The Great Anti-China Tech Alliance
The United States and Europe will regret letting Beijing win the race to govern digital technology.
In these early days of the regulatory renaissance for digital technologies, China, Europe, and the United States are competing over whose image will be most reflected in market-defining rules and norms. Despite new lows in the trans-Atlantic relationship in the era of Trump, Europe and the United States still have far more in common with each other about how technology should be developed, deployed, and regulated than they do with China. With China pulling into the pole position in this race, it is time for the United States and Europe to forge a digital governance alliance.
The regulatory renaissance has many dimensions: data protection, cybersecurity, antitrust, and tax, to name a few. European initiatives in these domains—such as the General Data Protection Regulation (GDPR) and antitrust investigations of major technology platforms—are relatively notorious and reasonably well understood. Their effects also reverberate well beyond Europe: GDPR, for example, is rapidly becoming a model law for other governments to follow for their own privacy regulatory measures. Europe has similar ambitions with respect to artificial intelligence governance.
What is much less appreciated is the ambition, in scale and scope, of China’s regulatory initiatives. These go far beyond the many overt market access barriers that China has maintained for years. China’s sweeping Cybersecurity Law, for example, went into effect in 2017 and has mandates such as real-name registration requirements for internet users, data security rules for critical infrastructure, and a new, vaguely defined category of “critical information infrastructure” providers subject to additional requirements. In 2018, China issued its first significant data privacy requirements in the Personal Information Security Specification. And so far in 2019, China has proposed new rules for cybersecurity reviews of information technologies, cross-border transfers of personal information out of China, data security and privacy practices of network operators, cybersecurity vulnerabilities management and disclosure, cloud security, and encryption.
The first-order goals behind measures such as Europe’s GDPR and China’s Cybersecurity Law—privacy, security, and safety, in these two cases—are obviously plausible targets for public policy. But measures such as these often reflect a divergent set of underlying values and interests, which inevitably shape how the measures are implemented.
For example, GDPR is concerned with safeguarding privacy, a fundamental right held by individuals under the European Convention on Human Rights and the European Charter of Fundamental Rights. China’s Cybersecurity Law also identifies upholding individuals’ privacy as an objective and specifies a series of protections and requirements for personal information. But it adds a second category of protected data, labeled “important data,” that recognizes a right held by the Chinese state to access “data affecting national security, the national economy, and people’s livelihood.” In this scheme, personal privacy, though specified as an important value and afforded meaningful protections, is not a fundamental right in the same way as it is in Europe—it is a contingent one, subject to the state’s higher interest in social stability. If the two ever clash, the state’s interest will surely prevail.
To China watchers, the Cybersecurity Law’s prioritization of the government’s interest in social stability over the fundamental rights of individuals will come as no surprise. Social stability has long served as the strategic imperative for Chinese policymaking, in such domains as regulatory rule-making and industrial policy.
What is unique about the current moment, however, is a confluence of four critical, mutually reinforcing factors that put China in a commanding position to influence the course of digital governance worldwide. The first factor is the size and attractiveness of its domestic market as both a vital node in global supply chains and, as China’s middle class grows, an increasingly voracious consumer of goods and services. It gives domestic Chinese companies a massive home-field market within which to cut their teeth and grow their businesses. And it is virtually irresistible for foreign companies in search of new markets.
The second factor is China’s muscular, multifaceted industrial policy. Chinese authorities tap the leverage that comes from having an attractive market to impose a variety of market access conditions on foreign companies aimed at bolstering indigenous production and innovation. The Chinese government has also poured enormous amounts of basically free capital into favored Chinese firms and sectors, developed ambitious research and development plans backed by substantial funding, engaged in large-scale theft of intellectual property, ramped-up its involvement and influence in international standardization forums, and made concerted efforts to recruit scientists and engineers to bring their talents to China. This industrial policy is also increasingly international, as Chinese firms in sectors as diverse as telecommunications (e.g., ZTE) and rail transportation (e.g., CRRC) seek foreign markets for their goods and services, often in tandem with Chinese government programs such as the Belt and Road Initiative to use infrastructure and other investments as a way of reinforcing trade relationships.
