Language

The WeRead Case: Discussion on Reasonable Digital Privacy Expectation

Authored by Yingying Zhu

 

March 2021

Each of us leaves a lasting digital footprint on the internet and would expect businesses that we are dealing with could treat our digital privacy with reasonable care and consideration. Can users have a reasonable privacy expectation in the friends made and the books read online? The Beijing Internet Court in its recently released WeRead judgment holds that, friends list and reading data are not eligible for privacy protection in the case under dispute but nevertheless entitled to protection as personal information.

Background

The judgment is in relation to a dispute between an individual, Huang, a user of a book reading app named WeRead, and the digital giant, Tencent, the operator of the most successful social media in China, WeChat, and its sister app WeRead. The WeRead app wishes to set up an app-based reading community, where people who enjoy reading can read & connect. The plaintiff Huang was complaining that WeRead sneaked away her friends list from WeChat and then automatically turned those who are also subscribers of WeRead as her connections. Huang was also complaining that the information regarding the books she read and how she felt about the reading was widely open to all her connections without her permission while she intended to keep such information private. In its defense, the defendant Tencent alleged that users’ friends list and reading data were obtained with a preapproval from users therefore it should not be held liable for the utilization of the data.

Decision of Beijing Internet Court[1]

The Beijing Internet Court (hereinafter the “BIC”), the Court of First Instance, decides that Huang’s friends list and reading data shall not be categorized as private information, hence not eligible for privacy protection.

To define what constitutes private information, the BIC’s reasoning is based on the classification of the following three layers of personal information:

1.     personal information reasonably recognized by the society as private information, such as one’s sextual orientation, sex life, history of disease and unreleased criminal records, etc.

2.     personal information on which one may hold a defensive expectation or a utilization expectation; and

3.     general information that has no traits of privacy at all.

 

The BIC holds, because one’s friends list and reading data do not constitute private information as listed in layer 1 in the above classification, Tencent is not liable for invasion of the plaintiff’s privacy.

 

The BIC goes on to reason that one’s friends list and reading data shall be classified under layer 2 in the above classification, where the information is considered personal but not private and therefore the emphasis of protection is to give the data subject a right to decide whether to hide or to use such information.

 

The BIC further holds that in this case the plaintiff did not get the chance to decide how to deal with her personal information, because Tencent failed to give proper and transparent notices to the plaintiff and failed to obtain her affirmative consent before utilizing the information under dispute. The BIC then decides that Tencent should be held liable for violation of the plaintiff’s legitimate interests in her personal information. The BIC’s decision is majorly based on Article 43 of the Cybersecurity Law of China. [2]

Discussion

1.    What is Privacy?

According to Eric Hughes, an American mathematician, computer programmer, and cypherpunk, “Privacy is the power to selectively reveal oneself to the world.” [3] Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.[4]

 

The Civil Code of China (2021) defines privacy as peace in a person’s private life and the private space, private activities and private information that a person does not intend for others to know.[5]

 

As a governing law, the Civil Code’s definition of privacy is vague. As we know, privacy varies greatly from person to person: while one person may be comfortable with showing his or her diet recipe online, another person may be embarrassed to let others know how little (or how much) he or she eats over a meal. Similarly, while one person may be at ease with disclosing many details of his or her personal life to online social connections, another person may feel ashamed of posting anything personal on the internet. So exactly what kind of privacy does the Civil Code protect? Some guidance from a concurring opinion in a US Supreme Court decision might shed some light on this.

 

2.    Reasonable Expectation of Privacy

To define the right to privacy under the Fourth Amendment, [6]  the US Supreme Court Justice John Marshall Harlan, in his concurring opinion in Katz, [7]  formulated a “reasonable expectation of privacy” test. The test has two prongs:

1)     the person must exhibit an “actual (subjective) expectation of privacy”; and

2)     society recognizes the expectation as “reasonable.”

