Ⅰ. ON THE RISE: DEVELOPMENT OF DATA TRADE
1. Development of Data Trade in China
Driven by national policy, China's data element market has experienced rapid growth, with the overall scale of the data trading market demonstrating robust expansion. In November 2024, the Shanghai Data Exchange, together with the National Engineering Laboratory for Big Data Circulation and Trading Technology, jointly released the 2024 China Data Trading Market Research and Analysis Report. According to the Report, the compound annual growth rate (CAGR) of China's data trading market from 2021 to 2025 is projected to reach 46.5%, with an expected CAGR of 20.3% from 2025 to 2030, and the market size is anticipated to reach 715.9 billion RMB by 2030[1]. On 10 January 2025, Liu Liehong, Director of the National Data Administration, indicated at the National Data Work Conference that the national data market transaction volume in 2024 is expected to exceed 160 billion RMB, representing a year-on-year increase of over 30%. Of this, the volume of on-exchange data transactions (including registered transactions) is expected to surpass 30 billion RMB, effectively doubling year-on-year[2].
As the data trading market continues to expand and the demand for data from all aspects grows, data trading institutions, as the core hubs of the data market, are also embarking on new development opportunities. Data trading institutions have been established successively across the country, and the types and quantities of data products have become increasingly diverse. For example, as of January 2025, there were 39 operational data exchanges in China with listed products, an increase of 14 compared to the same period last year. Except for Qinghai, Tibet, Hong Kong, Macao and Taiwan, which are still in the planning stage, a preliminary framework has been established with at least one data exchange in each province (and autonomous region/municipality). As of January 2025, these 39 data exchanges had listed a total of 38,925 data products, an increase of more than 1.5 times compared to the previous year, with primary application scenarios in finance and taxation, marketing and commerce, shipping and transportation, smart cities and credit services[3].
2. Development of Data Trade in other Countries
With the global proliferation of digital technologies such as artificial intelligence, the steady advancement of digitalization worldwide, and the continuous improvement of supporting policies in various countries, the total volume and demand for data internationally have increased significantly. In 2023, the global data trade market was valued at approximately USD 126.1 billion, and is expected to grow to USD 177.9 billion by 2025, with a CAGR of 20.5% from 2021 to 2025. North America led the global data trade market in 2023 with a market size of USD 56.1 billion and a CAGR of 19.8%. The market sizes for Europe, Asia, South America, Oceania and Africa in 2023 were USD 23.7 billion, USD 34.5 billion, USD 4.4 billion, USD 5.7 billion, and USD 1.4 billion, respectively[4].
Due to differences in national conditions and policies, different countries and regions have developed distinctive primary models for data trade:
(1) United States: Data Brokers
A hallmark of the U.S. data market is the prevalence of data brokers - enterprises whose main business is to collect consumer personal information from various sources, aggregate, analyze, and share such information or its derivatives for purposes such as marketing, identity verification, or fraud detection[5]. Data brokers effectively bridge the trust gap between supply and demand in the data market, facilitating data circulation and value transformation, and play a crucial role in the prosperity of the U.S. and global data trade markets. In 2021, the global data brokerage market, including pure data trading businesses, was valued at USD 240.3 billion, and is projected to grow at a CAGR of 6.8% from 2022 to 2031, reaching USD 462.4 billion by 2031[6].
(2) European Union: Data Spaces and Data Intermediaries
In February 2020, the European Commission released the European Data Strategy, proposing the construction of a European Common Data Space to create a unified, trusted environment for data sharing, enabling companies to access high-quality industrial data and achieve institutional development goals[7]. As of December 2024, there were 185 data space cases worldwide, with 10.81% already operational. According to incomplete statistics, the EU alone has over 130 data spaces, covering 17 sectors including manufacturing and green transformation[8]. Building on the European Data Strategy, the EU further issued the Data Governance Act and accompanying guidelines, defining a new business model for data intermediary services and imposing new regulatory requirements on data intermediary service providers, thereby providing a trusted bridge for data circulation between data holders and users. As of October 2024, 11 organizations had applied to become data intermediary service providers, and one organization had registered as a data altruism organization, supporting data circulation and sharing across the EU.
(3) Japan: Data Trust Banks
Since the concept of data trust banks was first proposed by Japanese scholars in 2012, the Japanese government has been exploring and implementing the data trust bank system, gradually forming a data circulation market system involving government, data trading platforms, data banks, data circulation associations, data circulation operators, and domestic and foreign companies[9]. According to the Japan IT Federation's certification list, as of now, seven institutions, including Sumitomo Mitsui Trust Bank and Dai Nippon Printing, have obtained formal certification as data trust banks, and MILIZE has received preliminary certification[10].
