Data governance for smart cities in China: the case of Shenzhen

Abstract

Establishing an appropriate system for governing various data is a critical challenge in developing smart cities. In China, with its distinctive institutional characteristics, it is not yet well investigated what kinds of data governance mechanisms are introduced, how data are collected, shared, and used, and how potential risks concerning data security and privacy are addressed. This paper conducts an exploratory study of the case of smart city development in Shenzhen and examines critical opportunities and challenges in data governance. A centralized approach led by the government has been emphasized in data governance, with its focus evolving from addressing the fragmentation of government data to fostering the integration of various kinds of data in society. Open data platforms have been developed through close cooperation between government and technology enterprises. Regulations have been introduced to protect data security and privacy and facilitate the exchange and use of data for innovation. On the other hand, stakeholders are not sufficiently incentivized to provide accurate information. The value of data is not appropriately recognized or measured, discouraging the sharing of data to facilitate the use of data. Citizens are not well-informed about what kinds of data are collected and how these data are used. Institutional mechanisms have not yet been established to ensure that the data collected from citizens are properly handled by the public authorities. It is crucial to encourage citizens’ engagement in data governance to fully implement the people-centered approach to smart city development.

Keywords:

• Smart city
• data governance
• open data
• data security
• privacy
• innovation
• China
• Shenzhen

1. Introduction

More than half of the world’s population currently live in urban areas. This proportion is expected to increase to two-thirds by 2050 (United Nations Department of Economic and Social Affairs, 2018). The rapid development of urbanization has brought about many challenges, such as housing provision, traffic congestion, environmental protection, and public safety. Modern urban development requires cutting-edge technologies, citizen engagement, and effective governance systems to tackle pressing social challenges. As a future vision for urban development, the smart city has recently received growing attention and stimulated intensive discussions about its potential benefits and risks worldwide.

Despite the increasing interest, the concept of the smart city remains ambiguous, and there is no unified definition in the literature (Meijer & Bolívar, 2016; Tranos & Gertner, 2012). The previous literature has primarily focused on the application of technologies that utilize various kinds of data for urban functions and argued that rapidly evolving data-driven innovation is the key driver for smart city development. On the other hand, there have been very few studies that empirically examined institutional aspects of collecting, sharing, and using data for smart cities. Data-related issues constitute the core activities of smart city development, including data recording, storing, transmitting, and regulating through new technologies (Abraham, Schneider, & vom Brocke, 2019; Ruhlandt, 2018; Tan & Taeihagh, 2020; Tan, Araz, 2020). It is a critical challenge to design and implement effective systems for data governance to facilitate the use of data to provide technologies and services to citizens while addressing societal concerns about data, particularly data security and privacy.

Various types of data governance can be possible, including centralized, decentralized, and independent approaches, depending on the local socio-economic conditions. Smart cities involve multiple stakeholders, including government, enterprises, academia, nonprofit organizations, and citizens (Broccardo, Culasso, & Mauro, 2019; Ruhlandt, 2018). How data governance is established would affect promoting data-driven innovation, facilitating public-private partnerships, and encouraging citizens’ participation and engagement in smart cities (Angelidou, 2014; Bakıcı, Almirall, & Wareham, 2013; Roy, 2014). Data platforms particularly play an important role in data governance. They bridge the distance between the government and the public, providing opportunities for stakeholders in various sectors to understand what kinds of data are available and explore how these data can be used to address their issues and problems. Collected data also provide a robust basis for decision-making by city managers and improve the efficiency of public services (Borgman, Heier, Bahli, & Boekamp, 2016; Effendi, Syukri, Subiyanto, & Utdityasan, 2016; Ruhlandt, 2018).

As many countries are actively involved in constructing smart cities, China has become a leading country in smart city development in the world. With more than 500 smart cities initiated or planned, China currently accounts for almost half of the smart cities worldwide (Deloitte, 2020). Shenzhen, in particular, is one of the first cities to explore the construction of a smart city in the country. As a city with well-established supply chains for the electronic industry, Shenzhen has developed an industry cluster that can provide critical components for the smart city. A key feature of Shenzhen’s smart city development is close cooperation between the government and high-tech enterprises. These companies collaborate with the Shenzhen municipal government by providing their knowledge and expertise on advanced technologies, including big data, the Internet of Things (IoT), cloud computing, and artificial intelligence (AI).