The Katz “reasonable expectation of privacy” test, while particularly useful in terms of defining privacy, also provokes further questions: what is reasonable? where to draw the line between “reasonable” expectation and expectation that is “unreasonable”? These questions matter hugely in today’s digital world, because every time a user creates a new account at an online platform, the user provides information with personal details, including name, birthdate, geographic location, and personal interests, etc. Users are entitled to know if they can have a “reasonable expectation of privacy” in such information and if such expectation could be respected by the platform.

 

3.    Exceptions to the Reasonable Expectation of Privacy

 

There are several recognized exceptions to the reasonable expectation of privacy, such as the Third-Party Doctrine, which means once an individual invests a third party with information, and voluntarily agrees to share information with a recipient, the individual loses any reasonable expectation of privacy in that information, [8] and the Voluntary consent Doctrine, which means individuals lose a reasonable expectation of privacy when they consent to a search of private information.[9]Other exceptions include the following: unlawful information is not protectable by the law and therefore there should be no reasonable expectation of privacy,[10] and public disclosure of private information will cause forfeiture of any reasonable expectation of privacy.[11]

 

4.    Where did the Court draw the Line?

 

The BIC obviously referenced the Katz test by reasoning that “the privateness in the information that one does not intend to disclose depends on a subjective intent, however, such subjective intent shall be reasonably recognized by the society.”

 

Then the BIC made the point that the information about one’s social relationship could only invoke reasonable expectation of privacy under the following circumstances: the relationship between the data subject and certain connections would be too intimate to let others know, or the disclosure of some social relationship would negatively affect the data subject’s social image.

 

With respect to the book reading data, the BIC made another similar point that one could only have reasonable expectation of privacy in one’s reading data if certain reading contents fall into some private and secret information region or the reading data, when generated at certain amounts, would reflect negatively on the data subject.

 

Then the BIC commented that the plaintiff’s online social relationship, i.e., the listed friends, is being identified by open-ID, profile and nickname, which should not show the real social relationship or the degree of intimacy between the plaintiff and her social connections. The BIC also went through the contents of the plaintiff’s reading data and found that neither of the two books displayed to her connections would cause any damage to the plaintiff’s social image. The plaintiff’s reading data therefore should not be categorized as private information, hence no reasonable privacy expectation in the data.

 

In a nutshell, the BIC was defining “reasonable expectation of privacy” in the digital world based on the content of certain information. If a piece of information contains nothing intimate or cannot reflect negatively on the data subject, then the data subject should not have a “reasonable expectation of privacy” in the information. The content-based approach is how the BIC drew the line between privacy and non-privacy related information.

 

5.    Content-based Approach is not Fair

 

The BIC’s views on this issue are deeply disturbing. Back to the definition of privacy, broadly speaking, privacy is the right to be “let alone”. It means when a person walks into an isolated space, the person could expect to be in a state in which one is not observed or disturbed by other people,[12] as long as nothing illegal is ongoing under the roof. By applying the Katz test, this person has a reasonable expectation of privacy because the person demonstrates a subjective expectation of privacy by “walking into the isolated space”, which is well recognized by the society as reasonable.  Furthermore, the person’s act does not fall into any of the aforesaid exceptions.

 

 In solitude, a decent citizen could expect the same degree of privacy as much as anyone would. The right to privacy does not depend on whether something shameful is being conducted inside that isolated space. The right to privacy does not depend on the activity happened inside. Instead, it depends on whether one’s demonstration of intent to be let alone could be accepted as reasonable by the society. However, under the content-based approach, a decent citizen would have less expectation of privacy than someone who conducts shameful behaviour in solitude, and this approach apparently leads to unfair results.

 

Here comes the digital world version of the above scenario. When an individual, like the plaintiff Huang, subscribes to open an account at an online platform, like WeRead, and secures it with a password, this would create an isolated space where this person could expect digital privacy. By applying the Katz test, this individual has a reasonable expectation of privacy as he or she demonstrates a subjective expectation of privacy by “creating a password-secured account”, which is well recognized by the society as reasonable.  Likewise, the person’s act does not fall into any of the aforesaid exceptions.

