Ever since entering the digital era, the dangers and spillover effects of digital data security have exerted a negative influence in many areas, including politics, technology, economics, society, and more. The importance of global data security governance calls for urgent in-depth study of the subject.

New changes

In the digital era, maximization of data’s value often relies on a series of activities including data collection, flow, handling, and analysis. The governance subjects, patterns, content, and targets in these data-intensive activities are undergoing reconstruction. Consequently, a few new features can be observed in global data security governance.

The first is a transition from passive to active security governance approaches, which is an inevitable choice in the digital economy era. This is due to the rapid development of the internet of things and AI, among other frontier digital technologies, which derives data security risks that are more persistent and harder to identify, thus posing great challenges to data security management. 

Another reason behind the transition, is that strategic economic resources embedded in data are an objective factor that motivates countries to enhance data security governance. Data, as a core element of the digital economy, is becoming a strategic highland that determines a country’s core competitiveness. As the pandemic response becomes a new normal, the development of public health data is becoming more in-depth and more complicated. Sovereign states have all come to realize the strategic value behind data resources, and begun to see data security governance through the lens of “national security” and “national competitiveness.”

The second reason is that governing subjects are changing from singularity to pluralism, in other words, behavioral reshaping of governance subjects. Before entering the digital era, the subject and content of digital security featured simplification, immobilization, and patternization. After entering the digital era, data has been growing exponentially as trans-boundary data flows have become more common. Data’s flow extensively covers countries, enterprises, social organizations, and individuals. Traditional governance continues to restructure itself towards a more equalized and diversified governance model. As the main subjects of data governance become more diversified, so have their interest appeals and governing measures. This is clearly shown in sovereign states’ incompatible strategies for data governance, as well as unbalanced interests and clashes of interests concerning data among sovereign states, enterprises, and individuals. 

The third aspect is that data security governance is moving from a static state to a dynamic state, to achieve a balanced development of governance goals. Traditional data security risks mainly refer to damaged confidentiality, completeness, and usability caused by data leakage and data tampering. Avoiding these risks stresses data security in a static sense. However, in the digital age, data only has an economic value for the development of society when it is able to flow freely. Its value increases as its flow speed, activity, and transmission volume increase by the day. To respond to a data system that constantly flows at a fast pace, we need to strike a dynamic balance if we want to ensure data security. This means we need to see data security and utilization as a pair of wings that enable a bird to fly. When data security governance is done right, a dynamic balance can be achieved between ensuring the free flow of data and protecting data security. Meanwhile, when striving to achieve both goals, data security governance should be conducted based on the country’s national conditions.

The fourth one is that the order of governance is transitioning from competition to co-competition. From the perspective of the governance method, the US’s goals highlight the importance of the free flow of data and a free and open digital market, while leveraging the country’s competitive edge in the internet and technology, to ensure data security. The EU’s core of governance, on the other hand, focuses on protecting individuals’ data privacy while seeing data sovereignty as the foundation. It believes in promoting a free data flow under the condition of high-standard data protection. 

Of note, is that as global data security becomes more important and as emerging countries’ technologies continue to develop rapidly, their demand for more engagement in jointly building a governance mechanism is also growing. Meanwhile, they are beginning to interpret and conduct data security governance according to their own preferences, which continues to trigger conflicts in competition over rules and restrictions for global data flow and data localization.

New challenges

The complexity of data security in the digital era has led global data security governance to encounter many realistic challenges in the initial stage. From the perspective of development trends, global data security issues in the digital era have marked characteristics, posing new challenges in terms of building consensus on international cooperation, developing a global data security system, and enhancing national governance capacity.

First, the rapid development of data technology and the accumulation of data have increased the difficulty of reaching a consensus on global data security governance. In traditional geopolitics, military power is the main determinant of national competitiveness. However, in the digital geopolitical environment, data and data-driven analytics have become key factors in the pursuit of dominance, and frequent data security issues around the world are seen as a centralized reflection of the strategic intentions of countries, in the context of the great power competition. The economic strategies of some developed countries reveal a “protectionist” mindset and continue to implement a “strategic siege” in the global digital sphere, which leads to the phenomenon of “digital disorder” and brings multiple obstacles to global data security governance. 

In particular, as major developed countries and technological powers continue to implement data development strategies, preventing some sovereign countries from being removed from the global data network, balancing data development strategies, and countries’ national interests are also the key points and challenges facing international actors as they try to reach consensus and deepen cooperation to develop a global data security governance system going forward.

Second, differences in the governance demands of multiple data subjects have increased the difficulty of building a global data security governance system. At present, there are different interests and value demands among multiple governance actors such as governments, the private sector, and individual citizens. Meanwhile, there are many intertwined and overlapping factors, thus triggering multi-level conflicts in the development of the global data governance system. On the one hand, there is an imbalance of data rights among governments, the private sector, and individual citizens. On the other hand, there are significant differences in governance concepts and perceptions of data among countries with a major internet presence across the world, and the strategies and policies adopted have different focuses. This imbalance forces the major internet countries across the world to implement differentiated approaches based on their national conditions, which leads to conflicting national data management policies that cannot be interfaced on the international level, making it more difficult to establish uniform and standardized global data security governance rules and systems. 

Third, the inadequate supply of governance systems and the heterogeneity between rules in the systems increase the difficulty of building a global data security governance mechanism. Facing the current situation of data security with increasing risks and uncertainties, global data security governance rules are still in a grey zone. Meanwhile, traditional governance mechanisms frequently become ineffective in dealing with data security governance issues, and some new mechanisms and systems have shortcomings and weaknesses that make them dysfunctional.

In addition, at the sovereign state level, although sovereign states are generally aware of the importance and urgency of global data security governance and cooperation, they continue to promulgate unilateral regulations to restrict data flow, showing a growing tendency of “new digital isolationism.” The lack of effective institutional supply and the heterogeneity of institutional rules among sovereign states have weakened the effectiveness of global data security governance mechanisms to varying degrees. 

Given the technical and application characteristics of data security, there are still many practical challenges to effectively ensuring global data security. Therefore, help the international community reach a consensus on the development and security of global data in the context of the digital economy, and how to establish mechanisms and standards for international data flow, openness, and sharing under the premise of respecting data sovereignty, allowing data to become the fruit of information technology shared by all human beings, have become a common issue that needs to be faced and urgently solved in the future.

Que Tianshu is a professor from the Center for Rule of Law Strategy studies at East China University of Political Science and Law.