The third factor is China’s ascendant innovation ecosystem, whose development over the past decade can be traced in significant part to the first two factors. Chinese firms such as Huawei, Alibaba, and CRRC are increasingly competitive globally, not just on price (thanks to comparative advantages and in some cases the free capital from the government) and customer service (ask Huawei customers about this!), but on their innovative features, too. In 2017, Huawei applied for the most patents at the European Patent Office—a first for a Chinese company. China is no longer a passive observer of innovation but an active force driving it.
Why does this factor matter for China’s ability to influence technology governance worldwide? Because technology often reflects the values and interests of its sociopolitical context. It is probably no accident, for example, that Chinese companies are global leaders in facial recognition surveillance technologies. Or that Tencent’s WeChat, among the world’s most popular apps, has purpose-built functionality to facilitate censorship, surveillance, and social credit scoring. (Or, for that matter, that U.S. technology companies such as Facebook reflect U.S. values concerning consumer privacy.)
The final factor is China’s creative and empowered regulatory culture. China’s regulatory apparatus has many flaws: corruption, vague rules, arbitrary enforcement, and so on. But Chinese regulators are also grappling with most of the same digital governance challenges as those in the United States, European nations, and other countries. They are developing thoughtful, novel, and at times deeply problematic approaches to these challenges, drawing self-consciously on ideas and concepts from the United States, Europe, and their own legal tradition. China’s digital governance framework is very much a work in progress, and there is a much livelier debate within China about these issues than is commonly appreciated. That said, the strategic contours of this framework are coming into focus: generous grants of interpretive and enforcement discretion to regulators, rules that impose extra burdens on foreign companies, and a normative structure that puts social stability and the interests of the state above all else.
Vision, energy, and leverage: These are what China is primed to bring to the governance table.
Individually, neither Europe nor the United States has a confluence of all four factors. Europe has market size—its economy is the biggest in the world—and creative, empowered regulators. But its innovation ecosystem is slow. Over the last seven years, innovation performance in China grew twice as quickly as in Europe. And though Europe’s roots are in industrial policy—it was originally called the European Coal and Steel Community—it has largely moved on to market integration and protection of fundamental rights. The United States is the world’s second-largest economy and boasts an innovation ecosystem that has no equal. For the better part of two decades, however, its regulators have mostly lain dormant, with laissez faire dominating digital governance since then-U.S. President Bill Clinton’s administration issued “The Framework for Global Electronic Commerce” in 1997. The so-called techlash in Washington has stirred bipartisan interest in more interventionist digital governance policies, but there is not much consensus yet on what those policies might look like. As for industrial policy, Washington can barely muster bipartisan support to sustain the Export-Import Bank.
Together, however, Europe and the United States are a formidable pair: nearly one-third of global economic output. Half of global R&D spending. Regulatory institutions guided by expertise and open to input from diverse stakeholders. A truly global network of diplomatic, security, and trade partners and alliances. And, perhaps most importantly, shared values about market-oriented innovation and trade, the rule of law, and the primacy of citizens’ rights.
We believe there is enormous untapped potential for a trans-Atlantic digital governance alliance built on a foundation of these shared values. Too often, commentary about U.S.-European relations emphasizes differences, when the reality is that the two are both cut from the same liberal, democratic cloth. So the first step toward a digital governance alliance is for both sides to reaffirm this truth.