 

This person is fully entitled to assert a digital privacy right to be “let alone”. One can choose not to have any improper friends, and not to read any obscene books, but can still enjoy full privacy rights over one’s personal information. It literally means that being a decent netizen should not compromise one’s digital privacy rights. The content of the information stored in a password-secured account, if it is nothing unlawful, should not dictate if and how the person would enjoy the right to privacy.

 

The above scenario shows that the content-based approach taken by the BIC is not fair because it makes users’ digital privacy rights conditional on the content of personal information, i.e., if the information includes any embarrassing content or not. This approach leads to the unfair conclusion that being a decent netizen, one has nothing shameful to hide and therefore would not have reasonable expectation of digital privacy.

 

Conclusion

 

With the storage and processing of exabytes of data, social media users’ concerns about their privacy have been on the rise in recent years. Incidents of illegal use of data and data breaches have alerted many users and caused them to reconsider their interaction with social media and the security of their personal data.

The disputes caused by unauthorized use of personal information over the internet have spiked in the privacy law landscape. The Beijing Internet Court’s present decision, which echoes with the same court’s decision on the “Dou Yin (Tik Tok Chinese version) collection of personal information” case, [13] is among the first few decisions made by Chinese courts on this controversial issue. Significantly, the decision might impact ongoing litigation stemming from similar disputes. Other courts around the country might follow suit. Therefore, it is imperative to have a more clear and fair approach towards defining reasonable digital privacy expectation.

In the era of big data, defining privacy is under pressure in the digital world. As Bill Gates put it: “whether it’s digital cameras or satellites or just what you click on, we need to have more explicit rules — not just for governments but for private companies.” [14]

 

 




[1] Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 16142.

[2]  China Cybersecurity Law, Article 43, provides, “Where an individual finds that any network operator collects or uses his or her personal information in violation of the provisions of any law, administrative regulation or the agreement of both parties, the individual shall be entitled to request the network operator to delete his or her personal information. If the individual finds that his or her personal information collected or stored by the network operator has any error, he or she shall be entitled to request the network operator to make corrections. The network operator shall take measures to delete the information or correct the error.”

[3] Eric Hughes, The Cypherpunk Manifesto (1993), see https://www.activism.net/cypherpunk/manifesto.html.

[4] See https://iapp.org/about/what-is-privacy/.

[5] Article 1032, China Civil Code (2021).

[6] The Fourth Amendment of the US Constitution, ratified on December 15, 1791, protects the right of people “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”

[7]See Katz v. United States, 389 U.S. 347 (1967). Concurring opinion written by Justice Harlan.

[8] See Smith v. Maryland, 442 U.S. 735, 743-44 (1979).

[9] See Katz v. United States, 389 U.S. 347 (1967).

[10] See https://civillaw.com.cn/bo/t/?id=37410.

[11] Ibid.

[12] See https://www.igi-global.com/dictionary/privacy-data-protection-towards-elderly/23405.

[13]See Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 6694.

[14] See https://www.oipc.bc.ca/news/quote-of-the-day-bill-gates/.


