Get­ting to the bot­tom of the Chi­nese Social Cred­it System.

Dr Thomas Pattloch, LL.M.Eur.
Dr Thomas Pat­t­loch, LL.M.Eur.

In her Duet inter­view with Dr Thomas Pat­t­loch, renowned legal expert for Chi­na, Dr Cal­daro­la, author of the recent book Big Data and Law, dis­cuss­es how Chi­na process­es data and which data pro­tec­tion law reg­u­lates the data pro­cess­ing in question

Chi­na is rac­ing towards the dig­i­tal future and is seek­ing to become world mar­ket leader in mat­ters regard­ing arti­fi­cial intel­li­gence (AI).  Mobile phones orga­nize lives com­plete­ly in Chi­na. Cash pay­ments are vir­tu­al­ly unknown. Facial recog­ni­tion is ubiq­ui­tous in the big cities.  Med­i­cine is at the cusp of a rev­o­lu­tion, for many hos­pi­tals are already work­ing with AI in order to rec­og­nize dis­eases faster and with greater pre­ci­sion. Metrop­o­les like Shen­zhen are turn­ing into Smart Cities – urban sec­tors are receiv­ing a sort of dig­i­tal brain which has every­thing in its focus. By the end of 2021, Chi­na will have 600 mil­lion sur­veil­lance cam­eras oper­at­ing in pub­lic spaces. Every step and move­ment is being record­ed- and not just via these sur­veil­lance cam­eras.  Every­thing is vis­i­ble and acces­si­ble. Peo­ple are being exposed at train sta­tions by hav­ing high­ly sen­si­tive infor­ma­tion being made pub­lic, regard­ing pay­ment of tax­es, traf­fic infrac­tions, obser­va­tion of envi­ron­men­tal reg­u­la­tions etc. Every­thing is being col­lect­ed and eval­u­at­ed in a Social Cred­it Sys­tem – a data-based rat­ing sys­tem, which is meant to influ­ence how peo­ple behave.  Kai Strittmat­ter, Ran­ga Yogesh­war as well as Shoshana Zuboff point to a pic­ture of sur­veil­lance cap­i­tal­ism.  What is the basis for the col­lec­tion and eval­u­a­tion of data? 

Dr Thomas Pat­t­loch: Legal­ly speak­ing, the legal frame­work came after the tech­nol­o­gy. Nev­er­the­less, the Social Cred­it Sys­tem goes back to as ear­ly as 2013. A range of impor­tant polit­i­cal and legal doc­u­ments issued then defined its start­ing point: The 18th Nation­al Con­gress of the Com­mu­nist Par­ty of Chi­na decid­ed to “strength­en the con­struc­tion of gov­ern­ment integri­ty, busi­ness integri­ty, social integri­ty, and judi­cial cred­i­bil­i­ty”, and the Third Ple­nary Ses­sion of the Par­ty’s 18th Cen­tral Com­mit­tee pro­posed to “estab­lish and improve a social cred­it inves­ti­ga­tion sys­tem, praise integri­ty, and pun­ish dishonesty.”

The “Opin­ions of the Cen­tral Com­mit­tee of the Com­mu­nist Par­ty of Chi­na and the State Coun­cil on Strength­en­ing and Inno­vat­ing Social Man­age­ment” then put for­ward the “estab­lish­ment and improve­ment of a social integri­ty sys­tem” and the “Out­line of the Twelfth Five-Year Plan for the Nation­al Eco­nom­ic and Social Devel­op­ment of the People’s Repub­lic of Chi­na” set the over­all require­ments of “speed­ing up the con­struc­tion of a social cred­it sys­tem”. The State Coun­cil on 14 June 2014 pro­mul­gat­ed its “Plan­ning Out­line for the Con­struc­tion of the Social Cred­it Sys­tem” with the plan­ning peri­od being from 2014 to 2020 (“State Coun­cil Outline”).

