China recently applied to join the Digital Economy Partnership Agreement, a trade agreement aimed at improving collaboration and trade in the digital economy signed by three Pacific countries – New Zealand, Singapore, and Chile. There are many ways in which China would stand to benefit from joining the agreement, but the country’s recent tightening of data laws may stand in the way of its accession. We provide an overview of what the Digital Economy Partnership Agreement contains and discuss China’s chances of success.
At the 2021 G20 Summit in Rome, President Xi Jinping announced that China would seek to join the newly created Digital Economy Partnership Agreement (DEPA). A day later, on November 1, China’s Ministry of Commerce (MOFCOM) formally applied for China to join the agreement.
The DEPA, described as the first trade agreement to target the digital economy, has been entered into by New Zealand, Singapore, and Chile. It is a trade agreement that aims to facilitate digital trade, enable cross-border data flow, and create a system of trust in which data is shared equitably and personal and online consumer data is protected.
The agreement was signed by the three member countries on June 12, 2020, and went into force in New Zealand and Singapore on January 7, 2021. In addition to the three founding members, South Korea has formally applied to join, a request that has been accepted and will now undergo deliberation, and Canada has expressed interest in joining.
What does the DEPA agree to?
The DEPA contains 16 articles covering provisions on a wide range of business initiatives and data issues with the aim of cultivating a business and trade-friendly environment in the digital economy.
This includes facilitating digital business and trade by improving ease of business in the digital sphere, streamlining cross-border data transfer, creating open and equitable data-sharing mechanisms, and adhering to a transparent regulatory system to ensure data protection and equal opportunity for participation of all stakeholders in the digital economy.
In addition, the DEPA confirms the member countries’ commitment to collaborate on key digital technologies, such as artificial intelligence (AI) and fintech. It also agrees to waive certain customs duties for digital products and outlines mechanisms for dispute settlement, mediation, and the establishment of overseeing bodies in the different countries.
Below is a brief overview of some of the core provisions of the DEPA.
|Overview of Core Provisions of the DEPA
|Business and trade facilitation
- Enable the use of electronic trade documents.
- Create streamlined and interconnected systems for the submission of electronic documents and data.
- Share expertise and best practices on logistics.
- Support cross-border interoperability of e-invoicing.
- Expedite customs procedures for express shipments.
- Support the development of efficient, secure, and internationally interoperable electronic payment systems.
|Treatment of digital products and related issues
- Waive customs duties for electronic transmissions.
- Ensure non-discriminatory treatment of digital products and no regulations on cryptography products that require manufacturers to disclose proprietary information, partner with a specific party, or use a specific technology.
- Adopt a legal framework to ensure the protection of the personal information of all participants in electronic commerce and digital trade.
- Establish a system of mutually accepted ‘trustmarks’ to help verify compliance with personal data protection standards by businesses and facilitate safe cross-border information transfers.
- Allow electronic cross-border transfer of information, including personal information, for business purposes.
- Prohibit requirements for a business to use or locate computer servers or storage facilities in a country as a condition for conducting business in that country.
|Wider trust environment
- Cooperate on issues of cybersecurity by recognizing the importance of building computer security incident response capabilities, cooperating on identification and mitigation of malicious intrusions or dissemination of malicious code, and developing workforces in the field of cybersecurity.
- Promote cooperation to advance collaborative solutions to global issues affecting online safety and security.
|Business and consumer trust
- Minimize the dissemination of ‘unsolicited commercial electronic messages by adopting measures that provide users recourse to stop receiving said messages or require consent to send such messages.
- Implement laws to prevent online fraud or deception that could cause harm to consumers and provide recourse for consumers when there is a violation.
- Promote interoperability between the different countries’ legal and regulatory frameworks for digital identities, e.g., by providing comparable protection, implementing international frameworks, sharing knowledge and best practices, etc.
|Emerging trends and technologies
- Promote cooperation in the fintech sector, including in the private sector
- Promote the adoption of the ‘AI Governance Frameworks’ to support the trusted, safe and responsible use of AI technologies.
- Cooperate on competition policy, including sharing information and best practices to improve competition and cooperating on law enforcement.
|Innovation and the digital economy
- Recognize the importance of cross-border data flow, as well as the mechanisms that facilitate data sharing and transfer, for innovation and creativity in the digital environment.
