Viewpoint: Internet Judiciary and Data Property Rights

Summary
Unclear data ownership and distribution rules have become the biggest institutional obstacle to the development of the digital economy. To correctly discuss the issue of data ownership, we first need to clearly define the three concepts of privacy, information and data. The biggest difference between personal information and privacy is that personal information emphasizes the right to self-determination, while privacy protects personal peace from being destroyed; and the difference between information and data is that information belongs to content, and data is the carrier for storing information. Based on the above differences, corresponding protection paths should be adopted: First, the nature of personal information should be clarified, and personal information rights should be recognized. The main emphasis on information protection is personality and legal interests, rather than protecting personal information from being destroyed. It is advocated that individual consent should be used as an individual The balance of information processing; secondly, the definition of data property rights is the key to protecting data security, and advocates a binary model that distinguishes data ownership and usufruct rights. Users, as data originators, have data ownership, and platforms, as data processors, have data usufruct rights. right.
With the significant changes in today's digital economy and information society, the construction and development of the Internet industry cannot be separated from the assistance of Internet justice and data property rights. At a time when data has become the fifth major factor of production, data ownership still lacks a clear definition in legislation. Scholars have divergent opinions on the nature of data and the distribution of data ownership. In this regard, Internet justice, especially the review work of the Hangzhou Internet Court, plays a very important role in promoting the confirmation of data rights.

1. The differential pattern of privacy and data

Although the three basic concepts of data, information and privacy often appear in the development process of the digital economy, these three concepts are entangled with each other and present a state of confusion, so that it is still unclear whether the three can replace each other in legislation. Further research is needed. Therefore, clearly defining these three concepts is an important prerequisite for top-level data design.

In terms of legislation, Article 1032 of the Civil Code not only regards privacy as a type of legal right, but also constructs privacy as a natural person's private life peace and private space, private activities, and private information that he does not want others to know. In addition, the Civil Code also adds Article 1034 as a general provision for the protection of personal information, with the purpose of ensuring the tranquility of the private life of natural persons. Personal information that is private is also protected by the right to privacy. This establishes a basic pattern of concrete and abstract privacy protection in the modern Internet era.

In practice, whether it is people's cognition, media reports or scholars' research, as long as information is mentioned, attention will naturally be paid to the content of the information, especially sensitive information. The content of information covers a wide range, and the private content involves privacy. Therefore, if the three concepts of data, information, and privacy are not clear, it will obviously hinder social and economic development.

(1) The distinction between information and privacy

Can information and privacy be distinguished by certain standards? According to Article 1034 of the Civil Code, if the relevant information constitutes private information, the provisions on privacy rights shall apply. Is there any content in the personal information that is not private information, so that the provisions on personal information in Articles 1034 to 1039 of the Civil Code apply? When privacy protection is higher than personal information, is it still necessary to discuss the protection of personal information? For example, are email addresses, mobile phone numbers, home addresses, and dates of birth considered private? Are the biometric information and health information involved in the ID number private information? The first difficulty to be solved is the degree of certainty and distinction between the protection of general personal information and the protection of private privacy rights.

Article 4 of the European Union's General Data Protection Regulation mentions "personal data", and "personal data" and "personal information" are the same concepts that support each other. Those who make no distinction. The boundaries between personal information, personal data and privacy are blurred and intertwined, creating a chaotic state. If you want the three concepts in a chaotic state to form an ordered state, you should first try to make the three concepts form a differential order pattern.

The concepts of personal information and privacy are different, and personal information cannot be simply confused with privacy. Private information is private, but personal information also contains some information that is not private. Although this type of information should not be protected according to privacy standards, it should still be protected at the personal information level. Take phone numbers as an example. Many people think that phone numbers and names are not private, because the main purpose of phone numbers is for social communication. The phone number is convenient for contacting each other and for providing services to third-party service industries including Meituan Takeaway APP, etc. Therefore, as personal information serves as the basis for transmitting information and supporting normal social interactions, it is necessary to not only strengthen the protection of personal information rights and interests, but also promote the use of personal information. The biggest difference between personal information and privacy is that privacy requires protecting private life and peace, while personal information requires both enhanced protection and enhanced use. In terms of protection, the emphasis on personal information is to emphasize the so-called right to self-determination. For example, in the "WeChat Reading" case, the judge talked about the difference between machine-readable and human-readable information. Human-readable information belongs to privacy, while machine-readable information belongs to personal information.

The extent to which personal information and privacy are protected by law varies. Personal information mainly focuses on the identifiable nature of social interactions, and individual informed consent is required before using personal information. Privacy focuses on protecting the tranquility of personal life, and the law protects private life from being disturbed. For personal information that is private, it is subject to both the legal protection of privacy and the adjustment of personal information utilization rules. It can be seen that the legal protection of private information is somewhere in between.

