Tag Archives: German data centers

Tesla as Catfish: When China Carps-Tech CEOs Fall in Line

Many countries are wrestling with how to regulate digital records. Some economies, including in Europe, emphasize the need for data privacy, while others, such as China and Russia, put greater focus on government control. The U.S. currently doesn’t have a single federal-level law on data protection or security; instead, the Federal Trade Commission is broadly empowered to protect consumers from unfair or deceptive data practices.

Behind China’s moves is a growing sense among leaders that data accumulated by the private sector should in essence be considered a national asset, which can be tapped or restricted according to the state’s needs, according to the people involved in policy-making. Those needs include managing financial risks, tracking virus outbreaks, supporting state economic priorities or conducting surveillance of criminals and political opponents. Officials also worry companies could share data with foreign business partners, undermining national security.


Beijing’s latest economic blueprint for the next five years, released in March 2021, emphasized the need to strengthen government sway over private firms’ data—the first time a five-year plan has done so. A key element of Beijing’s push is a pair of laws, one passed in June 2021, the Data Security Law,  and the other a proposal updated by China’s legislature in Apr0il 2021. Together, they will subject almost all data-related activities to government oversight, including their collection, storage, use and transmission. The legislation builds on the 2017 Cybersecurity Law that started tightening control of data flows.

The law will “clearly implement a more stringent management system for data related to national security, the lifeline of the national economy, people’s livelihood and major public interests,” said a spokesman for the National People’s Congress, the legislature. The proposed Personal Information Protection Law, modeled on the European Union’s data-protection regulation, seeks to limit the types of data that private-sector firms can collect. Unlike the EU rules, the Chinese version lacks restrictions on government entities when it comes to gathering information on people’s call logs, contact lists, location and other data.

In late May 2021, citing concerns over user privacy, the Cyberspace Administration of China singled out 105 apps—including ByteDance’s video-sharing service Douyin and Microsoft Corp.’s Bing search engine and LinkedIn service—for excessively collecting and illegally accessing users’ personal information. The government gave the companies named 15 days to fix the problems or face legal consequences….

Beijing’s pressure on foreign firms to fall in line picked up with the 2017 Cybersecurity Law, which included a provision calling for companies to store their data on Chinese soil. That requirement, at least initially, was largely limited to companies deemed “critical infrastructure providers,” a loosely defined category that has included foreign banks and tech firms….Since 2021, Chinese regulators have formally made the data-localization requirement a prerequisite for foreign financial institutions trying to get a foothold in China. Citigroup Inc. and BlackRock Inc. are among the U.S. firms that have so far agreed to the rule and won licenses to start wholly-owned businesses in China…

Senior officials have publicly likened Tesla to a “catfish” rather than a “shark,” saying the company could uplift the auto sector the way working with Apple and Motorola Mobility LLC helped elevate China’s smartphone and telecommunications industries. To ensure Tesla doesn’t become a security risk, China’s Cyberspace Administration recently issued a draft rule that would forbid electric-car makers from transferring outside China any information collected from users on China’s roads and highways. It also restricted the use of Tesla cars by military personnel and staff of some state-owned companies amid concerns that the vehicles’ cameras could send information about government facilities to the U.S. In late May 2021, Tesla confirmed it had set up a data center in China and would domestically store data from cars it sold in the country. It said it joined other Chinese companies, including Alibaba and Baidu Inc., in the discussion of the draft rules arranged by the CyberSecurity Association of China, which reports to the Cyberspace Administration…

Increasingly, China’s president, Mr. Xi, leaned toward voices advocating greater digital control. He now labels big data as another essential element of China’s economy, on par with land, labor and capital.  “From the point of view of the state, anti-data monopoly must be strengthened,” said Li Lihui, a former president of state-owned Bank of China Ltd. and now a member of China’s legislature. He said he expects China to establish a “centralized and unified public database” to underpin its digital economy.

Excerpts from China’s New Power Play: More Control of Tech Companies’ Troves of Data, WSJ, June 12, 2021

Who Controls Peoples’ Data?

The McKinsey Global Institute estimates that cross-border flows of goods, services and data added 10 per cent to global gross domestic product in the decade to 2015, with data providing a third of that increase. That share of the contribution seems likely to rise: conventional trade has slowed sharply, while digital flows have surged. Yet as the whole economy becomes more information-intensive — even heavy industries such as oil and gas are becoming data-driven — the cost of blocking those flows increases…

Yet that is precisely what is happening. Governments have sharply increased “data localisation” measures requiring information to be held in servers inside individual countries. The European Centre for International Political Economy, a think-tank, calculates that in the decade to 2016, the number of significant data localisation measures in the world’s large economies nearly tripled from 31 to 84.

Even in advanced economies, exporting data on individuals is heavily restricted because of privacy concerns, which have been highlighted by the Facebook/ Cambridge Analytica scandal. Many EU countries have curbs on moving personal data even to other member states. Studies for the Global Commission on Internet Governance, an independent research project, estimates that current constraints — such as restrictions on moving data on banking, gambling and tax records — reduces EU GDP by half a per cent.

