China International Studies (English)
Global Data Governance: Challenges and Responses
As data resources become increasingly important in today’s world, data governance is a crucial topic worldwide. However, there are conflicting views on data governance with challenges such as imbalanced data rights and diverging interests between individuals, enterprises, and sovereign states. It is therefore an urgent and central issue for academic and business circles to address these challenges and advance global data governance.
In today’s world, the use of data is omnipresent on a global scale, embedded in the very fabric of our daily lives, driving social changes in ways that often escape our perception.1 People are eager to solve problems, improve their well-being, and generate economic prosperity through the use of data.2 As data has become more and more central as a resource in contemporary society, data governance is becoming a crucial topic worldwide. However, the current discussion on global data governance faces not only conflicting views on data governance between sovereign states, but is also confronted with other challenges such as imbalanced data rights and diverging interests between individuals, enterprises and sovereign states. Addressing these challenges and moving the global data governance process forward has become a central issue which academic and business circles should urgently examine.
Connotations and Importance of Global Data Governance
With the deepening of globalization, the idea of governance has also moved away from a mere market-based, local and sector-related concept to one that covers more comprehensive forms of governance involving national
governments, and moved onwards from the domestic to the global level.3 As a subdivision of global governance, global data governance has its unique connotations and significance.
Global data governance refers to the process by which global actors regulate and coordinate the various aspects of global data generation, collection, storage and transmission, as well as the interests of the relevant actors. Typically, issues such as the clarification of data ownership, the guarantee of data security, the supervision of data transaction and the legal regulation of the cross-border flow of data all fall within the scope of global data governance.
Regarding the specifics of global data governance, three points need to be further clarified. First, data is the direct subject of global data governance. In a broader sense, data governance also includes “governance based on data analysis” (or “governance by data”), namely, using data to innovate ideas of social governance, and linking data governance to the overall reform of social governance.4 That being said, “governance by data” should come secondary to “governance of data,” and the main challenges of today’s global data governance still concerns “governance of data.” Therefore, the connotations of global data governance in this article are limited to the narrow scope of “governance of data.”
Second, global data governance is carried out in the context of the era of big data, but the two concepts of “big data” and “data” are not identical and should not be confused. Generally speaking, “data” refers to the original records that are produced in some ways by human activity and behavior, while “big data” is a collection of data that is huge in volume. In addition, the term “big data era” refers to a period characterized by the widespread generation and application of big data. Therefore, these three concepts must be regarded separately, and it is the notion of “data” that the current global
data governance directly refers to.
Third, global data governance describes the overall and comprehensive governance of data, to achieve good governance as a whole. Early on, data governance was regarded merely as a management activity that emphasized decision-making and accountability for data assets. Given that this definition failed to reflect the accurate meaning of “governance,” the concept has gradually been defined as a framework that formalizes the roles, functions, and procedures within which an organization’s data is properly managed and enabled as a strategic asset.5 Therefore, global data governance should not be limited to the “management” of data. Instead, we should determine the value of global data from a comprehensive perspective, and try to work out a set of relatively encompassing and appropriate rules for global data governance.
The implementation of global data governance that responds to the concerns of global data development would have great significance and create enormous advantages. They are reflected in the following four key aspects:
First, global data governance could promote standardized and orderly cross-border data flows, improve global data protection, and prevent global data security risks. With the advancement of global economic and trade transactions and international cooperation, cross-border data flows have become more frequent. At the same time, security risks have also increased, because data may be intercepted, leaked, tampered with, or even forged. Furthermore, differences in data policies and laws developed by different countries or regional organizations may confuse the rights of data owners and users, resulting in data abuse and data compliance problems. Therefore, any progress in global data governance will further deepen the consensus on global data security protection among countries, enhance the ability to respond to global data security risks, accelerate the formation of crossborder data flow rules on a global scale, and promote the cooperative use
and open sharing of global data resources.