Compared with technical development, it is not understood well how data is actually collected, shared, and used in smart cities in China. Many questions remain unexplored concerning various aspects of data governance, including open data management and institutional arrangement. Focusing on the case of Shenzhen, this study investigates what kinds of data governance mechanisms have been introduced, how data are collected, shared, and used, and how the government addresses the challenges concerning data security and privacy. In particular, we examine the city’s experience of developing open data platforms through collaboration with enterprises and establishing institutional arrangements for data collection, sharing, and use and citizens’ involvement in smart city programs. The case study is conducted by analyzing information obtained from government documents and reports and also through interviews. Implications for public policy and institutional development are explored for data governance systems that would be conducive to the use of data to tackle urban issues while addressing societal concerns about data security and privacy.

2. Literature review

Data governance is a critical aspect of smart city development. Sophisticated information and communication technologies and data-intensive devices and equipment are extensively deployed in smart cities (Allam & Dhunny, 2019; Silva, Khan, & Han, 2018). Urban management based on a large amount of data is expected to enable effective decision-making and broaden public participation and collaboration through smart technologies (Yanliu Lin, Zhang, & Geertman, 2015; Ruhlandt, 2018). How data is governed would affect what kinds of decisions are made and what types of stakeholders are involved in decision-making (Dyche & Levy, 2006; Hagmann, 2013; Khatri & Brown, 2010; Otto, 2011). More specifically, data governance involves cross-functional collaborations, data management frameworks, enterprise data assets, decision rights, accountability, and related data policies and regulations (Abraham et al., 2019). It is essential to examine how these aspects are implemented in the practice of data governance.

Previous literature identified the importance of structural, procedural, and relational aspects of data governance (Abraham et al., 2019). Structural elements involve the roles, actors, and accountabilities of decision-making (Borgman et al., 2016; Ruhlandt, Levitt, Jain, & Hall, 2020). Procedural issues mainly concern collecting, storing, sharing, and using data and protecting data security and privacy. Appropriate policies, standards, and rules are required to guarantee the proper implementation of various stages of data governance (Abraham et al., 2019; Borgman et al., 2016). Relational mechanisms influence how collaborations are facilitated between stakeholders in the public and private sectors in building smart cities.

Due to the complexity and sophistication of the technologies involved, governments worldwide usually cooperate with private sectors to co-construct IT infrastructures and data platforms to deliver public services effectively (Medaglia, Hedman, & Eaton, 2017). Since the principles of open data government were promoted in California in the 2000s (opengovdata, 2007), the public demand for open government data has grown significantly. The advocates and practitioners must consider the vast management cost of the large volume of data and the considerable investment in technical support and technicians. To attract enterprises and entrepreneurs to participate in the open data movement, governments need to explore the business potential and value creation of open data based on the original intention of building a transparent government (Deloitte, 2012; Magalhaes, and Roseira 2020; Mayernik, 2017). Therefore, how public and private sectors collaborate to create an open data ecosystem has become a critical issue in smart cities.

In China, local governments adopt various forms of collaboration with the private sector for data governance in smart cities. Public-private collaboration in digital governance includes all types of cooperative institutional arrangements between stakeholders in the public and private sectors. In Chinese policy documents, it is common to use government-enterprise collaboration or government-business collaboration to refer to public-private collaboration (Yang, Liu, & Zheng, 2020). Specifically, it includes procurement, outsourcing, and public-private partnerships. The type of cooperation governments choose depends on factors such as performance goals, costs, risks, and political pressures (Yang et al., 2020). Government procurement is mainly used for the direct purchase of products, services, or technological solutions by the public sector from companies (Allen, Gilles, and Roy, 2005). Outsourcing in the field of data governance typically refers to a portion of e-government construction, data management, and services delivery to firms or nonprofit organizations through contracting to achieve an efficient supply of public services. It usually includes general contracting mode and subcontracting mode in the process of smart city co-construction in China. Public-private partnership is the governance of relationships based on long-term cooperation, shared risks, and common goals between the public and private sectors (Efficiency Unit, 2008).

It is increasingly recognized that the smart city is not only about introducing advanced technologies but also addressing socio-economic challenges in urban environments. Hence, it is crucial to involve people and meet their needs and demands in smart city development (Nam & Pardo, 2011). There would be different degrees of citizen participation in smart city development, ranging from nonparticipation and consumerism to tokenism and citizen power (Cardullo and Kitchin 2019). There is a growing expectation for a citizen-centered approach to facilitating active participation and engagement of citizens. Recent studies explore the possibilities of governance based on a citizen-centered approach, emphasizing promoting civic engagement and citizen participation in democracy and city affairs (Bolívar, 2017). Some studies argue that this approach has improved the government’s capacity to provide proactive, precise, and personalized public services to citizens (Baesens, Bapna, Marsden, & Jan, 2014; Linders, 2012), whereas other studies criticize that the level of citizen engagement and public empowerment in smart cities is still inadequate (Paskaleva et al., 2017).

