Data as a Strategic Asset: Chinas New Paradigm Shift in Production Factors

China has emerged as a global leader in data generation, boasting 1.1 billion internet users and government initiatives aimed at digital governance. According to an article from The Economist, the authorities are positioning data as a vital resource alongside labor, capital, and land.

Facial recognition infrastructure and a centralized personal data market are integrated not only within the economy but also in the national security framework. This strategy poses both challenges and lessons for democratic nations.

Chinese President Xi Jinping has referred to data as a critical asset that can significantly impact global competition. His viewpoint encompasses a wide array of sectors, from civil rights to the revenues of IT companies and China’s aspirations in artificial intelligence.

Implementation of this vision is underway. In 2021, China introduced regulations modeled after the European General Data Protection Regulation (GDPR) but is now diverging from Western standards.

Currently, a massive project is underway to analyze large volumes of data in state-owned enterprises. The aim is to assess these data sets as assets to be included on balance sheets or traded on national exchanges. On June 3, the State Council announced new rules mandating all levels of government to share information.

Another component of this broader strategy is the digital identifier set to launch on July 15. This system will enable central authorities to monitor the registry of websites and apps used by individuals.

Tech companies that previously controlled this information will find it increasingly challenging to link identities to online activities; they will only encounter anonymized streams of data.

The ultimate goal for China appears to be the creation of a «national ocean of data,» which encompasses consumers, industries, and governmental operations, as noted in the article.

Among the advantages of such an approach are reductions in AI training costs and lower barriers for small new firms entering the market. However, a significant downside is the inefficacy of centralized data management.

Previously, the Shanghai police suffered a breach, losing 1 billion records due to hackers, including names, addresses, birthplaces, national IDs, phone numbers, and criminal records. This database was put up for sale for 10 BTC, an insignificant amount when divided among the individuals affected—just a few cents for a complete dossier.

This new system could replace the current online monitoring structure, where lower-level law enforcement officials often overstep their authority.

Personal data constitutes a vast market spanning multiple sectors:

Due to ineffective security measures in private companies and public institutions, information on tens or even hundreds of millions of individuals is readily available online.

A stable pricing system for various categories of personal data has emerged in the black market. Costs can vary significantly—from a few dollars for social media accounts to thousands for access to bank accounts or private databases. Information about Chinese citizens has become accessible and affordable due to leaks and internal trading, especially for casual inquiries.

In many instances, vendors acquire confidential data by hiring insiders from Chinese surveillance agencies and government contractors, then resell this access without scrutiny to online buyers. Consequently, an ecosystem has arisen where, for a modest fee, anyone can request phone numbers, bank details, information about hotel bookings, flights, or even the whereabouts of certain individuals, with transactions often conducted in cryptocurrencies.

The abundance of data, such as scans of passports and driver’s licenses, has led to a drop in their value on dark web markets. A copy of a Russian identity card, for instance, sells for an average of 100 rubles, while a package of multiple documents can be bought for 300 rubles. In contrast, the average price of a scan of a U.S. passport on international platforms is around $50, while a Russian passport goes for approximately $80.

Cybercriminals frequently sell complete sets of personal data, which can include full names, birthdates, addresses, document numbers (passport, driver’s license), tax and social identifiers, banking information, and more. Such profiles are particularly valuable as they can be immediately used for identity theft, loan applications, and other fraudulent schemes. In 2024, the price for a single set on the black market ranged from $20 to $100 or more.

In China’s underground, services have sprung up that provide access to official data. By recruiting insiders from government bodies, intermediaries sell access to registries—for a few dollars, one might obtain a history of registered addresses or marriage data. For a larger fee, scans of documents like passports or driver’s licenses can be bought.

Such «online background checks» essentially monetize the state surveillance system. Researchers indicate that ads seeking collaboration with employees of the Ministry of Public Security, civil administration, banks, and other institutions are openly displayed in Chinese channels. Access to this data can fetch rewards up to 70,000 yuan daily (approximately $10,000), highlighting a significant shadow demand for personal information even within the country.

Contact details (mobile numbers, email addresses, postal addresses) often leak en masse and are sold wholesale. Since individual pieces of information hold little value, the price for larger lists is low. For example, a breach involving hundreds of thousands of email addresses may sell for just $10. In 2018, dark web marketplaces offered 200 million records containing personal information of Chinese citizens (including around 130 million customers of the Huazhu hotel chain).