Ⅱ. Chinese Experience: Rules and Practice of Data Trade in China
1. Relevant laws, regulations and judicial interpretations
As a major participant in the global digital economy, China has, over recent years, gradually established and improved a governance mechanism for data transactions that balances security and development. While promoting both international and domestic data circulation and transactions, China has consistently adhered to the dual objectives of ensuring data security and protecting citizens' privacy rights, constructing a legal framework centered on the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. This framework encompasses administrative regulations, departmental rules, local regulations, and other normative documents and national/industry standards that must be observed in data transactions. Security assessments, standard contracts, and other mechanisms are employed to maintain the market-oriented circulation of data elements while building a robust barrier for data security. See more details:
2. Practice of Data Trade in China
(1) Domestic Data Transactions
i. Parties to Data Transactions in China
Based on their roles in the data transaction process, parties of data trading market in China can be categorized as data suppliers, data users, data trading institutions, and data service providers.
Data trading institutions primarily provide the space or platform for data transactions. They fall into two categories, namely data exchanges and data trading platforms. Data exchanges, such as the Beijing International Data Exchange and the Shanghai Data Exchange, are typically established by government agencies, public institutions, or state-owned enterprises. They therefore function as quasi-public infrastructure and impose stricter compliance requirements. By contrast, data trading platforms, such as Datatang and Alibaba Cloud, are usually established by private entities. They are subject to looser standardization requirements and operate with a stronger profit orientation.
Data service providers in this article generally refer to entities that offer auxiliary technical or service support to facilitate data transactions between suppliers and users, without directly participating in the transactions themselves. Their business scope includes data storage, security maintenance, product design and development, issuance guidance, transaction matching, data transmission, asset utilization, compliance assessment, and asset auditing[11]. For example, accounting firms providing data asset audits and law firms providing compliance assessments are considered data service providers.
ii. Subject Matter of Data Transactions in China
Any data element with value can serve as the subject matter of data transactions, including raw data, derived data products, and services. For instance, Article 12 of the Interim Measures of Shenzhen Municipality for the Administration of Data Transactions stipulate that tradable subjects include data products, data services, and data tools. Data products mainly refer to raw data and processed derivatives intended for transaction; data services refer to the seller's provision of data processing capacity (including collection, storage, use, processing, transmission, etc.); data tools refer to software and hardware tools enabling data services. Other data elements approved by competent authorities may also be traded. Similarly, Article 7 of the Interim Measures of Guangxi for the Administration of Data Transactions also stipulates that tradable subjects include data products, data services, data tools, etc.
iii. Main Modes of Data Transactions in China
Based on the source of the data being traded, China’s data transactions can be divided into enterprise data transactions, personal data transactions, and public data transactions.
Enterprise data transactions are currently the largest in scale, the most institutionally developed, and the most commonly practiced. They include spontaneous transactions between enterprises, transactions facilitated by data service providers, and regular data sharing within industry alliances.
For personal data transactions, given the limited value of individual personal data, most such transactions are not directly conducted by individuals as suppliers. Instead, they usually take place in two stages. In the first stage, individuals authorize the collection of their data in exchange for services or compensation from a data processor (such as an internet platform, app operator, or personal data trust entity). In the second stage, the authorized processor, as the supplier, conducts transactions with other demanders, with personal data sets, products, or services as the subject matter[12]. For example, in the first personal data trust case at the Guiyang Big Data Exchange, individuals entrusted their resume data to the exchange, which then commissioned a technology company to manage the data, assisting with governance, anonymization, encryption, and sales[13].
Public data, by virtue of its authority, broad coverage and diversity, is highly favored by data processors. With the continuous improvement of public data resource sharing policies and the gradual implementation of public data authorization and operation mechanisms, transactions involving public data have also flourished. For example, in May 2024, a technology company brought high-resolution meteorological data from the China Meteorological Administration into the Shenzhen Data Exchange, integrating it with urban industry data and completing the first closed-loop transaction of meteorological public data products[14]. Similarly, in November 2024, a public data product based on data from the Qingdao Municipal Transportation Bureau completed its first transaction, marking the first administrative unit data operation transaction in the national transportation sector[15].