Second, global data governance could promote the development of the global digital economy that benefits from global data exchange. According to a 2019 white paper, A New Landscape of the Global Digital Economy, the total size of the digital economy in 47 countries for the year 2018 exceeded US$30.2 trillion, accounting for 40.3 percent of their combined GDP. In 38 of those countries, the growth rate of the digital economy was significantly higher than that of their GDP in the same period.6 Given the boom of the global digital economy, global data governance would help remove data trade barriers between countries, eliminate obstacles for the further development of the digital economy, promote cross-border operations and business expansion of digital products and services, and boost the innovative development of information network technology, products and services.
Third, global data governance could help to improve the global governance system and contribute to the formation of good global governance. As the central element of technological innovation in the Fourth Industrial Revolution, data is comprehensively restructuring global production, circulation, distribution and consumption, thus impacting global competition, economic development, industrial transformation, social life and other aspects. Data governance has become a key area of global governance. Any improvement of the overall capacity for global governance depends on the efficiency and coordination of all subordinate governance mechanisms, especially in key areas. Therefore, when data, a key area, is effectively governed globally, the global governance system will also be significantly enhanced.
Fourth, global data governance could promote collaborative efforts in governance, and help developing countries advance and improve their domestic data governance. The holistic approach of integrated
global and national governance is increasingly becoming a trend with the development of human knowledge and the improvement of practical governance capabilities.7 Global data governance can promote the effective two-way interaction between global governance and national governance. As developing countries conduct their domestic data governance under the auspices of global data governance, part of the rules of global data governance will be internalized into their national data governance. The progress made in forming the global data governance system can provide lessons for developing countries to improve their domestic data governance. On the other hand, some developed countries and regions have spearheaded the efforts in national data governance and have accumulated valuable practical experience, which can be popularized and applied to global data governance. The promotion and implementation of successful data governance experience in individual countries will effectively propel the process of global data governance and realize “the world order implications of national governance.”8
Challenges Confronting Global Data Governance
The first step to achieving effective global data governance is to recognize its current status and the challenges it is facing. As the volume of generated data has seen explosive growth, the associated risks of consumer privacy and data security have also significantly risen. On a global scale, data leakages have become a frequently occurring phenomenon, resulting in increasing losses. At the same time, the existing global data governance system is far from mature, suffering from fragmentation and operational delays, due to a lack of specialized global data governance institutions and the absence of coordination among the various isolated governance mechanisms.
Governments, the private sector and the civil society are the most important actors of global data governance, but they are pursuing quite different interests. Therefore, the construction of governance mechanisms has been plagued by contradictions and conflicts between sovereign states, enterprises and individuals, which results in serious obstacles for global data governance. In effect, current global data governance faces two main challenges. The first is the conflict arising from data rights or claims among a particular group of actors: among individuals, enterprises, and sovereign states. The second one emerges when individuals, enterprises and sovereign states, as different stakeholders, have conflicts over data rights and interests.
Data rights disputes which occur among individuals and enterprises are just general data governance issues and are not the focus of global data governance. Therefore, this article only focuses on those that arise from conflicting opinions on data governance between sovereign states for the first category of challenges.
Different views of data governance among sovereign states
As cross-regional data flows become more regular, and demands by sovereign states for data resource management and control become increasingly frequent, the concept of “data sovereignty” has emerged as the theoretical basis for nations’ data governance claims. This article adopts a narrow definition of the concept of data sovereignty - that is to say, data sovereignty refers only to state data sovereignty and a state’s power to control, manage and use its national data.9 Supported by the theory of state data sovereignty, nation-states have put forward their data governance arguments, and brought a series of challenges to the progress of global data governance.