The reg­u­la­to­ry require­ments relat­ed to per­son­al cred­it report­ing ser­vices are based on the “Reg­u­la­tions on the Admin­is­tra­tion of Cred­it Report­ing Indus­try” pro­mul­gat­ed by the State Coun­cil on Jan­u­ary 21, 2013 and imple­ment­ed on March 15, 2013, and the “Mea­sures for the Admin­is­tra­tion of Cred­it Report­ing Insti­tu­tions,” issued by the Peo­ple’s Bank of Chi­na on Novem­ber 15, 2013 , imple­ment­ed on 20 Decem­ber 2013, fol­lowed by the “Admin­is­tra­tive Mea­sures for the Recor­da­tion of Cor­po­rate Cred­it Report­ing Insti­tu­tions”, issued on 20 Sep­tem­ber 2016 (“Reg­u­la­tions”). The SPC start­ed a black­list­ing sys­tem for non-com­pli­ance with court judg­ments under the Pro­vi­sions of the Supreme People’s Court on Releas­ing the List of Judg­ment Default­ers in Enforce­ment Pro­ceed­ing as far back as 1 Octo­ber 2013.

It is impor­tant to under­stand that when talk­ing about the “Social Cred­it” sys­tem, the term “cred­it” and what it implies is by no means clear­ly defined; the term used in Chi­nese relates to “exam­in­ing the reli­a­bil­i­ty”. The reg­u­la­tions them­selves do not define what “cred­it infor­ma­tion” is, while its Art. 2 defines the term “cred­it report­ing busi­ness” as mean­ing “activ­i­ties in which cred­it infor­ma­tion on enter­pris­es, pub­lic under­tak­ing insti­tu­tions and oth­er enti­ties as well as cred­it infor­ma­tion on indi­vid­u­als are col­lect­ed, sort­ed, stored, processed and pro­vid­ed to users”.  In its Art. 4, the “Inter­im Mea­sures for the Man­age­ment of Basic Per­son­al Cred­it Infor­ma­tion Data­base” refer to “indi­vid­ual cred­it infor­ma­tion” as “basic indi­vid­ual infor­ma­tion, indi­vid­ual infor­ma­tion on cred­it trans­ac­tions and any oth­er infor­ma­tion that may reflect the indi­vid­ual cred­it sta­tus. The term “basic indi­vid­ual infor­ma­tion” as men­tioned in the pre­ced­ing para­graph denotes such infor­ma­tion as the “iden­ti­ty, career and res­i­den­tial address of a nat­ur­al per­son.” The stan­dard “Basic Terms of Cred­it (GB/T 22117 – 2018)” defines “cred­it infor­ma­tion” with a nar­row mean­ing in the sense of abil­i­ty to pay back debt, and with a wider mean­ing in terms of integri­ty and law-abid­ing behaviour.

Data in prac­tice is wide­ly col­lect­ed both by gov­ern­men­tal organ­i­sa­tions and pri­vate asso­ci­a­tions which are either offi­cial­ly licensed to do so or – in spite of a lack of clear autho­ri­sa­tion – do col­lect data nonetheless.

The tra­di­tion­al cred­it infor­ma­tion sys­tem is run by the People’s Bank of Chi­na and not yet inter­linked with the new cred­it rat­ing sys­tems encour­aged and set up by the gov­ern­ment at all lev­els, in all indus­tries and all regions in Chi­na. The cred­it infor­ma­tion sys­tem in a broad­er sense also includes gov­ern­men­tal cred­it infor­ma­tion sys­tems, such as the Nation­al Enter­prise Cred­it Infor­ma­tion Sys­tem, social pub­lic cred­it infor­ma­tion sys­tem and oth­ers, but also the “Enforce­ment Infor­ma­tion Dis­clo­sure Net­work” oper­at­ed by the Supreme Peo­ple’s Court which pro­vides infor­ma­tion on per­sons sub­ject to exe­cu­tion and untrust­wor­thy per­sons sub­ject to exe­cu­tion of court judg­ments (report­ed­ly stand­ing at more than 14 mil­lion peo­ple entered into the court’s black­list­ing sys­tem by Feb­ru­ary 4, 2020).