While previous studies were mainly conducted in Europe and North America, little research has been conducted to examine what kinds of data governance have been introduced and how they are implemented in smart city development in China. There are some studies that examined the data privacy issue of post-pandemic data governance by comparing the benefits and risks brought by contact tracing applications in China (Li, Ma, & Wu, 2022) and also studies on specific sectors such as the healthcare and finance industries (Li et al., 2019; Wang, 2022). It has not been investigated, however, how data is collected, shared, and used and how collaboration with stakeholders in society is implemented in China. Under the country’s peculiar institutional system, the socio-economic environment for data governance would be significantly different from that of other countries. In particular, it is not well understood how data governance is designed and implemented, how the government collaborates with private companies, and how the government facilitates citizens’ participation while addressing concerns about data security and privacy in smart cities in Cniha. In addressing these questions, this study analyses the case of Shenzhen by focusing on the institutional mechanisms of collaborating with local technology firms and encouraging citizen participation in the process of data governance in smart city development.

3. Methodology

This study is exploratory research that investigates the development of data governance for smart cities in China. The empirical analysis focuses on the experience of developing a smart city in Shenzhen. Our study examines the government’s roles in data governance, specifically, how the government cooperates with private enterprises in establishing open data platforms and how the government tries to facilitate citizens’ participation in providing and using data in the smart city.

Data for this study is primarily obtained from interviews and in-depth examination of relevant government documents and reports. To obtain information on collaboration between the government and private enterprises to develop open data platforms, we conducted two semi-structured interviews with the Cloud Service department of the Tencent Group, which is one of the largest providers of technologies and services to the Shenzhen government in smart city construction. The first interview focused on the experience of collaboration between the enterprise and the municipal government and collected detailed information on the modes of cooperation, how they coordinated with different sectors related to data governance, and how the company provided technical support after the platform started to operate. The second interview explored how the government uses the data platform to deliver public services, obtaining detailed information on data collection, sharing, and use, and policies and regulations on data security and privacy protection. In addition, we also analyzed government documents concerning government-enterprise collaboration and related policies.

To examine citizen participation in data governance, we looked at how the government encouraged citizens to participate in the Zhi Wang project based on communities. We obtained data on how the government decided to initiate the project and how the project was implemented by analyzing open policy documents. To further understand the details of policy implementation, we also analyzed internal government documents describing practical experiences on implementing the project at relevant departments in the Nanshan district, which was the first district in Shenzhen that introduced this project. These documents illustrate how the communities’ workers collected citizens’ information in their daily work, how citizens provided data to the data platform, and reflections on lessons from project implementation.

Finally, we examined policies and regulations on the application of data and concerns about data security and privacy. We obtained related data on policies and regulations from various sources in the public sector. These policies were introduced to facilitate the collection and sharing of data through the data platform to promote the use of data for economic activities while addressing societal concerns of the private sector and citizens in data governance.

4. Infrastructure development and e-government initiative

Shenzhen has been regarded as one of the pioneering cities in the development of smart cities in China. Relying on a solid foundation in information and electronic industries, Shenzhen has explored many practices related to data and initiated institutional innovation in data governance. In the past two decades, data governance in Shenzhen has moved from dealing with data fragmentation to facilitating the integration of data. Since the late 1990s, the Shenzhen government has been going through four major stages in smart city construction: constructing information and communication technology (ICT) infrastructure, accumulating E-government practice, initiating the Zhi Wang project, and developing an integrated network of data in the smart city.

Initially, the government in Shenzhen decided to invest in building ICT infrastructures in all districts of the city, which had not yet been covered with a comprehensive information system. Although the Internet was becoming popular worldwide, a shortage in ICT foundations was identified as a primary challenge for the city to pursue a smart city. After the first national informatization working meeting was hosted in Shenzhen in 1997, a series of projects for foundational communication networks and databases were initiated.

Entering the 2000s, Shenzhen shifted focus from building hardware facilities and infrastructure to promoting e-government systems. As one of the first pilot cities to offer e-government services in China (XinhuaNet, 2002), the city started to equip traditional public services with information and communication technologies. Different organizations in the public sector were able to communicate via online working platforms internally, while the government facilitated information sharing with the public externally. At the same time, citizens began to receive some civil services via the Internet without visiting public agencies in person. The early investment in ICT infrastructures functioned effectively in improving the efficiency of providing public services (Yi Lin, 2017).

The city, however, still faced many challenges. First, different departments within the government had problems in coordination with other sections to provide civil services. As these departments were not able to share data with other departments in a unified system, it was difficult to tackle issues that required joint efforts within the government (Wu, 2019). Second, digitalization was still limited to internal matters in the government, and the digitalization of public services to various sectors of society was not yet implemented. Third, the government was only able to provide public services via the digital system to residents with hukou, which did not cover more than 60% of migrant workers in Shenzhen (Statistical Bureau, 2010). As these migrant workers usually moved or changed jobs frequently, the city government did not have sufficient data on them to consider their needs and demands when making decisions. Hence, these residents without hukou were not able to fully enjoy public services provided by the government.

