permission.

-Should States need to obtain overseas data out of law enforcement requirement such as combating crimes, they should do it through judicial assistance or other relevant multilateral and bilateral agreements. Any bilateral data access agreement between two States should not infringe upon the judicial sovereignty and data security of a third State.]

A plain reading means that, in the case of TikTok, China will not request TikTok data be stored in China. China’s position is that it respects the sovereignty, jurisdiction and governance of US data and will not obtain TikTok data located in the US through ByteDance, TikTok, their employees or anyone else without US permission.

The initiative attempts to establish China’s data security narrative and reassure foreign nations. Zhang Ming, head of China’s mission to the European Union, referenced the initiative in a 2020 interview, saying that “we never ask Chinese companies to break the laws of the host countries by handing over overseas data to the Chinese government”.

Judging from the mainstream US discourse, it seems likely that some politicians and pundits are unaware of the initiative. In any case, the initiative rarely appears in discussions.

In a more optimistic era, TikTok could have been celebrated as a symbol of success reflecting the deep ties between the world’s two largest economies. Regrettably, it has now become a point of contention, with Washington reportedly threatening a ban unless a divestment takes place, a move that has received firm opposition from Beijing.

The two nations already face enough challenges and should avoid exacerbating tensions in repeating a showdown similar to the one surrounding Huawei.

There is a constructive way to navigate this minefield. Washington could signal to Beijing, through backchannels if necessary, its intention to resolve the matter based on pragmatism.

In turn, China could incorporate the Global Initiative on Data Security into domestic laws and regulations, amending or officially interpreting laws accordingly. Neither side wishes to appear “weak” domestically, but both have interests in finding a compromise.

TikTok reports a base of 150 million users in the US. A ban or blocking of further downloads would be extreme and potentially politically fraught for US President Joe Biden. As Representative Alexandria Ocasio-Cortez said, it is “putting the cart before the horse”.

An evidence-based approach does not justify a ban. For China, after almost three years of promoting the Global Initiative on Data Security internationally, proactively implementing key aspects of it domestically is not about appeasing the US but a logical step to further strengthen its global appeal and serve Chinese interests.

The latest central economic work conference in Beijing stated that China supports Big Tech companies in fully displaying their capabilities to boost economic growth, job creation and international competition. Codifying the global initiative would concretely and cost-effectively strengthen internet companies as well as Huawei, drone maker DJI, gene testing giant BGI and even carmakers.

With data ubiquitous in Chinese technology and products, legislation alleviating potential concerns will be welcomed worldwide. Pragmatism from both sides regarding TikTok could also serve as a starting point for rebuilding trust and signalling that they can handle complex issues.

Finally, Beijing does not hold the key to addressing broader US online privacy concerns, such as questionable content, addictive algorithms and the impact on teenagers’ mental health. They are not unique to TikTok.


From SCMP, 2023-4-4