Language

The WeRead Case: Discussion on Reasonable Digital Privacy Expectation

Authored by Yingying Zhu

 

March 2021

Each of us leaves a lasting digital footprint on the internet and would expect businesses that we are dealing with could treat our digital privacy with reasonable care and consideration. Can users have a reasonable privacy expectation in the friends made and the books read online? The Beijing Internet Court in its recently released WeRead judgment holds that, friends list and reading data are not eligible for privacy protection in the case under dispute but nevertheless entitled to protection as personal information.

Background

The judgment is in relation to a dispute between an individual, Huang, a user of a book reading app named WeRead, and the digital giant, Tencent, the operator of the most successful social media in China, WeChat, and its sister app WeRead. The WeRead app wishes to set up an app-based reading community, where people who enjoy reading can read & connect. The plaintiff Huang was complaining that WeRead sneaked away her friends list from WeChat and then automatically turned those who are also subscribers of WeRead as her connections. Huang was also complaining that the information regarding the books she read and how she felt about the reading was widely open to all her connections without her permission while she intended to keep such information private. In its defense, the defendant Tencent alleged that users’ friends list and reading data were obtained with a preapproval from users therefore it should not be held liable for the utilization of the data.

Decision of Beijing Internet Court[1]

The Beijing Internet Court (hereinafter the “BIC”), the Court of First Instance, decides that Huang’s friends list and reading data shall not be categorized as private information, hence not eligible for privacy protection.

To define what constitutes private information, the BIC’s reasoning is based on the classification of the following three layers of personal information:

1.     personal information reasonably recognized by the society as private information, such as one’s sextual orientation, sex life, history of disease and unreleased criminal records, etc.

2.     personal information on which one may hold a defensive expectation or a utilization expectation; and

3.     general information that has no traits of privacy at all.

 

The BIC holds, because one’s friends list and reading data do not constitute private information as listed in layer 1 in the above classification, Tencent is not liable for invasion of the plaintiff’s privacy.

 

The BIC goes on to reason that one’s friends list and reading data shall be classified under layer 2 in the above classification, where the information is considered personal but not private and therefore the emphasis of protection is to give the data subject a right to decide whether to hide or to use such information.

 

The BIC further holds that in this case the plaintiff did not get the chance to decide how to deal with her personal information, because Tencent failed to give proper and transparent notices to the plaintiff and failed to obtain her affirmative consent before utilizing the information under dispute. The BIC then decides that Tencent should be held liable for violation of the plaintiff’s legitimate interests in her personal information. The BIC’s decision is majorly based on Article 43 of the Cybersecurity Law of China. [2]

Discussion

1.    What is Privacy?

According to Eric Hughes, an American mathematician, computer programmer, and cypherpunk, “Privacy is the power to selectively reveal oneself to the world.” [3] Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.[4]

 

The Civil Code of China (2021) defines privacy as peace in a person’s private life and the private space, private activities and private information that a person does not intend for others to know.[5]

 

As a governing law, the Civil Code’s definition of privacy is vague. As we know, privacy varies greatly from person to person: while one person may be comfortable with showing his or her diet recipe online, another person may be embarrassed to let others know how little (or how much) he or she eats over a meal. Similarly, while one person may be at ease with disclosing many details of his or her personal life to online social connections, another person may feel ashamed of posting anything personal on the internet. So exactly what kind of privacy does the Civil Code protect? Some guidance from a concurring opinion in a US Supreme Court decision might shed some light on this.

 

2.    Reasonable Expectation of Privacy

To define the right to privacy under the Fourth Amendment, [6]  the US Supreme Court Justice John Marshall Harlan, in his concurring opinion in Katz, [7]  formulated a “reasonable expectation of privacy” test. The test has two prongs:

1)     the person must exhibit an “actual (subjective) expectation of privacy”; and

2)     society recognizes the expectation as “reasonable.”

The Katz “reasonable expectation of privacy” test, while particularly useful in terms of defining privacy, also provokes further questions: what is reasonable? where to draw the line between “reasonable” expectation and expectation that is “unreasonable”? These questions matter hugely in today’s digital world, because every time a user creates a new account at an online platform, the user provides information with personal details, including name, birthdate, geographic location, and personal interests, etc. Users are entitled to know if they can have a “reasonable expectation of privacy” in such information and if such expectation could be respected by the platform.

