A Brief Analysis of Data Ownership Rules and Protection Paths

I. Introduction
At the 26th meeting of the Central Committee for Comprehensive Deepening of Reform, the “Opinions on Constructing the Data Fundamental System to Better Leverage the Role of Data as a Factor of Production” were reviewed and passed. The meeting emphasized that data, as a new type of production factor, has quickly integrated into all aspects of production, distribution, circulation, consumption, and social service management. The unclear ownership of data leads to instability in data transactions, information security risks, data monopolies, unfair competition, and other legal issues. However, the current laws only provide general provisions for data protection, without explicitly clarifying the ownership nature of data. According to general legal logic, the protection of data asset transactions is based on the existence of legal rights for data assets, which means that data assets must have their own legitimate legal status. Traditional laws have difficulty providing appropriate positioning and protection for data ownership. The application of unfair competition laws also faces limited circumstances, serving only as a temporary solution. As stated in the “Opinions,” data ownership and the construction of the fundamental system have become a core and important issue in the country’s overall strategy with the widest impact.

II. Data Ownership Rules and Protection Paths
(A) Personal Data

1. Personality Rights
   The personality rights theory believes that personal data belongs to personality rights due to its identifiable nature. Most personal data can directly indicate an individual’s identity, such as their name, ID number, etc. Even if some data does not directly reveal a person’s identity, such as consumption records and logistics information, when analyzed and combined in different ways, it may reveal strongly personal traits such as behavioral patterns and consumption habits, reflecting the externalization of personality. According to Article 1034 of the Civil Code, “Personal information is information recorded electronically or in any other manner that can identify a specific natural person alone or in combination with other information, including the person’s name, birthdate, ID number, biometric data, address, phone number, email, health information, travel information, etc. Private information within personal information is governed by privacy rights, and if not specified, it is governed by the relevant personal information protection laws.” The “Personal Information Protection Law” and “Data Security Law” also define personal information, thus recognizing the personality attributes of personal data in current Chinese legislation.
2. Privacy Rights
   The privacy rights theory argues that personal data should fall under the scope of privacy rights. The United States is a pioneer in exploring this theory. In the famous 1881 case of “Dimay v. Roberts,” the defendant unlawfully entered the plaintiff’s residence and observed the plaintiff giving birth. The judge stated, “The plaintiff has the legal right to privacy in their residence, and the law prohibits others from infringing upon that right,” thus establishing the concept of privacy rights. Subsequently, in 1890, “The Right to Privacy” defined privacy as the right “to be let alone and free from interference.” Laws such as the 1966 “Freedom of Information Act,” the 1970 “Fair Credit Reporting Act,” the 1974 “Privacy Act,” the 1980 “Privacy Protection Act,” and the 1988 “Computer Comparisons and Privacy Protection Act” have all reflected the protection of personal information within privacy rights. Today, privacy rights in the U.S. include information privacy, with personal autonomy and information privacy being closest to personal data rights.
   In China, personal information is divided into sensitive and non-sensitive categories based on the sensitivity of the information. While the judgment of whether information is sensitive carries a certain degree of subjectivity, different roles may have different standards for determining sensitive information. However, from the perspective of personal information protection legislation, the definition of personal privacy information should be based on the information holder rather than the information collector. The “Personal Information Protection Law” further stipulates sensitive personal information. China’s definition of sensitive information also reflects its understanding of privacy rights. Based on the interpretation of privacy rights in the “Civil Code,” the legislative trend to protect privacy rights within personal data is evident. In practice, the collection and use of sensitive personal information are typically based on informing individuals of the necessity and impact on their rights before obtaining consent.
3. Property Rights Theory
   The property rights theory argues that personal data has certain commercial value and can be utilized as property, thereby having property attributes. Property rights are rights centered around property interests. In China, personal data has not yet received absolute protection like property rights, but the property interests over data are recognized in practice. In addition to traditional property interests, personal data rights also carry property interests derived from personality rights. For example, individuals can independently decide whether to authorize data collectors to gather their data, which reflects a degree of control over the data. However, property rights theory has many opposing views, arguing that personal data may carry property interests, but these interests are often not attributed to individuals, making it difficult to determine the right holder. Furthermore, when there is a conflict between personality interests and property interests, property rights typically have the lowest priority in the human rights system. Therefore, having property interests or attributes does not automatically make it an object of property rights. At present, individuals cannot fully obtain property rights over their personal data.