- Promote data-driven innovation by collaborating on data-sharing projects and mechanisms and proof of concepts for new uses of data.
- Cooperate to identify ways to expand access to and use of open government data to promote business opportunities.
- Cooperate on enhancing trade and investment opportunities for SMEs in the digital economy
- Establish a free and publicly accessible website for sharing information of the DEPA that is relevant to SMEs as well as other practical information on participating in the digital economy that is pertinent to SMEs.
- Convene a Digital SME Dialogue to promote the benefits of DEPA to SMEs and encourage inclusive participation of stakeholders.
- Cooperate on matters relating to digital inclusion to encourage the participation of women, rural populations, low socio-economic groups, and Indigenous Peoples in the digital economy.
|Note: The above provisions are not exhaustive.
Source: Digital Economy Partnership Agreement (DEPA)
In addition to the above provisions, the document outlines requirements for each country to establish a joint committee, which is responsible for overseeing the implementation of the agreement, considering and making decisions on any proposed amendments, and establishing rules of procedure for the committee. The document also stipulates requirements on transparency and outlines dispute settlement mechanisms.
It is worth noting that the DEPA document is not legally binding, and many of the provisions do not directly require action from the members. Rather, they merely seek to promote mutual recognition and acceptance of various norms and standards related to the digital economy and drive collaboration on several cross-border issues, as they relate to business, data, and information sharing.
Why does China want to join DEPA?
China has not explicitly stated its reasoning behind its application to the DEPA. As many have pointed out, China’s application to DEPA came on the heels of its submission to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), a move that has been widely interpreted as an attempt to bolster relationships with the 11 Pacific member countries and undermine US influence in the region (although there are many other reasons why China would want to join). The application to join the DEPA can therefore be viewed as an extension of this, although the issue has received less international attention.
In its official statement, MOFCOM wrote that “Applying to join DEPA is in line with China’s moves to deepen domestic reforms and open further to the outside world. It will help China to strengthen cooperation in the digital economy with members under the new development pattern and promote innovation and sustainable development. China will now carry out follow-up work with all members in accordance with the relevant procedures of DEPA”.
When looking at potential motives, it is clear there is much in the DEPA that is attractive to China. As China’s economy and labor market mature, it is moving away from traditional industries and toward high-tech and service sectors.
The government has stressed the importance of ‘upgrading’ the economy by digitizing traditional industries, transitioning to high-tech capabilities, and cultivating digital and emerging industries as a means of sustaining economic growth. Strengthening international cooperation and trade in the digital economy therefore directly serves to boost China’s plan to become a high-tech powerhouse.
The provisions on boosting the participation of SMEs in the digital economy are also in line with China’s overall aims to support and develop SMEs, both by helping smaller companies upgrade and keep pace with digitization and by cultivating smaller businesses engaged in emerging technologies. SMEs form the backbone of China’s economy, accounting for 60 percent of the country’s GDP, 70 percent of its patents, and employing 80 percent of its workers, according to data from Statista.
China has therefore ramped up efforts to support SMEs, in particular since the start of the pandemic, which had an outsized impact on smaller businesses in the country. In addition to increasing loans to small businesses over the course of 2021, China also recently launched a new stock exchange in Beijing geared toward innovation-focused SMEs, in the hope of increasing capital flows to the sector.
Streamlining access to information and resources and facilitating cross-border trade and information sharing, as proposed by DEPA, could be a welcome boost to China’s SMEs. The agreement would also help open up new markets for Chinese SMEs and drive innovation through more competition and collaboration. MOFCOM’s explanation that China is joining DEPA because it is “in line with China’s moves to deepen domestic reforms” is therefore likely to refer to these.
What does China have to do to join DEPA?
China will need to jump through some hoops before it can expect to be admitted to the DEPA, something that MOFCOM acknowledged in its statement. The agreement sets relatively high standards on data openness and transparency for its members, which would require some changes to China’s current data laws.
Specifically, the requirements for cross-border flow of data and data storage, which conflict with the recent tightening of regulations in China, have led some critics have cast doubt over China’s eligibility to join the DEPA.
Cross-border data flow
Module 4 of the DEPA deals with Data Issues (see table above), and stipulates, among other things, that, “Each Party shall allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person.”