Despite the ICT infrastructure and e-government development, the systems of collecting, sharing, and using data in various sections of the government were not well integrated. Based on a comprehensive information network, the Shenzhen government intended to develop an integrated urban data platform (Yang, 2019). The scope of open data would be extended from internal sharing within the government to opening up data to the whole society. In this data platform, the major role of the government was expected to change from services provider to supervisor and manager (China Academy of Information and Communications Technology, 2019). At the same time, local high-tech enterprises were indispensable as technical suppliers and service operators, whereas citizens were mainly regarded as data providers and users of the data platform. The government had to promote collaboration with private enterprises and the participation of citizens in developing a smart city.

5. Data integration through the Zhi Wang project

In addressing the challenge of data fragmentation, the government planned to develop a smart city integrating various kinds of data. The Smart Shenzhen Planning Outlines was published in 2011 for the construction of a smart city (Shenzhen Industrial and Information Technology Bureau, 2013). Recognizing that data is a vital foundation of a smart city, the government considered integrating various types of data resources, including citizens as data providers. In 2013 the Shenzhen government proposed the Zhi Wang project, which means net weaving in Chinese, to assemble urban data sources based on communities (Shenzhen Industrial and Information Technology Bureau, 2013). The Zhi Wang project aimed to connect urban data on a grid basis by promoting collaboration with stakeholders. The schematic framework of the Zhi Wang project is shown in Figure 1.

Figure 1. The schematic framework of the Zhi Wang project.

The Zhi Wang project was implemented for social and community networks based on the core of the public information resources base. The public information resource base is a database that covers essential data on the population, administration officials, houses, and public events. Shenzhen has set up a unified public information resource base that can be accessed across government departments. The public information resource base operated relying on an information collection system in which data was assembled from the 15,000 community grids in the city through mobile intelligent terminals. All the information collected to the public information base was analyzed in the decision analysis support system to deliver public services to citizens efficiently (General Office of Shenzhen Municipal Committee of the Communist Party of China & General Office of Shenzhen Municipal People’s Government, 2014). The social network aimed to assess and process data, collect feedback, and manage social affairs online. The community network was more service-oriented, providing citizens with administrative, public, and business services. It also dealt with public opinion surveys, community-level decision-making, and elections of community residents (Li, Han, & Cui, 2014). The two networks supported each other; for example, government departments could incorporate views and opinions from the communities into decision-making in handling social issues. Ultimately, these two networks aimed to improve the administrative efficiency of government agencies and provide various kinds of public services to citizens in more convenient ways.

The Zhi Wang project addressed the fragmentation of data within the government by linking the various kinds of data held by different agencies into one public information resource base. The implementation of the project illustrated the central role played by the government in establishing the data governance of the smart city in Shenzhen. The government took a top-down approach to integrating and coordinating strategies, stressing holistic operation and cross-department collaboration in constructing the smart city (Li et al., 2014). All initiatives of the Zhi Wang project were designed and planned at the top level by the highest government agency. That helped break the information silos within the government and share relevant data. The whole-of-government approach made it possible to integrate public service channels consistently and allocate necessary resources systematically.

The government also played a vital role in clarifying institutional aspects of data sharing in the smart city. To address the problem of unclear authority and responsibility in data sharing, the government formally issued the Measures of Shenzhen Municipality for the Administration of Government Information Resources Sharing in 2015 (Shenzhen Municipal People’s Government, 2015). The policy has clarified that the municipality government owns the data collected by all departments of the government. The department that has collected specific data has the right to manage the data, whereas other departments have the right to use the data. The new measures have clarified that government data is shared among the departments by default. Special approval is required if any data are not to be shared. These measures addressed the rights of ownership, management, and use of government data and provided institutional guarantees for data sharing within the government (Shenzhen Municipal People’s Government, 2015).

Compared with the principal role played by the government, the participation of citizens was not explicitly emphasized in the Zhi Wang project. Citizens were primarily considered to serve as providers of data to the central database through the information collectors. Compared with traditional systems of public services in China, the Zhi Wang project effectively provided better public services to citizens by enhancing efficiency and accessibility. Under the top-down system of institutions in the country, it could be argued that the project has achieved a relatively high level of citizen participation, allowing citizens to make feedback and complaints to the public authorities. Nevertheless, citizens’ engagement in data governance has been very limited in the Zhi Wang project. Citizens were not actively involved in the operation and management of the data system, and the data collected in the system were not open to the public.