First, countries do not have a uniform understanding of the ownership of personal data, leading to a persistent debate about the right approach concerning the protection of personal data. In terms of the wording, European countries tend to use “data protection.” Outside Europe, the preferred nomenclature tends to be “protection of privacy,” “data privacy” or “information privacy.”10 The differences in naming reflect the disparity in data protection approaches by various countries. For example, EU countries regard personal data as a basic right of their citizens with constitutional significance. Therefore, they have established a more stringent model of personal information protection in their legislation and are continuously promoting personal data protection legislation in European integration. Other countries, such as the United States, rather incorporate personal data concerns into the framework of privacy protection, try to solve the problem of personal data protection through a broader interpretation of privacy rights, and gradually establish corresponding rules in their judicial practice.11 In China, the right to personal information was initially included in the protection of general personality rights.12 It was later defined as a specific personality right in the course of constructing a personality ownership protection system that included personal data protection.13 With the promulgation of the Civil Code, the right of personality has been compiled independently, and the protection of personal information has been legally incorporated into the scope of the protection of personality rights. This development signifies that for China, protecting personality rights is still the main approach to protecting personal data. In summary, various sovereign states each hold their view on personal data, leading to different approaches to how
personal data should be protected.
Second, different countries hold contrasting views on regulating crossborder data flows, thus hampering the free exchange of data across national borders and limiting the vitality of the digital economy. In 2016, the EU passed the General Data Protection Regulation (GDPR), which regards personal data rights as basic human rights. The GDPR has introduced severe restrictions on the cross-border flow of data. For example, Article 45, Chapter 5, states the country/region which obtains the data must ensure “an adequate level of protection” before any cross-border data flow can occur. This strategy of cross-border data flows reflects the idea that human rights and privacy are above unrestrained movement of information. This concept has not only become the basis of various EU regulations that deal with cross-border data exchanges,14 but also the principle guiding the EU in their global data governance practice. In contrast, due to its superiority in the information technology sector and its perception of economic liberalism, the US has been trying to maximize the free flow of data on the premise that it can ensure security and control. It has sought to form its own regulatory system on the cross-border data flow through bilateral or multilateral agreements. For example, in the United States-south Korea Free Trade Agreement and the United States-mexico-canada Agreement (USMCA), the US has spearheaded the effort to add relevant articles to liberalize cross-border data exchanges.
To reconcile their differences regarding cross-border data flows and promote bilateral trade and economic development, the United States and Europe have successively reached the Safe Harbor accord and the Privacy Shield agreement. Although both agreements were eventually invalidated, they played a role in regulating data exchanges between American and European enterprises. However, judging from the negotiation process and content of the Safe Harbor accord and the Privacy Shield agreement, both were the result of compromise between the US and Europe, and
they were not able to eliminate fundamental differences between the two sides on the governance of cross-border data flows. In addition to the US and Europe, other sovereign states also have dissenting opinions on the issue. For example, Russia strongly prioritizes data sovereignty and requires data localization, while Australia seeks to regulate cross-border data flows through classification management, classification labeling, and a combination of mandatory guidelines and recommendations. These and other disagreements among various national governments on crossborder data regulations have seriously hindered any real coordination and harmonization of global data governance.
Third, to take advantage of the strategic value of data, various countries have rushed to formulate their data development strategies, which has led to intense competition and a greater imbalance in global data power. During the Obama administration, the United States defined data as the new oil of the future and regarded the development of a big data industry as one of its strategic priorities. In March 2012, the Obama administration proposed the Big Data Research and Development Initiative, announcing an investment of over US$200 million to substantially improve the tools and techniques needed to access, organize, and gain insights from huge volumes of digital data, with the aim of boosting science and engineering and strengthening national security.15 The Trump administration’s data strategy also involved the steady advancement of data mining and utilization. Similarly, a number of other states have also set out to improve their ability to mine and collect big data information. In 2010, the British government launched the data.gov.uk website, and subsequently released a new national digital strategy in 2013. In 2015, Britain promised to open several core public databases and invested in the establishment of the world’s first Open Data Institute.16 The Australian
Government Information Management Office (AGIMO) established the Big Data Working Group, and issued the Public Service Big Data Strategy in August 2013, which proposed six big data guiding principles at the national level.17 Also in 2013, Japan proposed a new information and communications technology (ICT) development strategy to create high value-added enterprises, solve social problems, improve and enhance ICT infrastructure, and gradually build the framework for achieving the Smart Japan ICT strategy.18 At the Group of 20 (G20) summit held in June 2019, then Japanese Prime Minister Shinzo Abe reiterated his commitment to promoting data flows and working with the World Trade Organization (WTO) to formulate global data circulation rules. After introducing the GDPR to regulate general data protection, the European Union issued the European Strategy for Data in February 2020, proposing an open single market for data and promoting its use for economic growth and value creation.19 As the world’s leading scientific and technological powers are formulating their own data development strategies, differences and conflicts in data regulation policies are posing considerable challenges to an effective system of global data governance.