This is com­ple­ment­ed by organ­i­sa­tions with a pro­claimed indus­try self-dis­ci­pline (mean­ing indus­try mon­i­tor­ing itself and cur­tail­ing deemed breach­es of prop­er behav­iour) , such as the Chi­na Inter­net Finance Asso­ci­a­tion (set up in 2016) and the Net­work Finan­cial Cred­it Report­ing sys­tem both of which pro­vide data shar­ing plat­forms for finan­cial infor­ma­tion involv­ing risky ven­tures, a sys­tem which came into life to address the need for more reli­able infor­ma­tion on lenders in the boom­ing online-lend­ing sec­tor in Chi­na. Oth­ers, like the Baix­ing Cred­it Report­ing Co. Ltd., are joint­ly estab­lished by eight pilot insti­tu­tions for per­son­al cred­it report­ing led by the Chi­na Inter­net Finance Asso­ci­a­tion and have been licensed by the gov­ern­ment since May 2019.

The State Coun­cil Out­line states that “the mod­ern mar­ket econ­o­my is a cred­it econ­o­my” and con­cludes that “advanc­ing the con­struc­tion of a social cred­it sys­tem is an effec­tive means to enhance social cred­i­bil­i­ty, pro­mote social mutu­al trust, and reduce social con­flicts.” It also adds that “improv­ing the social cred­it sys­tem is a nec­es­sary con­di­tion for deep­en­ing inter­na­tion­al coop­er­a­tion and exchanges, estab­lish­ing an inter­na­tion­al brand and rep­u­ta­tion, reduc­ing exter­nal trans­ac­tion costs, and enhanc­ing the country’s soft pow­er and inter­na­tion­al influence.”

The State Coun­cil Out­line has planned that “by 2020, the basic social cred­it laws, reg­u­la­tions and stan­dard sys­tem will be basi­cal­ly estab­lished, the cred­it infor­ma­tion sys­tem cov­er­ing the whole soci­ety based on the shar­ing of cred­it infor­ma­tion resources will be basi­cal­ly com­plet­ed, the cred­it super­vi­sion sys­tem will be basi­cal­ly sound, and cred­it. The ser­vice mar­ket sys­tem is rel­a­tive­ly com­plete, and the trust­wor­thy incen­tives and pun­ish­ment mech­a­nisms for dis­hon­esty are ful­ly func­tion­ing.” Yet the real­i­ty is still very dif­fer­ent, and while there is a gen­er­al per­cep­tion of an all-pow­er­ful sur­veil­lance state, inter­con­nec­tion and shar­ing of the many dif­fer­ent cred­it sys­tems in Chi­na is still a work in progress.

Our own Euro­pean GDPR is based on a vari­ety of basic prin­ci­ples, such as (a) infor­ma­tion­al self-deter­mi­na­tion; (b) trans­paren­cy: Which data are being processed for what pur­pose and by whom; (c) Alert sub­jects to the pos­si­bil­i­ty of autho­ri­sa­tion in the form of legal grounds requir­ing it or con­sent; (d) the right to be for­got­ten and data min­imi­sa­tion etc. Do these basic prin­ci­ples exist in Chi­na as well? And if they do, to the same lev­el or changed in some way? Mean­ing, have they been inter­pret­ed or applied dif­fer­ent­ly?  Or are dif­fer­ent basic prin­ci­ples being applied?  If so, which ones? What dif­fer­ences can be observed between Europe and China?

Accord­ing to Arti­cle 2 of the Reg­u­la­tions on the Man­age­ment of Cred­it Inves­ti­ga­tion Indus­try, “Cred­it Inves­ti­ga­tion Ser­vice” refers to “col­lect­ing, sort­ing, stor­ing, and pro­cess­ing the cred­it infor­ma­tion of enter­pris­es, insti­tu­tions and oth­er organ­i­sa­tions (here­inafter col­lec­tive­ly referred to as enter­pris­es) and per­son­al cred­it infor­ma­tion, and pro­vide activ­i­ties to users of information.”