  • 相关资讯 More
  • 点击次数: 1000006
    2024 - 11 - 22
    作者:张嘉畅在当今这个知识产权(IP)经济蓬勃发展的时代,从影视、文学、游戏到音乐,IP的身影无处不在。数据显示,中国的IP产业市场规模已突破千亿元大关,并持续增长。发展到现在,尤其是在“打卡探店”经济的推动下,餐饮行业也纷纷利用IP主题餐厅、IP食品和布景打卡等方式吸引顾客。  (伦敦Pooh corner咖啡厅,图源自小红书用户Kunkunnnnn)知识产权(IP)是一个广义概念,包括专利权、著作权、商标权和商业秘密等无形资产权利。在本文中,我们将“IP”主要理解为文学、艺术和科学作品,而“IP权利”则特指作品著作权(版权)。本文也将仅围绕著作权侵权相关问题进行讨论。对于店铺经营者来讲,伴随着高额的经济利益而来的,是潜在的著作权侵权风险。在餐厅、咖啡厅等餐饮店当中,风格模仿、主题布景、主题饮食产品,或是售卖或赠送的主题周边是比较常见的IP应用的场景。那么,开设主题餐饮店或使用IP吸引顾客时,哪些情况下可能产生著作权侵权风险呢?一、经营者应确定所使用的IP是否受到版权保护有一些餐厅经营者是出于情怀或爱好,为了结交同好或扩大自己喜欢的IP的影响力而在其经营的店铺中使用IP元素。这时,如果被使用的作品已经超出著作权保护期限,即已经进入公有领域,其财产权不再受到版权保护。根据《中华人民共和国著作权法》第二十三条规定,自然人的作品财产权保护期为作者终生及其死亡后五十年;法人作品财产权截止于作品首次发表后第五十年的12月31日;视听作品的财产权保护期为五十年,截止于作品首次发表后第五十年的12月31日。不受版权保护的作品可以在不篡改或扭曲其作品本质的情况下用于商业使用。在我国比较常见的主题有四大名著主题餐厅,或艺术主题餐厅(使用世界名画、名著当中的文字摘录进行装潢)等,均是使用了广为大众所知的IP对餐厅进行了包装加工。在仅适用作品元素的情况下,无论是主题布景或是...
  • 点击次数: 1000001
    2024 - 11 - 15
    作者:陈巴特2024年11月12日,《国务院办公厅关于2025年部分节假日安排的通知》发布,根据2024年11月修订的《全国年节及纪念日放假办法》,自2025年1月1日起,全体公民放假的假日增加2天,其中春节、劳动节各增加1天。根据该通知,2025年春节期间放假安排为:1月28日(农历除夕、周二)至2月4日(农历正月初七、周二)放假调休,共8天。1月26日(周日)、2月8日(周六)上班。曾经除夕不放假,多年来一直是国人吐槽的重心。对国人来说,除夕的重要性不亚于大年初一。炮竹一声除旧岁,春风送暖入屠苏。自古至今,除夕可以说是一年中最重要的一天。这一天,家人欢聚一堂,互送祝福,祭祖先,贴春联,包饺子,吃年饭,一起辞旧迎新。对于远方的游子,在外打拼一年,很大程度就是为了满足回家过年的渴望。虽然很多企事业单位考虑到除夕的重要性,每年也安排除夕放假,劳动者也可以通过休年休假实现回家过年的愿望,但毕竟此前国家法定节假日未包括除夕,回家的感觉还是不一样。如今,国家正式将除夕确定为法定节假日,可谓“喜闻乐见、大快人心、普天同庆、奔走相告”!然鹅,并不是每一位劳动者都能享受到这美好的春节假期的。地球在转,社会依然要运转,各餐饮、旅游、交通运输等服务行业的企业会比平时更加繁忙,赶工期的企业也可能加班加点……那么,问题来了!如果春节假期全在上班,企业怎么计算加班工资?一、什么是法定节假日?我国法定节假日有哪些?法定节假日是由国家法律、法规统一规定的用以开展纪念、庆祝活动的休息时间,也是劳动者休息时间的一种。劳动者在这些日子可以享受带薪休假。包括全体公民放假的节日和部分公民放假的节日及纪念日。根据2024年11月10日修订的《全国年节及纪念日放假办法》规定,全体公民放假的节日包括:1、元旦,放假1天(1月1日);2、春节,放假4天(农历除夕、正月初一至初三);3、清明节,放假1天(农历清明当日);...
  • 点击次数: 1000011
    2024 - 11 - 08