6. Data collection, sharing, and applications in the Shenzhen smart city

Based on the experience of the Zhi Wang project, the Shenzhen government started to develop a smart city for further collection, sharing, and applications of data. An open data platform has been established to collect a wide range of data covering various sectors and stakeholders and make them available to the public. Figure 2 shows the open data platform established by the Shenzhen municipal government with related data activities. Government departments and agencies are primarily responsible for collecting urban data (Wu, 2019). The data collected by these departments and agencies include a variety of data (TencentCloud, 2020a). For example, public security agencies, civil affairs departments, and medical authorities maintain databases on individuals related to their specific domains. Different government agencies also collect data about enterprises, including business registration, tax, social security, and those related to citizens’ daily lives. The public sector collects data through self-reporting, and community workers also collect data door-to-door. Other data collection channels include surveillance cameras and web crawling. Beyond data sharing among government departments, the processed data are open to stakeholders, including private companies, academic researchers, and citizens. The government has published standard-formatted data and application programming interfaces (APIs) from different agencies, such as education, finance, labor, and transportation (Data Management Bureau, 2022). The open data platform also provides other resources and tools for analysis and visualization to support the application of the data in the system.

Figure 2. Open data platform of the Shenzhen municipal government.

The structure of the smart city in Shenzhen is illustrated in Figure 3. All data are collected from three primary sources: the Supercomputing Center, the Affairs and Resources Center, and the District-level Data Center. The channels of data collection include Wi-Fi, the government internal network, the mobile network, and the narrowband Internet of Things (NB-IoT). The scope of data covers transportation, business, population, and education. The Urban Big Data Center processes data to build the data resources platform and generic support cloud platform, which support the operation and management of the smart city.

Figure 3. The structure of the smart city in Shenzhen.

All the data in the data platforms are basically managed by the government. While technology enterprises provide technical support for the government to build data platforms, they are not directly involved in collecting data (Tencent Cloud Employee, 2020a; TencentCloud, 2020a). In the early stage of operation, the enterprises that provided technical expertise were responsible for repair and maintenance (TencentCloud, 2020a). As the operation became stable, all the data were transferred to the government, and the data platforms have been operated independently from the private companies. It would also be possible for the government to set up a subsidiary to run the data platforms or seek technical help from the technology enterprises that have collaborated to develop the platforms (TencentCloud, 2020a). For example, the Shenzhen government’s service app Shen i Nin was initially developed and operated by Tencent (iShenzhen, 2020). At a later stage, the data was transferred to the government and managed by itself (TencentCloud, 2020a). Although this approach ensures that the government is in charge of data management, the government does not always have sufficient technical expertise or personnel for proper operation and maintenance (Shenzhen Government, 2022).

The collected data are provided for use by various stakeholders. The data are available through data platforms and other web portals, including i Shenzhen, Shen i Enterprises, Shen Governance Smart, and Shen Government Easy (Shenzhen Government, 2022). Data users are mainly government departments that require data to provide various services to the public (TencentCloud, 2020a). For example, the financial authorities primarily use the financial data for regulatory functions. Police would use the data to crack down on financial crimes. Other ways to use the data through the data platforms include using data for research purposes (TencentCloud, 2020a). Data involving sensitive data concerning privacy, however, are basically kept in the public sector. The government authorities claim that a high degree of confidentiality is maintained for data related to personal privacy, which is provided by citizens with informed consent. All the agencies and individuals need to undergo strict approval procedures to access the data. Once they have received approval, they can only access datasets that do not involve sensitive personal data, especially data concerning specific target groups with fewer than 20 people involved (TencentCloud, 2020a).

There are many issues and challenges in facilitating the use of data through data platforms. A significant obstacle to data sharing is coordination between different government departments. As they do not have well-established rules for sharing and exchanging data, it is still difficult to establish a comprehensive public data platform (TencentCloud, 2020a). In addition, data cleaning is also a considerable challenge. Much of the data cannot be presented as they are heterogeneous and need to be standardized to make them readily available for users to operate. Although the government information center usually takes care of this task, the sheer volume of data slows progress in open data management (TencentCloud, 2020a).