At present, there are report­ed­ly more than 2,000 com­pa­nies in Chi­na engaged in ser­vices sim­i­lar to per­son­al cred­it report­ing. They are involved in the col­lec­tion, pro­cess­ing and sale of “basic per­son­al infor­ma­tion”, defined accord­ing to the Inter­im Mea­sures for the Man­age­ment of Basic Per­son­al Cred­it Infor­ma­tion Data­bas­es as name, cer­tifi­cate num­ber, bank card num­ber, mobile phone num­ber. It is impor­tant to note that data col­lect­ed in con­junc­tion with Social Cred­it Rank­ing does not qual­i­fy as being sub­ject to the var­i­ous reg­u­la­tions on the Cred­it Report­ing Indus­try: Art. 2(2) Admin­is­tra­tive Reg­u­la­tions on the Cred­it Report­ing Indus­try of 2013 explic­it­ly states that “Where for the pur­pose of per­form­ing their duties, state organs, or enti­ties which are autho­rised by laws and reg­u­la­tions and have func­tions of pub­lic admin­is­tra­tion, col­lect, sort out, store, process and release infor­ma­tion on enter­pris­es and indi­vid­u­als in accor­dance with laws, admin­is­tra­tive reg­u­la­tions and rel­e­vant pro­vi­sions of the State Coun­cil, these Reg­u­la­tions shall not apply.”

“Per­son­al data” car­ries both per­son­al rights and prop­er­ty fea­tures, and many of the prin­ci­ples of Euro­pean data pro­tec­tion law have also been adopt­ed in Chi­na to some extent, albeit not yet clear­ly declared in a law or reg­u­la­tion as under the GDPR, which may change with the advent of the Per­son­al Infor­ma­tion Pro­tec­tion Law, which is cur­rent­ly still being draft­ed and expect­ed to be passed in 2021.

There is no right to “infor­ma­tion­al self-deter­mi­na­tion,” such as under Ger­man law, and pri­va­cy is often under­stood in a much more lim­it­ed way.

In Chi­na, there are a large num­ber of dif­fer­ent laws and reg­u­la­tions gov­ern­ing and impact­ing cross-bor­der trans­fer of per­son­al data, such as the Nation­al People’s Con­gress on Strength­en­ing the Net­work Infor­ma­tion Pro­tec­tion, the new Civ­il Code in its Art. 990 to 1000 on “per­son­al­i­ty rights” and Art. 1032 to 1039, includ­ing draft laws and reg­u­la­tions such as the upcom­ing Pri­vate Infor­ma­tion Pro­tec­tion Law, and the Cyber­space Affairs Com­mis­sion CAC Draft Per­son­al Infor­ma­tion Export Secu­ri­ty Assess­ment Mea­sures of 13 June 2019, to name a few. Oblig­a­tions stem­ming from these var­i­ous laws and reg­u­la­tion also affect for­eign organ­i­sa­tions since they are then viewed as net­work oper­a­tors and per­son­al infor­ma­tion recip­i­ents under Chi­nese law and – in accor­dance with the CAC draft mea­sures – the­o­ret­i­cal­ly oblige con­tract part­ners to also bind them accord­ing­ly; ref­er­ence to the GDPR is not suf­fi­cient. How­ev­er, in prac­tice it is still uncer­tain as to what fail­ure to do so will result into what poten­tial sanc­tions for for­eign counterparties.