The deeper challenge is that the world has entered a new phase of cyber politics, to which countries are formulating their responses and experiencing a condition of “weaponized interdependence.” Growing economic interdependence gives rise to a new power structure with increased asymmetry and inequality among nations. Countries with cyber technological advantages are able to exclude companies and even entire countries from the global network, leading to far-reaching consequences.20 While unobstructed data flows and free data sharing would enhance
interdependence among countries worldwide, some pressing issues have emerged as the most powerful and technologically advanced countries continue to implement their own data development strategies, such as how to prevent the removal of certain sovereign states from the global data network, and how to balance data development strategies with national interests.
Imbalance in data rights and interests between individuals, enterprises and sovereign states
The concept of global data governance implies that individuals enjoy personal data rights and seek for protection of their rights through various channels; that enterprises are guaranteed the ownership of their data which is reprocessed to maximize its economic value and bring benefits to the companies; that sovereign states may strive for comprehensive data sovereignty and formulate corresponding data development strategies to safeguard national security and maximize national interests. However, there is an inherent imbalance and potential for conflict between these three different stakeholders.
First, personal data rights are vulnerable to infringement by unfair data use practices of commercial enterprises. The boundaries between personal and enterprise data rights are unclear, which leads to repeated violations of personal data rights by enterprises. Although some individual users are aware that companies are collecting their information, they have no clear understanding of whether and how their personal information might be further processed and where it might eventually end up.21 Some multinational companies collect personal data and secretly transfer them across borders in order to seek illegitimate corporate interests. It is not uncommon for some commercial giants to be punished by regulatory authorities for the illegal use of personal data. In January 2019, the National Commission on Informatics and Liberty (CNIL) of France issued
a fine of 50 million euros to Google Inc. of the United States for violating regulations on protection of data privacy.22 In June 2020, the German Supreme Court ruled that Facebook should terminate the automatic collection of data from users of applications such as Whatsapp or Instagram without explicit permission.23 In fact, the reason why a whole series of these global players was able to violate citizens’ privacy is that the current global data governance framework lacks any systematic regulation on the use of personal data by enterprises.
Second, the asymmetry of data resources between sovereign countries and enterprises poses many practical obstacles to realizing data sovereignty and efficient data governance. For example, large amounts of data are owned and utilized by multinational information technology giants. Sovereign states lack actual control in certain key areas, including over data with strategic importance, and cannot directly apply company data at the national governance level. Furthermore, facing this predicament, sovereign states lack effective mechanisms to interact and communicate with the private sector on data rights, thus affecting the realization of their strategic objectives concerning data sovereignty. According to a white paper released by the International Data Corporation (IDC) in January 2019, China will have the world’s largest datasphere by 2025, with the private sector share of the datasphere growing from 49 percent in 2015 to 69 percent in 2025.24 Evidently, data of corporations accounts for most of the overall data. However, the current asymmetry in access will make it impossible for sovereign states to effectively seize data resources and conduct effective oversight in the process of establishing global data governance.
