In September 2020, China unveiled the Global Data Security Initiative (GDSI, 全球数据安全倡议, quánqiú shùjù ānquán chàngyì), a proposed framework for dealing with security in data storage and digital commerce. The initiative was seen by many as a response to the Clean Network program put forward by the Trump administration in the United States, which aimed to portray Chinese technology as malign and untrustworthy and exclude it from global internet infrastructure.
After the GDSI was announced, China engaged in diplomatic outreach to countries in Central Asia, Africa, and Europe to build support. So far, this initiative has garnered support from Russia, Tanzania, Pakistan, Ecuador, the Arab League and ASEAN countries.
At the crux of the initiative are the following eight tenets (from DigiChina's translation of Foreign Minister Wang Yi's announcement):
- First, treat data security objectively and rationally, and work to maintain open, secure, and stable global supply chains.
- Second, oppose the use of information technology to damage other countries’ critical infrastructure or steal important data.
- Third, take measures to prevent and end personal information harms, and not abuse information technology to conduct large-scale surveillance of other countries or illegally collect personal information of citizens of other countries.
- Fourth, require companies to respect local laws and do not force domestic companies to store data generated or collected overseas in their own country.
- Fifth, respect the sovereignty, jurisdiction, and data management rights of other countries, and do not directly access data located in other countries from companies or individuals.
- Sixth, needs for cross-border data retrieval by law enforcement should be addressed through judicial assistance and other channels.
- Seventh, information technology product and service providers should not set up backdoors in their products or services to illegally obtain user data.
- Eighth, information technology companies must not use users’ dependence on their products to seek illegitimate gains.
The initiative also proposes three principles through which cooperation should be pursued (also from Wang Yi's announcement).
- Multilateralism (多边主义): "On the basis of widespread participation from all sides, we should reach global data security rules that reflect every country’s wishes and respect the interests of all sides.".
- Secure development (安全发展): "Every country has the right to protect their country’s data security according to law, and all should provide all enterprises with an open, equitable, and non-discriminatory business environment."
- Fairness and justice (公平正义): "Data security should be upheld on the basis of facts, and laws and regulations. Politicizing data security issues and applying double standards, even to the point of freely starting rumors to blacken others’ names, violates basic principles of international relations and seriously disturbs and hinders global digital cooperation and development."
Chinese representatives frame these tenets and principles as a blueprint for the development of international rules for digital security. In addition to the GDSI's emergence at a time when the U.S. government was promoting the China-excluding Clean Network initiative, the Chinese initiative's invocation of "multilateralism" is consistent with a longstanding Chinese preference for rule-making among national governments, as opposed to the "multistakeholder" approach long favored by countries including the United States that includes non-state actors at the table.
Knowing your audience
As a global framework for data security, the GDSI is relatively short on detail. In particular, the exact balance between security and openness is left unresolved in the inaugural document. Instead, China's government chose to fill in details as it built support with partners. Remarks from these meetings and text from joint resolutions indicate that China aims to use the initiative’s flexibility to promote both rules for data security and the digital economy in a broader sense.
At the China-Germany-EU leaders' meeting in September 2020, the Chinese side framed the initiative as a framework to develop a more robust global digital economy.
In November 2020, Xi mentioned the GDSI on at least three different occasions, changing emphasis to highlight the security elements in some cases and the economic elements in others. At the Shanghai Cooperation Organization (SCO) Summit in November 2020, Xi said the GDSI aims to build a “peaceful, secure, open, cooperative, and orderly” (和平、安全、开放、 合作、有序) cyberspace in order to maintain security and stability. In the SCO context, where members are primarily autocratic, the initiative was not directly linked to the digital economy. A week later, at the BRICS Summit, Xi again said the GDSI aimed to promote a peaceful, secure, open, cooperative, and orderly cyberspace, but he also mentioned the healthy development of the digital economy. At the G20 summit on November 21, Xi emphasized the need for the G20 to make further efforts in driving the digital economy and said China had proposed the GDSI to develop global rules for digital governance. Both the BRICS Summit and G20 are more economic development-minded forums—hence the emphasis on the broader digital economy.
A work in progress
The GDSI has been promoted at other levels of government too. On March 29, 2021, Vice Foreign Minister of Foreign Affairs Ma Zhaoxu signed a China-Arab Data Security Cooperation with the Arab League, marking the first time a regional organization agreed to develop the GDSI with China. At the World 5G Conference in November 2020, Coordinator for Cyber Affairs at the Ministry of Foreign Affairs Wang Lei said the GDSI would promote an objective and fair attitude toward the common global challenges such as supply chain and data security issues, build trust through cooperation, determine rules through multilateral consultations, and avoid introducing political factors into the development and utilization of 5G.