(2) Cross-Border Data Trade in China
i. Exploration and Experimentation
Given that cross-border data trade inevitably involves cross-border data flows, to protect data security and personal information rights, participants in China's cross-border data trade must strictly comply with the Data Security Law, the Cybersecurity Law, the Personal Information Protection Law, the Provisions on Promoting and Regulating Cross-border Data Flow, the Measures for the Standard Contracts for the Outbound Transfer of Personal Information, and the Measures for the Security Assessment of Outbound Data Transfer, among other relevant laws and regulations. Obligations include identifying and reporting important data, applying for security assessments for data export, entering into standard contracts for personal information export, and obtaining personal information protection certification.
Meanwhile, China has taken significant steps to promote the marketization and internationalization of data elements by establishing free trade pilot zones and reducing procedural obligations for cross-border data transfers under specific circumstances. For example, under the Provisions on Promoting and Regulating Cross-border Data Flow, free trade zones, within the framework of the national data classification and grading protection system, may independently formulate a negative list of data requiring security assessment, standard contracts, or certification for cross-border transfer. Data processors in free trade zones providing data outside the negative list to overseas entities may be exempted from these requirements.
For example, on 9 May 2024, the China (Tianjin) Pilot Free Trade Zone released China's first negative list for data outbound transfers from free trade zones, specifying the circumstances under which enterprises in the Tianjin Pilot Free Trade Zone must apply for a data outbound security assessment, enter into standard contracts for the outbound transfer of personal information, and obtain personal information protection certification when providing data to overseas entities. Subsequently, free trade zones in Beijing, Shanghai, and other regions also successively introduced relevant negative lists/positive lists to gradually implement the requirements for the marketisation and internationalization of data elements. For example, free trade zones in Beijing, Shanghai, Jiangsu, Guangdong, and other regions have established cross-border data "green channels," service centres, and related platforms to provide enterprises with more convenient and secure guidance, consultation, and solution design services related to data outbound transfers. In the Greater Bay Area, the Cyberspace Administration of China and the Hong Kong Innovation, Technology and Industry Bureau jointly formulated implementation guidelines for standard contracts for cross-border personal information flow, reducing assessment requirements for data flows from the Chinese mainland to Hong Kong.
ii. Dialogue and Cooperation
Beyond domestic policy exploration, China is actively organizing and participating in international exchanges and cooperation on data security and circulation. Initiatives such as the Jointly Build a Community with a Shared Future in Cyberspace, the Global Data Security Initiative, and the Beijing Declaration on Building a Digital Silk Road have been proposed to promote data cooperation and sharing, as well as international cooperation on data and cybersecurity. China also actively participates in multilateral digital economy cooperation, promoting the adoption of initiatives such as the Initiative of Cooperation to Promote the Internet Economy and the G20 Digital Economy Development and Cooperation Initiative. In 2021, China applied to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership ("CPTPP") and the Digital Economy Partnership Agreement ("DEPA"), seeking to enhance data governance and digital economy cooperation with other countries[16].
With active domestic policy exploration and institutional innovation, coupled with deepening international cooperation, China's cross-border data transaction market is embracing new development opportunities, with transaction volumes steadily increasing. For example, by the end of March 2025, the Shenzhen Data Exchange had achieved a total cross-border data transaction volume of 312 million RMB, with over 60 million RMB transacted between December 2024 and March 2025 alone[17].
iii. Experience from Abroad: International Rules on Data Trade
Efficient and secure data circulation is the cornerstone of cross-border data trade and a crucial guarantee for domestic and international data transaction cooperation. In the rapidly evolving global landscape, compliance with international rules is essential for enterprises engaged in data trade. The main international agreements currently governing data trade are the CPTPP, the DEPA, and the United States-Mexico-Canada Agreement ("USMCA"). Data trade rules in these agreements will be introduced and compared in the following section.
- CPTPP
The CPTPP, a major economic cooperation framework in the Asia-Pacific region, entered into force in 2018. Its provisions on cross-border data transmission aim to balance the free flow of data with privacy protection, fostering an open and secure environment for data circulation.
Article 14.11 of the CPTPP sets out the basic rules for cross-border data flows, covering regulatory autonomy, support for the free flow of data, and public policy exceptions. Paragraph 1[18] recognizes each contracting party's right to establish its own regulatory requirements for electronic information transmission, allowing for national differences in policy objectives, technical capabilities, and data security systems. Paragraph 2[19] requires contracting parties to permit the cross-border transfer of information, including personal information, for business purposes, reflecting support for data free flow. Paragraph 3[20] allows contracting parties to restrict data flows to achieve legitimate public policy objectives (such as national security, public interest, or privacy protection), provided such measures are not arbitrary or unjustifiably discriminatory, do not constitute disguised trade restrictions, and are not more restrictive than necessary.