Third, national data sovereignty and personal data rights are not easily coordinated, and are often incompatible. Sovereign states need to use huge quantities of data, including personal data containing sensitive private information, but the process of obtaining and handling personal data by states may hold the risk of leakage. Moreover, accessing personal data is likely to be a concealed operation infringing on personal rights. For example, in an acute public emergency, states may forcibly and without explicit consent obtain information on relevant individuals, revealing a fundamental contradiction between national data sovereignty and personal rights. In the name of national security or other urgent security nterests, one country will even obtain data belonging to individuals of other countries. For example, the Patriot Act, promulgated by the United States after the September 11 attacks, stipulates that the US government is allowed to obtain any information stored in US data centers or stored by US companies without the prior consent of the subject. The US surveillance program PRISM, whose existence was leaked by whistleblowers in 2013, has even more revealed the fact that some countries led by the United States have illegally encroached on other countries’ private data with disregard for any personal privacy. Thus, in the current debate about global data governance, the power boundary of national data sovereignty remains to be clarified, and the relationship between national and personal data rights still needs to be coordinated.
Paths to Improving Global Data Governance
The international community has not yet formed a functioning mechanism to tackle some of the crucial challenges of global data governance. To address global data governance in all of its diversified aspects, special institutions with concrete functions should be built for central coordination of all existing governance mechanisms. Currently, most of the discussions on data governance are placed under the general framework of global multilateral cooperation, and are therefore often mixed with other
related issues, making dialogue and collaboration on data governance too broad and unfocused. Therefore, the construction of a comprehensive global data governance system to meet the multiple challenges must be a high priority. Specifically, it can be dealt with from the following two aspects:
Strengthen overall governance and promote the establishment of global data governance rules
The formation of a global data governance system depends largely on the choice of appropriate paths and propositions. Algorithms and digital platforms structure and confine the behavior of related subjects, but the present legal system is in many instances not applicable or enforceable in the digital world. The direction decision-makers take towards better governance will influence the trend of data development to a certain extent and guide the formation of the overall governance system.25 Drawing lessons from the existing relatively advanced data governance measures, each sovereign state should give full attention to its particular national conditions to define and improve its own data governance claims, so as to realize the coordination of data sovereignty, data protection and the development of a digital economy. In addition, each sovereign state can also actively participate in global data governance, and assert its own data governance claims when negotiating and promoting the formation of global data governance rules.
First, properly coordinate the data development strategies of sovereign states and realize the sharing of data values.
Different sovereign states or regions have formulated data development strategies corresponding to their own interests and demands to realize the strategic utilization of data, which has increased the asymmetry and inequality among countries. How to prevent the exclusion of some sovereign states from the global data network and harmonize the different
data development strategies and national interests has become an urgent problem to be solved at the global data governance level. Today’s various scattered and unaligned governance mechanisms cannot play the role of coordinating the interests of all parties, providing mutual assistance, enhancing cooperation and realizing value sharing, and therefore need to be reconstructed.
The United Nations and its regional organizations should be promoted as the central platform for global data governance, which can properly coordinate the data development strategies of sovereign states or regions, resolve conflicts arising from countries’ diverging data development strategies, and promote the sharing of strategic data on the basis of mutually beneficial cooperation. Such a global data governance platform headed by the United Nations can focus more on the balanced development of data strategies of countries and regions around the world, organize multilateral forums for global data governance, set up relevant negotiation and consultation mechanisms, reconcile the various interests of countries and regions, and strive to make the economic value of data globally accessible. Under the Un-centered framework, regional organizations can give full play to the advantages of close cooperation within their regions and create more refined and concrete implementation plans of data governance.
Second, accelerate the formation of an overall framework for global data governance and improve laws and regulations on data protection.
Businesses are collecting and transferring more data across borders than ever before, due to the continuous growth of business activities and the expansion of the global market. In response, governments across the globe are actively reviewing and strengthening laws to better protect the personal data of their citizens.26 Since in 1980 the Organization for Economic Cooperation and Development (OECD) took the lead in
issuing the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, the first legal document on privacy protection and crossborder data flow in the information era, many laws and regulations related to data governance have emerged at both international and domestic levels. Legislation such as the EU’S GDPR provides a model and reference for data protection legislation worldwide.
