Legal Rules For The Circulation Of Consumer Data

This article focuses on EU data protection rules and US jurisprudence.The first chapter is "Legal Positioning of Consumer Data." In the first section,consumer data is defined from the concept and scope,and the difference between consumer data and business data,enterprise data,and the necessity of making such a distinction are compared.The second section introduces the idea of “binary equity allocation model” that is common in both academia and judicial practice.Three theories about the legal attributes of enterprise data were selected for analysis,“data materialization theory”,“data intellectual property theory” and “data creditors' right theory”.From the representative cases,the empirical elements of the judiciary are summarized.Regarding the legal attributes of data,related theories include “data materialization theory”,“data intellectual property theory”,“data property rights theory” and “data debt theory”.The drawback of the theory of property rights is that the power of property rights cannot cover the power of enterprise data,and the strong non-exclusive and non-proprietary nature of data will impact the foundation of the theory of property rights.The "intellectualization theory",whether from the legislative purpose or the object's characteristics,is the most suitable theory of data rights in the existing theory,but the disadvantage of this theory is that some data(such as raw data)fails to reach the lowest intellectual property rights.The originality requirements,and taking into account the serious trend of the generalization of intellectual property rights,the application of this theory is open to question.With regard to the "creditors' rght theory",the multiple legal relationships derived frommultiple authorizations in data circulation have broken through the contractual relativity of the "debtization theory",and the contractual nature of the agreements signed between the entities has become less and less obvious.Therefore,the data should not be considered as a contractual claim.Regarding the issue of ownership,both the theoretical and practical circles adopt the dual rights allocation method,namely the user's personality rights and property rights and the property rights of the data platform.The author believes that the dual rights allocation model can not quell the practical problem of whether the user's consent can penetrate the platform agreement.In addition,there are three main theories about the attribution of commercial data rights: “personal rights theory” and “platform rights theory” and "Comprehensive rights theory." All three viewpoints belong to the “binary equity allocation model” and cannot solve the problem of data disputes in which there are three sets of legal relationships.In the second section,the author puts forward the“three-yuan equity allocation theory based on the legal relationship existing in the data circulation.The “triangular equity allocation model” is the allocation mode for the three groups of legal relationships in the three enterprise data types.The legal relationship is the legal relationship between the user and the data platform,the legal relationship between the data platform and the third-party platform,and the legal relationship between the user and the third-party platform.The three enterprise data types are original data and are not anonymous.Derived data,anonymous derivative data.The author believes that the fundamental reason for the difficulty in the allocation of data rights is the interaction between the three groups of legal relationships.The introduction of the "rights of exhaustion theory" and the "public domain concept" can help to achieve the dynamics of the three parties' rights.balance.Second,the legal rules in consumer data collection,because the system of national legal rules has not yet been established,the logic between the rules is not tight,and the laws are complex.The author defines the collection rules through legal ruless and specific codes of conduct.The rules of consent is the most important rules in the current consumer data collection process,agreeing to the collection and identification.In general,collecting consumer data is subject to a consent model,thatis,positive consent or negative consent.Positive consent means “express consent +deletion” and negative consent means “implicit consent + withdrawal/rejection”.Positive consent includes explicit permission to collect and public access.Negative consent includes both explicit and presumptive prohibitions.Another rules involved in consumer data collection is the rules of transparency.The rules of transparency runs through the exercise of the right to know of the data subject and the performance of the data controller.The procedural content includes: the purpose,scope,method,information of the collector and the contact information before the collection,and whether it is transferred to a third party,etc.,and set up security measures before collection to provide an effective complaint channel.As a supplementary regulation of GDPR,the draft e Privacy rules provide two directions for the expansion of the connotation of transparency: first,data transparency rises to information transparency;second,the rules of transparency requires data participants not to be limited to data subjects and data controllers.The second section is “Specific Code of Conduct for Consumer Data Collection”.The main content comes from the e Privacy tracking and collection conditions for the location of terminal devices and the explicit prohibition of the tracking wall.In the case of consumer data disputes,the author sorts out several consumer data collection rules that need to be clarified.The first is to self-acquire the focus of the case dispute-the nature of the reptile agreement.Good business ethics.The difference between the crawler protocol and Robots.txt is that the crawler protocol is an industry specification that guides the specific Robots.txt syntax rules.The specific list of allowed and prohibited access is specified by Robots.txt.There is also a black and white list based on the reptile agreement that is discriminatory.The final chapter is the legal regulation of the use of consumer data.The rules of data minimization and the rules of data quality are the two ruless involved in use.Data minimization ruless include minimization of usage ranges and minimization of usage limits.GDPR limits the scope of data use by age and data sensitivity,while China's Cyber ??Security Law only limits the scope of use based on the sensitivity of the data.Minimizing the use limit means that the data controller needs to use the consumer data in accordance with the purpose of use,and must not be used beyondthe purpose of use.The "Minimum Field" of the German Copyright Law provides a reference model for how to accurately grasp the scope.The data quality rules refers to a set of ruless stipulated by GDPR and EU regulations: legal,reasonable and transparent ruless,purpose limits,data minimization,precision,storage restrictions,integrity and confidentiality.Based on this rules,there is overlap between the content and other ruless in this paper.To avoid duplication,the author only discusses the two sub-ruless of storage restriction and precision and integrity limitation in the data quality rules.First of all,regarding storage,the author should draw the reader's attention,in rules,the storage and use of the sub-life is different from the consumer data.However,there is a special use method,that is,"transient storage" has special provisions on storage duration,storage mode,and storage purpose.The author believes that "transient" storage is an explicit storage that is different from invisible storage.The nature of the storage used to display data is a use.Accuracy and integrity are achieved by setting the "Protect By Design" system for the data controller and giving the data subject "free of automation".Protect By Design provides a "top-level design" guarantee for data accuracy and integrity,while "free of automation decisions" based on default privacy protection switches the originally passive data subject to an active state."Anonymization measures are compatible with use" and "Use of metadata protection" are two specific codes of conduct in use.The third section is “The Judicial Rules for the Use of Copyrighted Consumer Data.The US DMCA and the Copyright Act provide information for the protection of copyrighted data.“Rational use” is applied to the use of such data,but the US jurisprudence is reasonable.The constituent elements used were updated.Finally,it summarizes the characteristics of the international mainstream rules on consumer data,that is,data localization and legal rules are highly unclear.