Accord­ing to CAC draft mea­sures, all con­tracts which con­cern cross-bor­der export of PI should stip­u­late basic claus­es such as pur­pose, type and over­seas reten­tion time for infor­ma­tion export, PI sub­ject, com­pen­sa­tion oblig­a­tions in case of dam­ages suf­fered by data sub­jects, ter­mi­na­tion right/security assess­ment when infor­ma­tion recip­i­ent has dif­fi­cul­ties to per­form these oblig­a­tions under con­tract. Addi­tion­al claus­es should be added regard­ing oblig­a­tions of PI providers (infor­ma­tion rights etc.), PI recip­i­ents (access, dele­tion upon request, restrict­ed use, noti­fi­ca­tion oblig­a­tions) and regard­ing Re-trans­fer of recip­i­ents of PI. Both PI provider and its recip­i­ents (data pro­cess­ing enti­ties) bear joint and sev­er­al liability.

It is impor­tant to note that inter­pret­ing the prac­ti­cal appli­ca­tion of these require­ments is con­stant­ly chang­ing; in com­par­i­son with Europe, data is not only relat­ed to the pri­vate cit­i­zen, but also to cen­sor­ship, polit­i­cal con­trol, nation­al sov­er­eign­ty and a deep-run­ning scep­ti­cism and reser­va­tion with respect to pri­vate con­trol over the data in question.

My opin­ion is:


“Data may be the “oil of the future”, but how we deal with it will be the mea­sure of our val­ues and culture”.

Dr Thomas Pat­t­loch, LL.M.Eur.

The state in Chi­na seems to be tak­ing on a dif­fer­ent role com­pared to that of Euro­pean states. While Euro­pean gov­ern­ments seem to fear that a pow­er shift is occur­ring in favour of pri­vate economies, it appears that a dif­fer­ent sce­nario is tak­ing place in Chi­na with the state hav­ing a sig­nif­i­cant influ­ence, if not a man­ag­ing and steer­ing role. The telecom­mu­ni­ca­tions firm Huawei, the inter­net trad­er Aliba­ba, the chat eval­u­a­tor Ten­cent as well as Vision­era which eval­u­ates move­ment and facial pro­files all take part in the Social Cred­it Sys­tem and are sub­or­di­nate to the Chi­nese Com­mu­nist Par­ty. What does sub­or­di­nate mean in this con­text, what lib­er­ties do these com­pa­nies enjoy or are they sim­ply an exten­sion of the var­i­ous tools at the dis­pos­al of the Chi­nese state?

The State Coun­cil Out­line of 2014 describes the role of the state in a very clear and straight­for­ward man­ner: “The gov­ern­ment pro­motes and the soci­ety builds togeth­er. Give full play to the gov­ern­men­t’s orga­ni­za­tion, guid­ance, pro­mo­tion and demon­stra­tion role.” It also adds: “Each indus­try is respon­si­ble for the orga­ni­za­tion and release of cred­it infor­ma­tion for the indus­try.” Final­ly, it also includes the goal of improv­ing “the inter-min­is­te­r­i­al joint con­fer­ence sys­tem for the con­struc­tion of the social cred­it system.”

Report­ed­ly, in the past, Ten­cent and Alibaba/Ant Finan­cial Group refused to coop­er­ate with the People’s Bank to release and share their data on finan­cial trans­ac­tions, which is impor­tant to reduce reliance on the two dom­i­nant tech­nol­o­gy play­ers in the mar­ket- at least from a gov­ern­men­tal per­spec­tive.  Recent actions against Ant Finan­cial Group show that pri­vate com­pa­nies have some free­dom, but must adhere to gov­ern­ment line and will be brought to heel if they do not fol­low Com­mu­nist Par­ty guid­ance. From a West­ern per­spec­tive, this clear­ly demon­strates the pri­ma­cy of pol­i­tics over com­pa­ny plans and com­mer­cial objectives.

Euro­pean cit­i­zens would find it strange if cer­tain infor­ma­tion was made pub­licly known as part of a Social Cred­it Sys­tem. How is this sys­tem per­ceived by Chi­nese cit­i­zens? Is it part of the dai­ly rou­tine, con­sid­ered to be nor­mal or is it even tra­di­tion­al? What is the basis for these dif­fer­ences with regard to Europe? Can we speak of anoth­er type of ethics? Anoth­er form of gov­ern­ment? Or are there oth­er rea­sons at work here?