The establishment of data platforms has benefited significantly from collaboration with technology companies. The channels of their engagement include enterprise general contracting, subcontracting, and government purchasing (Tencent Cloud Employee, 2020a, 2020b). For enterprise general contracting, a large firm, also called a system integrator, usually signs an agreement directly with the government for the whole project. The company is responsible for the project and must undertake most of the platform development work. Local high-tech companies such as Tencent, Huawei, and Ping AN Technology are invited to bid for system integration projects. Some tasks in the project can also be subcontracted to other partners when available technologies or expertise are insufficient. The advantage of this model is that the general contractor takes full responsibility for the project. When there is a problem with the products delivered by subcontractors, the government can directly hold the general contractor responsible for the project without dealing with other companies involved. However, because there are many interested groups involved, the general contractor needs to balance the interests of stakeholders and bear greater reputational and profit risks in the event of product delivery problems. In the subcontracting mode, the general contractor signs agreements with multiple enterprises in different sectors to complete a project. The subcontractors include services operators, e.g., China Telecom, China Mobile, and China Unicom; hardware developers, e.g., Huawei; and software developers, e.g., China Electronics Technology Group, iFlytek, and Kingdee (TencentCloud, 2020b). The government can take advantage of enterprises in different fields, although the government needs to balance the relationships among various stakeholders. In the case of government purchasing, the government can obtain products from enterprises annually rather than setting up specific projects separately. This model is generally applicable to small-scale projects, as large projects would not be suitable for comprehensive purchasing by the government.

A key feature of data governance in Shenzhen is the close engagement of technology companies, particularly Tencent. They often participate in data governance as the builders of data platforms and also take charge of their maintenance and repair. With their advanced technology in data analytics and artificial intelligence, these technology firms have contributed to significantly increasing the capacity and efficiency of smart city systems. Even though technology firms are deeply involved and indispensable in developing smart city projects, their access to sensitive data must be strictly monitored and controlled. It is a crucial challenge for the government to balance utilizing the tech companies’ data processing technologies and protecting sensitive data from potential abuse by these private companies.

7. Policies on data governance for smart cities

7.1. Policies for protecting data security and privacy

As smart cities deal with increasing amounts of data due to the widespread application of data-intensive technologies such as IoT, AI, blockchain, and cloud computing, serious concerns have been raised about data security and privacy protection. During the lifecycle of data governance, different types of risks are involved concerning data security and privacy (Zhang, 2022). In data collection, personal data may be collected excessively or without proper consent. In data storage, personal data may be stored indefinitely or be leaked out. On data platforms, sensitive personal data may be disclosed, or governments may excessively focus on individual data, neglecting aggregate data. In data usage, different aspects of personal data may be aggregated by AI technologies, potentially leading to identifying individuals. These risks to data security and privacy would reduce people’s confidence in collecting, sharing, and using data in smart cities (Wirtz, Piehler, Thomas, & Daiser, 2016). Therefore, it is essential to establish an institutional environment balancing between facilitating the sharing and use of data and mitigating the risks concerning data security and privacy.

To encourage data sharing and use in smart cities in China, the government has started to introduce policies and regulations to address these concerns about data. The country’s digital industry has developed a complete value chain that covers data collection, storage, transmission, processing, and use (Chen, 2020). However, the institutional arrangements concerning data security and privacy protection in China were lagging. There were few laws and regulations for the public and private sectors to follow in data-related activities.

Responding to this challenge, the Chinese government has recently introduced a series of laws and regulations for data security and privacy protection. The Cyberspace Administration of China released a new regulation on data security, the Data Security Law, in September 2021 (National People’s Congress of the People’s Republic of China, 2021b). Compared to the Cybersecurity Law introduced in 2016, the Data Security Law provided legal protection for personal information and essential data. Prior to its release, China had published several policy documents on the protection of personal information. These policies, however, did not possess explicit legal force for implementation. Therefore, the Data Security Law is considered the first legal regulation on data security in China (Jiang & You, 2019).

The Data Security Law concerns the whole lifecycle of data governance, including the collection, storage, transmission, processing, and use of data, as well as the protection, supervision, and administration of data security (State Internet Information Office, 2019). For data collection, network data operators need to formulate and inform rules about the storage methods and retention period of personal data before they collect them. For data processing and use, the network operators need to ensure data users’ consent and timely responses to users. For supervision and regulation of data security, the Cyberspace Administration of China and relevant departments of the State Council are responsible for the security protection of data provided by network operators. Network operators are required to inform users when security incidents occur promptly. When network operators violate the laws, punishment measures such as confiscating income or suspending operations will be implemented (National People’s Congress of the People’s Republic of China, 2021b). The Data Security Law has also introduced a data protection system according to different types and significance levels of data (National People’s Congress of the People’s Republic of China, 2021b). These provisions clarified the requirements that private companies must comply with when engaging in data-related activities.

There are still challenges that remain in the law with regard to data security. For example, the feasibility of implementing regulations and policies needs to be considered carefully in the context of smart cities. The number of subjects and the volume of data would be overwhelming due to the dynamic nature of real-time data and the wide range of network operators. The proposed record system to review and manage the data security mechanism for network operators might be challenging to implement. Also, compared with the significant fines that can be imposed on companies in the EU, the measures introduced in China enforce relatively weaker penalties, which are only limited to warnings and exposure to the public.