However, there are a number of provisions in Chinese law that contradict this requirement. The Cybersecurity Law, which was released in 2017, requires critical information infrastructure (CII) operators that handle ‘important’ data or personal information to undergo a security assessment by the Cyberspace Administration of China (CAC) before being permitted to transfer the data abroad.
The Personal Information Protection Law (PIPL), which came into effect on November 1, 2021, has further bolstered these requirements. The new law requires companies that handle the personal information of users in China to undergo a security assessment before transferring the data overseas, among other requirements, such as obtaining a personal information protection certification and providing a signed contract with the overseas recipient of the data.
Further clarifications of these requirements were provided in a recent set of draft guidelines for cross-border data transfer, which specify that security reviews are needed for the transfer of the personal information of more than 100,000 Chinese users or the ‘sensitive’ personal information of more than 10,000 Chinese users outside of China. The draft guidelines also outright ban the export of ‘core data’, defined as data that poses a high risk to China’s national security.
In addition to the security assessment requirements, the Data Issues section of the DEPA also requires that “No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.”
This also conflicts with stipulations in both the 2017 Cybersecurity Law and the PIPL, which require CII operators that collect and generate personal information or important data during operations conducted in China, or operators handling the personal information of users in China, to store that data within China’s territory.
Impact of data regulations on businesses
The requirements of the data regulations are further complicated by the fact that some of the legal terminologies is not clearly defined. There is still some confusion over which companies fall under the designation of CII operator, and what exactly constitutes ‘important data’.
This has led some companies to take preemptive action, even when it is not entirely clear that they need to. In response to the data storage requirements, multiple foreign automakers, such as Ford and BMW, have set up data centers in China to support their domestic operations.
More recently, ambiguity over the implementation of the data requirements has led some domestic shipping companies to refuse to hand over data that is used to predict congestion to overseas operators, even though the PIPL doesn’t specifically mention shipping data within its scope.
The skittishness that the data regulations have caused among domestic companies may further raise doubts over China’s ability to guarantee data openness. In addition to amending the legislation to facilitate cross-border data transfer, China may also have to further clarify the legal terminology to ensure consistent implementation and assist companies with compliance.
What are China’s chances of being accepted to the DEPA?
China views the export of data as an issue of national security, and it seems unlikely that it will water down these provisions significantly in order to join the DEPA. However, it is also not entirely clear whether it will need to.
The “Security Exceptions” section of the DEPA states that, “Nothing in this Agreement shall be construed to: […] (b) preclude a Party from applying measures that it considers necessary for the fulfillment of its obligations with respect to the maintenance or restoration of international peace or security, or the protection of its own essential security interests.” It is therefore possible that China’s data security measures fall under the DEPA’s exceptions, but this will ultimately be up to the current DEPA members to decide.
In addition to the issues of data flow and storage, some aspects of China’s new data regulation regime may also help to strengthen its position. The passing of the Personal Information Protection Law, which went into effect on November 1, 2021, has greatly improved protection measures for online individuals, requiring, among other things, informed consent for the collection and processing of personal information and outlining strict requirements for how that data can be used and stored.
This falls closely in line with the objectives of the DEPA to “adopt or maintain a legal framework that provides for the protection of the personal information of the users”. The proposed legal framework also contains several protection measures that are already included in the PIPL. This could help the favorable view of China’s legal framework among member countries and promote its position as a positive influence on the creation of a robust cross-border data protection system.
Whether China will make any changes to its current data laws is currently unclear. As of writing, Chinese authorities have not yet made any announcements pertaining to amendments to data laws, and the current DEPA members have not yet made public whether China’s request to join the DEPA has been accepted.
China Briefing is written and produced by Dezan Shira & Associates. The practice assists foreign investors into China and has done so since 1992 through offices in Beijing, Tianjin, Dalian, Qingdao, Shanghai, Hangzhou, Ningbo, Suzhou, Guangzhou, Dongguan, Zhongshan, Shenzhen, and Hong Kong. Please contact the firm for assistance in China at email@example.com.
Dezan Shira & Associates has offices in Vietnam, Indonesia, Singapore, United States, Germany, Italy, India, and Russia, in addition to our trade research facilities along the Belt & Road Initiative. We also have partner firms assisting foreign investors in The Philippines, Malaysia, Thailand, Bangladesh.