The second step is to be clear about goals. In our view, the goals of the alliance should be to promote mutual understanding of risk perceptions and assessments, facilitate exchanges of policy and regulatory methodologies, and ultimately produce coordinated governance and international engagement strategies. Whatever one thought about the merits of the Transatlantic Trade and Investment Partnership, the process of negotiating it cast a horse-trading pall over U.S.-European regulatory cooperation. Overlay that with the pall cast by the Edward Snowden disclosures, and it’s no surprise that cooperation on technology especially has been hard for the past five years. Our assessment is that with trade negotiations more or less verboten on both sides of the Atlantic, an alliance along the lines of what we describe here now has a much more realistic chance to emerge.
The third step is to identify the channels of trans-Atlantic engagement most likely to yield these outcomes. This gets a little tricky, because digital governance issues do not respect established organizational competencies. Cybersecurity, for example, has cross-cutting regulatory, law enforcement, and international security dimensions.
On the U.S. side, this phenomenon points to the need for White House leadership to coordinate an interagency effort, at least in the early stages. This leadership can take many different forms but would at a minimum require participation and support from the National Security Council, the Office of Science and Technology Policy, the Office of Information and Regulatory Affairs, and the Office of the U.S. Trade Representative (though for the reasons described earlier, trade channels should not be the primary vector for developing the alliance).
In addition, for various legal and institutional cultural reasons, independent regulatory agencies such as the Consumer Product Safety Commission, the Federal Trade Commission, and the Securities and Exchange Commission may be reluctant to join a White House-led initiative. The Department of Commerce, along with the Treasury Department, could play an organizing and liaising role with these agencies.
On the European side, where competencies on these matters are often shared between Brussels and the EU member states, identifying a leadership model is especially challenging. With the formation of a new European Commission this November, however, there is an opportunity to bundle the responsibility for digital governance with the newly appointed executive vice president for the digital age. In particular, cooperation between the directorates-general for trade, competition, digital communications, and justice must be strengthened. A European digital agency could be a tool for the overall shaping of digital governance.
Such a European structure would put pressure on the member states to bundle their digital governance responsibilities. Coordinating institutions such as the minister of state for digitization in the German Federal Chancellery would then be strengthened. Antitrust authorities should be included in the initiative, as should the cross-sectional regulatory and supervisory authorities—in Germany, for example, the Federal Network Agency, the Federal Office for Information Security, and the Federal Commissioner for Data Protection.
The last step is to collaboratively identify two or three sectors to focus on initially. Launching the process with a handful of specific sectors will help clarify which organizations from government need to be directly involved at the outset and help the government organizations determine how to engage the private sector and civil society most effectively. The selection of initial sectors should be guided by a pragmatic calculus about the prospects for achieving the goals of the alliance. For example, transportation, especially automobiles, stands out to us as an attractive candidate, given the economic importance of the sector to the United States and Europe, important differences in how the two regulate autos, the presence of long-standing ties between U.S. and European auto regulators, and the many governance challenges that increased digitization and automation of vehicles will pose. Health care and energy also hold promise.
Other countries with shared interests and values, such as Japan, South Korea, and India, might eventually participate as well.
In the competition for influence over digital governance futures, the United States and Europe must step up their games. To some readers, this may sound like a call to encircle China and interfere with its economic growth. That is not our intention. Putting aside China for a moment, Europe and the United States are each other’s largest trade and investment partners, and they therefore have a legitimate interest in managing and even reducing regulatory friction for their companies. The cooperation we describe here would be prudent regardless of whether China was a factor on the global stage.
But China is a factor, and from what we have learned so far about its vision for digital governance, it is plainly at odds with U.S. and European interests and values. We hold out hope that the United States, China, and Europe can manage their tensions and continue to contribute to, and benefit from, a truly global innovation ecosystem. And, dare we say it, the three actors might even turn out to have areas of common interest, especially when it comes to matters of product safety or preserving global innovation ecosystems. But going down this path together—the United States and Europe—is the surest way to reach that destination, if it exists.
Andrew Grotto is a William J. Perry International Security Fellow at the Cyber Policy Center and a Research Fellow at the Hoover Institution, both at Stanford University.