Language

The WeRead Case: Discussion on Reasonable Digital Privacy Expectation

Authored by Yingying Zhu

 

March 2021

Each of us leaves a lasting digital footprint on the internet and would expect businesses that we are dealing with could treat our digital privacy with reasonable care and consideration. Can users have a reasonable privacy expectation in the friends made and the books read online? The Beijing Internet Court in its recently released WeRead judgment holds that, friends list and reading data are not eligible for privacy protection in the case under dispute but nevertheless entitled to protection as personal information.

Background

The judgment is in relation to a dispute between an individual, Huang, a user of a book reading app named WeRead, and the digital giant, Tencent, the operator of the most successful social media in China, WeChat, and its sister app WeRead. The WeRead app wishes to set up an app-based reading community, where people who enjoy reading can read & connect. The plaintiff Huang was complaining that WeRead sneaked away her friends list from WeChat and then automatically turned those who are also subscribers of WeRead as her connections. Huang was also complaining that the information regarding the books she read and how she felt about the reading was widely open to all her connections without her permission while she intended to keep such information private. In its defense, the defendant Tencent alleged that users’ friends list and reading data were obtained with a preapproval from users therefore it should not be held liable for the utilization of the data.

Decision of Beijing Internet Court[1]

The Beijing Internet Court (hereinafter the “BIC”), the Court of First Instance, decides that Huang’s friends list and reading data shall not be categorized as private information, hence not eligible for privacy protection.

To define what constitutes private information, the BIC’s reasoning is based on the classification of the following three layers of personal information:

1.     personal information reasonably recognized by the society as private information, such as one’s sextual orientation, sex life, history of disease and unreleased criminal records, etc.

2.     personal information on which one may hold a defensive expectation or a utilization expectation; and

3.     general information that has no traits of privacy at all.

 

The BIC holds, because one’s friends list and reading data do not constitute private information as listed in layer 1 in the above classification, Tencent is not liable for invasion of the plaintiff’s privacy.

 

The BIC goes on to reason that one’s friends list and reading data shall be classified under layer 2 in the above classification, where the information is considered personal but not private and therefore the emphasis of protection is to give the data subject a right to decide whether to hide or to use such information.

 

The BIC further holds that in this case the plaintiff did not get the chance to decide how to deal with her personal information, because Tencent failed to give proper and transparent notices to the plaintiff and failed to obtain her affirmative consent before utilizing the information under dispute. The BIC then decides that Tencent should be held liable for violation of the plaintiff’s legitimate interests in her personal information. The BIC’s decision is majorly based on Article 43 of the Cybersecurity Law of China. [2]

Discussion

1.    What is Privacy?

According to Eric Hughes, an American mathematician, computer programmer, and cypherpunk, “Privacy is the power to selectively reveal oneself to the world.” [3] Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.[4]

 

The Civil Code of China (2021) defines privacy as peace in a person’s private life and the private space, private activities and private information that a person does not intend for others to know.[5]

 

As a governing law, the Civil Code’s definition of privacy is vague. As we know, privacy varies greatly from person to person: while one person may be comfortable with showing his or her diet recipe online, another person may be embarrassed to let others know how little (or how much) he or she eats over a meal. Similarly, while one person may be at ease with disclosing many details of his or her personal life to online social connections, another person may feel ashamed of posting anything personal on the internet. So exactly what kind of privacy does the Civil Code protect? Some guidance from a concurring opinion in a US Supreme Court decision might shed some light on this.

 

2.    Reasonable Expectation of Privacy

To define the right to privacy under the Fourth Amendment, [6]  the US Supreme Court Justice John Marshall Harlan, in his concurring opinion in Katz, [7]  formulated a “reasonable expectation of privacy” test. The test has two prongs:

1)     the person must exhibit an “actual (subjective) expectation of privacy”; and

2)     society recognizes the expectation as “reasonable.”

The Katz “reasonable expectation of privacy” test, while particularly useful in terms of defining privacy, also provokes further questions: what is reasonable? where to draw the line between “reasonable” expectation and expectation that is “unreasonable”? These questions matter hugely in today’s digital world, because every time a user creates a new account at an online platform, the user provides information with personal details, including name, birthdate, geographic location, and personal interests, etc. Users are entitled to know if they can have a “reasonable expectation of privacy” in such information and if such expectation could be respected by the platform.