The CPTPP not only protects the free cross-border flow of information but also safeguards the autonomy of businesses to decide where to locate their servers, as stipulated in Article 14.13(2)[21]. This provision generally prohibits contracting parties from making data localisation a condition for market access, thereby preventing contracting parties from using "data sovereignty" as a pretext for digital protectionism, such as requiring foreign companies to store all user data locally or demanding that businesses incur significant costs to establish data centres in order to operate. Paragraph 3 of this article[22] permits contracting parties to require businesses to establish local servers if there are sufficient public policy grounds, provided that such requirements are consistent with the principles of non-arbitrariness, non-discrimination, and proportionality.
Overall, while promoting the free flow of data, the CPTPP also leaves necessary policy space for contracting parties, reflecting a balance between freedom and security, and serving as a model for the future evolution of international rules.
- DEPA
DEPA, signed in 2020, is a cutting-edge agreement promoting digital economy development in the Asia-Pacific. It largely extends and upgrades the CPTPP's digital economy rules, with more specific and operationally effective provisions.
With regard to cross-border data flows, Article 4.3 of the DEPA is largely consistent with Article 14.11 of the CPTPP, both supporting cross-border data transfers for business purposes and allowing countries to impose reasonable restrictions based on legitimate public policy objectives. However, DEPA adopts a more open governance philosophy. The opening paragraph of this provision explicitly states that the commitments listed therein are not exhaustive[23], implying that future expansions and upgrades can be made within the existing framework, thereby reflecting the openness and forward-looking nature of cross-border data flow rules.
DEPA's modular structure further enables parties to accede to the agreement as a whole or only to selected modules, such as those on digital products, data flows, or SME cooperation, thus lowering institutional barriers for developing countries and tailoring cooperation to different digital development levels.
- USMCA
USMCA adopts a more aggressive stance on digital liberalization, significantly limiting contracting parties' regulatory authority over data flows.
Unlike the CPTPP and DEPA, which recognize parties' rights to regulate cross-border data flows, USMCA Article 19.11[24] does not grant such autonomy, effectively prohibiting restrictions on data flows for reasons of data sovereignty or security.
Additionally, the USMCA adopts a more lenient approach to personal data protection. Article 19.8[25] encourages the contracting parties to refer to international standards such as the APEC Privacy Framework ("APEC Framework") and the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data ("OECD Guidelines").While these documents advocate basic privacy protection principles, they also emphasise that countries should avoid imposing unnecessary barriers to cross-border data flows on the grounds of privacy protection[26].
iv. Historical Perspective: The Evolution of Multilateral Trade Rules and Organizations
International rules on data trade are still in their infancy, with no globally accepted multilateral rules or dedicated international organizations. However, regional agreements have made important explorations. As a major trading nation and a rapidly developing digital economy, China should actively participate in and promote the development of international data trade rules. Reviewing the evolution of multilateral rules and organizations for goods and services trade in the twentieth century offers valuable lessons.
- From Goods to Services and Intellectual Property
The evolution of economic order and trade patterns has driven the expansion of multilateral trade rules. The General Agreement on Tariffs and Trade ("GATT"), established after World War II, primarily regulated goods trade, aiming to reduce tariffs, eliminate barriers, and establish principles such as most-favored-nation treatment, national treatment, and transparency[27].
Since the 1970s, with the growth of cross-border business in service industries such as banking, insurance, and telecommunications, as well as the cross-border flow of capital, personnel, and technology, the GATT could no longer cover all trade practices. The United States led the push to include services in multilateral negotiations and ultimately made it an official agenda item at the Uruguay Round in 1986. In 1995, the General Agreement on Trade in Services ("GATS") came into effect, which classified services into multiple sectors and four modes of supply, namely cross-border delivery, consumption abroad, commercial presence, and movement of natural persons. Based on principles such as most-favoured-nation treatment, member states made their commitments to reduce barriers for different sectors and modes, providing institutional safeguards for global services trade.