    作者:常春【摘要】在专利侵权案件中,中国专利法意义上的”制造者”不仅限于实施具体制造行为的主体,还包括组织生产资源、协调生产环节并确定产品技术方案的主体。近年来,随着生产链分工日益细化,最高法在多个案例中将具备协调、指挥等作用的主体纳入”制造者”范畴,逐步形成了扩展的制造者认定标准。本文以多个典型案例为基础,分析在专利侵权中制造者身份的认定、共同侵权构成要件及法律适用。【关键词】专利侵权、制造者、共同侵权、连带责任、专利法一、案件背景与争议焦点近日最高人民法院知识产权庭公布了第(2021)最高法知民终2301号判决的裁判要旨,其中指出专利权人某家庭制品公司发现金华某文体用品公司在京东平台销售的杯子侵犯其发明专利权。金华某文体用品公司通过购买防伪标签获得商标授权,委托永康某工贸公司生产杯子,并完成销售。此外,广州某贸易公司和浙江某工贸公司负责审核产品图样、提供授权和防伪标签。专利权人认为金华某文体用品公司、广州某贸易公司及浙江某工贸公司共同侵权,要求赔偿。在一审中,法院仅认定金华某文体用品公司为制造者,但二审中最高人民法院认为广州某贸易公司、浙江某工贸公司通过防伪标签控制和审核图样和产品样品等行为对制造环节起到了控制作用,将三家公司认定为共同侵权,要求其承担连带赔偿责任。本案的争议焦点在于:1)如何认定“制造者”身份;2)如何认定多主体构成共同侵权;3)对合法来源抗辩的适用标准。二、专利侵权案件中“制造者”身份的认定在专利侵权中,“制造者”不仅指实际的制造行为实施者,也包括间接控制和主导制造过程的主体。以下典型案例有助于进一步说明最高法在制造者认定中的标准:1. 四川金象赛瑞化工公司与山东华鲁恒升化工公司技术秘密与专利侵权案(案号:(2020)最高法知民终1559号)中,多方被告分别负责不同生产环节,共同构成了专利侵权行为的制造者。最高法认为即使没有直接制造行为,但...
  • 点击次数: 1000006
    2024 - 10 - 28
    作者:杨秀芸2020年修订的《企业名称登记管理规定》首次确认了企业名称争议可以通过行政裁决的形式处理。随后2023年10月1日起施行的《企业名称登记管理规定实施办法》进一步细化了企业名称争议裁决制度的相关规定,包括处理原则、流程时限、考虑因素等。部分省份也紧跟步伐,相继颁布与企业名称登记与争议处理相关的地方性规定,如广西壮族自治区市场监督管理局印发《广西壮族自治区企业名称争议处理办法》,云南省市场监督管理局印发了《云南省企业名称争议裁决办法(试行)》等等。尽管这些规定的出台为企业名称争议的解决提供了更为明确的处理路径,但在实践中,适用企业名称争议裁决程序仍面临诸多挑战。以下是本人在处理企业名称争议裁决中遇到的难题以及对解决策略的初步想法。一、企业名称争议处理分割化的困境与思考(一)困境描述笔者在进行企业名称投诉的实践中,观察到一种普遍现象,如果他人登记的企业字号与在先企业字号、注册商标都高度近似的情形下,在先权利人在投诉或争议裁决申请文件中,会将企业名称侵权、商标侵权及不正当竞争纠纷一并提出,请求行政机关综合考虑,从而给出一个公正的处理决定。但是行政登记机关往往在收到文件后,会将企业名称侵权、商标侵权及不正当竞争等纠纷划分至不同科室或部门处理,如:注册许可科聚焦于企业名称登记的合规性审查,注重形式审查,而知识产权科或商标科或不正当竞争科会专注于商标侵权与不正当竞争,注重实质审查。这种“各自为政”的处理模式,虽在一定程度上体现了专业分工,却也因信息孤岛效应而难以形成对案件全面、系统的认知,从而导致许多企业名称争议案件难以获得公正、合理的裁决。(二)探讨企业字号和商标均是现代企业重要的商业标识,企业字号是用来区别生产经营者的,代表企业的信誉,须与商品的生产者或经营者相联系而存在。商标是用来区别商品或服务来源的,须与其所依附的特定商品或服务相联系而存在,代表着商品或服务的信誉、质...
× 扫一扫,关注微信公众号
北京市铭盾律师事务所 www.mdlaw.cn
Copyright© 2008 - 2020北京市铭盾律师事务所京ICP备09063742号-1犀牛云提供企业云服务
X
1

QQ设置

3

SKYPE 设置

4

阿里旺旺设置

5

电话号码管理

6

二维码管理

展开