 

3.    Exceptions to the Reasonable Expectation of Privacy

 

There are several recognized exceptions to the reasonable expectation of privacy, such as the Third-Party Doctrine, which means once an individual invests a third party with information, and voluntarily agrees to share information with a recipient, the individual loses any reasonable expectation of privacy in that information, [8] and the Voluntary consent Doctrine, which means individuals lose a reasonable expectation of privacy when they consent to a search of private information.[9]Other exceptions include the following: unlawful information is not protectable by the law and therefore there should be no reasonable expectation of privacy,[10] and public disclosure of private information will cause forfeiture of any reasonable expectation of privacy.[11]

 

4.    Where did the Court draw the Line?

 

The BIC obviously referenced the Katz test by reasoning that “the privateness in the information that one does not intend to disclose depends on a subjective intent, however, such subjective intent shall be reasonably recognized by the society.”

 

Then the BIC made the point that the information about one’s social relationship could only invoke reasonable expectation of privacy under the following circumstances: the relationship between the data subject and certain connections would be too intimate to let others know, or the disclosure of some social relationship would negatively affect the data subject’s social image.

 

With respect to the book reading data, the BIC made another similar point that one could only have reasonable expectation of privacy in one’s reading data if certain reading contents fall into some private and secret information region or the reading data, when generated at certain amounts, would reflect negatively on the data subject.

 

Then the BIC commented that the plaintiff’s online social relationship, i.e., the listed friends, is being identified by open-ID, profile and nickname, which should not show the real social relationship or the degree of intimacy between the plaintiff and her social connections. The BIC also went through the contents of the plaintiff’s reading data and found that neither of the two books displayed to her connections would cause any damage to the plaintiff’s social image. The plaintiff’s reading data therefore should not be categorized as private information, hence no reasonable privacy expectation in the data.

 

In a nutshell, the BIC was defining “reasonable expectation of privacy” in the digital world based on the content of certain information. If a piece of information contains nothing intimate or cannot reflect negatively on the data subject, then the data subject should not have a “reasonable expectation of privacy” in the information. The content-based approach is how the BIC drew the line between privacy and non-privacy related information.

 

5.    Content-based Approach is not Fair

 

The BIC’s views on this issue are deeply disturbing. Back to the definition of privacy, broadly speaking, privacy is the right to be “let alone”. It means when a person walks into an isolated space, the person could expect to be in a state in which one is not observed or disturbed by other people,[12] as long as nothing illegal is ongoing under the roof. By applying the Katz test, this person has a reasonable expectation of privacy because the person demonstrates a subjective expectation of privacy by “walking into the isolated space”, which is well recognized by the society as reasonable.  Furthermore, the person’s act does not fall into any of the aforesaid exceptions.

 

 In solitude, a decent citizen could expect the same degree of privacy as much as anyone would. The right to privacy does not depend on whether something shameful is being conducted inside that isolated space. The right to privacy does not depend on the activity happened inside. Instead, it depends on whether one’s demonstration of intent to be let alone could be accepted as reasonable by the society. However, under the content-based approach, a decent citizen would have less expectation of privacy than someone who conducts shameful behaviour in solitude, and this approach apparently leads to unfair results.

 

Here comes the digital world version of the above scenario. When an individual, like the plaintiff Huang, subscribes to open an account at an online platform, like WeRead, and secures it with a password, this would create an isolated space where this person could expect digital privacy. By applying the Katz test, this individual has a reasonable expectation of privacy as he or she demonstrates a subjective expectation of privacy by “creating a password-secured account”, which is well recognized by the society as reasonable.  Likewise, the person’s act does not fall into any of the aforesaid exceptions.

 

This person is fully entitled to assert a digital privacy right to be “let alone”. One can choose not to have any improper friends, and not to read any obscene books, but can still enjoy full privacy rights over one’s personal information. It literally means that being a decent netizen should not compromise one’s digital privacy rights. The content of the information stored in a password-secured account, if it is nothing unlawful, should not dictate if and how the person would enjoy the right to privacy.

 

The above scenario shows that the content-based approach taken by the BIC is not fair because it makes users’ digital privacy rights conditional on the content of personal information, i.e., if the information includes any embarrassing content or not. This approach leads to the unfair conclusion that being a decent netizen, one has nothing shameful to hide and therefore would not have reasonable expectation of digital privacy.

 

Conclusion

 

With the storage and processing of exabytes of data, social media users’ concerns about their privacy have been on the rise in recent years. Incidents of illegal use of data and data breaches have alerted many users and caused them to reconsider their interaction with social media and the security of their personal data.

The disputes caused by unauthorized use of personal information over the internet have spiked in the privacy law landscape. The Beijing Internet Court’s present decision, which echoes with the same court’s decision on the “Dou Yin (Tik Tok Chinese version) collection of personal information” case, [13] is among the first few decisions made by Chinese courts on this controversial issue. Significantly, the decision might impact ongoing litigation stemming from similar disputes. Other courts around the country might follow suit. Therefore, it is imperative to have a more clear and fair approach towards defining reasonable digital privacy expectation.