The rise of technology-intensive products also highlighted the need for cross-border intellectual property protection. Developed countries are highly concerned about technology leakage and counterfeit goods, which has led to the inclusion of intellectual property rights as a key focus of the Uruguay Round negotiations. In 1994, the Agreement on Trade-Related Aspects of Intellectual Property Rights was adopted, marking a new phase of international intellectual property protection characterized by high standards and enforceability[28].
- From Fragmented Treaties to International Organizations
Multilateral trade and economic rules have gradually evolved from a fragmented collection of treaties to institutionalised international organisations, driving the systematisation of the rules framework and enhancing substantive fairness. The post-war Bretton Woods Conference established the three pillars of global economic governance: the International Monetary Fund, the World Bank and the GATT. However, these institutions primarily served the interests of developed countries and struggled to adapt to the changing international landscape after World War II.
With the successive independence of Asian, African, and Latin American countries, the global governance landscape underwent a restructuring, and developing members demanded greater say in institutional design. In 1965, the GATT added a "trade and development" section, establishing the principle of non-reciprocity and providing developing countries with some institutional space for development. With the advent of the WTO era, the Agreement Establishing the WTO explicitly stated that the share of developing countries in international trade should be commensurate with their level of development, further embedding the principle of differential treatment into the objectives of the WTO. The establishment of the WTO system marked a shift in the global trade order from "power-oriented" to "rule-oriented," providing institutional possibilities for the construction of a more just and reasonable international economic order[29].
At the same time, as the "youngest" major international organisation, the WTO provided more normalised and institutionalised support for the multilateral trading system. Located in Geneva, Switzerland, the WTO has a secretariat of more than 600 people and more than 20 departments, which is responsible for the daily operations of the WTO's various functions, including rule negotiations, the accession of new members, and dispute settlement. This permanent institution plays an important role in the operation and development of the global multilateral trading system.
- From First Instance to Appellate Review
The establishment and improvement of dispute settlement mechanisms are key to ensuring the effective implementation of multilateral trade rules. Although the GATT established an expert panel procedure, it followed the principle of consensus, allowing the losing party to veto the expert panel's report, which led to low efficiency in the mechanism's operation. Additionally, since the GATT dispute settlement mechanism was a single-tier system, the losing party had no further avenues for redress, and there were systemic issues regarding inconsistent legal standards and adjudication outcomes.
During the Uruguay Round, members reached a consensus on reforming the dispute settlement mechanism and ultimately adopted the Dispute Settlement Understanding ("DSU"), establishing a legally binding two-tier review structure. Under the DSU, the WTO dispute settlement procedure consists of expert panels and an Appellate Body. The Appellate Body reviews only legal issues and interpretations in panel reports, establishing a two-tier system with finality, which significantly enhanced the authority and predictability of dispute settlement[30].
Currently, due to the United States' obstruction of the selection of Appellate Body members, the Appellate Body is unable to function. However, the institutional stability it has injected into the multilateral trading system since the establishment of the WTO has been widely recognised by most members and the international community. Therefore, most WTO members, including China and the EU, continue to push for the resumption of the Appellate Body's functioning, while also utilising the arbitration provisions of the DSU to establish a temporary substitute for appellate review. This also underscores the important role of the two-tier system in resolving international trade disputes.
v. Looking Forward: International Rules and Organizations for Data Trade
With China's growing national strength and its "increasingly central role on the world stage"[31], it is necessary to envision and promote the development of international rules and organizations for data trade in the digital era.
- Data Trade: The Third Form of International Trade
With the acceleration of the global digital economy, data trade is emerging as a new form of international trade, following goods and services. Data trade is characterized by:
- Special Trading Objects:
Data trade centers on digital products such as data resources and products, which are highly replicable, have zero marginal cost, and are non-rivalrous. For example, an AI company selling a global image dataset for algorithm training is a typical data trade transaction.
- Unclear Property Rights:
There are no unified global rules for determining data property rights. For example, there are significant differences in legislation between countries regarding who owns and has the right to use behavioral data uploaded by users to social media platforms – whether it should be the users themselves, the platform operators, or the data processors.
- Taxation Mechanisms:
Data, as a new production factor, is not yet adequately covered by current tax systems. Many countries have unilaterally introduced or are preparing to introduce digital services taxes before the final implementation of the international taxation reform in the digital economy.
- Opaque Pricing Mechanisms:
Due to low replication costs and value dependence on application scenarios and algorithms, data product pricing remains theoretically unsettled[32].
Given these features, data trade is justifiably regarded as the "third form of international trade," necessitating its own independent international rules.
