In December 2022, China launched a new legal framework that recognizes and confers property rights for “big data” (data derived or constituted from personal or non-personal data) to entities engaged in creating such data sets. The framework also tries to ensure appropriate returns to the individuals and other entities whose data is used to create “big data”.

This paper examines the new property rights system implemented by China and attempts to understand how this may affect China’s position on data-related provisions in international trade negotiations.

Noting that the new property rights system seeks to aid data commercialization, the paper discusses the content, implementation, and challenges of the system, pointing to how the entire system is subject to national security-related regulations.

However, in keeping with obligations under the Regional Comprehensive Economic Partnership (RCEP), China has sought to liberalise certain service sectors such as fintech. The paper argues that the implementation of the RCEP in China is aided by the new property rights system and points to how China has already implemented measures in its free trade zones to liberalise certain service sectors (such as fintech services) in this regard.

With that said, the impact of the new property rights system on China’s approach to issues concerning data localization (cross-border data transfers and localization of computing facilities) is still to be determined. On the one hand, as the objective of the new property rights system is to promote data commercialization, provisions on cross-border transfers and localization of computing facilities under agreements such as the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the Digital Economy Partnership Agreement (DEPA) may be seen as more suitable. This is because foreign countries may not be able to restrict data transfers to China to the same extent as under the RCEP, thereby aiding Chinese businesses that seek to process data sourced from foreign jurisdictions. On the other hand, given that China’s legal framework is underpinned by national security interests, the RCEP does provide China with greater latitude to address its own security concerns. The paper therefore argues that in the long term, agreements such as the CPTPP and DEPA strike a better balance between security and promoting market efficiency than the RCEP.

Nevertheless, keep in mind that this comparison considers merely two normative interests: state security and economic development. While the CPTPP and DEPA may balance these considerations in a more efficient manner than the RCEP (i.e. these are more in line with China’s current economic goal of data commercialization), this does not suggest that they are preferable from a broader perspective, one that considers the effects of data flows on other normative issues (such as human rights and consumer protection). Several critics have provided evidence that the CPTPP and DEPA do not sufficiently account for such concerns.

While China’s Personal Information Protection Law and Civil Code confer rights over an individual’s data to the person concerned, they do not clarify the nature of rights and who has such rights over data sets that aggregate the personal data of multiple individuals. Similarly, there remains a lack of clarity over the rights enjoyed by an entity that collects and processes non-personal data to produce big data sets.

To clarify these issues and spur data commercialization, China enacted a new regulatory system in December 2022: the “Opinions on Building a Foundational System for Data to Enhance the Role of Data Factor”. In essence, the system avoids the issue of “ownership” of data and instead recognizes a data handler’s property rights to use and transfer certain types of data. Being a high-level policy document, the Opinions do not lay out rules for how data handlers can exercise their rights. These rules are prescribed by provincial governments and municipalities.

Salient features of the data property rights system include:

1. A clarification that “big data” is not “owned” by either the data subject or the data handler (the entity that produces the big data from individual data, akin to a data controller or processor)


2. The recognition of three separate property rights in big data that vest in the data handler by virtue of a process known as “original acquisition”, implying the creation of “new” data utilizing raw data collected from data subjects. Specifically, the data property rights system recognizes three rights that vest exclusively in the data handler:
   
   
   A. The right to hold a data resource
   B. The right to process and use (big) data
   C. The right to manage the (big) data product(s)


3. Data subjects continue to be able to exercise rights over the raw data collected from them under the Chinese Personal Information Protection Law. The rights conferred under this law are to take precedence over the right to use data for commercial purposes. Notably, data handlers must secure consent of data subjects (or find a statutory ground) for processing personal data; must ensure data subjects have a right to access/copy/transmit raw data; must comply with regulations concerning cross-border data transfers such as the need to conduct a security assessment, ensure certification, etc.


4. The data property rights system attempts to ensure an “economic return” to data subjects and the general public based on the principle of “who invests, who contributes, and who benefits”. This implies that all those who contribute towards creating “big data” should receive economic returns from its use. In addition, the system empowers the government to tax data handlers and to transfer receipts to data subjects to cover for any inadequacies in contributions made directly to them by data handlers. Finally, data handlers are encouraged to voluntarily donate their profits derived from big data processing/usage for the benefit of data subjects or the public at large. The system therefore aims to ensure the wealth created through the aggregation of data is distributed through society.


5. The entire data property rights system is subject to national security concerns, implying that the exercise of any rights by either the data subject or handler is subject to the broader national security interests identified by the government.

The data property rights system, while novel, also suffers from a lack of clarity in certain respects. Notably, it does not sufficiently clarify:

1. How the three property rights will be implemented in practice, thereby leading to inconsistencies in the implementation rules issued by provincial and municipal governments.


2. Whether data subjects have a right to access/use/transmit big data derived from their raw data (though this is unlikely because this defeats the purpose of the data property rights system, which is to vest exclusive rights over the big data in the data handler).


3. To what extent data subjects can enjoy economic returns from big data that is created using their raw data (i.e. how to allocate profits) and how such benefits can be realized in practice.

The paper examines two issues in this context: first, whether the new property rights system will enable or hinder entry of foreign data processing companies into China, and second, whether China’s interests in promoting data commercialization are aligned with provisions concerning data transfers and the localization of computing facilities in certain free trade agreements.

Noting that the new property rights system will regulate inbound and outbound data transmission in China, the paper argues that its implementation will enhance market access for foreign companies seeking to process data within China. It points to how China has already implemented measures in its free trade zones to liberalise certain service sectors (such as fintech services) in this regard.

The paper examines two types of provisions in free trade agreements that are of relevance to China’s aim of expanding data commercialization: provisions concerning cross-border data transfers and the location of computing facilities.

1. Cross-border data transfers: The Regional Comprehensive Economic Partnership (RCEP) (which is the only trade agreement China has entered into with provisions concerning cross-border data transfers and the location of computing facilities), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), and the Digital Economy Partnership Agreement (DEPA) all seek to enable enhanced cross-border data flows subject to proportionate and non-discriminatory derogations implemented for legitimate public policy objectives. Each allows derogations for national security interests, though the scope of such derogations is markedly greater under the RCEP, which provides signatories with greater flexibility. This, however, introduces an element of uncertainty with respect to continued cross-border data flows. Countries implementing restrictions on data flows into China may not align with China’s interest in expanding the global footprint of its data businesses.


2. Location of computing facilities: CPTPP and DEPA prohibit signatories from requiring the localization of computing facilities as a precondition to doing business within a country (subject to similar exceptions as provisions on cross-border data flows). RCEP contains a similar provision, though this is subject to an additional exception permitting derogation in case of national security interests.

Given the objective of the new property rights system is to promote data commercialization, the paper argues that provisions on cross-border transfers and the localization of computing facilities under the CPTPP and DEPA may be better suited to China’s objective of promoting data commercialization than the RCEP. While China’s domestic data framework is bound by national security concerns, its international outlook may be different to enable greater opportunities for Chinese companies to access and process personal and non-personal data sourced from other jurisdictions.

Furthermore, this analysis considers only two normative interests: state security and economic development. While the CPTPP and DEPA may balance these considerations in a more efficient manner than the RCEP, (i.e. these are more in line with China’s economic goal of data commercialization), this does not suggest that they are preferable from a broader perspective that considers effects of data flows on other normative concerns (such as human rights and consumer protection). In contrast, several critics have provided evidence that the CPTPP and DEPA do not sufficiently account for such interests.