Introduction
“He who controls the data, controls the future.” – Yuval Noah Harari
But who really controls the data- the citizen, the state, or corporations?
Internet Regulation across the globe varies significantly, with the Great Firewall of China and the General Data Protection Regulation of the European Union (GDPR) representing two extreme models. China’s model represents State Control, while the European Union is individual-centric and strongly emphasises data protection. This blog will explore two contrasting approaches to internet regulation—China’s strict state-controlled censorship and the EU’s user-centric GDPR.
What is the Great Firewall?
These are the measures implemented by the Chinese government to regulate the flow of information on the Internet within the country. It is officially known as the Golden Shield Project, justified by the State as a tool for social harmony, but critics argue it violates international human rights norms. As China’s censorship measures continue to evolve and grow, their primary objective remains the preservation of the Chinese Communist Party’s (CCP) dominance, control, and cohesion. Access to such controlled information leads to the Internet becoming a medium of government propaganda.
How does it work?
The GFC works through various measures like
IP Blocking: Specific IP addresses are blocked.
DNS Filtering : Involves tampering with DNS.
Keyword Filtering: Certain Keywords are automatically blocked.
Deep Packet Inspection (DPI): this not only filters unwanted traffic but also enables state-level surveillance, blurring the lines between national security and privacy invasion.
Critical Consequences
- The GFC’s restrictions turn the Internet from a tool of empowerment into a control mechanism. It creates a chilling effect on expression. Is national sovereignty a justifiable reason to curtail the universal right to freedom?
- The GFC brings several noteworthy challenges, especially for foreign companies that have a user base in China, leading to slower load times. The GFC has turned China into a Surveillance State where Advanced Surveillance breaches the privacy of constantly monitored citizens.
GDPR: The Guardian of Digital Privacy
EU’s General Data Protection Guidelines (GDPR) acts as a landmark lawaiming for transparency and openness. It replaced the 1995 Data Protection Directive and went into effect on May 25, 2018. It is said to be the most comprehensive privacy law in the world. It applies to all the businesses operating in the EU or processing data of EU residents. It covers individuals’ personal data, including names, email addresses, and biometric data. The EU’s recently proposed Artificial Intelligence Act is also a key development in privacy law aimed at addressing ethical concerns.
Before the introduction of GDPR, European data protection laws were fragmented, and enforcement was ineffective. While GDPR is a robust model, its implementation is costly causing burden in small businesses, and ambiguities in cross-border enforcement raises questions about global feasibility.
Key principles of the GDPR include Consent, Data Minimisation, Transparency, Right to Erasure, Right to Access & Accountability. Individuals must consent to use their personal data and can withdraw from it whenever they like.
Cross-border data transfers (Articles 44-50). In May 2023, Meta Platforms Inc., the parent company of Facebook, was fined 1.3 billion $ in violation of Europe’s Data Privacy regulations.
Critical Assessment: Is GDPR a Global Blueprint or a Regulatory Burden?
GDPR has significantly increased data security, and organisations are becoming more serious about securing their data. It is a landmark law that has set an international data protection standard and influenced many nations to develop privacy laws. Companies using AI are under a great threat as they are also subject to GDPR’s principles. As of March 2025, several noteworthy developments have been made, leading to intensified enforcement actions. In 2024, the Dutch Data Protection Authority imposed a £245 million fine on Uber for unlawfully transferring the sensitive data of its European citizens to U.S. servers without sufficient protective measures. This penalty stands as the highest ever issued by the Dutch regulator.
Manifestations of Internet Balkanization
Content Availability: Different users see different versions of the Internet based on their current location. Competing protocols and technologies create compatibility issues.
Digital Services: Region-specific platforms are emerging where the State blocks or restricts global ones, prioritising national interest over individual rights. User experience becomes divergent based on their citizenship and location.
Consequences of Balkanization
Reduced Innovation: Limited cross-border data flows.
Higher Costs: Companies are mandated to provide multiple versions to stay in the market.
Digital Divide: Creating new inequalities based on access to information due to different citizenships.
Middle Paths and Hybrid Approaches
A wide range of other countries are adapting both approaches or following new paths of their own:
- India’s Approach: Adopting user rights enforcement like the GDPR while implementing data localisation mandates like China.
- Otherwise, controlling content and embracing a business-friendly digital atmosphere like in Singapore.
- Driving Canada’s privacy laws into the digital age with a practical, risk-based approach.
Conclusion: Which Model would you consider to be better?
It is better to seek an answer to a more urgent question, i.e., Can a third way exist that balances national interest with individual rights? The two models here represent two societies. The future of censorship and online speech will depend on our current choices and how we react to State control.
The GDPR and GFC are opposite approaches. The GDPR prioritises individual freedom and serves as a landmark law in digital privacy. In contrast, the GFC, at the expense of individual freedom, suppresses its citizens from global knowledge, and the Chinese Communist Party’s interests prevail. While serving as a model for other authoritarian governments aiming to seize control of their online spaces, the GFC has effectively maintained social order and governance in China’s internet sector.
Both systems come with significant trade-offs and both, despite their differences, contribute to the growing balkanization of the internet. China’s approach creates explicit borders in cyberspace, while the EU’s extraterritorial regulations create de facto boundaries based on compliance capabilities.
Author: Vansh is an LL.M. candidate specialising in Cyber Laws and Cyber Crime Investigation at the National Forensic Sciences University, Gandhinagar – an Institute of National Importance.
