News | Digital Transformation - China Regulating Digital Corporations in China

A new data protection law is putting powerful IT companies in their place



Timo Daum,

Photo: IMAGO / Shotshop

In China, too, a broad debate is underway about how to strengthen users’ rights in the digital realm and regulate the digital economy. The issues are familiar: the unchecked accumulation of both power and capital, market dominance, data privacy, and working conditions, to name only a few. Various attempts have been made to deal with these issues.

Timo Daum is an author and social theorist whose research focuses on digital capitalism.

Translated by Hunter Bolin and Marty Hiatt for Gegensatz Translation Collective.

The various regulatory measures in China have tried to balance passing antitrust and competition laws similar to those in effect in the United States, while at the same time strengthening and protecting consumer and personal rights in line with the European model. In addition to these, the Chinese leadership also implements dirigiste measures aimed at subordinating digital corporations to the party’s long-term political goals. A notable example was its attempt to bar private companies from entering the financial sector.

How Do You Say “General Data Protection Regulation” in Chinese?

Last November, China passed a law to protect online personal data. The Personal Information Protection Law (PIPL), which came into effect on 1 November 2021, is the first measure aimed at the comprehensive regulation of the storage, transfer, and processing of personal data.

Among other things, it stipulates that people must consent to the use and transfer of their personal data, requires impact assessments for privacy and security, and explains how to deal with data breaches: “The personal information of natural persons receives legal protection; no organization or individual may infringe upon natural persons’ personal information rights and interests”.

Prior to this, there was no comprehensive protection of personal data in China. The new law addresses this lack, and marks an important step towards standardizing, updating, and implementing principles of data protection. The law is heavily inspired by the European General Data Protection Regulation, which went into effect in the European Union in 2018.

The state does not want to relinquish the strategic planning initiative, so it puts the country’s digital economy in its place.

Han Xinhua, a professor of law and member of the cybersecurity committee at the Communication University of China, explains, “[t]he regulations are very similar in many respects, for example they both provide a clear definition of personal data, lay out rules for processing sensitive information, require that security measures be taken, define what data can be stored and for how long, and create data protection officers to regulate all of these things.”

Such a move may come as a surprise to those in the West, but not for those who live in China, since these kinds of measures have been hotly debated there for years. Xinhua stresses that the law was passed primarily due to “internal pressure from within China” rather than an effort to make concessions to foreign countries or conform to Western standards. The debate is also far from over, since the law is meant to serve as a framework that will be fleshed out in the near future.

Xinhua situates the law in the context of the formation of a new configuration of power in Chinese society, one spurred by digitalization and the massive success of digital corporations. She claims this development has changed the power relations in the digital realm, explaining that “[the bipolar structure of public power and private rights in industrial society is being replaced by a tripartite structure of public power, private power, and private rights.” She emphasizes that within this new tripartite schema, it is important to strengthen the individual and his or her individual rights vis-à-vis the other two poles and to find a balance of power and of interests.

China’s efforts to clamp down on corruption and strengthen the rule of law also play a role. According to sinologists Daniel Fuchs and Frido Wenten, Xi Jinping’s regime is known for its “fierce and extensive anti-corruption campaign”.

The new law in China, inspired by the European Union’s General Data Protection Regulation, strengthens the rights of individuals vis-à-vis digital corporations. Yet the law serves two additional purposes for the party and state leadership: first, it fits in with the campaign against corruption and abuse, which aims to strengthen the population’s trust in institutions, and second, by putting the powerful digital corporations in their place, it makes the government appear as an advocate for the population at large, which makes extensive use of digital services.

Taming the Digital Corporations

In recent years, Chinese digital corporations have been recognized as powerful “personal information handlers”, something the party and state leadership views as a potential threat to the balance the social order rests upon. These digital corporations have a complicated relationship with the Chinese government. The growth of their power is closely monitored and if necessary, can be limited. For example, at the end of 2020, the government put a brief hold on the IPO of Ant Financial Services Group, a subsidiary of the Chinese Alibaba Group.

According to the CPC, the official “principal contradiction” in contemporary Chinese society is that “between unbalanced and inadequate development and the people’s ever-growing needs for a better life”. The party’s “common prosperity” campaign seeks to close the gap between rich and poor, which has widened in recent years. At the same time, it includes efforts to optimize governance and balance the economy — which means imposing limits on power monopolies and the accumulation of wealth by Chinese digital corporations.

In recent years, party leadership has made sustained attacks on the technology sector when it feels that the latter has gained too much influence and deviated too far from the Communist Party’s core values (see article 4).

Getting a Hold on Cyberspace

The most influential adversary faced by the digital corporations is the powerful internet regulator CAC (Cyberspace Administration of China). The agency’s powers were recently expanded to authorize them to monitor and, if necessary, prevent stock market listings of large Chinese technology corporations abroad.

However, the CAC’s powers are much more comprehensive than those of comparable agencies in the United States or the EU. For example, the CAC is the main owner of the China Internet Investment Fund (CIIF), which was founded only five years ago.

The CIIF has recently acquired a 1 percent stake in a subsidiary of ByteDance, the Beijing-based company that owns the social media platform TikTok. The CIIF’s 1 percent stake in the ByteDance subsidiary grants it the power to appoint one of three board members in a unit which holds key licenses that underpin the company’s ability to run its domestic short-video business. These kinds of “golden shares” give their owners enormous influence over the respective companies.

The GDPR in the EU, anti-trust laws in the US, but also discussions about breaking-up and nationalizing digital corporations show how much these very different societies have in common in this regard.

The CIIF is committed to refraining from seeking “excessive profits” from its investments, a move which reflects the government’s recent policy of cracking down on “rampant growth” and the “unruly expansion of capital” in China’s tech companies. It thus acts as an extension of governmental control.

An analysis in the business magazine The Economist claims that In the US or Europe, it would be unthinkable for a regulation agency such as the Federal Communications Commission in the US or the Federal Network Agency to be permitted to hold shares in companies, appoint board members, and intervene in business policy.

Killing Two Birds with One Stone

Europe and the United States are both struggling to regulate the power of digital corporations, and a similar process is underway in China as well. The GDPR in the EU, anti-trust laws in the US, but also discussions about breaking-up and nationalizing digital corporations show how much these very different societies have in common in this regard.

On the one hand, China is in a position to take stronger action, as the examples of Alibaba, ANT, Didi, and TikTok show. The state does not want to relinquish the strategic planning initiative, so it puts the country’s digital economy in its place. However, this creates another problem: efforts to extend the rule of law are also often met with paralegal actions which are reminiscent of Mao’s “campaigns”.

By strengthening individual rights vis-à-vis digital corporations, the Chinese party and state leadership is trying to kill two birds with one stone: by containing the power of the corporations and, at the same time, by presenting itself as the advocate of the new digitally savvy Chinese middle class.