 

3.    Exceptions to the Reasonable Expectation of Privacy

 

There are several recognized exceptions to the reasonable expectation of privacy, such as the Third-Party Doctrine, which means once an individual invests a third party with information, and voluntarily agrees to share information with a recipient, the individual loses any reasonable expectation of privacy in that information, [8] and the Voluntary consent Doctrine, which means individuals lose a reasonable expectation of privacy when they consent to a search of private information.[9]Other exceptions include the following: unlawful information is not protectable by the law and therefore there should be no reasonable expectation of privacy,[10] and public disclosure of private information will cause forfeiture of any reasonable expectation of privacy.[11]

 

4.    Where did the Court draw the Line?

 

The BIC obviously referenced the Katz test by reasoning that “the privateness in the information that one does not intend to disclose depends on a subjective intent, however, such subjective intent shall be reasonably recognized by the society.”

 

Then the BIC made the point that the information about one’s social relationship could only invoke reasonable expectation of privacy under the following circumstances: the relationship between the data subject and certain connections would be too intimate to let others know, or the disclosure of some social relationship would negatively affect the data subject’s social image.

 

With respect to the book reading data, the BIC made another similar point that one could only have reasonable expectation of privacy in one’s reading data if certain reading contents fall into some private and secret information region or the reading data, when generated at certain amounts, would reflect negatively on the data subject.

 

Then the BIC commented that the plaintiff’s online social relationship, i.e., the listed friends, is being identified by open-ID, profile and nickname, which should not show the real social relationship or the degree of intimacy between the plaintiff and her social connections. The BIC also went through the contents of the plaintiff’s reading data and found that neither of the two books displayed to her connections would cause any damage to the plaintiff’s social image. The plaintiff’s reading data therefore should not be categorized as private information, hence no reasonable privacy expectation in the data.

 

In a nutshell, the BIC was defining “reasonable expectation of privacy” in the digital world based on the content of certain information. If a piece of information contains nothing intimate or cannot reflect negatively on the data subject, then the data subject should not have a “reasonable expectation of privacy” in the information. The content-based approach is how the BIC drew the line between privacy and non-privacy related information.

 

5.    Content-based Approach is not Fair

 

The BIC’s views on this issue are deeply disturbing. Back to the definition of privacy, broadly speaking, privacy is the right to be “let alone”. It means when a person walks into an isolated space, the person could expect to be in a state in which one is not observed or disturbed by other people,[12] as long as nothing illegal is ongoing under the roof. By applying the Katz test, this person has a reasonable expectation of privacy because the person demonstrates a subjective expectation of privacy by “walking into the isolated space”, which is well recognized by the society as reasonable.  Furthermore, the person’s act does not fall into any of the aforesaid exceptions.

 

 In solitude, a decent citizen could expect the same degree of privacy as much as anyone would. The right to privacy does not depend on whether something shameful is being conducted inside that isolated space. The right to privacy does not depend on the activity happened inside. Instead, it depends on whether one’s demonstration of intent to be let alone could be accepted as reasonable by the society. However, under the content-based approach, a decent citizen would have less expectation of privacy than someone who conducts shameful behaviour in solitude, and this approach apparently leads to unfair results.

 

Here comes the digital world version of the above scenario. When an individual, like the plaintiff Huang, subscribes to open an account at an online platform, like WeRead, and secures it with a password, this would create an isolated space where this person could expect digital privacy. By applying the Katz test, this individual has a reasonable expectation of privacy as he or she demonstrates a subjective expectation of privacy by “creating a password-secured account”, which is well recognized by the society as reasonable.  Likewise, the person’s act does not fall into any of the aforesaid exceptions.

 

This person is fully entitled to assert a digital privacy right to be “let alone”. One can choose not to have any improper friends, and not to read any obscene books, but can still enjoy full privacy rights over one’s personal information. It literally means that being a decent netizen should not compromise one’s digital privacy rights. The content of the information stored in a password-secured account, if it is nothing unlawful, should not dictate if and how the person would enjoy the right to privacy.