The offi­cial goal of the Social Cred­it sys­tem was orig­i­nal­ly to address “seri­ous pro­duc­tion safe­ty acci­dents, food and drug safe­ty Inci­dents”, close the gap “between cred­i­bil­i­ty of gov­ern­ment affairs and judi­cial cred­i­bil­i­ty and the expec­ta­tions of the peo­ple”, to “reduce gov­ern­ment admin­is­tra­tive inter­ven­tion in the econ­o­my and improve the social­ist mar­ket.” Its “main con­tent is to pro­mote the con­struc­tion of gov­ern­ment integri­ty, busi­ness integri­ty, social integri­ty and judi­cial cred­i­bil­i­ty, to pro­mote the estab­lish­ment of a cul­ture of integri­ty, estab­lish trust­wor­thy incen­tives and pun­ish­ment for dishonesty.”

It is unde­ni­able that the sys­tem aims at com­plete (or at least bet­ter) con­trol over the actions of its cit­i­zens (includ­ing state-owned com­pa­nies) at all lev­els, to increase over­sight, trans­paren­cy and to influ­ence behav­iour. Many food and finan­cial scan­dals, but also abuse of pow­er, pose seri­ous issues for Chi­nese cit­i­zens, which have lit­tle prac­ti­cal means to fight back. The sys­tem is thus over­whelm­ing­ly seen as pos­i­tive, a step for­ward by using tech­nol­o­gy to – from a gov­ern­ment per­spec­tive – pro­mote the Chi­nese way of life and governance.

A key to why observers from out­side of Chi­na per­ceive this sys­tem so dif­fer­ent­ly lies in a com­plete­ly con­tra­dic­to­ry sys­tem of val­ues, such as par­tic­i­pa­tion by cit­i­zens regard­ing the pow­ers to shape soci­ety, a very dif­fer­ent under­stand­ing of the role and func­tion of the courts and fun­da­men­tal rights of its cit­i­zens, and a very dif­fer­ent his­tor­i­cal expe­ri­ence con­cern­ing chaos and abuse of power.

Has China‘s Social Cred­it Sys­tem been suc­cess­ful in influ­enc­ing how peo­ple behave? What suc­cess can be observed in Chi­na? Are Chi­nese cit­i­zens become bet­ter people?

“Con­trol over peo­ple“ is dif­fi­cult under any gov­ern­men­tal sys­tem, and while sta­bil­i­ty and a har­mo­nious social­ist soci­ety are pri­ma­ry goals for Chi­nese lead­er­ship, the state remains high­ly sus­pi­cious that peo­ple would resort to amoral and harm­ful behav­iour if left unsu­per­vised. A tech­ni­cal sys­tem may make exe­cu­tion of pow­er and “edu­ca­tion of mass­es” more effec­tive, but its sta­bil­i­ty and use­ful­ness still remain to be judged in the future. The bench­mark has been set by the State Coun­cil and CCP itself: “Car­ry out mass moral appraisal activ­i­ties, analyse and appraise the phe­nom­e­non of lack of integri­ty and non-cred­it, and guide peo­ple to be hon­est and trust­wor­thy, obey the morals and be respect­ful.” The “step by step” build­ing process (State Coun­cil Out­line) con­tin­ues, but inte­grat­ing Chi­na into a glob­al sys­tem both with regard to cul­tur­al inte­gra­tion and polit­i­cal accep­tance in the West has come to an abrupt halt. Whether such a sys­tem can be har­monised with a West­ern sys­tem based on indi­vid­ual rights and data pro­tec­tion remains high­ly doubtful. 

It is sup­pos­ed­ly pos­si­ble to assign 5198 indi­vid­ual data ele­ments to one cit­i­zen, which stem from a total of 97 author­i­ties which are con­nect­ed to one anoth­er. What is the legal basis of such net­work­ing at the state author­i­ty level? 