- Rule Construction: Bilateral, Plurilateral, or Multilateral
How to establish international rules for data trade in the future is also a question worth exploring. In terms of legislative form, data trade rules can either be set up as an independent regulatory framework or integrated into broader digital economy agreements. Regarding the level of agreements, the development of data trade rules is likely to follow a gradual approach, evolving from simpler to more sophisticated forms, and from limited to broader coverage. This would involve progressing through different stages: starting with individual national legislation, then moving to bilateral or regional pilot agreements, and eventually expanding to plurilateral agreements. Whether a truly global multilateral framework can emerge in the future remains highly uncertain.
Currently, there are significant challenges to the multilateralization of data trade rules. Sensitive issues such as data sovereignty, differences in privacy protection standards, and the priority given to national security all pose obstacles to regulatory harmonization. Nevertheless, in the long run, building a unified, open, and inclusive multilateral mechanism remains crucial for enhancing the predictability of data trade and fostering mutual trust among all parties involved.
In this regard, China can draw on the experience of the United States, which, after World War II, took the lead in building the framework for goods trade rules and further upgraded it into an international organization covering goods trade, services, and intellectual property. Taking the economic and commercial needs of data trade as the driving force, and upholding liberalization and non-discrimination as fundamental principles, China can promote the establishment of international rules for data trade and gradually expand them to broader regions and sectors.
- Dispute Settlement Mechanisms
There is not yet a mature international consensus on dispute settlement for data trade. For example, the DEPA explicitly excludes disputes related to non-discriminatory treatment of digital products, cryptography, cross-border data transmission, and server location from its mediation and arbitration mechanisms[33].
The rationale includes: (1) lack of mature practice, as data products lack clear classification standards and countries differ on whether they are goods or services; (2) high policy sensitivity, as data involves national security and privacy, leading countries to prefer domestic policy autonomy; and (3) greater flexibility of negotiation over arbitration. While this exclusion limits the scope of dispute settlement, it prevents rejection of the mechanism due to domestic policy concerns and increases members' willingness to resort to the dispute settlement mechanism[34]. In the future, a phased approach of "consultation first, arbitration as supplement" may emerge, with the scope of arbitrable rules expanding as experience and consensus accumulate, and mechanisms for appeal and enforcement being established.
Conclusion
As a potential third form of international trade, data trade is pushing the boundaries of existing international economic rules, prompting new institutional frameworks in legislation, agreement design, and dispute settlement. The intangible nature of data products, uncertainty in pricing and taxation, and fragmented global rules indicate that the field is in a critical phase of institutional exploration.
China, with its vast data market, leading technology platforms, and rich governance experience, is poised to play a leading, bridging, and driving role in shaping global data trade rules, fostering a new order that balances security, data flow, and inclusiveness.
Legal services will be indispensable for Chinese enterprises going global, especially in data compliance, cross-border transactions, risk prevention, and dispute resolution. In the face of a complex and evolving international regulatory environment, professional legal support will be vital for enterprises and for shaping the global digital economy governance landscape.
Footnotes:
[1] Shanghai Data Exchange: Comprehensive Analysis of the Development Trends in the Data Circulation Market | Major Achievements, published on the Shanghai Data Exchange WeChat official account, https://mp.weixin.qq.com/s/PdUvrxuCFBayi5cB3kVh8Q, last visited: 21 March 2025.
[2] Xinhua News Agency: China's National Data Market Transaction Volume Expected to Exceed 160 Billion Yuan in 2024, published on Xinhua News, https://www.news.cn/fortune/20250110/0545608ebdd7402cbc050e135037d9c6/c.html,last visited: 21 March 2025.
[3] Lin Shuyang, Jiang Jialin, et al.: Review of the Development of Major Data Trading Platforms in China in 2024 (Second Half of the Year), published on the Tianyi Think Tank WeChat official account, https://mp.weixin.qq.com/s/ged5QaYVrjdZZ9X692I_3Q com/s/kOSvrros5MRTk5cfbsT49w, last visited: 21 March 2025.
[4] Frost & Sullivan (Beijing) Consulting Co., Ltd., Toubao Information Technology (Nanjing) Co., Ltd., National Engineering Laboratory for Big Data Circulation and Trading Technology, and Shanghai Data Exchange: 2024 China Data Trading Market Research and Analysis Report, November 2024, p. 10.
[5] Federal Trade Commission: Data Brokers: A Call for Transparency and Accountability: A Report of the Federal Trade Commission, available at https://www.ftc.gov/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014, last visited: 25 March 2025.