The surplus of contact information has caused its value to fall in recent years. In 2014, a basic package of information about an individual was valued at an average of $4, while by 2025, it dropped to just $1.

Far more valuable than the phone number itself is the ability to quickly retrieve information linked to it—such as knowing the full name of the owner, current or past locations, and call logs. In the Russian segment of the internet, Telegram bots and private providers charge around 2,000 rubles for a single search, while in China, underground services offer similar data for just a few dollars.

One study revealed that in a Chinese Telegram channel, one could pay an equivalent of $50–100 to access all bank accounts registered to a specific phone number, related services such as WeChat and Alipay, and recent geolocation data of the subscriber.

The black market is rife with compromised accounts from popular services, with prices varying based on account significance (number of followers, linked payment methods, etc.).

According to a report from Privacy Affairs, a hacked Gmail account usually sells for around $60, while Facebook or Instagram accounts go for about $25. The low price is attributed to the sheer volume of leaks—countless stolen logins and passwords are in circulation.

Less common or more privileged accounts fetch higher prices: for instance, a hacked Uber driver account might sell for about $30, while a «premium» Airbnb account could go for around $300.

Even basic information such as card numbers, CVV, expiration dates, and the owner’s name can be listed for sale, albeit at low prices if they belong to older leaks. On shadow forums, a stolen credit card number might cost around $3. A full set of data on a card with a balance of up to $5,000 is valued at approximately $110–120.

Access to online banking accounts is even pricier. Accounts with low balances (up to about $1,000) may sell for $200–500, while those with significant balances go for $1,000 or more. Fully verified accounts with payment systems and cryptocurrency exchanges can cost hundreds of dollars: a hacked Revolut account is valued at about $1,600, a Kraken account at around $1,170, and a Coinbase account at $250.

Medical records rank among the most sensitive data, thus retaining a high value in the black market. Electronic health records contain not only personal information but also medical histories, test results, and insurance details. These can be exploited for fraud or extortion. Based on estimates, the average price of a medical record in the dark web hovers around $250, with some cases reaching between $500–1,000.

The average «market» price for a medical record in 2024 was approximately $60. A Social Security number in the U.S. was sold for around $15, while credit card data went for about $3.

This indicates that healthcare information is valued several times higher than «regular» data. The CEO of Qualys emphasized that breaches of medical information are «far worse than most others,» which cybercriminals understand.

By 2025, there was a noted increase in demand for biometric identifiers. Where passwords and documents were once the primary targets, criminals are now focusing on immutable traits—fingerprints, facial patterns, voice samples, and iris scans.

On specialized forums, sets of stolen biometric data are already being offered for sale: for instance, a complete set of an individual’s fingerprints can be sold for just $3–5, while a digitized facial image (for recognition systems) might cost between $5–10 per entry.

Biometric data linked to financial accounts—such as fingerprints, facial photos, and voice samples—can range between $25 and $100 in price.

Other personal data circulating on the black market includes home addresses, dates of birth, tax identifiers (like the Individual Taxpayer Number, SNILS, SSN), insurance policy numbers, and employment or education information. These data are typically sold not individually but as part of the broader categories examined here—leaked databases, complete dossiers, or document packages.

Basic personal data without financial information—such as client lists with names, addresses, emails, and phone numbers—are valued cheaply at about $5–15 per person.

Databases from governmental entities (like lists of registered voters, vehicle owners, taxpayers) also regularly appear on shadow resources. Prices vary based on relevance and volume. For instance, a voter database from a U.S. state was offered for about $100, while similar lists could sometimes be released for free.

Many nations are working to address the issue of data management and oversight. According to The Economist, the Trump administration may consider hiring the private tech company Palantir to consolidate government information. The EU may need to revisit GDPR regulations. India’s Aadhaar identification system emphasizes privacy, sometimes at the expense of potential economic growth.

In democratic nations, establishing a large-scale, effective data management system is more challenging—it must navigate a balance of checks and balances while ensuring the protection of property rights, privacy, and civil liberties.

China, on the other hand, may focus less on these complexities, constructing an effective dystopian surveillance system. For decades, it has acted as a «fast follower» of Western innovations. If the PRC begins to demonstrate the financial value of its «national ocean of data,» its centralization method could pose not only an economic but also a political challenge.

As a reminder, in March 2025, following the surge in popularity of AI models like DeepSeek, some staff members at the startup had their passports confiscated and were prohibited from traveling abroad freely.