Big data has raised some legal issues since becoming a hot topic. The concerns include:
- the legitimacy of data collection, ownership and usage;
- the protection of personal information; and
- how businesses should protect their lawful rights and interests in big data.
Big data protection through copyright law and competition law
There are generally two areas of law that protect big data – copyright law and competition law. Judicial practice suggests that competition law is the preferred option of data controllers.
To seek protection for big data using copyright law, a data controller first needs to prove that the big data constitutes a copyright protected work. Namely, the big data must possess originality as required by copyright law. Two strategies may be adopted to establish that this requirement is fulfilled.
Firstly, one can protect big data as a whole by claiming that it constitutes a compilation work as recognised in copyright law. To take this approach, the data controller must produce evidence to prove that the selection and compilation of big data is original. However, big data compilations often do not possess originality. Even if some big data can be shown to possess originality in selection and compilation, it only enjoys a narrow scope of legal protection. An infringer can easily circumvent this narrow protection scope to avoid infringement charges. Therefore, it is unlikely that a data controller can protect big data compilations using copyright law.
The second approach involves trying to protect each and every piece of information forming big data as a separate work that can be protected under copyright law. In order to take this approach, a data controller must prove the originality of each and every piece of information. This is difficult in practice because big data, as you may have guessed, is big. Following this approach requires a data controller to adduce evidence for each and every piece of information. Such an exercise would be slow, expensive and inefficient. Moreover, despite being valuable, most data lacks originality. As a result of this lack of originality, data is often not protected under copyright law.
Now, we would like to explain why it is better to seek protection of big data under competition law. Anti-unfair competition law regulates the conduct of business operators by prohibiting them from damaging the interests of their competitors through certain acts. Big data is collected through the efforts of a data controller who has often put time and money into the endeavour. Big data has great market value and brings competitive advantages to the data controller. The competitive advantages of a data controller are damaged if their data is exploited without licensing. Considering this, it is more effective to protect big data through the use of competition law. To raise a legal action under unfair competition law, a data controller need only prove that they have legitimate rights and interests. In relation to infringement, a data controller must prove that the infringer's illegal act has harmed market order and that the illegal act has caused or might cause damage to the competitive interests of the data controller. In summary, seeking protection under anti-unfair competition law is a better solution that can greatly reduce the burden of producing evidence.
Objects of protection – personal information and non-personal information
Differing from data protection in the EU, which is generally covered by GDPR, a single regulation, the rules for the collection, storage and use of data in China are set forth in several laws and government regulations, such as the General Rules of the Civil Law of the People's Republic of China, the Cybersecurity Law of the People's Republic of China (the Cybersecurity Law) and the Provisions on Protecting the Personal Information of Telecommunications and Internet Users.
The Cybersecurity Law divides data into personal information and non-personal information. As you will see, this is a very important distinction for data controllers to understand.
Personal information refers to information that can be used to identify a natural person, and sensitive information, such as a person's name, date of birth, ID number, phone number etc. As such information may violate privacy rights, business operators should take more care when using personal information and should not disclose, illegally sell or provide personal information to any third party.
Non-personal information refers to data that cannot be used to identify a certain natural person, such as records of a person's activities on the Internet. The Cybersecurity Law has provisions regarding the collecting and use of such data. Those provisions, in essence, grant operators the right to collect and use such data in a legitimate manner and creates a loose environment for the flow of non-personal information. Further, the Cybersecurity Law recognises the legitimacy of businesses that use data, such as location based services (LBS) and online to offline (O2O) service providers. As operators in this industry, such as Amap (a Chinese mapping, navigation and location-based services provider) and Dianping (a Chinese web-based shopping platform) have invested extensively in the formation of their non-personal information big data sets, such data is protected by competition law.