[6] Transparency Market Research: Data Broker Market Outlook 2031, available at https://www.transparencymarketresearch.com/data-brokers-market.html, last visited: 25 March 2025.
[7] European Commission, A European strategy for data, available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020DC0066, last visited: 26 March 2025.
[8] Liu Feifei and Xiao Li, Analysis of the Development Trends of Trusted Data Spaces, China Telecommunications Industry, No. 1, 2025, pp. 34–37.
[9] China Academy of Information and Communications Technology, Industry and Planning Research Institute: Report on the Development Index of Data Trading Platforms (2024), published in August 2024.
[10] Japan IT Association Federation Information Bank Promotion Committee: List of Certified Operators, https://tpdms.jp/certified/, last visited: 27 March 2025.
[11] The definition of the scope and boundaries of data service providers in this paper primarily references the Shanghai Data Exchange's classification of data service providers and the scope of their business operations. However, in practice, different data trading institutions have inconsistent standards and terminology for defining the scope and boundaries of data service providers. For example, the "data merchant" in the Guiyang Big Data Exchange has a role and status similar to that of the data supplier referred to in this article, while the "data intermediary" is similar to the data service provider in this article, capable of providing various services to both parties in a transaction, including data transaction consulting, training, assessment, and brokerage. Another example is that the "data merchant" and "third-party service providers“ in the Shenzhen Data Exchange generally follow the definitions outlined in the Interim Procedures of Shenzhen Municipality for the Administration of Data Brokers and Third-Party Service Providers for Data Circulation and Trading. According to the interim procedures, “data merchants” refer to entities that collect or maintain data from various legitimate sources, process it through aggregation, processing, analysis, etc., to convert it into tradable assets, and sell or license such assets to buyers; or provide services such as publishing and underwriting tradable assets to facilitate and ensure the smooth execution of transactions, and conduct business in compliance with relevant regulations. “Third-party service providers” refer to legal entities or non-legal entities that assist in the orderly conduct of data transactions and provide legal services, data assetisation services, security and quality assessment services, training and consulting services, and other third-party services.
[12] Cai Yuezhou and Liu Yuxin, A Preliminary Exploration of the Classification and Scale Estimation of Data Flow Transaction Models, China Economist, Issue 6, 2022.
[13] Guiyang Municipal Big Data Bureau: The First Personal Data Trust Case in China Takes Shape! Guiyang and Gui’an’s Data Transaction Innovation Practices Yield New Results, published on the Guiyang Municipal Big Data Bureau’s official WeChat account, https://mp.weixin.qq.com/s/D3nA_XmqYU_-G3zx9IomNw, last visited: 16 April 2025.
[14] Wang Muhua and Zhao Ning: First-ever meteorological public data product completes closed-loop circulation transaction within the market; China Meteorological Administration's high-value meteorological data products support the development of urban intelligent systems, published on the official website of the China Meteorological Administration, https://www.cma.gov.cn/ztbd/2024zt/20240402/2023032405/fw/202405/t20240531_6304455.html, last visited: 16 April 2025.
[15] China Transportation News: Qingdao Completes the First National Transaction of Data Assets from Transportation Administrative Units, reprinted from the official website of the Ministry of Transport of the People’s Republic of China, https://www.mot.gov.cn/jiaotongyaowen/202411/t20241113_4159342.html, last visited: 16 April 2025.
[16] See Zhang Qianqian and Tu Qun: National Framework for Data Elementisation — Phase Six: Data Circulation, Trading, and Cross-border Flow (Part Four), published on the Jiaotong University Review WeChat official account, https://mp.weixin.qq.com/s/qfP7SVafYnMYAIy97UYpMA, last visited: 17 April 2025.
[17] See Open Islands Hetao Development Agency: Recruitment of Member Units for the Shenzhen Digital Exchange Open Islands is Underway, reprinted from the Hetao Shenzhen Park WeChat official account, https://mp.weixin.qq.com/s/PULsKAVkkc463yBaj4z5Hw, last visited: 17 April 2025; Southern Metropolis Daily Hetao Development Agency: First in the Country! Cross-border Data Transaction Volume Exceeds 250 Million Yuan!, reprinted from the Hetao Shenzhen Park WeChat official account, https://mp.weixin.qq.com/s/F85GQZ34f_Lt6IAmBE5Avg, last visited: 17 April 2025.