In China, the champion data localiser, restrictions are even more severe. As well as long-established controls over technology transfer and state surveillance of the population, such measures form part of its interventionist “ Made in China 2025 ” industrial strategy, designed to make it a world leader in tech-heavy sectors such as artificial intelligence and robotics.

China’s Great Firewall has long blocked most foreign web applications, and a cyber security law passed in 2016 also imposed rules against exporting personal information, forcing companies including Apple and LinkedIn to hold information on Chinese users on local servers. Beijing has also given itself a variety of powers to block the export of “important data” on grounds of reducing vaguely defined economic, scientific or technological risks to national security or the public interest.   “The likelihood that any company operating in China will find itself in a legal blind spot where it can freely transfer commercial or business data outside the country is less than 1 per cent,” says ECIPE director Hosuk Lee-Makiyama….

Other emerging markets, such as Russia, India, Indonesia and Vietnam, are also leading data localisers. Russia has blocked LinkedIn from operating there after it refused to transfer data on Russian users to local servers.

Business organisations including the US Chamber of Commerce want rules to restrain what they call “digital protectionism”. But data trade experts point to a serious hole in global governance, with a coherent approach prevented by different philosophies between the big trading powers. Susan Aaronson, a trade academic at George Washington University in Washington, DC, says: “There are currently three powers — the EU, the US and China — in the process of creating separate data realms.”

The most obvious way to protect international flows of data is in trade deals — whether multilateral, regional or bilateral. Yet only the World Trade Organization laws governing data flows predate the internet and have not been thoroughly tested through litigation. It recently recruited Alibaba co-founder Jack Ma to front an ecommerce initiative, but officials involved admit it is unlikely to produce anything concrete for a long time. In any case, Prof Aaronson says: “While data has traditionally been addressed in trade deals as an ecommerce issue, it goes far wider than that.”

The internet has always been regarded by pioneers and campaigners as a decentralised, self-regulating community. Activists have tended to regard government intervention with suspicion, except for its role in protecting personal data, and many are wary of legislation to enable data flows.  “While we support the approach of preventing data localisation, we need to balance that against other rights such as data protection, cyber security and consumer rights,” says Jeremy Malcolm, senior global policy analyst at the Electronic Frontier Foundation, a campaign for internet freedom…

Europe has traditionally had a very different philosophy towards data and privacy than the US. In Germany, for instance, public opinion tends to support strict privacy laws — usually attributed to lingering memories of surveillance by the Stasi secret police in East Germany. The EU’s new General Data Protection Regulation (GDPR), which comes into force on May 25, 2018 imposes a long list of requirements on companies processing personal data on pain of fines that could total as much as 4 per cent of annual turnover….But trade experts warn that the GDPR is very cautiously written, with a blanket exemption for measures claiming to protect privacy. Mr Lee-Makiyama says: “The EU text will essentially provide no meaningful restriction on countries wanting to practice data localisation.”

Against this political backdrop, the prospects for broad and binding international rules on data flow are dim. …In the battle for dominance over setting rules for commerce, the EU and US often adopt contrasting approaches.  While the US often tries to export its product standards in trade diplomacy, the EU tends to write rules for itself and let the gravity of its huge market pull other economies into its regulatory orbit. Businesses faced with multiple regulatory regimes will tend to work to the highest standard, known widely as the “Brussels effect”.  Companies such as Facebook have promised to follow GDPR throughout their global operations as the price of operating in Europe.

Excerpts from   Data protectionism: the growing menace to global business, Financial Times, May 13, 2018

Data Security: Real Fear

On its website, ProfitBricks touts what it calls “100 percent German data protection,” underneath the black, red, and gold colors of the German flag. “Having a German cloud helps tremendously,” says Markus Schaffrin, an IT security expert at Eco, a lobbying group for Internet companies. “Germany has some of the most stringent data-protection laws, and cloud-service providers with domestic data centers are of course highlighting that.”

The companies known as the Mittelstand—the small and midsize enterprises that form the backbone of the German economy—are rapidly embracing the idea of the networked factory. Yet they remain wary of entrusting intellectual property to a cloud controlled by global technology behemoths and possibly subject to government snooping. “Small and medium enterprises are afraid that those monsters we sometimes call Internet companies will suck out the brain of innovation,” says Joe Kaeser, chief executive officer of Siemens, which in March began offering cloud services using a network managed by German software powerhouse SAP.

In a case being closely watched in Germany, the U.S. Department of Justice has demanded that Microsoft hand over e-mails stored on a data server in Ireland. The software maker argues that the U.S. has no jurisdiction there; the U.S. government says it does, because Microsoft is an American company. …

U.S. companies aren’t ceding the market. Microsoft will offer its Azure public cloud infrastructure in German data centers, with T-Systems acting as a trustee of customer data. The companies say the arrangement will keep information away from non-German authorities. And IBM in December opened a research and sales hub for Watson, its cloud-based cognitive computing platform, in Munich—a move intended to reassure Mittelstand buyers about the security of their data. “If a customer wants data never to leave Bavaria, then it won’t,” says Harriet Green, IBM’s general manager for Watson. “I’m being invited in by many, many customers in Germany, because fear about security is very, very real.”

Excerpts from Building a National Fortress in the Cloud, Bloomberg, May 19, 2016