Language

The WeRead Case: Discussion on Reasonable Digital Privacy Expectation

Authored by Yingying Zhu

 

March 2021

Each of us leaves a lasting digital footprint on the internet and would expect businesses that we are dealing with could treat our digital privacy with reasonable care and consideration. Can users have a reasonable privacy expectation in the friends made and the books read online? The Beijing Internet Court in its recently released WeRead judgment holds that, friends list and reading data are not eligible for privacy protection in the case under dispute but nevertheless entitled to protection as personal information.

Background

The judgment is in relation to a dispute between an individual, Huang, a user of a book reading app named WeRead, and the digital giant, Tencent, the operator of the most successful social media in China, WeChat, and its sister app WeRead. The WeRead app wishes to set up an app-based reading community, where people who enjoy reading can read & connect. The plaintiff Huang was complaining that WeRead sneaked away her friends list from WeChat and then automatically turned those who are also subscribers of WeRead as her connections. Huang was also complaining that the information regarding the books she read and how she felt about the reading was widely open to all her connections without her permission while she intended to keep such information private. In its defense, the defendant Tencent alleged that users’ friends list and reading data were obtained with a preapproval from users therefore it should not be held liable for the utilization of the data.

Decision of Beijing Internet Court[1]

The Beijing Internet Court (hereinafter the “BIC”), the Court of First Instance, decides that Huang’s friends list and reading data shall not be categorized as private information, hence not eligible for privacy protection.

To define what constitutes private information, the BIC’s reasoning is based on the classification of the following three layers of personal information:

1.     personal information reasonably recognized by the society as private information, such as one’s sextual orientation, sex life, history of disease and unreleased criminal records, etc.

2.     personal information on which one may hold a defensive expectation or a utilization expectation; and

3.     general information that has no traits of privacy at all.

 

The BIC holds, because one’s friends list and reading data do not constitute private information as listed in layer 1 in the above classification, Tencent is not liable for invasion of the plaintiff’s privacy.

 

The BIC goes on to reason that one’s friends list and reading data shall be classified under layer 2 in the above classification, where the information is considered personal but not private and therefore the emphasis of protection is to give the data subject a right to decide whether to hide or to use such information.

 

The BIC further holds that in this case the plaintiff did not get the chance to decide how to deal with her personal information, because Tencent failed to give proper and transparent notices to the plaintiff and failed to obtain her affirmative consent before utilizing the information under dispute. The BIC then decides that Tencent should be held liable for violation of the plaintiff’s legitimate interests in her personal information. The BIC’s decision is majorly based on Article 43 of the Cybersecurity Law of China. [2]

Discussion

1.    What is Privacy?

According to Eric Hughes, an American mathematician, computer programmer, and cypherpunk, “Privacy is the power to selectively reveal oneself to the world.” [3] Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.[4]

 

The Civil Code of China (2021) defines privacy as peace in a person’s private life and the private space, private activities and private information that a person does not intend for others to know.[5]

 

As a governing law, the Civil Code’s definition of privacy is vague. As we know, privacy varies greatly from person to person: while one person may be comfortable with showing his or her diet recipe online, another person may be embarrassed to let others know how little (or how much) he or she eats over a meal. Similarly, while one person may be at ease with disclosing many details of his or her personal life to online social connections, another person may feel ashamed of posting anything personal on the internet. So exactly what kind of privacy does the Civil Code protect? Some guidance from a concurring opinion in a US Supreme Court decision might shed some light on this.

 

2.    Reasonable Expectation of Privacy

To define the right to privacy under the Fourth Amendment, [6]  the US Supreme Court Justice John Marshall Harlan, in his concurring opinion in Katz, [7]  formulated a “reasonable expectation of privacy” test. The test has two prongs:

1)     the person must exhibit an “actual (subjective) expectation of privacy”; and

2)     society recognizes the expectation as “reasonable.”

The Katz “reasonable expectation of privacy” test, while particularly useful in terms of defining privacy, also provokes further questions: what is reasonable? where to draw the line between “reasonable” expectation and expectation that is “unreasonable”? These questions matter hugely in today’s digital world, because every time a user creates a new account at an online platform, the user provides information with personal details, including name, birthdate, geographic location, and personal interests, etc. Users are entitled to know if they can have a “reasonable expectation of privacy” in such information and if such expectation could be respected by the platform.