[18] CPTPP Article 14.11-1: "The Parties recognise that each Party may have its own regulatory requirements concerning the transfer of information by electronic means."
[19] CPTPP Article 14.11-2: "Each Party shall allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person."
[20] CPTPP Article 14.11-3: "Nothing in this Article shall prevent a Party from adopting or maintaining measures inconsistent with paragraph 2 to achieve a legitimate public policy objective, provided that the measure:
(a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; and
(b) does not impose restrictions on transfers of information greater than are required to achieve the objective.
[21] CPTPP Article 14.13-1: "No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory."
[22] CPTPP Article 14.13-1: "Nothing in this Article shall prevent a Party from adopting or maintaining measures inconsistent with paragraph 2 to achieve a legitimate public policy objective, provided that the measure:
(a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; and
(b) does not impose restrictions on the use or location of computing facilities greater than are required to achieve the objective."
[23] DEPA Article 4.3: "The Parties affirm their level of commitments relating to cross-border transfer of information by electronic means, in particular, but not exclusively[.]"
[24] USMCA Article 19.11-1: "No Party shall prohibit or restrict the cross-border transfer of information, including personal information, by electronic means if this activity is for the conduct of the business of a covered person."
[25] USMCA Article 19.8: "To this end, each Party shall adopt or maintain a legal framework that provides for the
protection of the personal information of the users of digital trade. In the development of this legal framework, each Party should take into account principles and guidelines of relevant international bodies[.]"
[26] Sun Nanxiang, Differences in Regulatory Models, Coordination Pathways, and China’s Approach to Cross-border Data Flow, in Rule of Law Society, No. 3, 2024, p. 106.
[27] Wang Hui, Principles of International Trade Law, Beijing University Press, 2011, pp. 453, 458–459.
[28] Yu Jinsong: International Economic Law (4th Edition), Peking University Press and Higher Education Press, 2014, pp. 161–162.
[29] See Peking University Law Network: The Development of the Multilateral Trade System from the Perspective of the New International Economic Order, reprinted from the official website of the Ministry of Commerce of the People's Republic of China, http://chinawto.mofcom.gov.cn/article/ap/tansuosikao/201509/20150901116580.shtml, last visited: 16 April 2025.
[30] Wang Hui: Principles of International Trade Law, Beijing University Press, 2011 edition, p. 510.
[31] Ni Degang: Comprehensively Opening a New Era of the Great Revival of the Chinese Nation, published on the Communist Party of China News Network, http://cpc.people.com.cn/19th/n1/2017/1025/c414305-29608059.html, last visited: 16 April 2025.
[32] Shanghai Data Exchange and Institute of International Trade and Economic Cooperation, Ministry of Commerce: Global Data Trade Development Report (2024), pp. 1–5.
[33] DEPA Article 14A.1: Scope of Module 14 (Dispute Settlement)
Module 14 (Dispute Settlement), including Annex 14-B (Mediation Mechanism) and Annex 14-C (Arbitration Mechanism), shall not apply to:
(a) Article 3.3 (Non-Discriminatory Treatment of Digital Products);
(b) Article 3.4 (Information and Communication Technology Products that Use Cryptography);
(c) Article 4.3 (Cross-Border Transfer of Information by Electronic Means); and
(d) Article 4.4 (Location of Computing Facilities).
[34] Shi Jingxia and Lu Yige: Core Rules for Digital Trade under the DEPA Framework and China's Accession Negotiations, Digital Rule of Law, Issue 1, 2023, p. 123.
Source: King & Wood Mallesons
Authors:
- Susan Ning, Partner, Compliance & Regulatory Group, susan.ning@cn.kwm.com;Areas of practice:antitrust and competition law, data compliance, cybersecurity
- Li Zhenghao, Partner, International Projects Group, lizhenghao@cn.kwm.com; Areas of Practice:Chinese regulatory compliance in the technology, media & telecommunications (TMT) and other sectors, international trade law, commercial arbitration and litigation
- Liu Ying, Partner, Intellectual Property, liuying3@cn.kwm.com; Areas of practice:IP and commercial litigation and arbitration
- Zhu Han, Associate, Intellectual Property Group
- Zhang Qinhong, Associate Assistant, Intellectual Property Group
- Ni Beiya, Associate Assistant, International Projects Group
Thanks to Elle Zhang (Singapore), Zhang Yueqi (Singapore), Jessica Tao (Sydney) and Intern Wang Jiaao for their contributions to this article.