(B) Enterprise Data

1. Intellectual Property – Copyright, Neighboring Rights
   Under the current “Copyright Law,” if the selection or arrangement of data content that does not constitute a work shows originality, it can be recognized as a compilation work protected under copyright law. For example, enterprise big data products, which are condensed, processed, integrated, and analyzed from raw data, may not be fully original in the traditional sense but may still be subject to copyright protection depending on the degree of originality. For example, a large data product formed by profiling users and automating decisions based on their preferences and basic information may be represented in charts or graphs. An example is Taobao’s “Business Assistant” data product, which provides trend charts and transaction index data based on collected user information. The prediction, index, and statistical data are presented visually in the form of charts and rankings. Due to the limitations on originality, there are views advocating for the protection of such data products under neighboring rights rather than copyright. This could be a viable path for protecting data within the current intellectual property framework.
2. Trade Secrets
   In the era of big data, data assets are fundamental to many businesses. Companies often implement measures to keep non-public data confidential to prevent leakage. The Supreme People’s Court’s “Provisions on Several Issues Regarding the Application of Law in Civil Cases Involving the Infringement of Trade Secrets” explicitly includes data as a type of business information. Therefore, the protection of trade secrets concerning enterprise data is legitimate and reasonable. For instance, in a case between a technology company in Hangzhou and its employee, the Hangzhou Intermediate People’s Court ruled that the “reward data” generated by an algorithm could be considered a trade secret because it had value and was not publicly available. In this case, the court recognized the confidentiality of data held by the platform. However, the applicability of trade secret protection heavily depends on the secrecy of the data. Data that is publicly available or lacks protective measures cannot be fully covered.
3. Judicial Practice – Competition Law
   Although current laws do not assign a clear legal ownership of data, judicial practice has provided case-by-case protection paths for data. Most judicial views consider the Anti-Unfair Competition Law as a fallback protection for corporate data assets. In a case between Taobao and Anhui Meijing Company, the court ruled that the derivative data products created by Taobao through deep analysis, integration, and processing of data were the company’s labor results and had commercial exchange value. This decision reflects the trend of recognizing competitive rights in operational data, but the current judicial practice tends to avoid addressing the ownership of data rights. Therefore, while the Anti-Unfair Competition Law can provide fallback protection for data assets in terms of competition law, its rules are unclear and not universally applicable.

III. Construction of New Civil Rights

1. Absolute Property Rights – Data Asset Rights
   Some propose that data should be granted a new form of property right, distinct from personal information, with dual nature — personality rights and property rights. Businesses should be granted exclusive property rights over the data they manage, allowing them to control, process, and use data. This approach aligns with Locke’s theory of labor-created property. However, there are obstacles, such as the challenge of fully separating the personality rights from the data after its collection and integration.
2. “Ownership + Usufruct” – Multi-Layer Usufruct Rights
   The “Opinions on Constructing a Data Basic System to Better Leverage Data Factors” emphasizes the need for a multi-layered property system for data, including data ownership, processing rights, and product management rights. This proposal suggests separating ownership and usage rights to allow for better utilization of data resources.

IV. Conclusion
As data transaction scenarios continue to evolve, data transactions have far outpaced data ownership clarification. The issue of data ownership needs urgent attention. Given the unique characteristics of data, constructing a legal framework for data rights is not a quick task. For enterprise data, a differentiated protection path should be adopted to ensure a truly scientific, feasible, and stable data legal structure.

This article solely reflects the author’s personal views and should not be regarded as formal legal advice or conclusions issued by BZW Law Firm or its lawyers. Should you wish to reproduce or quote any content from this article, please contact us via email. If you are interested in further exchanging views or discussing this topic, you are welcome to leave a message.