In the era of big data, defining privacy is under pressure in the digital world. As Bill Gates put it: “whether it’s digital cameras or satellites or just what you click on, we need to have more explicit rules — not just for governments but for private companies.” [14]

 

 




[1] Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 16142.

[2]  China Cybersecurity Law, Article 43, provides, “Where an individual finds that any network operator collects or uses his or her personal information in violation of the provisions of any law, administrative regulation or the agreement of both parties, the individual shall be entitled to request the network operator to delete his or her personal information. If the individual finds that his or her personal information collected or stored by the network operator has any error, he or she shall be entitled to request the network operator to make corrections. The network operator shall take measures to delete the information or correct the error.”

[3] Eric Hughes, The Cypherpunk Manifesto (1993), see https://www.activism.net/cypherpunk/manifesto.html.

[4] See https://iapp.org/about/what-is-privacy/.

[5] Article 1032, China Civil Code (2021).

[6] The Fourth Amendment of the US Constitution, ratified on December 15, 1791, protects the right of people “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”

[7]See Katz v. United States, 389 U.S. 347 (1967). Concurring opinion written by Justice Harlan.

[8] See Smith v. Maryland, 442 U.S. 735, 743-44 (1979).

[9] See Katz v. United States, 389 U.S. 347 (1967).

[10] See https://civillaw.com.cn/bo/t/?id=37410.

[11] Ibid.

[12] See https://www.igi-global.com/dictionary/privacy-data-protection-towards-elderly/23405.

[13]See Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 6694.

[14] See https://www.oipc.bc.ca/news/quote-of-the-day-bill-gates/.