For privacy protection, the Chinese government adopted the Personal Information Protection Law in August 2021, which came into force in November of the same year (National People’s Congress of the People’s Republic of China, 2021a). The law is the country’s first comprehensive legislation on personal information and data privacy, which could be regarded as similar to the General Data Protection Regulation of the European Union. The law regulates that installing image collection and personal identification equipment in public spaces should be for public security. The collected personal images and identification information can only be used to maintain public security and may not be used for other purposes unless obtaining individual consent. It also stipulated in the law that government agencies also need to follow the regulations.

It is crucial, however, to ensure how to regulate the government’s power in data governance. The laws and regulations are ambiguous in identifying and monitoring whether the government does not abuse the collected data or violate personal privacy. Although the public authorities need to obtain consent from citizens before collecting or using their data, that would not be sufficient to constrain the government’s power. As the process of acquiring and managing data by the government is not entirely transparent, it would be difficult to identify or prosecute any misconduct in practice. As there are many ambiguities creating regulatory uncertainty, it remains to be seen how stringently the law will be implemented and what consequences will be made for protecting the privacy of citizens.

7.2. Policies for promoting data exchange and applications

While data security and privacy protection are increasingly emphasized, data are also expected to contribute to stimulating innovation. Hence, a significant challenge in data governance is encouraging stakeholders to share and use data for various applications, including economic and social purposes. It is crucial to clarify the conditions and requirements for handling data so that data users can be assured of protecting their data assets. Intending to address this issue, the Shenzhen municipal government issued the Data Regulations of Shenzhen Special Economic Zone in July 2021 (Standing Committee of People’s Congress in Shenzhen, 2021). In this legislation, a specific framework for data markets has been introduced to facilitate the exchange of data. That has brought a new perspective that the smart city requires serious consideration and clarification in dealing with data for economic and social development.

A fundamental challenge in protecting data assets is clarifying the definitions and categories. The Shenzhen Data Regulation elaborates further on data classification, data activities, and security guarantees, taking forward many issues introduced in the Data Security Law. For example, the regulation distinguishes public data from government data. Public data refers to various types of data collected, generated, recorded, or saved in a particular form when government agencies provide public services (Standing Committee of People’s Congress in Shenzhen, 2021). Therefore, the definition of public data is broader than that of government data. Even though data may not be controlled internally by government departments or come from private sectors, they can be regarded as public data as long as they are used for public purposes.

The data regulation in Shenzhen also provides a legal basis for public management and service agencies to acquire external data from private enterprises (Standing Committee of People’s Congress in Shenzhen, 2021). Further clarification would be required about how much the government should pay for the data procured from external organizations and whether data services integrating data possessed by the government and private enterprises can be provided (Lovells, 2021). Nevertheless, these innovative regulation measures indicate that the city intends to utilize all the data in society as far as possible. With a shift from e-government to data platforms and the smart city, data resources have expanded from government data to diverse types of data, including the Internet and enterprise data. Government data platforms that were only for internal use are now integrated into city-wide big data platforms that provide data for stakeholders in society to use.

Recognizing personal data rights is also crucial for protecting data assets. Provisions on data rights for stakeholders in society have been provided in the data regulation in Shenzhen. In particular, personality rights have been specified for individuals dealing with their personal data, which would help them control the commercialization of their data. However, it is still unclear whether individuals have the right to benefit from the transactions of their data (Lovells, 2021). Data companies also have the data rights to the data they collect legally and the copyright of the data they produce. Overall, the data regulation has initiated an innovative approach to data governance, as the concept of public data is clarified and data rights are recognized for individuals and private enterprises. There is still a lack of detailed instruction about what can be categorized as public data. Moreover, the definition of personal data is not necessarily consistent among different policies and regulations. That could confuse private enterprises in implementing data security management and privacy protection and discourage sharing and using data to create innovation, as expected in implementing the policy.

The use of data for fostering innovation needs an institutional environment where economic transactions of data can be conducted in a reliable and consistent manner. Addressing this issue, the Communist Party of China Central Committee and the State Council published the Opinions on Improving the Allocation Systems and Mechanisms of Marketization of Production Factors in April 2020 (XinhuaNewsAgency, 2020). Data has been recognized for the first time as a new factor of production, regarded as equal to land, labor, capital, and technology. Specific regulations were called for on the incubation of the data market and the measures for data pricing. For an environment conducive to the marketization of data, it is crucial to implement regulations concerning data handling, integrate government and public data, and facilitate the commercialization of data applications.