However, the majority of current global data rules and mechanisms are still confined to national or regional boundaries, whereas an overall framework for global data governance has not yet been established, and a globally unified system of data protection laws and regulations has not yet taken shape. This not only creates obstacles to the cross-border flow of data, but also confusion about which legal standards can be applied to international data disputes. Therefore, in order to achieve efficient global data governance, countries should not only constantly improve and perfect domestic data protection regulations on the basis of existing legislation, but also accelerate the formation of an overall framework of global data governance through international exchanges, dialogues and negotiations. This will further allow the development of more comprehensive and sound international data protection treaties or relevant applicable mechanisms, so as to build a reasonable, coordinated and efficient global data governance system.
Third, strengthen exchanges and cooperation on cross-border data governance and promote the improvement of global data governance rules.
Cross-border data governance is an important part of global data governance. The proper handling of issues related to cross-border data flows is not only a prerequisite for defending data sovereignty and protecting national data rights, but also the key to promoting the development of global data trade and the digital economy. As early as 2004, the Asia-pacific Economic Cooperation (APEC) adopted a framework document to regulate data and privacy protection of its member countries, and then gradually built and formed the APEC Cross-border Privacy Rules. However, at the level of the United Nations, present discussions on data governance are still
split into many individual topics, such as the digital economy, sustainable development, human rights and equality, and humanitarian action,27 and a centralized and systematic cross-border data governance mechanism has not yet been formed. There are still obstacles to achieving truly global exchanges and collaboration in cross-border data governance.
However, international cooperation and consultation have begun in the construction of global data governance rules. In June 2019, the G20 summit, held in Osaka, Japan, issued the Osaka Declaration on Digital Economy, which marked that the international digital economy had officially entered the “Osaka Track.” At the Leaders’ Special Event on Digital Economy on the sidelines of the G20 Osaka Summit, then Japanese Prime Minister Shinzo Abe proposed to facilitate free data flows across borders under the concept of “data free flow with trust” (DFFT), aiming to set up corresponding rules for global data flows.28
Based on the existing cross-border data cooperation modes and the rudiments of global data governance rules, global data governance should be further deepened and improved. Sovereign states and regional organizations can sign specific bilateral or multilateral agreements and treaties to regulate the cross-border data flows of all parties. They can also insert corresponding clauses on cross-border data flow into existing bilateral or multilateral trade agreements between sovereign states or regional organizations, to fix known problems on cross-border data flows in their economic and trade exchanges. Governance platforms such as the UN should pay special attention to crossborder data flows and actively guide the formation of an international cooperation mechanism designated for cross-border data flows. As far as the construction of global data governance rules is concerned, existing forms of international consultation and cooperation are still predominantly limited to technologically advanced or data-powered countries, while many
underdeveloped countries are unable to participate or are even excluded from independently expressing their opinions on global data governance rules. Therefore, the next step should be to broaden the channels of participation for sovereign states and regional organizations to state their views in the formulation of rules for global data governance, while also balancing and protecting the data rights and interests of all countries.
Innovate governance ideas and build a multi-stakeholder data coordination and governance mechanism
The promotion of global data governance should not only have as a target the reconciliation of contradictions in data communication among sovereign states, but also focus particularly on efficient ways to coordinate data rights and interests between individuals, enterprises and sovereign states at the global level. After careful analysis of the current situation and challenges of global data governance, the following three specific coordination and governance mechanisms can be considered for the promotion of global data governance:
First, the mechanism of “personality rights first.”
In the process of promoting global data governance, any data utilization by enterprises or state governments must fully respect the individual’s rights associated with data, which should be regarded as the basic principle of global data governance. This idea has been widely recognized in current EU norms spearheaded by the GDPR, from which a series of data coordination and governance norms can be derived. Sovereign states should adopt the principle of “informed consent” for the use of general data of individuals and enterprises. General data in this case refers to all data, except when there is a substantial threat to a country’s national security or great harm to the public if certain data is not immediately obtained, even without individual approval. Regarding the concept of informed consent, it should be noted that the collection of citizens’ personal data by sovereign states, for the purpose of fulfilling their administrative functions, public safety obligations and other operations of a modern
governmental apparatus, should be deemed as having obtained informed consent. Otherwise, the organization and management of modern countries cannot be effectively executed.