(2) The distinction between information and data

Based on a conceptual comparison, it can be found that the popular "data protection" in Europe refers to basically the same connotation as the "privacy" or "personal information protection" used in the United States. From the perspective of the history of concept development, personal data developed from the right to privacy. Many human rights conferences held in Europe in the 1970s have recognized the privacy risks brought by large-scale processing of data by computer technology, but data does not equal privacy. or the personal information itself. In the "Guidelines for Cross-Border Data Flow and Privacy Protection" issued by the Organization for Economic Cooperation and Development (OECD) in 1980, personal data is defined as any information that has or can identify a specific individual. However, its applicable objects are limited to automated processing. The objectives of protection of personal data are privacy and personal freedom. Accordingly, data emphasizes things objectively stored in computer systems, while privacy and personal information are the personality content revealed by data or other carriers. In other words, electronic data is a symbol invented by human beings, which does not differ depending on people's understanding, so it is highly objective; while information is the content reflected by the symbol, which emphasizes people's understanding of the data, so it has a certain degree of subjectivity. sex. Personal information as an object of personality rights protects the personal interests related to a specific individual that it reflects; while (personal) data as an object of property rights protects objective existence formed through collection by electronic equipment. things.
"Personal data" and "personal information" in the European Union's General Data Protection Regulation are mutually reinforcing and identical concepts, and there is no distinction between the two. Therefore, there are property rights such as the right to portability of personal data in its provisions. However, the mixed use of personal information and personal data will lead to difficulties in constructing a data property rights system, which has triggered criticism from some European scholars. my country's Civil Code has constructed a differential system that distinguishes personal information from data. Personal information is located in Article 111 of the Civil Code, between various specific personality rights in Article 110 and identity rights in Article 112. The Civil Code The six articles of Article 1034 to Article 1039 of Part IV of the Civil Code have established a relatively detailed system for the protection of personality legal interests for personal information; while data is listed alongside virtual property in Article 127 of the Civil Code. As a kind of property right, this idea needs to be established in "Data SecurityLaw""Personal Information Protection Act》 and other relevant laws and regulations for further implementation.

The three concepts of personal information, personal data, and privacy are often entangled, so much so that when legislation is made, one is neglected and the other is neglected. Therefore, it is necessary to break the chaotic state among the three, build a differential pattern to correctly distinguish and define the three, and construct targeted protection norms to protect individual personality freedom, maintain individual life tranquility, and promote Data circulation and utilization.

2. Protection paths and legislative suggestions

(1) Clarify the nature of personal information

To clarify the nature of personal information, the right to personal information must be recognized and the provisions on the protection of personal information must be refined. Enterprises believe that granting individuals personal information rights will affect the development of the digital economy, especially the development of the enterprise's data industry. But this is not the case. Personal information does not need to be positioned as a personality right as high as the right to privacy. Confirmation of personal information rights will help determine the rights and obligations of both companies and individuals.

(2) Definition of data property rights

Whether personal data can become the object of property rights is a key issue in the construction of data property rights. Privacy advocates believe that companies' control and use of data may lead to the leakage of personal information. If companies can control this personal data through property rights, it will be almost impossible to protect individuals' privacy rights. This kind of reasoning will lead to a very radical conclusion: information and data are two sides of the same coin, so that companies cannot control personal data. Controlling data controls privacy. Personal data should not be traded. Trading personal data means trading personal information.

The implementation of the new generation of information technology achievements mainly serves people, so the use, sharing and transaction of personal-related data are common and necessary. Most of the mainstream data processed by data trading intermediaries in the international market is personal-related data. The "data broker" defined by the U.S. Federal Trade Commission specifically refers to collecting consumers' personal data and reselling or sharing it with others. The companies sharing this data. EU Consumer Protection Commissioner Megelina Kuleva has also declared that personal data will become the new "oil" and a valuable resource in the 21st century, and it will emerge as a new asset class. At the same time, the line between personal data and non-personal data is not clear, and data that is now considered non-personal data may be traced back to personal data due to technical prejudgment errors. As data processing technology advances and the amount of data available for analysis increases, absolute and irreversible anonymization will no longer be possible, and big data analysis technology will make the distinction between identifiable and non-identifiable data an either/or. Meaningless. Therefore, excluding personal data from the objects of property rights does not meet the actual situation of the development needs of the data element market.

