On The Model And Mechanism Of Data Rights Protection

In the era of big data,data-related underground industries,data leakage,and data security issues have become a common occurrence,so that unprecedented importance has been attached to data protection and network security during the sessions of the National People's Congress(NPC)and Chinese People's Political Consultative Conference National Committee(CPPCC).The proposals in the Two Sessions on data are mainly focused on potential safety hazards and data leakage in smart cars,cybersecurity risks for minors,the balance between data protection and circulation,supervision mechanism of facial recognition technology,and national security concerns caused by cross-border data flowing.The “CCTV 315 Gala” on the 2021 Consumer Rights Day paid special attention to the problem of infringement of consumers' personal information.In the gala,the companies criticized by name included BMW,Kohler,and Max Mara that installed facial recognition systems to collect personal information without the knowledge of consumers,Chinese job boards Zhaopin and Liepin that leaked a great deal of personal information into the black market despite claiming that it firmly defends the privacy rights of users,mobile manager Pro that conducted group portraits by sending deceptive advertisements to the elderly with infringement on the human rights of citizens,and UC browser that made false advertising and promotion for unqualified medical products.From the aforementioned well-known software and platforms that are widely used in people's daily life,it can be seen how serious data security problem has become.Therefore,the protection of data rights turns out to be one of the most important issues to be addressed in the digital age.The protection of data rights is a prominent issue that is of practical value.In order to achieve the dual goal of protecting data rights while promoting data flow,this dissertation analyzes the dilemmas that traditional laws face in data rights protection in the context of the industrial and commercial era and examines the models of data rights protection in developed countries such as the European Union,the United States,and Japan.On that basis,this dissertation explores influences and reshaping of data rights on traditional rights,with the goal of developing the model and mechanism of data rights protection with Chinese characteristics.This dissertation can be divided into five chapters.The introduction section presents and reviews the literature on data protection,on the basis of which the theoretical and practical value of existing research is elaborated.In comparison with existing research,the difficulties and innovation points of this study are described.In the conclusion section,the proposal of building a new data rights protection mode and mechanism is put forward,the core of which is considered to be developing a new data protection concept.It shall be realized that data is a brand-new “thing” in the digital age,and the traditional protection concept of property rights has no longer satisfied the need for data rights protection in the digital age.What's more,data has deconstructed the “power-right” dual structure and instead formed a “power-power-right” ternary structure.Therefore,a corresponding rights protection mechanism shall be established in the digital age,and an effective external law enforcement mechanism shall be carried out.It is necessary to encourage enterprises to build a compliance system without affecting data flowing,in an attempt to protect the data rights of data subjects.The main body of this dissertation is structured as below.Chapter one clarifies the basic connotation of data and discusses the characteristics and classification of data by identifying the connections and differences among privacy,personal information,and data.On this basis,an investigation is made regarding the historical evolution of data rights protection from privacy theory to the theory of the right to informational self-determination and property rights theory.In addition,the dual protection goal of data rights protection and free data circulation is expounded.To better understand data,this chapter defines the relationship of the three concepts,privacy,personal information,and data from the perspective of concept connotation,the scope of protection of rights,and liability principles of act of tort.It is pointed out that data emphasizes “anonymization”,that is,the identifiers of individuals are completely removed and cannot be recovered after data processing.Hence,data is considered to be a subject matter different from traditional ones,which has three modern characteristics: non-competitiveness,openness,and non-independence.In order to better protect data rights,this study classifies data into different categories according to different standards.To be specific,data can be classified into personal data,commercial data,and public data according to sources,or into important data,sensitive data,personal data,and non-personal data according to sensitivity,or into public data,financial data,consumer data,health and medical data,children data,employment data,education data,and the like according to the industry the data source belongs to.Besides,the historical evolution of data rights protection is sorted out.The concept of data rights protection originated from the privacy protection theory in the United States.The theory of “information privacy” emerged from the privacy theory based on the“right to be let alone” as the information society requires,reflecting the transformation from the negative state of the “right not to be disturbed” to a positive state of “autonomous control” over personal information.In response to the needs for data protection in the era of big data,the theory of the right to informational selfdetermination originated in Germany endows information agents with the right to decide their personal information,and this right has been recognized by many countries and regions.Scholars in the United States and