The true colors of American cross-border data flow

Editor's note: Xin Ping is a commentator on international affairs, writing regularly for Xinhua News Agency, CGTN, Global Times, China Daily, etc. The article reflects the author's views and not necessarily those of CGTN.

On February 28, President Joe Biden of the United States issued an executive order, restricting transfer of Americans' personal data to China, Russia and other "countries of concern." Some U.S. officials explained that this move was designed to protect sensitive American personal data from falling into the hands of foreign adversaries who are engaging in a variety of nefarious activities including malicious cyber-enabled activities, espionage and blackmail.

At first sight, it seems quite relevant for a government to safeguard the personal data security of its citizens. Many countries do so. However, the follow-up interpretation of the executive order has revealed the real intent of the Biden administration and smacks of ideological hostility towards other countries.

The U.S. always follows a doctrine of "easy to come by, hard to offer up" for data flow, which advocates free flow of inbound data to the U.S. for its own benefits, but promotes "decoupling" when the outbound data flow goes against its interests. "National security" becomes an ace card to play whenever the U.S. government wants to impose supervision.

Apart from the latest order, American lawmakers have proposed the "American Data Privacy and Protection Act," which requires the protection of local corporate and national data and prevents them from flowing to two countries, China and Russia. The Committee on Foreign Investment in the United States (CFIUS) has broad powers to check and constrain foreign-invested entities, such as requiring them to sign security agreements, restricting their communications infrastructure to locations within the U.S., and demanding that various kinds of information of these entities be stored in the U.S. only.

On the other hand, the U.S. is pushing hard for global data to flow to the U.S., which would make it a massive data center. The U.S. often requests target countries to adhere to the principles of "non-discrimination" and open their doors to American technology companies on the grounds of opposing data localization. Its purpose is to facilitate American companies to obtain as much data as possible.

The servers and cloud computing centers of big Silicon Valley companies are distributed around the world and have actually become American "overseas military bases" in the digital age. They collect a tremendous amount of data from host countries and transfer it to the U.S., in disregard of others' national security concerns. In this way, the U.S. increases its data assets gradually by infringing upon other countries' data sovereignty, just like what the Western colonizers did centuries ago.

Another tool that the U.S. government prefers to use when collecting data from other countries or non-American entities is its long-arm jurisdiction. For Internet companies which are not set up in the U.S., or have no business operation in the U.S., as long as their business activities are related to the American markets or companies, the U.S. will exercise "jurisdiction" on them under the "long-arm statute." In other words, regardless of whether the data is stored in the U.S. or not, and regardless of whether the data belongs to American companies or not, the U.S. law enforcement agencies want to freely retrieve such data from every corner of the world, whenever they deem necessary.

Such kind of intervention violates the sovereignty of other countries and is obviously contrary to the principle of legal fairness. It is also inconsistent with the principle of reciprocity in international practice. Through various means, the U.S. tries to reach its ultimate goal to shape a U.S.-led cross-border privacy and data security governance paradigm. Facing this data hegemony, small countries with inadequate industrial foundation or technical defense capabilities will have to give up their autonomy and end up as data colonies of the U.S.

Last but not least, abusing its regulations and technological strength, the U.S. attempts to dominate the formulation of laws and rules on international cross-border data flow. Its control of the basic structure and exchange nodes of data flow offers a great advantage in setting the rules. Dominating the rules-making further enables the U.S. to collect more data from other countries. Being the technology initiator, rule maker and actual controller of data at the same time, the U.S. is perfectly positioned to obtain data hegemony. The "Prism Project" that monitors the world, the "Blarney Project" that collects data from Internet backbone hubs, and so many more, are cases in point to prove the U.S.'s concentrated ambitions. 

Data, much like goods and intellectual property, is a valuable asset for every individual and sovereign country. Cross-border flow of data matters to the privacy and security of people and the development of the information industry of a country. How to govern this sphere at the international level is an issue rising in urgency as we are stepping into the age of AI, when data becomes the fundamental productive factor. Do we cooperate and find out a fairer way to collective governance aiming at mutual benefit, or do we accept a data hegemon and follow the jungle rules? The world needs to make a choice.

(If you want to contribute and have specific expertise, please contact us at opinions@cgtn.com. Follow @thouse_opinions on Twitter to discover the latest commentaries in the CGTN Opinion Section.)