The State Coun­cil Out­line states that “All depart­ments must fol­low the prin­ci­ples of data stan­dard­i­s­a­tion and appli­ca­tion stan­dard­i­s­a­tion, rely­ing on major nation­al infor­ma­ti­sa­tion projects, inte­grate cred­it infor­ma­tion resources in the indus­try, real­ize the elec­tron­ic stor­age of cred­it records, accel­er­ate the con­struc­tion of cred­it infor­ma­tion sys­tems, and accel­er­ate the advance­ment of inter-indus­try cred­it infor­ma­tion inter­con­nec­tion inter­com­mu­ni­ca­tion.” It also adds: “All regions and indus­tries should be demand-ori­ent­ed, under the premise of pro­tect­ing pri­va­cy, clear respon­si­bil­i­ties, and time­ly and accu­rate data, and in accor­dance with the prin­ci­ple of risk diver­si­fi­ca­tion, estab­lish a cred­it infor­ma­tion exchange and shar­ing mech­a­nism, make over­all use of the exist­ing cred­it infor­ma­tion sys­tem infra­struc­ture, and advance in accor­dance with the law.” The right to put data into the var­i­ous cred­it sys­tems is nowa­days always explic­it­ly includ­ed into the Cyber Secu­ri­ty Law, Per­son­al Infor­ma­tion Pro­tec­tion Law, Data Secu­ri­ty Law and many oth­er laws and reg­u­la­tions. Thus, leg­is­la­tion is catch­ing up and cre­at­ing the legal basis to store and share cred­it-relat­ed information.

Glob­al­i­sa­tion as well as the cross-bor­der projects being car­ried out, such as Big Data, Indus­try 4.0, dig­i­tal eco-sys­tems and mar­ket places etc. require uni­form pro­cess­ing of data yet data pro­tec­tion laws vary across the globe – as we have seen in an ear­li­er inter­view with Prof. Dr Weber. Which ways of man­ag­ing data will gain the upper hand?  What is active­ly being done to come to a con­sen­sus regard­ing how data is han­dled? Is there a debate cur­rent­ly tak­ing place between Chi­na and Europe con­cern­ing how data is being man­aged? Or are these dis­par­i­ties sim­ply being ignored? What obsta­cles and dif­fer­ences would need to be over­come in order to har­monise the vary­ing atti­tudes with regard to data and what could a com­pro­mise look like?

The EU Com­mis­sion and the mem­ber states are in an active dia­logue with the Chi­nese gov­ern­ment, which also includes top­ics, such as the rule of law, data pro­tec­tion and data sov­er­eign­ty. The con­trol of data is being increas­ing­ly linked to the com­pet­i­tive­ness of nation­al indus­try, nation­al secu­ri­ty and inno­v­a­tive strength, but also to the under­pin­ning and steer­ing of social order and the way of life in the respec­tive region. The debate about cross-bor­der data traf­fic and the rights of data sub­jects abroad already exists and will become more explo­sive and prob­lem­at­ic the more it is relat­ed to dif­fer­ent ide­o­log­i­cal basic social orders. There­fore, har­mon­i­sa­tion can only be expect­ed with regard to basic prin­ci­ples, but the dif­fer­ences in prac­tice and their inter­pre­ta­tion are like­ly to increase.

Chi­na invests sig­nif­i­cant­ly more cap­i­tal in dig­i­tal­i­sa­tion com­pared to oth­er coun­tries and, owing to its large pop­u­la­tion, has access to a tremen­dous amount of data which is a sig­nif­i­cant fac­tor for the dig­i­tal future. Chi­na is a trend-set­ter as far as the dig­i­tal rev­o­lu­tion is con­cerned. Are these the pre­req­ui­sites towards decid­ing to man­age data accord­ing to the Chi­nese mod­el at the glob­al level? 