Europe tend to study data rights protection theories from the perspective of the rights of privacy and personality.In the1960 s,scholars were beginning to advocate the protection of personal information from the angle of property rights theory,in an attempt to promote the free flow of data.The theories introduced herein include agreement-based market autonomy theory and transaction cost-based institutional economics theory.In the end,this chapter discusses the two cores of data rights protection,namely the protection of data rights and the free flow of data.Like the two sides of a coin,they are the two aspects that need attention in the protection of data rights.In the digital age,the prerequisite for the free flow of data to give play to its value is to protect the data rights and interests of natural persons,that is,making sure the fair possession of data while protecting the personal dignity of the data subject.The protection for the benefits brought about by the openness and free flow of data is the bounden duty of data protection.However,in case of public interests,personal data rights may be appropriately derogated.For data controllers and processors,the right to reasonably use the data is also important and deserves protection.Chapter two analyzes the difficulties and challenges data rights protection faced in the industrial and commercial era.In the digital age,the application of algorithms,coupled with big data,has brought the prosperity of artificial intelligence,making possible the Internet of everything in the world and leading to disruptive change in production and lifestyle.As a result,the modern law in the traditional industrial and commercial era has failed to satisfy the needs for data rights protection.The failure is mainly reflected in the following four aspects.Firstly,the de-identification and openness of data and the complexity of infringement have caused a serious shock to traditional tort laws.Secondly,data is of compound rights,not only including personal interests but also property interests.A single approach to the protection of personality rights fails to sufficiently protect the property rights of data,and what's more,the protection of personality rights is absolute protection that hinders the circulation value of data.Thirdly,data is of non-independence,non-exclusion,and non-scarcity,at opposite poles of “object” in traditional private law,so that these attributes of data deconstruct the object of property rights.Moreover,the attributes of data including sharing,intangibility,and transaction convenience go against property rights' oneproperty-one-right principle,statutory principle,and basic public notice and public faith principle.In the digital age,the purpose of owning data is to use rather than hold it,which restricts the exclusivity of property rights.Consequently,the path of property rights protection fails to provide sufficient protection for data rights.Fourthly,since data has the attribute of non-originality and is allowed to be collected legally under the premise of “informed consent”,the regulations governing trade secrets offer no protection over it.In addition,the general clauses against unfair competition lack welldefined and recognized judgment standards of “commercial ethics”,thereby failing to fully protect the data rights of enterprises.Chapter three compares the data rights protection models and paths in some developed countries.Currently,the countries that have made data-related legislation include the European Union,the United States,Japan,Singapore,Africa,and so on.This chapter focuses on analyzing the advantages and limitations of the data rights protection models in the European Union,the United States,Japan,and China under the exploration concept,with the goal of constructing a new model and mechanism of data rights protection with Chinese characteristics.Firstly,under the concept of enlightenment,the EU model of data governance has “basic rights” as its basis,“uniform legislation” as the orientation,and “long-arm jurisdiction” as the support for extraterritorial enforcement.The basic rights that the EU empowers to data subjects and extraterritorial enforcement of the “long-arm jurisdiction” have exerted great deterrence,but they are also confronted with problems like a heavy burden borne by regulatory agencies and difficulties in extraterritorial enforcement.Secondly,the American model of data governance under the concept of freedom is dominated by an“industry-based” decentralized legislative pattern,with “free market” as its core and “correction period system” as the innovative point.The data governance model oriented by “free market” has the advantages of flexibility,specificity,and high efficiency.However,the specialized and decentralized legislative model may lead to coordination problems between federal legislation and state legislation and between law enforcement agencies.The third one is the Japanese model under the balanced concept.It is a data governance model dominated by “free circulation” and supplemented by “contract guidance” under the premise of “not breaking the existing legal system”.While maintaining the stability of the law,the data governance model highlights the lag in the application of the law.The fourth one is the Chinese model under the exploration concept that focuses on “security prevention” and takes into account the development of the “digital economy”.While considering the leading role of “information protection”,legislation should attach importance to the free flow of data.Chapter four presents the reshaping and reconstruction of traditional rights by data rights.Of traditional rights theories,the two most mainstream are will theory and interest theory.With the advent of the data era,traditional rights theories fail to provide sufficient protection for data rights on the one hand,which is reflected in the deviation of will theory from the trend of data development and the difficulty of interest theory in coordinating the authentic right of data.On the other hand,there are