  • 相关资讯 More
  • 点击次数: 1000000
    2024 - 02 - 02
    作者:曲淼引言:2023年12月29日全国人大常委会审议通过的新《公司法》,删除了2018年《公司法》中16个条文,实质性修改了112个条文。其中,新《公司法》对公司存续情况下是否应当赋予公司债权人对未届期出资股东的出资请求权这一焦点问题做出了回应,在“注册资本认缴制“转变为“有期限的认缴制”的大前提下,进一步放宽了股东出资义务加速到期的条件。 原《公司法》体系下的股东出资期限利益:原《公司法》规定公司注册资本认缴制的目的,是为了减少创业者的资金需求、减轻创业者的资金压力,从而达到鼓励创业、繁荣市场经济的目的。在这一体系下,股东享有出资期限利益,在公司章程规定的出资期限届满前,股东可以以其出资期限利益对抗公司及债权人。但是这一制度在赋予股东出资利益期限的同时也带来了诸多问题。如在股东出资期限尚未届满,公司不具备清偿能力且又未申请破产的情况下,一些股东往往据此规避法院的强制执行。债权人无法依据现有规定主张未出资股东承担责任,其合法权利得不到有效保护。 在新《公司法》修订前,我国通过《企业破产法》、《公司法司法解释(二)》及《全国法院民商事审判工作会议纪要》(以下简称《九民纪要》)等共同构建了股东出资加速到期制度。但将此制度的适用条件限定在公司解散或破产情况下。《九民纪要》虽回应了非破产清算期间股东出资义务加速到期的问题,增加了“执行不能但不破产”以及“公司恶意延长股东出资期限”两种股东出资加速到期制度的适用情形。但由于《九民纪要》本身并不具有法律的地位,仅具有引导司法实践的功能,不能作为裁判依据进行援引,仍需法官引用《公司法解释(二)》或其他规范进行扩张适用。且不同地域的法院、法官理解及应用尺度不同,导致了股东出资义务加速到期制度仍存在缺少高位阶规范规制等问题。 新《公司法》对股东出资义务加速到期制度的构建:将于2024年7月1日开始实施的新《公...
  • 点击次数: 1000016
    2024 - 02 - 01
    主讲人:赵丹青我国商标法规定:“自然人、法人或者其他组织在生产经营活动中,对其商品或者服务需要取得商标专用权的,应当向商标局申请商标注册”。那么您知道这些不同的主体在注册商标时都应该注意什么吗?今天就由赵丹青律师在首期视频中进行介绍。不同主体注册商标都有哪些注意事项?.mp4《铭盾微课堂》于2024年正式上线。该课堂由我所律师主讲,普及知识产权、婚姻家庭、劳动争议、合同纠纷、公司法务等多方面法律知识,探讨相关热点问题和疑难问题。通过案例分析、法律法规解读、分享实务经验等形式,为广大观众提供生动有趣、具有实践意义的法律内容。我们期待与广大观众共同学习,共同进步,携手共建法治社会,防范法律风险,化解矛盾,减少冲突,为建设和谐宜居文明社会贡献力量。2024年,《铭盾微课堂》与您不见不散!
  • 点击次数: 1000002
    2024 - 01 - 26
    作者:刘艳玲全球贸易电商网站的一个特点是卖家将商品放在网站上售卖,这样可以向全球顾客广告和推销其商品。典型的全球贸易网站包括AMAZON 和ALIBABA电商平台。然而,知识产权具有地域保护的特性,适用当地国的法律对权利人进行法律保护。典型的知识产权包括商标权、专利权和著作权。商标权通常需要商家的商标在当地国获得商标注册批准才能在商标注册国的领土范围内受到法律保护。用于规定、规范国际商标注册的国际条约是《商标国际注册马德里协定》。专利权要求申请人向当地国提交专利申请并获得批准才能专利授予国的领土范围内受到法律保护。用于规定、规范国际专利申请的国际条约包括《保护工业产权巴黎公约》和专利合作条约(PCT条约)。著作权国际保护的国际条约是《保护文学和艺术作品伯尔尼公约》,作者的作品在该公约下的一个成员国受到著作权保护,其作品在其他成员国自动享有著作权保护,无需与商标和专利一样需要在当地国获得批准才能得到保护,但是各成员国依据本国法律对外国作品予以保护。中国作为最大的制造业国家,企业制造的产品出口到全球各个国家,这种商业贸易模式不可避免地会引发知识产权纠纷,所以经常能看见中国企业侵犯他人知识产权的新闻和案例。例如,持有中国注册商标的商品出口到多个国家,可能侵犯当地国的在先注册商标权。又如,中国企业的品牌商标在国外被抢注,导致商品出口到当地国会引发商标侵权,最近的知名案例是瑞幸咖啡商标在泰国被抢注。随着一带一路的建设和发展,部分制造业转移到其他国家,可以预见未来其他国家的制造型企业侵犯中国企业的知识产权纠纷也会变多。这种现象就类似“做多错多、少做少错,不做不错”。下面介绍几个知识产权案例反映商业贸易过程中各方利益的冲突。一欧洲消费者BL从中国网站时尚手表在线购买了一块假劳力士手表,当手表邮寄到丹麦时,被海关没收了。由于欧洲消费者BL不同意销毁手表,劳力士公司将其诉至海事和商事法院,法...
  • 点击次数: 1000009
    2024 - 01 - 19
    作者:张琳大学生在校期间经常会利用业余时间勤工俭学,既能贴补学费和日常生活开支,又能提前接触了解社会,增加实践知识和社会经验,为未来就业作好更充分的准备,很多院校也把社会实践作为课业的一部分。公司也往往会挑选一些大学生来公司实习,一方面可以从中选拔优秀的人才在毕业后为公司所用,另一方面与招聘社会人员相比可以节省较大人力成本。大学生在公司实习,双方之间是否可能形成劳动关系?对这个问题的不同回答将影响到大学生的合法权益保障以及公司的用工风险。本文拟通过两个案例对此问题进行分析和探讨。 一、相关案例案例1:王某与某公司劳动争议一案(参见北京市顺义区人民法院(2021)京0113民初1095号民事判决书)王某系某学院学生,于2020年7月获得成人高等教育毕业证书。2019年5月5日,某公司与某学院签订《实习协议书》,约定某学院将本学院部分全日制学生的技能实践课程安排至某公司,完成与销售相关联的职业技能学业;实习时间自2019年5月5日至2020年7月1日;在实习期间,某学院负责意外伤害保险、医疗保险责任,某公司每月支付每名实习生实习津帖,免费提供食宿、交通等;实习生实习期满,经双方双向选择后,经考核符合某公司录用条件的实习生,某公司将优先录用。根据该协议,某学院选派包括王某在内的24名在籍学生到某公司进行校外实习,某学院为包括王某在内的18人购买了学平险。后王某因与某公司发生劳动争议向劳动人事争议仲裁委员会提出仲裁申请,要求确认其与某公司自2019年7月1日至2020年8月10日存在劳动关系。该委裁决驳回了王某的仲裁请求。王某不服,向法院起诉,法院认为:王某作为在校学生,在某学院的安排下进入某公司实习,并非入职;王某被安排至某公司实习的工作内容,某学院明确认可属于学校安排的职业技能实践课程,并且计入学分;王某实习期满取得毕业证书,亦不必然与某公司建立劳动关系,需双向选择后...
× 扫一扫,关注微信公众号
北京市铭盾律师事务所 www.mdlaw.cn
Copyright© 2008 - 2020北京市铭盾律师事务所京ICP备09063742号-1犀牛云提供企业云服务
X
1

QQ设置

3

SKYPE 设置

4

阿里旺旺设置

5

电话号码管理

6

二维码管理

展开