 

The above scenario shows that the content-based approach taken by the BIC is not fair because it makes users’ digital privacy rights conditional on the content of personal information, i.e., if the information includes any embarrassing content or not. This approach leads to the unfair conclusion that being a decent netizen, one has nothing shameful to hide and therefore would not have reasonable expectation of digital privacy.

 

Conclusion

 

With the storage and processing of exabytes of data, social media users’ concerns about their privacy have been on the rise in recent years. Incidents of illegal use of data and data breaches have alerted many users and caused them to reconsider their interaction with social media and the security of their personal data.

The disputes caused by unauthorized use of personal information over the internet have spiked in the privacy law landscape. The Beijing Internet Court’s present decision, which echoes with the same court’s decision on the “Dou Yin (Tik Tok Chinese version) collection of personal information” case, [13] is among the first few decisions made by Chinese courts on this controversial issue. Significantly, the decision might impact ongoing litigation stemming from similar disputes. Other courts around the country might follow suit. Therefore, it is imperative to have a more clear and fair approach towards defining reasonable digital privacy expectation.

In the era of big data, defining privacy is under pressure in the digital world. As Bill Gates put it: “whether it’s digital cameras or satellites or just what you click on, we need to have more explicit rules — not just for governments but for private companies.” [14]

 

 




[1] Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 16142.

[2]  China Cybersecurity Law, Article 43, provides, “Where an individual finds that any network operator collects or uses his or her personal information in violation of the provisions of any law, administrative regulation or the agreement of both parties, the individual shall be entitled to request the network operator to delete his or her personal information. If the individual finds that his or her personal information collected or stored by the network operator has any error, he or she shall be entitled to request the network operator to make corrections. The network operator shall take measures to delete the information or correct the error.”

[3] Eric Hughes, The Cypherpunk Manifesto (1993), see https://www.activism.net/cypherpunk/manifesto.html.

[4] See https://iapp.org/about/what-is-privacy/.

[5] Article 1032, China Civil Code (2021).

[6] The Fourth Amendment of the US Constitution, ratified on December 15, 1791, protects the right of people “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”

[7]See Katz v. United States, 389 U.S. 347 (1967). Concurring opinion written by Justice Harlan.

[8] See Smith v. Maryland, 442 U.S. 735, 743-44 (1979).

[9] See Katz v. United States, 389 U.S. 347 (1967).

[10] See https://civillaw.com.cn/bo/t/?id=37410.

[11] Ibid.

[12] See https://www.igi-global.com/dictionary/privacy-data-protection-towards-elderly/23405.

[13]See Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 6694.

[14] See https://www.oipc.bc.ca/news/quote-of-the-day-bill-gates/.