Case studies on the judicial protection of non-personal information
There are cases in China that have applied competition law to protect big data products. Generally, these cases involving big data products fall into two categories. The first category consists of derivatives of big data formed through analysing, processing and integrating raw data provided by the subject of the data (the derivatives of big data). For instance, the business advisor service of Taobao is used for making predictions and intelligent decisions. It is a derivative product in the form of data visualisation generated through data-mining, data-filtering and anonymising raw data. The second category consists of products that directly use raw data as a part of the final product (the raw big data product). For example, the sellers' information of Dianping.com is a raw big data product, as it directly uses consumers reviews (raw data) as a part of the sellers' information (the final product).
In the case of Taobao v Anhui Meijing, Taobao sued Anhui Meijing for unfair competition. Taobao had developed its business advisor service and a specific algorithm to integrate and analyse raw data and was providing a derivative of big data service for e-commerce retailers. Anhui Meijing operated an online platform through which it acquired the analysed data from Taobao's service. The court held that unfair competition had occurred as the service and its derived data were the result of Taobao's labour and that Anhui Meijing unlawfully acquired Taobao's data.
The courts often base their opinions on the fact that efforts were used to collect and process data in order to establish unfair competition, in addition to the existence of competition between the litigants, identification of unfair acts, and the quantification of losses caused by those unfair acts.
In the case of Shanghai Hantao v Baidu, Hantao sued Baidu for unfair competition. Hantao operates Dianping.com, a service that provides customer reviews and ratings of various businesses. The data forming the customer reviews and ratings is the company's key asset; the data is essential to Hantao's business. Baidu used its technological capabilities to scrape massive amounts of raw data from Hantao's website and used that data directly for profit. The court considered such acts to be against business ethics and noted that allowing such acts would permit Baidu to offer a service that replaced Dianping.com, discourage others from entering the market and disrupt the market order. Accordingly, the court ruled that Baidu had committed acts of unfair competition.
Regarding the protection of raw big data products, the courts take a more sophisticated approach in which they consider the impact of their judgment and balance the interests of different parties.
In terms of big data, competition law can provide better protection than copyright law as it is more suited to protecting the rights of the data controller. In contrast to personal information, the legal requirements for non-personal information are not as strict, and big data products formed on the basis of non-personal information are easier to protect. Enterprises should pay attention to the legitimacy of their non-personal information big data products, with the aim of generating legitimate rights that are protected by the law. An enterprise should, for instance, seek the informed consent of data subjects, disclose the rules around the way in which the data will be used, explain the purpose of collection, method of processing and scope of use for the data being collected, follow the principles of data collection (the collection must be lawful, appropriate and necessary), and anonymise sensitive information contained in big data products.
||Mr Xie’s main practice areas include intellectual property disputes, antitrust and competition law, venture capital and finance and insurance related issues. He is legal counsel for hi-tech companies. He has gained a strong reputation in these areas due to his solid academic background, government experience and professional dedication. He is a Chambers Band 1 Leading Individual in the IP field, Managing Intellectual Property IP Star, and a highly recommended individual in The Legal 500 and other league tables. Clients have found him “very strategic, experienced and responsive” and praised him for his “standout presentation, attention to detail and sound advocacy skills.”
Mr Xie is an arbitrator for WIPO and an arbitrator specialising in international commercial cases for the Beijing Arbitration Commission. Mr Xie founded Lifang & Partners in 2002, and is now the firm’s managing partner.
||Ms Zhang practises intellectual property law, finance and insurance law, civil and commercial litigation and arbitration. She has experience working with the scientific, cultural and creative industries. She has gained a strong reputation in these areas with her professional dedication and outstanding achievements. She has represented clients in a number of important cases before the Supreme People’s Court, provincial High People’s Courts, and in cases of significant social impact which receive wide media coverage from China Central Television, provincial satellite TV and Legal Daily. Some of her cases have been listed as Top 10 Intellectual Property Cases or Top 10 Software Cases. Since 2012, Ms Zhang has been recognised in Chambers as a leading lawyer in IP. |
Ms Zhang has extensive experience in handling litigious and non-litigatious matters relating to trademarks, copyright, patents, unfair competition, trade secrets, domain names, technology contracts and corporate intellectual property arrangements. She is external counsel to a number of high-tech, cultural and creative companies, which she advises on corporate management, contracts, shareholding structures and labour and investment disputes.