limitations in both traditional data personal rights protection and traditional property rights protection.Therefore,it is necessary to reshape rights in the digital age,in a bid to protect data rights.The “three generations of human rights” developed by Karel Vasak have been widely acknowledged and accepted,specifically including the first-generation political rights born in the bourgeois revolution period,the second-generation economic,social and cultural rights formed during the socialist revolution period,and the thirdgeneration rights of national self-determination,survival and development originated from the national revolution period after World War II.However,the traditional threegeneration human rights have no longer been able to address human rights problems arising from technological hegemony,algorithmic discrimination,and surveillance expansion.As such,traditional human rights theories in the age of industry and commerce have encountered the challenges of digital human rights in the era of big data.The challenges are mainly embodied in the following aspects: 1)algorithmic black box and algorithm discrimination of big data have made some groups suffer discrimination and challenged “human dignity”;2)since data has become a brandnew production factor in the digital age,its economic foundation and social structure of the age have caused a shock to traditional human rights;3)the concept of “person”in the digital age is no longer a single physical person,but instead it is given an identity of “information person”,thereby causing challenges to the subjects of traditional human rights.Therefore,only “digital human rights” can systematically protect data rights.Mankind is experiencing the information revolution following the agricultural revolution and industrial revolution,which has created new productive and life relations and caused significant social changes.However,the traditional three-generation human rights become impotent to the infringements of human rights caused by algorithmic black boxes,information gaps,and data monitoring.Moreover,information asymmetry has led to new states of social “justice”,which break through the logical foundation of traditional human rights.The ternary structure including state,enterprises,and society has broken the traditional state-society dual structure system.Consequently,the concept of “fourth-generation human rights” has emerged at the right moment.Another thing to be implemented is to build a data rights system well matched with the digital age.The Chinese government has issued the Personal Information Protection Law(Draft)that provides relevant provisions governing the data rights system for personal information protection,such as the right to know,the right to make decisions,the right to inquire,the right to copy,the right to correct,and the right to delete.Moreover,it has also formulated corresponding provisions on such data rights as the right to fairly use information,the right to express data information,and information property rights.Chapter five puts forward to construct a new model and mechanism for data rights protection.Driven by the information revolution,people's productive model and lifestyles have undergone fundamental changes.The traditional model can no longer provide sufficient protection for data rights,necessitating the building of a new data rights protection model and mechanism with Chinese characteristics.To this end,a new data protection concept shall be first established.In the digital age,“what” is more important than “why” so that correlation replaces causality in terms of the way of thinking.Since data exists on the Internet and it has no boundary,it is necessary to break the traditional physical thinking model,and the method of benefit measurement can be employed under the principle of proportionality to weigh and protect the rights and interests arising from data.Data-related rights cannot be well protected if only they are considered only from the perspective of legislative empowerment.The solving of the problem requires a combination of law and technology,that is,the law provides theoretical support and ensures the implementation of theories at the technical level.Furthermore,super platforms such as the Internet seek self-empowerment,including quasi-legislative power,quasi-administrative power,and quasi-judicial power,in a bid to maintain order.For the sake of promoting the establishment of a data element market while protecting data rights,it is imperative to set up a rights protection mechanism in the digital age.In addition to formulating a uniform Personal Information Protection Law and perfecting relevant emergency legislation,the legal system for data rights protection needs to be improved.Meanwhile,an open public data mechanism and system shall be established,and a protection framework that combines public legal system and private law protection shall be employed,with a view to better protecting the rights and interests of data subjects,and encouraging enterprises to manage selfdiscipline to improve management efficiency.In the end,given the fact that the legislation of various departments in China is scattered,it is necessary to construct an effective external law enforcement mechanism.The authorities and responsibilities of the regulatory agency shall be well defined,whether that be a unified,specialized,independent regulatory agency or the Cyberspace Administration of China that is responsible for the supervision and management of other departments.Beyond these measures,efforts shall be made to enhance the coherence between administrative punishment and criminal liability.For example,the US administrative settlement agreement system may be used for references to carry out flexible law enforcement and improve regulatory efficiency.A high penalty mechanism with strong supervision can be developed to propel Internet companies to take seriously the construction of data compliance systems,thereby promoting the development of data economy under the premise of legal compliance.