Obviously, the key to clarifying the digital rights system is to treat personal data and personal information differently: personal information belongs to the category of personality rights and interests, and the content of personality attributes is the object of protection; while personal data is the electronic recording of personal information The objective existence of property rights is regarded as the object of protection and belongs to the category of property rights. This distinction can avoid direct conflicts between different values on personality rights and property rights, where personal data property rights focus on statically fixed electronic records rather than information content that dynamically reflects personal characteristics. The legislators of my country's Civil Code clearly distinguish between personal information and data, placing the two in Articles 111 and 127, thereby protecting personal information as an object of personal rights and interests, while data is classified as property rights. category. The Civil Code has a special chapter on personal information in the "Personality Rights Section", but the "Property Rights Section" does not provide protection for data property. Legislation before the "General Principles of Civil Law" did not distinguish between "data" and "personal information". In the early days, data property was often included in personal information for protection. However, with the rapid development of the digital economy, data must be separated from information and become legal The independent rights object concerned is similar to the distinction between carrier and work. Building a scientific rights system based on data and including personal information in the protection of personality rights not only has a logical basis, but also allows both rights and interests to be fully protected on their own tracks, thereby satisfying the development of the digital economy for personal information and rights. Data needs at different levels.

(3) Dual rights structure of data usufruct rights

《data security law"The legislative focus is different from the "Personal Information Protection Law". On October 31, 2019, the Fourth Plenary Session of the 19th Central Committee of the Communist Party of China adopted the "Decision of the Central Committee of the Communist Party of China on Several Major Issues Concerning Upholding and Improving the Socialist System with Chinese Characteristics and Promoting the Modernization of the National Governance System and Governance Capacity", which for the first time clarified the relationship between data and labor, capital, Land, knowledge, technology, and management are juxtaposed as production factors and participate in distribution based on contribution. The "Opinions of the Central Committee of the Communist Party of China and the State Council on Building a More Complete System and Mechanism for Market-oriented Allocation of Factors" released on March 30, 2020, clearly listed data as the five major production factors along with land, labor, capital, and technology.

Article 127 of the Civil Code stipulates: If the law has provisions on the protection of data and network virtual property, those provisions shall prevail. In fact, this was intentionally left blank in the legislation in order to promote development in a tolerant and prudent environment. Regarding the distribution of data ownership, the judicial circle has proposed two models: behavioral regulation (external) and empowerment (internal). The behavior model of external regulation is to regulate data infringement behavior through criminal law and anti-unfair competition law. With the increasing importance of data system security and digital economic order, criminal law and anti-unfair competition law have indeed played a certain role in protecting data property security. However, the behavioral regulation model mainly focuses on public order and does not directly focus on data. own property rights status. This kind of remedial governance achieves the correction of economic order through passive response. Its shortcoming is that it cannot actively promote the development of the data element market and cannot meet the needs of independent rights functions for data circulation. Therefore, it is particularly necessary and urgent to confirm the nature and ownership of data property rights. Some scholars use copyright or contract rights to protect data, but copyright emphasizes creativity and does not protect original data created without processing. The copyright protection model of databases is based on static database processing technology, which is not suitable for the original data in the Internet of Things era. Dynamic utilization of data. The contractual rights protection model also has shortcomings. Non-property systems will not create universal rights, and contractual claims cannot completely replace the property interests of data, because the relativity of the contract means that its scope of effect can only reach specific objects, while contractual claims as a relational norm (Beziehungsnorm) cannot Achieve universal free circulation of rights. This regulatory model has two shortcomings: first, it cannot proactively promote the development of the factor market; second, it cannot meet the needs of independent rights functions for data circulation and requires an authorization model for grouped items.

In the case of Sina v. Maimai, Sina believed that Maimai illegally captured some data of Sina Weibo users, but Maimai believed that it did not illegally capture it. A dispute arose between the user and the Weibo platform over the ownership of user data. dispute. The same case will have different results in different countries. In fact, this is not only a national issue, but also a matter of website positioning and industry development goals.

Taobao v. Meimei is the first case in Chinese judicial precedents to confirm that data has property rights. It can be seen from the judgment that after the enterprise invests, the data it collects forms so-called derivative data. In other words, when a company spends a lot of labor and capital on data processing to obtain advantageous positions and resources, improper acquisition by others will naturally result in improper benefits. There is a property right to this kind of benefit obtained. This case confirmed that the platform operator has the right to use the original data it collects in accordance with its agreement with network users, and has independent property rights and interests in the big data products it develops, which is of groundbreaking significance.

