Given current power transitions and geopolitical disorder, various visions of data governance characterize the global cloudscape. The battle for a greater global footprint between the United States and China raises critical questions about how cross-border data flows are governed. Third-way visions by major digital players such as the European Union and India challenge those espoused by the United States and China. How these visions are reconciled will determine the future of the global digital order.

Revolutions in the nineteenth and twentieth centuries played a pivotal role in shrinking and flattening the world, developing advanced analytics, and driving automation. With the fourth Industrial Revolution now upon us, digitalization is changing how wars are fought, services are provided, money is transferred, and business is conducted. Many of these transformations are embodied in the Cloud. Today, cloud computing is changing how society processes data, raising new challenges. Technological competition underpins tensions between two great powers: the United States and China. Their race for a greater global cloud footprint fuels tensions over how data­ flows should be governed. At present, the global architecture for data Governance is severely underdeveloped. The United States and China have opposing visions of how data should be protected and exchanged globally. American and Chinese models are also challenged by “third-way visions” from the European Union and India, large digital players in their own right. Despite these national and regional differences, a global approach must guide data governance. A common reference point for all countries would create a diverse and inclusive global digital order.

The State of Play

As an “on-demand” computing technology, the cloud provides the infrastructure for software to run on and be accessed remotely and at any time. The cloud also provides the computational power required to run and scale emerging technologies such as quantum computing, artificial intelligence, and machine learning. Over the past decade, cloud technology has become a key driver of business digitalization, delivering public services, and managing conflict.

Due to the increasing importance of cloud computing to security and development, its market is expected to be worth $2,321 billion by 2032. Such economic potential has made it a key battleground of the technology competition between the United States and China—and leading cloud service providers (CSPs) in both countries. At present, three major American tech companies dominate the market: Amazon (Amazon Web Services), Microsoft (Microsoft Azure), and Alphabet (Google Cloud Platform). However, with their ability to provide cost-effective products and services, Chinese companies, namely Alibaba and Tencent, are quickly catching up.

Great Powers and the Global Cloud Contest

The US-China rivalry in cloud computing is also geopolitical, as cloud technology raises questions related to sovereignty, political systems, rights, and regulation. Cloud technology facilitates cross-border data flows through undersea cables. As a result, if an individual or entity chooses to use a particular CSP, they inadvertently become subject to the law of that CSP’s nation. Over the past decade, the geopolitical salience of cloud technology has intensified. Concerns over surveillance, possible backdoors, and sabotage have increased, particularly in light of the 2013 Snowden revelations, which exposed the extent of surveillance by American intelligence—even on its closest allies.

American and Chinese CSPs are subject to entirely different systems of regulation and norms. American CSPs reflect market-centered governance that emphasizes free data flows. The US view—strongly capitalist and techno-positivist—has underpinned the emergence of the internet, as we know it today. While certain federal laws protect citizens’ data from the government, they do not apply to private companies. As such, the United States has not established a comprehensive federal law for data protection. In 2018, the United States passed the Cloud Act, which allows authorities to access data stored on servers of American technology companies even if the data is stored outside of U.S. territory. This gives the U.S. government access to not just American citizens’ data, but also that of foreigners who use the services of American CSPs. In a world centered around an American vision of data governance, data would flow freely. But since the largest CSPs are American, American companies and, therefore, the US state would have access to vast amounts of data worldwide, which could translate into geopolitical leverage.

Chinese CSPs are subject to greater state control. The People’s Republic of China (PRC) uses advanced technologies to monitor domestic data and enforce censorship. In 2020, the PRC added to its 2017 Cybersecurity Law, imposing stricter censorship and establishing national standards to localize cloud infrastructure in China. This not only impacted Chinese CSPs working within China but also Chinese CSPs operating abroad. When Chinese CSPs operate abroad, they remain subject to Chinese regulations and laws, namely those related to censorship and state surveillance. While Chinese companies have previously refused law enforcement data requests, the government can override any such refusal and access company data. Unlike the American vision of data governance, the Chinese model would give states the power to scrutinize data before it reaches society, amplifying state control.

Third-Way Visions

When a third country adopts either the US or the Chinese model, that country loses some control over the data generated within its borders. The European Union and India have each proposed an alternative “third way” of data governance. The European Union’s model centers on states’ allowing individuals to consciously consume digital technology. It includes protecting individual rights and individuals’ ability to engage with digital technology in a self-determined way. While a region-wide policy on CSPs is underdeveloped, the EU model of data governance focuses on data protection—but not at the cost of disrupting global data flows, which it views as essential for economic growth. Indeed, the European Union seeks to manage a delicate balance between pursuing an independent vision and one that does not conflict with the U.S. preference for free data flows.

The Indian vision centers first on “data sovereignty,” with the state regulating data generated within its borders. At present, all CSPs in India are subject to domestic information technology (IT) and privacy regulations. There is also concern about “data colonialism,” which implies that data is not for foreign companies’ profit but for improving domestic institutions. However, India also believes that some level of data sharing is essential to reach developmental goals such as digital public infrastructure provision and citizen-centric solutions. As a result, India has initiated several programs such as “GI Cloud” or “Meghraj,” which invite domestic and foreign companies to apply to be providers of “basic cloud services” to provide e-services to its citizens. As India’s cloud market now outpaces the global average, the country seeks to shape the global rules on digital governance, protecting its own interests. Some technology companies, however, have resisted India’s approach to data regulation–particularly concerning India’s data localization requirements. India has since relaxed its stance in recent amendments.

Despite their differences, EU and Indian visions demonstrate that the US-China contest will not decide global data governance on its own. By disrupting the larger powers, these “third-way visions” present compelling alternatives that can inform a global governance architecture in digital technology. These models will change how American and Chinese companies function in other countries while promoting European and Indian cloud technology that could level the playing field in the global cloud market.

Global Digital Governance and Responsible Innovation Practices

Each distinct vision for data governance embraces an alternative understanding of the role and protection of data. Historically, geopolitical competition has been a major catalyst for technological advancements. Given the economic benefits of cross-border data flows, the world must take a global approach to data governance.

A global data governance model should leverage the strengths of each model of data governance through a “cluster of excellence” approach. For instance, the US model leads in promoting innovation, the European Union in protecting individual rights, China in cost and scale, and India in establishing digital public infrastructure. Basing high-level discussions around complementary strengths can create a constructive environment for data governance. While bilateral discussions can be useful for individual issues, technology-focused institutions such as the European Union’s Trade and Technology Councils with the U.S. and India respectfully are also valuable avenues for data governance. Multilateral institutions such as the International Telecommunication Unit of the United Nations and the G20 should seek to establish international standards for data governance as a common reference point for all countries. Indeed, the focus on technology is already intensifying at the G20, enabling it to effectively contribute to ongoing efforts to establish global standards for data governance. Such forums are necessary to establish an inclusive digital order.

***

Dr. Sharinee L. Jagtiani is a Post-doctoral Fellow in International Digital Policy at the Hasso Plattner Institute (HPI) for Digital Engineering, University of Potsdam. She is also an Associate at the Institute for Asian Studies, German Institute of Global and Area Studies (GIGA). She holds a PhD in International Relations from the University of Oxford and has published on geopolitics and technology, Indo-Pacific foreign policy and security, and the international relations of the Global South.

Image Credits: Wikimedia Commons