However, specific personal data originally collected by various enterprises and stored on certain carriers without independent processing by enterprises, may not be rightfully used by sovereign states, unless individuals have explicitly or implicitly agreed to the use of such data by other subjects. The Patriot Act, promulgated by the US after the September 11 attacks, fundamentally undermined the “informed consent” principle and greatly harmed privacy protection of personal data.
Nevertheless, it should be recognized that if there is a substantial threat to a country’s national security or public stability as a consequence of not immediately acquiring specific data, sovereign states do have the right to acquire and process such data. In case of a conflict between public and personal interests, it is justified to impose certain restrictions on individual rights for the benefit of the greater public, based on the principles of proportionality, interest compensation and due process.29 In such instances, personality rights and data privacy may temporarily and under certain conditions yield to national data sovereignty in order to ensure the overall security of the country.
Second, the mechanism of “property-based market transactions.”
Global data governance should enable a smooth operation of the global digital economy by constructing a concrete and feasible market-oriented data transaction mechanism. On the basis of safeguarding personality rights and protecting citizens’ personal data privacy, global data governance should fully recognize all data’s inherent property attributes and economic value, allow general data to flow and be traded freely on the market, and build a data coordination and governance mechanism of “property-based market transactions.” Since data represents a certain economic value, enterprises can conduct data transactions through the international market and obtain
the data they need in the process of production and operation. Companies that conduct data reprocessing can use raw data for data analysis more conveniently, thus greatly enhancing the vitality of the digital economy. Whenever sovereign states use personal or enterprise data in non-emergency situations, this mechanism is equally applicable. That is, data is acquired and used through market-oriented transactions, and in this case individuals or enterprises transfer their data rights and interests to sovereign states.
There are three advantages to such a coordination and governance mechanism of “property-based market transactions.” The first is that it not only respects the privacy of personal and enterprise data, it also bridges the gap between national data sovereignty and personal and enterprise data rights, while giving full play to the economic value of data, which will incentivize more efficient data flows and the development of a global digital economy. The second advantage is that it provides a remedy for the current dilemma of asymmetric data resources held by enterprises and sovereign states. Through market-oriented transactions, a large amount of important data held by enterprises can be used by sovereign states to optimize public services and improve national and global governance. The third advantage is that from the perspective of global data governance, global data transactions will be marketized, standardized and made transparent, which is conducive to promoting the formation and improvement of the global data market. In practice, the market-oriented transactions of data have already been developed on the premise of ensuring security and the respect for privacy.30 The WTO first promoted the formulation of data trade rules in early 2019, with the aim of regulating the current market-oriented data transactions.31
Third, the mechanism of “anonymized strategic utilization.”
In today’s information age, those governments and actors who play a
leading role in the production, transmission, processing, storage and use of information will gain strategic advantages.32 Since the data development strategies of sovereign states need large quantities of data as the basis, global data governance should support governments in their demand for strategic data resources. It should furthermore mediate between sovereign states’ data sovereignty and personal data rights by constructing an exemption mechanism for sovereign states to obtain the needed strategic data. This is called a data coordination and governance mechanism of “anonymized strategic utilization,” which specifically allows sovereign states to collect and use anonymized data from individuals and enterprises for specific purposes, such as optimizing public management and coordinating strategic deployment.
Anonymization entails the de-personalization of data requisitioned by sovereign states, so that neither the personal features nor the accurate location of a person can be identified. Moreover, the costs generated in the process of anonymization should be borne by sovereign states themselves and not be passed on to the enterprises, whose operating expenses would otherwise be unreasonably increased. Such anonymization of personal data and the corresponding standards have already been introduced into the data governance practice by several countries and regions.33 The advantage of this data coordination and governance mechanism of “anonymized strategic utilization” is that it does not only effectively protect citizens’ personal privacy, but also gives full play to the strategic value of aggregate data for sovereign states, and to a certain extent also resolves the contradiction between individuals and sovereign states on data governance issues.