The formation of data, except for natural resource data, is caused by human network activities. Coupled with the contributions and investments of platform companies and data companies, data can be acquired, stored and re-presented. However, the distribution of data ownership among many data-forming participants requires consideration of factors such as labor, capital, authorization, system design, and related equity balance and incentive mechanisms. Data property rights cannot be directly given to data processors just because of labor or capital investment. Users are the real data developers. From the perspective of the entire life cycle of data, data originates from users' network access behavior, and empowering users should be the starting point for data rights configuration. Data processing companies have also invested a lot of labor and capital, and giving them relatively stable property rights is conducive to the optimal allocation of data resources and the formation of incentive mechanisms. However, if the processor is given data ownership, it goes against the logical starting point that data is generated by users, and is not conducive to building a co-constructed and shared Internet.

Whether it is labor or capital investment, interests are indeed formed. The distribution of this interest needs to draw on the dichotomy method to realize the dichotomy of ownership and use rights. We can learn from the rights division model of property rights-other property rights and copyright-neighboring rights. In the design of the data rights system, according to the different sources and degrees of contributions of different subjects to the formation of data, it is set that the data originator has data ownership and Data processors have a binary rights structure of data usufruct rights to achieve a balanced allocation of data property rights between users and enterprises.

Under the rights split model, data ownership belongs to the user who is the originator of the data, which is consistent with the objective facts about the origin of data property rights. At the same time, the problem of how to empower platform companies that have made huge investments and contributions to data formation can be compared to copyright and neighboring rights. For example, the writing of a novel is naturally the most important origin of the rights to the work and the interpretation of the work to produce a series of works. Subsequent re-creations based on the novel, such as storytelling performances, filming of movies and TV series, will increase the influence of the novel, and sometimes even become more famous than the novel. Even so, it is not enough to give storytelling performances The copyright belongs to the author or director, but only neighboring rights can be granted to him, because the originality of the work is the source of all subsequent property rights (regardless of the value). This idea also applies to the distribution of data ownership. No matter how much platform companies or data companies invest in the collection, storage, and processing of data, it is not enough to transcend the original originator of the data—the user—and become the owner of the data. They can only obtain other property rights similar to neighboring rights. In short, granting data ownership to the original user is a sign of respecting the source of data rights. At the same time, we must also fully respect the data platform companies that collect and process the data and grant them the right to use the data. This is in line with the actual situation of data generation, and also objectively presents the different roles played by various participants in the formation of data.

In the development of the data element market, there are not only data rights conflicts between enterprises and individuals, but also data competition, data barriers, data hijacking, data crawling and other issues between different data enterprises. Introducing the usufruct system to solve the problem of data ownership can not only realize the distribution of permissions between users and enterprises, but also mediate conflicts of interest between different data enterprises, thereby building a clear ownership framework for the development of the digital economy. More importantly, data trading markets and sharing platforms have emerged both at home and abroad. In order to promote the smooth flow of data rights and ensure the safety of transactions by all parties, it has become more important to build data usufruct rights and related supporting systems.

The reasons for obtaining data usufruct rights for the first time include data collection, processing and other activities. Among them, collection mainly involves collecting data from a wide range of physical societies such as individuals, enterprises, society, and nature through devices such as mobile phones, computers, cameras, or other sensors. In this case, data collection is the primary method of data source in the Internet of Things era. Processing includes computer processing of data obtained from original collection, as well as network data collection through web crawlers and other methods. Such data processing often needs to meet a series of legality requirements before it can become the basis for obtaining data usufruct rights. In addition, data usufruct rights can also be obtained through sharing, trading, etc., which is an important basis for the prosperity and development of the data element market.

Data usufruct rights are an emerging property right and must be clearly defined by law according to the principle of legal property rights. However, neither the current Civil Code nor the past Property Law stipulates this. According to the Civil Code, it can be seen that data usufruct rights may be written into law as a legal property right type in the future. When revising the Civil Code in the future, data ownership and data usufruct rights can be separately stipulated in the property rights section of the Civil Code to clarify the conditions for natural persons, legal persons, unincorporated organizations and the state to obtain data ownership and data usufruct rights. And establish a supporting system with the registration of data usufruct rights as the core to form a complete data rights system. Establishing a binary rights structure of "data ownership + data usufruct rights", and setting up a data property transfer system on this basis, embodying the principle of equal emphasis on data security and development, will help promote the use of data.

3. Conclusion

Balancing the relationship between data subjects, processors and social public interests is crucial in the construction of the data property rights system. It is necessary to use civil law thinking to systematically think about the relationship between information, privacy and data. Only by accurately defining data property rights in law can it generate positive value and help protect data security. The distribution of data property rights should not be a game, but should adopt a win-win mechanism to achieve the dual goals of data utilization incentives and security protection incentives. Personal information protection should not only protect personal information, but also protect the use of personal information.