 

3.    Exceptions to the Reasonable Expectation of Privacy

 

There are several recognized exceptions to the reasonable expectation of privacy, such as the Third-Party Doctrine, which means once an individual invests a third party with information, and voluntarily agrees to share information with a recipient, the individual loses any reasonable expectation of privacy in that information, [8] and the Voluntary consent Doctrine, which means individuals lose a reasonable expectation of privacy when they consent to a search of private information.[9]Other exceptions include the following: unlawful information is not protectable by the law and therefore there should be no reasonable expectation of privacy,[10] and public disclosure of private information will cause forfeiture of any reasonable expectation of privacy.[11]

 

4.    Where did the Court draw the Line?

 

The BIC obviously referenced the Katz test by reasoning that “the privateness in the information that one does not intend to disclose depends on a subjective intent, however, such subjective intent shall be reasonably recognized by the society.”

 

Then the BIC made the point that the information about one’s social relationship could only invoke reasonable expectation of privacy under the following circumstances: the relationship between the data subject and certain connections would be too intimate to let others know, or the disclosure of some social relationship would negatively affect the data subject’s social image.

 

With respect to the book reading data, the BIC made another similar point that one could only have reasonable expectation of privacy in one’s reading data if certain reading contents fall into some private and secret information region or the reading data, when generated at certain amounts, would reflect negatively on the data subject.

 

Then the BIC commented that the plaintiff’s online social relationship, i.e., the listed friends, is being identified by open-ID, profile and nickname, which should not show the real social relationship or the degree of intimacy between the plaintiff and her social connections. The BIC also went through the contents of the plaintiff’s reading data and found that neither of the two books displayed to her connections would cause any damage to the plaintiff’s social image. The plaintiff’s reading data therefore should not be categorized as private information, hence no reasonable privacy expectation in the data.

 

In a nutshell, the BIC was defining “reasonable expectation of privacy” in the digital world based on the content of certain information. If a piece of information contains nothing intimate or cannot reflect negatively on the data subject, then the data subject should not have a “reasonable expectation of privacy” in the information. The content-based approach is how the BIC drew the line between privacy and non-privacy related information.

 

5.    Content-based Approach is not Fair

 

The BIC’s views on this issue are deeply disturbing. Back to the definition of privacy, broadly speaking, privacy is the right to be “let alone”. It means when a person walks into an isolated space, the person could expect to be in a state in which one is not observed or disturbed by other people,[12] as long as nothing illegal is ongoing under the roof. By applying the Katz test, this person has a reasonable expectation of privacy because the person demonstrates a subjective expectation of privacy by “walking into the isolated space”, which is well recognized by the society as reasonable.  Furthermore, the person’s act does not fall into any of the aforesaid exceptions.

 

 In solitude, a decent citizen could expect the same degree of privacy as much as anyone would. The right to privacy does not depend on whether something shameful is being conducted inside that isolated space. The right to privacy does not depend on the activity happened inside. Instead, it depends on whether one’s demonstration of intent to be let alone could be accepted as reasonable by the society. However, under the content-based approach, a decent citizen would have less expectation of privacy than someone who conducts shameful behaviour in solitude, and this approach apparently leads to unfair results.

 

Here comes the digital world version of the above scenario. When an individual, like the plaintiff Huang, subscribes to open an account at an online platform, like WeRead, and secures it with a password, this would create an isolated space where this person could expect digital privacy. By applying the Katz test, this individual has a reasonable expectation of privacy as he or she demonstrates a subjective expectation of privacy by “creating a password-secured account”, which is well recognized by the society as reasonable.  Likewise, the person’s act does not fall into any of the aforesaid exceptions.

 

This person is fully entitled to assert a digital privacy right to be “let alone”. One can choose not to have any improper friends, and not to read any obscene books, but can still enjoy full privacy rights over one’s personal information. It literally means that being a decent netizen should not compromise one’s digital privacy rights. The content of the information stored in a password-secured account, if it is nothing unlawful, should not dictate if and how the person would enjoy the right to privacy.

 

The above scenario shows that the content-based approach taken by the BIC is not fair because it makes users’ digital privacy rights conditional on the content of personal information, i.e., if the information includes any embarrassing content or not. This approach leads to the unfair conclusion that being a decent netizen, one has nothing shameful to hide and therefore would not have reasonable expectation of digital privacy.

 

Conclusion

 

With the storage and processing of exabytes of data, social media users’ concerns about their privacy have been on the rise in recent years. Incidents of illegal use of data and data breaches have alerted many users and caused them to reconsider their interaction with social media and the security of their personal data.

The disputes caused by unauthorized use of personal information over the internet have spiked in the privacy law landscape. The Beijing Internet Court’s present decision, which echoes with the same court’s decision on the “Dou Yin (Tik Tok Chinese version) collection of personal information” case, [13] is among the first few decisions made by Chinese courts on this controversial issue. Significantly, the decision might impact ongoing litigation stemming from similar disputes. Other courts around the country might follow suit. Therefore, it is imperative to have a more clear and fair approach towards defining reasonable digital privacy expectation.