The list provided below of meetings and events in which Chinese officials have promoted the GDSI shows a notable slowdown in the government’s efforts to promote the initiative in 2021, though the most recent diplomatic mention we recorded was as recent as February 2022.
|Event (Date, Venue)||Leadership||Content||Other parties|
|China Internet Governance Forum (9/8/20, Beijing)||Wang Yi||Initial announcement.||Former Prime Minister Shaukat Aziz of Pakistan, former Prime Minister Djoomart Otorbaev of Kyrgyzstan, and Deputy Secretary General of the United Nations Liu Zhenmin|
|China-ASEAN (the Association of Southeast Asian Nations) Foreign Ministers' Meeting (9/9/20)||Wang Yi||On behalf of ASEAN, Philippine Foreign Secretary Locsin, the coordinator of China-ASEAN relations, "said that the Global Data Security Initiative proposed by China reflects the common concerns of all countries, and ASEAN countries attach great importance to it," according to a Chinese government readout.||ASEAN Countries|
|Foreign Minister Meeting between China and Russia (9/11/20, Moscow)||Wang Yi||"Sergey Lavrov said, the Russian side holds positive opinions about the Chinese side-proposed 'Global Initiative on Data Security.' It is conducive to the creation of international rules on data security as well as further Russia-China cooperation in the area of international information security, against the backdrop that some countries are politicizing information technology and cyber security and containing other countries under the pretext of safeguarding its own national security," according to a Chinese government readout.||Russia|
|China-Germany-EU leaders' meeting (9/14/20, Virtual)||Xi Jinping||Xinhua: "The two sides need to forge China-EU digital partnerships, Xi said, adding that China has put forward its global initiative on data security, and hopes that the EU will work with China to formulate standards and rules of the global digital field and promote the sound development of global governance in digital economy."||German Chancellor Merkel (EU President), European Council President Charles Michel, European Commission President Ursula von der Leyen|
|Tanzania Spokesperson’s Comment (9/18/20)||Response to the Initiative announced on 9/8/20||"[Tanzanian government spokesperson] Dr. [Hassan] Abbasi stated that the Global Initiative on Data Security reflects the purposes and principles of the UN Charter and the basic norms of international laws, aiming at protecting national sovereignty as well as bringing nations together to deny any illegal activities on data stealing and interceptions," according to the Chinese embassy in Tanzania.||Hassan Abbasi (Chief Spokesperson of the Tanzanian Government)|
|Shanghai Cooperation Organization (SCO) (11/10/20, Virtual)||Xi Jinping||Xi said all parties are welcome to participate in the "Global Data Security Initiative" initiated by China to build a jointly build a peaceful, safe, open, cooperative, and orderly cyberspace, according to a Xinhua story posted by the CAC.||Russia, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, Mongolia, Uzbekistan, Iran, Belarus|
|BRICS Summit (11/17/20, Virtual)||Xi Jinping||China launched the "Global Data Security Initiative" to promote the joint construction of a peaceful, safe, open, cooperative, and orderly cyberspace, and promote the healthy development of the digital economy. It hopes to be supported by the BRICS, according to a Xinhua story posted by the CAC.||BRICS|
|G20 Summit (11/21/20, Virtual)||Xi Jinping||Xi: "Promote the healthy development of the digital economy. Work together to create an open, fair, just and non-discriminatory digital development environment. China proposed the Global Data Security Initiative and is willing to discuss and form global digital governance rules with all parties." –Xinhua story posted by the CAC||G20|
|World 5G Convention (11/27/20, Guangzhou, China)||Wang Lei (Coordinator for Cyber Affairs at the Ministry of Foreign Affairs)||Wang: "Global Data Security Initiative aims to promote all parties to face challenges with an objective and fair attitude, enhance mutual trust in cooperation, determine rules through multilateral consultation, and avoid introducing political factors into the development and utilization of 5G." –Chinese government readout; further Chinese government language||Industry conference|
|China-Arab League Data Security Conference (3/29/21, Virtual)||Ma Zhaoxu (Vice FM)||China and the Arab League agreed on the China-Arab Data Security Cooperation Initiative in line with the Global Data Security Initiative. Archived article from the Ministry of Foreign Affairs||Egyptian, Saudi, UAE, and other representatives to the Arab League, according to China's MFA|
|2021 World Digital Economy Forum Press Conference and China Digital Night (7/28/21)||Qin Yong, Vice Chairman of the China Council||Qin: "The Chinese government last September launched the 'Global Data Security Initiative,' and put forward constructive solutions and plans to regulate (规范) government and enterprise conduct in the data security field. This is the first international initiative in data security and will help promote global governance and cooperation in the field of data security. Now that one year has passed, under the wave of global digitalization, this initiative proposed by China has a high degree of practical significance and strategic wisdom." –Sohu.com||Indonesia, Somali, Sri Lanka, United Arab Emirates.More than 50 countries participated in the event.|
|China-Ecuador Joint Statement (2/5/22)||Xi Jinping||"Ecuador has positively commented on the Global Data Security Initiative proposed by China, and is willing to promote the formulation of global digital governance rules," according to a Chinese government readout.||Lasso Mendoza, President of the Republic of Ecuador,|