The Chi­nese mod­el relies on cen­tral struc­tures and – as can be seen in the oli­gop­o­lies in Chi­na with Baidu, Ten­cent, Aliba­ba in the Inter­net and soft­ware sec­tors – is essen­tial­ly dri­ven by the idea of con­trol (includ­ing full trans­paren­cy for the state at all times) over data and con­tent. This con­tra­dicts fun­da­men­tal­ly “open” con­cepts, as char­ac­ter­ized by Google and Face­book, or oth­er con­cepts by Apple, which empha­size the con­trol of the indi­vid­ual over his/her per­son­al data. Tech­ni­cal­ly speak­ing, pay­ing with cell phones, order­ing food and pro­cess­ing online trans­ac­tions on the stock exchange may be seen as a rev­o­lu­tion; the fun­da­men­tal ques­tions about the clas­si­fi­ca­tion of the treat­ment of the under­ly­ing data are not answered by it, how­ev­er, but only created.

If I have under­stood your answers cor­rect­ly, the EU as well as Chi­na and 14 Asian-Pacif­ic states recent­ly con­clud­ed the largest free trade agree­ment in world. Can we expect these 14 coun­tries to har­monise their data pro­tec­tion laws with Chi­na? If so, what shape could this uni­for­mi­ty take on in legal terms? 

The Region­al Com­pre­hen­sive Eco­nom­ic Part­ner­ship RCEP hard­ly men­tions the cross-bor­der data flows or PI, and does not pro­vide for a har­mo­nized approach. While the RCEP may pro­vide a new plat­form for trade talks out­side of the WTO set­ting, doubts remain whether the high­ly diverse par­tic­i­pants, each with their own very dif­fer­ent lev­els of eco­nom­ic devel­op­ment, will pre­fer to push on and agree to fur­ther agree­ments under this umbrel­la organisation.

Thomas, thank you for shar­ing your insights on how Chi­na process­es data and which data pro­tec­tion law reg­u­lates the data pro­cess­ing in question.

Thank you, Cristi­na, and I look for­ward to read­ing your upcom­ing inter­views with rec­og­nized experts, delv­ing even deep­er into this fas­ci­nat­ing topic.

About me and my guest

Dr Maria Cristina Caldarola

Dr Maria Cristina Caldarola, LL.M., MBA is the host of “Duet Interviews”, co-founder and CEO of CU³IC UG, a consultancy specialising in systematic approaches to innovation, such as algorithmic IP data analysis and cross-industry search for innovation solutions.

Cristina is a well-regarded legal expert in licensing, patents, trademarks, domains, software, data protection, cloud, big data, digital eco-systems and industry 4.0.

A TRIUM MBA, Cristina is also a frequent keynote speaker, a lecturer at St. Gallen, and the co-author of the recently published Big Data and Law now available in English, German and Mandarin editions.

Dr Thomas Pattloch, LL.M.Eur.

Thomas is a partner with the international law firm Taylor Wessing, specializing in industrial property rights and technology transfer, with a particular focus on China, covering strategic establishment of IP and data-related rights, enforcement and assisting clients in particularly sensitive fields such as technology and competition-related aspects of license agreements, drafting of software and technology license agreements, designing R&D projects as well as IP transactions. Prior to joining Taylor Wessing, Dr Pattloch was the IP Officer of the European Commission’s DG Trade in China.

Dr Maria Cristina Caldarola

Dr Maria Cristina Caldarola, LL.M., MBA is the host of “Duet Interviews”, co-founder and CEO of CU³IC UG, a consultancy specialising in systematic approaches to innovation, such as algorithmic IP data analysis and cross-industry search for innovation solutions.

Cristina is a well-regarded legal expert in licensing, patents, trademarks, domains, software, data protection, cloud, big data, digital eco-systems and industry 4.0.

A TRIUM MBA, Cristina is also a frequent keynote speaker, a lecturer at St. Gallen, and the co-author of the recently published Big Data and Law now available in English, German and Mandarin editions.