In the era of big data, defining privacy is under pressure in the digital world. As Bill Gates put it: “whether it’s digital cameras or satellites or just what you click on, we need to have more explicit rules — not just for governments but for private companies.” [14]

 

 




[1] Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 16142.

[2]  China Cybersecurity Law, Article 43, provides, “Where an individual finds that any network operator collects or uses his or her personal information in violation of the provisions of any law, administrative regulation or the agreement of both parties, the individual shall be entitled to request the network operator to delete his or her personal information. If the individual finds that his or her personal information collected or stored by the network operator has any error, he or she shall be entitled to request the network operator to make corrections. The network operator shall take measures to delete the information or correct the error.”

[3] Eric Hughes, The Cypherpunk Manifesto (1993), see https://www.activism.net/cypherpunk/manifesto.html.

[4] See https://iapp.org/about/what-is-privacy/.

[5] Article 1032, China Civil Code (2021).

[6] The Fourth Amendment of the US Constitution, ratified on December 15, 1791, protects the right of people “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”

[7]See Katz v. United States, 389 U.S. 347 (1967). Concurring opinion written by Justice Harlan.

[8] See Smith v. Maryland, 442 U.S. 735, 743-44 (1979).

[9] See Katz v. United States, 389 U.S. 347 (1967).

[10] See https://civillaw.com.cn/bo/t/?id=37410.

[11] Ibid.

[12] See https://www.igi-global.com/dictionary/privacy-data-protection-towards-elderly/23405.

[13]See Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 6694.

[14] See https://www.oipc.bc.ca/news/quote-of-the-day-bill-gates/.


