There's a growing drumbeat (in Washington) that China's new #privacy laws give Chinese citizens' greater protections than in the US -- and that's good enough reason for DC to pursue federal #dataprotection laws.
Let's unpack why that argument doesn't make sense.
<<cue thread>>
Let's unpack why that argument doesn't make sense.
<<cue thread>>
So it's true that Beijing is rolling out a comprehensive national #privacy standard that, in its very basic levels, is based on Europe's General Data Protection Regulation. You can read a translation here newamerica.org/cybersecurity-…
It hits all the needs-to-have: greater consent for how data is used, checked. data breach notification requirements, check. potential hefty fines for wrongdoing, check.
Again, at a basic level, it does look like the GDPR.
But....
Again, at a basic level, it does look like the GDPR.
But....
Let's look at the specifics. There are some major differences. Let's start out with the most critical one: these #privacy rules do not apply to how the state access' people's data, giving national security agencies free rein over reams of data. That kinda kills the argument, flat
I mean, sure. you can have privacy rights, on paper, and aimed at how privacy companies use your data. But if it doesn't apply to (an authoritarian) govt, does it really matter.
I'll take the Fourth Amendment any day, imo.
I'll take the Fourth Amendment any day, imo.
And then there is how China is trying to use the proposals to expand its own control. All Chinese-related data must be kept in the country, and there are other "data localization" elements aimed at forcing companies to keep all data within the borders.
Call it the data center model for China's massive intranet.
Not exactly something other parts of the world are doing, despite growing concerns about other (Western democratic) countries calling for more data to be stored locally
Not exactly something other parts of the world are doing, despite growing concerns about other (Western democratic) countries calling for more data to be stored locally
On data transfers, too, Beijing has massive control over what gets to be shipped outside the country -- for whatever reason.
I love me some privacy rules that give the govt unilateral control over that. Yup, definitely "putting Washington on the back foot," sure.
I love me some privacy rules that give the govt unilateral control over that. Yup, definitely "putting Washington on the back foot," sure.
Oh, another fun one. The proposals would allow Beijing to blacklist intl companies that process Chinese data if they are found to have broken China's #privacy rules.
Question: how's that's going to work when Beijing comes calling for data access on national security grounds?
Question: how's that's going to work when Beijing comes calling for data access on national security grounds?
I could go on and on. Yes, it's #privacy, on paper, in terms of greater powers to the consumer to demand control over their data from PRIVATE companies.
It says nothing, really, about govt access to data -- and that's kinda a big deal, imo.
It says nothing, really, about govt access to data -- and that's kinda a big deal, imo.
In DC, the argument is that b/c China is pursuing privacy rules that, on paper, look similar to Europe's standards, then Washington should get in on the game to make sure it's "not left behind."
I mean, I could point you in the direction of California's revamped #privacy regime, or even the watered-down versions in Colorado and Virgina. Let alone the legit sectoral data-limitations in industries like financial services or healthcare.
Also: FOURTH AMENDMENT
Also: FOURTH AMENDMENT
I get it, the US doesn't have federal privacy standards, and it needs them. But that's not to say US citizens (and others, to a degree) aren't protected from data-hungry practices. To frame this as "China is winning on privacy," doesn't make sense.
How I see it: DC folk are framing this privacy issue along national security grounds as another battleground where the US is going up against China in the battle for digital supremacy.
I mean, I get that. China is competing with the US. But on privacy, forgettaboutit
I mean, I get that. China is competing with the US. But on privacy, forgettaboutit
There are many things wrong with how data practices work in the US. That's especially true for how non-US citizens are currently treated and how US national security agencies can access that data
And sure, you may not like the FISA system and the lack of transparency on how data is collected and used by both private and public US entities.
I hear ya, I'm with ya.
I hear ya, I'm with ya.
But enough with the "China is winning the privacy war" narrative.
It's not, and will never be as long as its authoritarian regime has unlimited access to people's data for whatever reason it wants
It's not, and will never be as long as its authoritarian regime has unlimited access to people's data for whatever reason it wants
In that regard, the US is so far ahead, it's not even worth the argument.
Can the US do more? For sure. Should there be federal privacy standards. Yup. But to compare the US to China on this issue doesn't help -- and plays into a political narrative being pushed by some in DC
Can the US do more? For sure. Should there be federal privacy standards. Yup. But to compare the US to China on this issue doesn't help -- and plays into a political narrative being pushed by some in DC
Rant over. Thoughts appreciated.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