Measures to establish a data trading system have been introduced in the data regulation in Shenzhen. That contributed to clarifying the scope and standards of data trading. It is explicitly prohibited to trade data products and services containing personal data obtained without legal authorization or public data that has not been legally released. Rules for data trading and information disclosure need to be developed for platforms. They are required to maintain a secure, controllable, and traceable trading environment with explicit measures to protect personal data, trade secrets, and important data specified by relevant regulations (Lovells, 2021).

A critical element of an institutional arrangement that facilitates data transactions is the pricing of data. Previously, there were very few practices of properly pricing data for economic activities in China. Shenzhen has become the first city to pilot statistical accounting of data production factors (Shenzhen Special Zone News, 2021). In January 2021, the municipal government released the Implementation Plan to Carry Out the Pilot Project of Statistical Accounting of Data Factors (Shenzhen Business Daily, 2021). An accounting system for data factors would include a statistical accounting methodology, a statistical reporting system, and a digital GDP accounting methodology. Cooperation has recently been initiated between government agencies such as the Data Bureau and local digital technology companies, including Ping An Smart City, Shun Feng Technology, and WeBank, to develop such methodologies.

There remain many challenges in facilitating the sharing and use of data. For data sharing, there are insufficient incentives for private sectors and citizens to provide their data. Under the principle of voluntary data provision, private enterprises or individuals may not necessarily be willing to provide their data or might provide inaccurate information. For data openness, many data sets are not presented in forms that would make it easy for enterprises and individuals to apply the data for various purposes. Also, data need to be standardized to enable broader use of data for different purposes and applications. Although the government information center would usually be in charge of this function, the sheer volume of data slows down the progress in the open data platforms. Furthermore, the value of data is not necessarily recognized appropriately in the private sector. For enterprises participating in the smart city, their data assets are hard to evaluate, discouraging exchanging and utilizing data to facilitate innovation through collaboration with other stakeholders.

8. Conclusion

Data governance is a critical issue in developing smart cities. There are few previous studies, however, that analyzed actual practices of data governance in smart cities in China. More specifically, little empirical research has been done on what kinds of institutional arrangements are introduced for data governance, how data openness promotes innovation, and how potential data security and privacy risks are addressed. This paper conducted an exploratory study to examine the development of data governance for smart cities in China by taking the case of Shenzhen as a leading example. Shenzhen has initiated novel policies and introduced innovative concepts, such as sharing principles and data rights, ahead of most cities in the country. A detailed analysis was conducted on the practice of data collection, sharing, and use while addressing concerns about data security and privacy. Moreover, we discussed citizens’ participation in the smart city development and the public-private cooperation in constructing and maintaining the data systems.

Compared with other countries, data governance for smart cities in China places a particular emphasis on the centralized approach led by the government. In Shenzhen, data governance has evolved from addressing the fragmentation of data among government divisions to fostering the integration of various kinds of data in society. The municipal government has played a significant role in collaborating with technology enterprises to co-construct the open data platforms through various modes of contracting and outsourcing. With these arrangements, the Shenzhen government intended to build an integrated data governance system covering various sectors of society. The Zhi Wang project was an initiative to develop open data programs with enterprises through public-private partnerships and collect data from the public. Open data platforms have allowed the municipal government to share public data with enterprises and the general public for various applications. The municipal government has also started to introduce specific standards and rules to protect data security and privacy, implementing the general policy framework provided by the central government. Measures to facilitate data trading through market mechanisms have been initiated while citizens are now recognized to have data rights as data providers and owners.

Despite these developments, many challenges remain facing data governance for people-centered smart cities in China. While various kinds of data are collected in the smart city, citizens are not necessarily informed well of what kinds of data are actually collected and how these data are processed and used for what purposes. Institutional mechanisms have not yet been established firmly to ensure that the data collected from citizens are properly handled by the public authorities and are not used for purposes other than providing public services. Also, citizens would not necessarily have sufficient knowledge or expertise to make use of the data available through open data platforms. It is crucial to explore ways to encourage active engagement of citizens in data governance so that their views and preferences can be reflected adequately for the people-centered approach to smart city development in China.

There are some limitations recognized in this study. The information used in this study mainly comes from open information sources of the government and public agencies and interviews with a technology company that has closely collaborated with the government in smart city development. Views and opinions of other stakeholders, including citizens, are not incorporated into the discussion. Further research is necessary to examine to what extent citizens are satisfied with the policies and regulations concerning data governance, particularly with regard to data security and the protection of privacy. Although a broad historical overview of data governance in Shenzhen is provided in this paper, the city’s smart city development is still evolving rapidly, which would require continued investigation. To better understand data governance in China, future research could focus on more specific aspects and explore emerging institutional arrangements and policy measures.

Ethical approval

This research has been approved by the Human Participants Research Panel of the Hong Kong University of Science and Technology (HPR #451).

Disclosure statement

No potential conflict of interest was reported by the author(s).