  • 相关资讯 More
  • 点击次数: 2
    2026 - 07 - 10
    在民商事活动中经常会出现倒签合同的现象。倒签合同是指合作双方在合同签订生效之前已经开始实际履行合同,而在合同履行过程中或在合同履行完毕后补签合同的现象。倒签合同产生的原因有很多,主要包括:(1)合同双方当事人就合同条款谈判时间过长,而相关商品或服务又需要马上提供,所以基于双方良好合作关系,边提供商品或服务边就合同条款进行谈判;(2)合同条款已经定稿,合同当事人任何一方或双方内部审批流程拖延,而相关商品或服务又需要马上提供,所以基于双方良好合作关系,边提供商品或服务边办理内部审批流程;(3)合同当事人任何一方要求在付款方资金预算审批下来时再补签书面合同;(4)合同双方当事人在合同到期前未及时续签合同,导致合同到期后边提供商品或服务边办理续签手续;(5)合同当事人任何一方或双方对合同的含义、作用、风险认识不足。虽然合同当事人倒签合同有时也是迫不得已,但对倒签合同的风险认识不足也是一个重要原因。本文将结合一个案例分析倒签合同存在的法律风险,并进一步探讨应对策略。 一、案情简介X公司与Y公司装饰装修合同纠纷一案(参见北京市朝阳区人民法院(2023)京0105民初14693号民事判决书,北京市第三中级人民法院(2024)京03民终7139号民事判决书)2022年1月27日,X公司(承包人)与Y公司(发包人)签订涉案合同,X公司承接了Y公司发包的地下二层车库精装修工程,合同载明:计划开工日期为2021年8月1日,竣工日期为2021年10月30日,合同总价3067193.99元,为固定总价合同,按月完成工程量的80%支付进度款,工程完工验收合格并结算完成后,X公司申请工程款的支付,Y公司按合同付款日程支付至工程结算款的97%,结算款的3%作为质量保修金,一年保修期满经Y公司确认质量及维修全部合格后按合同付款日程无息退还。合同签订时X公司已经完成了装修工程,合同外无增减项,202...
  • 点击次数: 4
    2026 - 07 - 03
    从“遇见小面”诉“渝见小面”案看商标权的边界——四个字的招牌,三个字一样,就一定构成侵权吗?        2026年6月,一家连锁品牌告了一家夫妻小店,理由是商标侵权。连锁这边是“遇见小面”,夫妻店叫“渝见小面”。老板娘对着镜头哭诉说“我八块钱一碗的面,至少得卖一千碗才够赔”——画面一出来,舆情瞬间炸了。没几天,遇见小面创始人公开道歉、撤诉,还说要无偿把第35类“渝见小面”商标“送”给店主。                    (图源“遇见小面”抖音号)        一场诉讼,从起诉到道歉,翻车翻得干净利落。但热闹完了,正经问题还在:这场官司,从一开始就没有法律基础。 一、商标近似,不等于必然混淆          (图片来源于“央视频”抖音号)        遇见小面诉讼的核心主张之一是“四个字有三个字一样”,所以构成近似。        这个说法在法律上站不住。        根据国家知识产权局《商标侵权判断标准》第十九条,在同一种或类似商品/服务上使用近似商标的,还必须对“是否容易导致混淆”进行判断。混淆...
  • 点击次数: 11
    2026 - 06 - 12
    微结构能否申请实用新型专利?——从《专利法》规定、《客体指引》到司法实践的全面解析实用新型专利因审查周期短、费用较低、授权相对容易,成为许多中小企业和个人保护结构类创新的常用选择。然而,随着微纳制造、材料表面工程、微流控器件、电池电极等领域的快速发展,“微结构”相关技术日益增多,申请人常常面临一个核心问题:这类微尺度特征能否通过实用新型专利获得保护?本文结合《中华人民共和国专利法》(2020年修正)、国家知识产权局2023年发布的《关于实用新型专利保护客体判断的指引》(以下简称《客体指引》)、专利审查指南以及最高人民法院相关判例,系统分析微结构实用新型的保护边界,并提出实务撰写建议。一、实用新型专利的法律定义与保护客体《专利法》第二条第三款规定:“实用新型,是指对产品的形状、构造或者其结合所提出的适于实用的新的技术方案。”据此,实用新型保护客体需同时满足三个要件:产品、形状和/或构造,以及技术方案。《客体指引》进一步明确,实用新型仅保护经过产业方法制造的、有确定形状和构造且占据一定空间的实体。一切方法以及自然存在的物品,均不在保护范围之内。二、《客体指引》对形状、构造及微结构的明确界定《客体指引》对实用新型保护客体作出了较为细致的解释。其中,产品的形状是指可以从外部观察到的确定空间形态,不能以自然形成或随意堆放的形态作为特征。而产品的构造则是指各组成部分的安排、组织与相互关系,包括机械构造、线路构造以及复合层结构等。值得注意的是,《客体指引》明确将“物质的分子结构、组分、金相结构等”排除在构造之外。这意味着,如果微结构本质上是材料内部的分子或微观组织变化,即使能够产生积极技术效果,也难以被认定为受实用新型保护的构造。相比之下,复合层结构(如渗碳层、氧化层)因在宏观层面形成明确的分层与物理差异,通常可以作为构造特征获得保护。在材料特征的处理上,《客体指引》指出:仅使用已知材料...
  • 点击次数: 10
    2026 - 06 - 08
    2020年9月国务院国资委印发《关于加快推进国有企业数字化转型工作的通知》,明确提出要“构建数据治理体系”,定期评估数据治理能力成熟度,要求“以构建企业数字时代核心竞争能力为主线,制定数字化转型方案,纳入企业年度工作计划”后,我国数据基础制度建设进入快车道。继《民法典》《个人信息保护法》《数据安全法》等法律法规为数据安全与流通合规奠定基础后,2022年中共中央、国务院印发《关于构建数据基础制度更好发挥数据要素作用的意见》(“数据二十条”),创新确立数据资源持有权、数据加工使用权、数据产品经营权“三权分置”框架,2026年4月3日国家数据局综合司发布关于向社会公开征求《数据产权登记工作指引(试行)》(公开征求意见稿),也加快构建了数据确权、登记、交易等基础制度。这一系列法律法规、政策文件的协同推进,也为国有企业数字化转型提供了发展新思路,如何推动国企数据要素从“资源”走向“资产”,从合规必答题转化为增值新引擎成为亟待深度探索的命题。一、国企数字化转型过程中面临的机遇与挑战国有企业作为国民经济“顶梁柱”,在数字化转型与高质量发展进程中,既面临战略机遇,也面临多重挑战。当前国企数字化转型过程可能存在两大挑战:一方面,数据资源甄别能力不足,国企在各行各业经营过程中可能积累了大量不同的业务数据,但对哪些数据资源可以申请产权登记、哪些数据资源可以入表、如何归集成本、怎样评估等存在模糊界限,导致大量潜在数据资产未能有效识别和挖掘;另一方面,数据产权界定复杂,因国企自身的所有制属性,其数据资源往往涉及政府部门、产业链上下游等多方主体,在数据持有权、加工使用权、产品经营权框架下,各方权责利边界尚未完全厘清,收益分配机制缺位,使得数据资源难以顺利转化为可确认、可计量的数据资产。二、为什么国企要重视数据资产入表根据财政部《企业数据资源相关会计处理暂行规定》,“企业合法拥有或控制的、预期会给企业带...
× 扫一扫,关注微信公众号
铭盾MiNGDUN   www.mdlaw.cn                                               犀牛云提供企业云服务 
Copyright© 2008 - 2026 铭盾京ICP备14029762号-1                                                                                                                                隐私政策   免责声明       
X
1

QQ设置

3

SKYPE 设置

4

阿里旺旺设置

5

电话号码管理

6

二维码管理

展开