Revolutions in the nineteenth and twentieth centuries played a pivotal role in shrinking and flattening the world, developing advanced analytics, and driving automation. With the fourth Industrial Revolution now upon us, digitalization is changing how wars are fought, services are provided, money is transferred, and business is conducted. Many of these transformations are embodied in the cloud. Today, cloud computing is changing how society processes data, raising new challenges. Technological competition underpins tensions between two great powers: the United States and China. Their race for a greater global cloud footprint fuels tensions over how dataยญ flows should be governed. At present, the global architecture for data governance is severely underdeveloped. The United States and China have opposing visions of how data should be protected and exchanged globally. American and Chinese models are also challenged by โthird-way visionsโ from the European Union and India, large digital players in their own right. Despite these national and regional differences, a global approach must guide data governance. A common reference point for all countries would create a diverse and inclusive global digital order.
The State of Play
As an โon-demandโ computing technology, the cloud provides the infrastructure for software to run on and be accessed remotely and at any time. The cloud also provides the computational power required to run and scale emerging technologies such as quantum computing, artificial intelligence, and machine learning. Over the past decade, cloud technology has become a key driver of business digitalization, delivering public services, and managing conflict.
Due to the increasing importance of cloud computing to security and development, its market is expected to be worth $2,321 billion by 2032. Such economic potential has made it a key battleground of the technology competition between the United States and Chinaโand leading cloud service providers (CSPs) in both countries. At present, three major American tech companies dominate the market: Amazon (Amazon Web Services), Microsoft (Microsoft Azure), and Alphabet (Google Cloud Platform). However, with their ability to provide cost-effective products and services, Chinese companies, namely Alibaba and Tencent, are quickly catching up.
Great Powers and the Global Cloud Contest
The US-China rivalry in cloud computing is also geopolitical, as cloud technology raises questions related to sovereignty, political systems, rights, and regulation. Cloud technology facilitates cross-border data flows through undersea cables. As a result, if an individual or entity chooses to use a particular CSP, they inadvertently become subject to the law of that CSPโs nation. Over the past decade, the geopolitical salience of cloud technology has intensified. Concerns over surveillance, possible backdoors, and sabotage have increased, particularly in light of the 2013 Snowden revelations, which exposed the extent of surveillance by American intelligenceโeven on its closest allies.
American and Chinese CSPs are subject to entirely different systems of regulation and norms. American CSPs reflect market-centered governance that emphasizes free data flows. The US viewโstrongly capitalist and techno-positivistโhas underpinned the emergence of the internet, as we know it today. While certain federal laws protect citizensโ data from the government, they do not apply to private companies. As such, the United States has not established a comprehensive federal law for data protection. In 2018, the United States passed the Cloud Act, which allows authorities to access data stored on servers of American technology companies even if the data is stored outside of U.S. territory. This gives the U.S. government access to not just American citizensโ data, but also that of foreigners who use the services of American CSPs. In a world centered around an American vision of data governance, data would flow freely. But since the largest CSPs are American, American companies and, therefore, the US state would have access to vast amounts of data worldwide, which could translate into geopolitical leverage.
Chinese CSPs are subject to greater state control. The Peopleโs Republic of China (PRC) uses advanced technologies to monitor domestic data and enforce censorship. In 2020, the PRC added to its 2017 Cybersecurity Law, imposing stricter censorship and establishing national standards to localize cloud infrastructure in China. This not only impacted Chinese CSPs working within China but also Chinese CSPs operating abroad. When Chinese CSPs operate abroad, they remain subject to Chinese regulations and laws, namely those related to censorship and state surveillance. While Chinese companies have previously refused law enforcement data requests, the government can override any such refusal and access company data. Unlike the American vision of data governance, the Chinese model would give states the power to scrutinize data before it reaches society, amplifying state control.
Third-Way Visions
When a third country adopts either the US or the Chinese model, that country loses some control over the data generated within its borders. The European Union and India have each proposed an alternative โthird wayโ of data governance. The European Unionโs model centers on statesโ allowing individuals to consciously consume digital technology. It includes protecting individual rights and individualsโ ability to engage with digital technology in a self-determined way. While a region-wide policy on CSPs is underdeveloped, the EU model of data governance focuses on data protectionโbut not at the cost of disrupting global data flows, which it views as essential for economic growth. Indeed, the European Union seeks to manage a delicate balance between pursuing an independent vision and one that does not conflict with the U.S. preference for free data flows.
The Indian vision centers first on โdata sovereignty,โ with the state regulating data generated within its borders. At present, all CSPs in India are subject to domestic information technology (IT) and privacy regulations. There is also concern about โdata colonialism,โ which implies that data is not for foreign companiesโ profit but for improving domestic institutions. However, India also believes that some level of data sharing is essential to reach developmental goals such as digital public infrastructure provision and citizen-centric solutions. As a result, India has initiated several programs such as โGI Cloudโ or โMeghraj,โ which invite domestic and foreign companies to apply to be providers of โbasic cloud servicesโ to provide e-services to its citizens. As Indiaโs cloud market now outpaces the global average, the country seeks to shape the global rules on digital governance, protecting its own interests. Some technology companies, however, have resisted Indiaโs approach to data regulationโparticularly concerning Indiaโs data localization requirements. India has since relaxed its stance in recent amendments.
Despite their differences, EU and Indian visions demonstrate that the US-China contest will not decide global data governance on its own. By disrupting the larger powers, these โthird-way visionsโ present compelling alternatives that can inform a global governance architecture in digital technology. These models will change how American and Chinese companies function in other countries while promoting European and Indian cloud technology that could level the playing field in the global cloud market.
Global Digital Governance and Responsible Innovation Practices
Each distinct vision for data governance embraces an alternative understanding of the role and protection of data. Historically, geopolitical competition has been a major catalyst for technological advancements. Given the economic benefits of cross-border data flows, the world must take a global approach to data governance.
A global data governance model should leverage the strengths of each model of data governance through a โcluster of excellenceโ approach. For instance, the US model leads in promoting innovation, the European Union in protecting individual rights, China in cost and scale, and India in establishing digital public infrastructure. Basing high-level discussions around complementary strengths can create a constructive environment for data governance. While bilateral discussions can be useful for individual issues, technology-focused institutions such as the European Unionโs Trade and Technology Councils with the U.S. and India respectfully are also valuable avenues for data governance. Multilateral institutions such as the International Telecommunication Unit of the United Nations and the G20 should seek to establish international standards for data governance as a common reference point for all countries. Indeed, the focus on technology is already intensifying at the G20, enabling it to effectively contribute to ongoing efforts to establish global standards for data governance. Such forums are necessary to establish an inclusive digital order.
. . .
Dr. Sharinee L. Jagtiani is a Post-doctoral Fellow in International Digital Policy at the Hasso Plattner Institute (HPI) for Digital Engineering, University of Potsdam. She is also an Associate at the Institute for Asian Studies, German Institute of Global and Area Studies (GIGA). She holds a PhD in International Relations from the University of Oxford and has published on geopolitics and technology, Indo-Pacific foreign policy and security, and the international relations of the Global South.
Image Credits: Wikimedia Commons
