Scientists must be ethical and conscientious, always. Data bring with them much promise to improve our understanding of the world around us, and improve our lives within it. But there are risks as well. Scientists must understand the potential harms of their work, and follow norms and standards of conduct to mitigate those concerns. But network data are different. As we discuss in this chapter, network data are some of the most important but also most sensitive data. Before we dive into the data, we discuss the ethics of data science in general and network data in specific. The ethical issues that we face often do not have clear solutions but require thoughtful approaches and understanding complex contexts and difficult circumstances.

Data is the lifeblood of the digital economy. Much of the data in use today is generated by the everyday activities of consumers as they communicate, shop, travel, work, or engage in routine interactions with other consumers, businesses, and government entities through digital systems, platforms, and media. This has led to an enormous accumulation of data about individual consumers that can directly or indirectly provide information about their characteristics, preferences, activities, or behaviors.

The EU’s actions show how the exercise of extraterritorial jurisdiction by one actor (the EU) based on local approaches to human rights standards and specific values (privacy and the protection of personal data) could lead to the convergence of values and laws on the global stage. Likely directions are decreasing territorialism or broad interpretations of ‘territory’, increasing elevation of fundamental rights to the disadvantage of certain competing interests, and the EU acting to set a high global data protection norm, enabled by the fundamental right to data protection conditioning its exercise of extraterritorial jurisdiction. Convergence could be resisted. If, however, the EU’s reach were strong enough to avoid or counter resistance, this would ultimately lead to fewer conflicts in jurisdiction as global standards would converge and, even in the EU–US data privacy law interface, commonalities and shared approaches to rights protection would emerge.

This chapter explores the ways in which personal data and digital assets might be misused by strangers and third parties in the context of asset management. As global asset management markets move increasingly to handling investments with the aid of autonomous platforms and algorithms, it is important to be able to identify entities, investors and their agents. Decision-making and transactions need to be trackable. Asset and wealth managers also gather, store and use the personal information of their customers. At the heart of these arrangements is trust. However, the threat of cyberattack or systemic failures gives rise to the question of who should be made liable when losses arise from malicious or negligent data breaches. Often, it is not possible to identify a nefarious individual. Importantly, in the context of asset management, liability for knowing receipt, knowing dealing or knowing assistance may attach to persons dealing with trustees and other types of fiduciaries. This is not an area of law to which a universal regime of absolute liability applies. For this reason, it is useful to identify types of risk and the means to address them.

This final chapter does not cover any new principles; instead it presents case studies that have a huge global impact in terms of both managerial and government decision making. These case studies relate to: the role of big tech firms in the economy and the opportunities and threats that they present; the problems that the Covid-19 pandemic has posed for governments at the global level; and the problems that climate change is posing for both governments and firms, again at the global level. The last two cases involve geopolitical issues that go beyond the scope of the text, but it is important for managers to have a general appreciation of these issues in order to anticipate government policy and respond appropriately. The questions at the end of the case studies are intended to prompt students to utilize principles explained throughout the text to develop an understanding of the relevant issues and determine optimal courses of action.

This chapter demonstrates the extent of the data protection problems in China, and the public’s growing concern about loss of privacy and abuse of their personal data. It proceeds to show that under China’s Cyber Security Law, the government has responded to this issue by strengthening ‘data protection’ from abuse by private companies but without shielding ‘data privacy’ from government intervention. In particular, enforced real-name user registration for online services potentially allows the Chinese government to demand access to the local data of any person who uses an online service in China, for national security or criminal investigation purposes. The chapter argues that this internal contradiction within the Cyber Security Law – increased data protection while demanding real-name user registration – may also benefit AI development. This is due, in part, to the vagueness of key terms within the Cyber Security Law, and the accompanying fuzzy logic within the Privacy Standards issued under that law, which allow both tech firms and government regulators considerable discretion in how they comply with and enforce data protection provisions. In the final part of the chapter, it is argued that due to the potential benefits of AI in solving serious governance problems, the Chinese government will only selectively enforce the data privacy provisions in the Cyber Security Law, seeking to prevent commercial abuse without hindering useful technological advances.

The key provisions of China’s Cyber Security Law relating to data localisation and data exits still allow for competing interpretations by regulators, which makes compliance difficult, even in 2021. The further attempt to include ‘backdoor’ keys to encryption in this law is also noted, although foreign companies have managed to exert some influence on this point and other implementation issues. The Cyber Security Law is an important and high-profile development in Chinese cyber policy history. It created much more controversy than the Anti-Terrorism Law explained in the previous chapter. In recent years, China has gradually adopted a series of laws, regulations and macro policies in the field of cyber security and data protection aimed at turning the country into a ‘cyber superpower’ and boosting its digital economy. The Cyber Security Law, which came into partial effect from 1 June 2017 (with an official 18-month phase-in period for the data localisation provisions), is a milestone in the development of China’s legal framework for cyber security and data protection. The law also provides further evidence of the inherent tensions underlying the innovation policies described in Chapter 3. However, vague regulations allow regulators leeway to adjust their aims in response to broader economic and political trends by means of implementing rules. Finally, clarifying the vaguest provisions in the Cyber Security Law through more transparent rules may provide an opportunity for the Chinese government to decide which way it is heading: towards further innovation or further restriction beyond the ongoing US–China trade war.

Much has changed since CompuServe introduced its “Electronic Mall” as the first major retail e-commerce platform in 1984. Digital technologies have driven down costs and improved access and opportunities for producers and consumers, manufacturers and farmers, and above all, users. Digital technologies have transformed how a large part of the global economy operates. A broad range of goods are now digital and thereby intangible, being made up of bytes. Likewise, many services that previously required costly face-to-face contact between the firm and consumer are now available remotely.

Technology has opened international trade – in the form of e-commerce – to a broad range of firms and sectors that beforehand would have been the sole domain of larger multinational companies. Most importantly, technology and the Internet reduced the transaction costs and information asymmetries associated with international trade. Social networks like Facebook and Twitter and search engines like Google and Bing give large and small businesses alike easy ways to advertise services to people around the world.