Digital Asia

Data Sovereignty in Action

Ant Group and Didi Chuxing Case Studies

This report analyses China’s emerging data culture, especially China’s strategy to uphold data sovereignty and national security by tightening control over domestic and cross-border data flow through evolving legal regimes. Through the case studies of Ant Group and Didi Chuxin, we seek to understand the dynamics that shaped the innovation and data policies in China.

1. China’s digital economy is one of the largest in the world. Globally, nine ofthe top 20 technology companies are from China. China’s digital economy contributed 39.2 trillion yuan in 2020, about 38.6% of national GDP (Global Times,2021). China’s access to large volumes of data is one of its biggest competitiveadvantages in the global digital economy.

2.  In the past, domestic technology platform companies such as Alibaba, Tencent,Meituan, Didi Chuxing, encouraged by national policies and incentives, have contributed to the rise of digital economy, and played an unprecedented role in thenational transformation from a manufacturing driven economy to a services andconsumption driven economy.

3. It is until recent years that the Chinese government has shifted its policy and put more focus on tightening control over data flow and ownership since data has been elevated by the state as the fundamental factor of production which is an important and valuable strategic asset both for economic prosperity and national security.

4. The 2017 Cybersecurity Law (CSL), 2021 Data Security Law (DSL), and the expected soon Personal Information Protection Bill will form the foundation of the legal framework in China for regulating data flows and upholding data sovereignty.

5. Under the above legal framework and other related regulations, major technology platforms companies (e.g. Alibaba, Didi, Tencent etc.) have been investigatedand were punished due to various violation including anti-trust, national security, finance, labour and consumer rights, and privacy.

6. Case study 1: Ant Group (formerly known as Ant Financial), a fintech platform that is the largest mobile payments and financial services provider with over a billion users, was made to suspend its expected world record IPO in November 2020 and was demanded by the authority to reform its business model due to its unfaircompetition and monopolistic behaviour which includes data monopoly. The Antcase confirms that the Chinese government is setting new standards for how itslarge data platforms will be managed with a greater role for the state.

7. Case study 2: Didi Chuxing, a leading car hailing tech giant, was placed under Cybersecurity Review by the CSL to guard against national data security risks andwas forced to remove from app store, not long after Didi went public in the US in July 2021. As the investigation showed, Didi is considered a Critical Information Infrastructure (CII) which collects and generates personal information and important data and is required to undergo a security review if they wish to transfer datacross-borders.

8. In summary, this paper argued the China’s emerging data culture and its intention to uphold data sovereignty and national security by tightening controlover domestic and cross-border data flows through evolving legal regimes.


Ming Yin Ho