  • 相关资讯 More
  • 点击次数: 1000005
    2024 - 06 - 14
    作者:常春在专利法实践中,专利申请文件的撰写要求高度精确和详细,以确保其技术方案能够被明确、完整地公开。其中,使用方程式限定的特征在专利申请文件中并不少见,尤其是在涉及复杂技术领域的发明时。方程式中包含多个变量时,清晰界定各变量的数值范围及其相互关系,是确保专利说明书公开充分的关键。本文将详细探讨这一问题,并结合实际案例分析其重要性。一、专利说明书公开充分的法律基础专利法要求专利说明书必须对发明做出充分公开,以使所属技术领域的技术人员能够据此实施发明。这一要求在各国专利法中均有体现。例如:· 中国《专利法》 第26条规定,专利申请的说明书应当对发明或者实用新型做出清楚、完整的说明,以所属技术领域的技术人员能够实现为准。· 美国专利法(35 U.S.C. § 112) 规定,说明书应包含对发明的书面描述、充分公开和清楚的说明,以使本领域技术人员能够制造和使用发明。· 欧洲专利公约(EPC) 第83条规定,专利申请必须对发明作出足够清楚和完整的公开,以使本领域技术人员能够实施发明。这些法律条款共同指向一个核心目标:确保专利申请文件能够提供足够的信息,使得本领域的技术人员在不需要进行创造性劳动或过度实验的情况下,能够实施发明。二、使用方程式限定的特征的挑战在某些技术领域,如化学、物理、工程等,发明的特征往往通过数学方程式来限定。这些方程式可能涉及多个变量,每个变量代表发明的一个关键参数。例如,在化学反应中,温度、压力、浓度等变量通过方程式关系共同决定反应的结果。在此类情况下,如何明确界定这些变量的数值范围及其相互关系,成为说明书公开充分的关键。1. 数值范围的界定数值范围的界定是确保发明可实施性的基础。对于多变量方程式,各变量的数值范围必须在说明书中明确说明。这不仅包括各变量的具体...
  • 点击次数: 11
    2024 - 06 - 07
    作者:王辉有关医疗补助费问题,鉴于涉及医疗补助费的相关法律规定立法层级较低且部分标准又不明确,《中华人民共和国劳动合同法》对此亦未有规定,自从劳动部关于印发《违反和解除劳动合同的经济补偿办法》的通知(劳部发[1994]481号)被废止后,司法实践中对于相关争议的处理缺乏统一裁审标准,下文笔者拟就本人所在北京地区相关问题进行粗浅探析。一、医疗补助费含义及其享受条件“医疗补助费”是指劳动者患病或非因工负伤,因医疗期满被用人单位解除或者终止劳动合同,经劳动(能力)鉴定委员会参照工伤与职业病致残程度鉴定标准进行劳动能力鉴定,当劳动者丧失劳动能力达到一定程度时,由用人单位额外向劳动者支付的费用。可见,劳动者要享受医疗补助费需满足如下条件:1、医疗期满或医疗终结;2、经由劳动(能力)鉴定委员会“参照工伤与职业病致残程度鉴定标准”进行劳动能力鉴定、鉴定结论符合相关等级;3、用人单位解除或终止劳动合同。二、有关规定(一)国家层面之规定1.原劳动部《关于贯彻执行〈中华人民共和国劳动法〉若干问题的意见的》通知(劳部发[1995]309号)第35条规定:“请长病假的职工在医疗期满后,能从事原工作的,可以继续履行劳动合同;医疗期满后仍不能从事原工作也不能从事由单位另行安排的工作的,由劳动鉴定委员会参照工伤与职业病致残程度鉴定标准进行劳动能力鉴定。被鉴定为一至四级的,应当退出劳动岗位,解除劳动关系,办理因病或非因工负伤退休退职手续,享受相应的退休退职待遇;被鉴定为五至十级的,用人单位可以解除劳动合同,并按规定支付经济补偿金和医疗补助费。”2.原劳动部《关于实行劳动合同制度若干问题的通知》(劳部发[1996]354号)第22条规定:“劳动者患病或者非因工负伤,合同期满终止劳动合同的,用人单位应当支付不低于六个月工资的医疗补助费;对患重病或绝症的,还应适当增加医疗补助费。”3.原劳动部办公厅《关于对劳部...
  • 点击次数: 1000010
    2024 - 04 - 26
    作者:曲淼在电子商务蓬勃发展的时代背景下,电子商务为消费者提供了更广泛的选择,催生出了一系列新型的消费模式,也加速了企业的市场竞争。大量的第三方“测评”博主、“种草”机构应运而生,内容涵盖美妆、数码、美食、服饰等各大领域。第三方测评似乎更能贴近普通人的生活,更具有代入感,“买前看测评”已成为不少年轻群体的消费习惯。然而在行业参与主体的良莠不齐、标准的缺失及监管的缺位的前提下,“测评”、“种草”视频或文章的制作与发布者为追求更多的“流量”、更高的收益,往往将测评当作营销工具,看似公平的第三方测评实质上却与产品厂家进行了利益绑定,更有甚者在未实际购买、使用过的情况下发布虚假的测评结果和有失公平的言论。这不仅为测评发布者和制作者带来了一定的法律风险,更会损害消费者的合法权益。本文结合杭州老爸评测科技有限公司(“老爸评测”)诉广州市优测终享科技有限公司(“小红花测评”)一案,从法律的观点出发浅析真实测评与商业诋毁的界限。 案情简介:原告“老爸评测”、被告“小红花测评”均系民间评测机构,在微博、抖音、知乎、小红花、哔哩哔哩等网络媒体均拥有大量粉丝群体。“小红花测评”、陶某从2021年4月开始发布关于“315打假老爸评测”的系列文章以及短视频、直播,指出“老爸评测”“虚假评测、制造恐慌、误导粉丝、以次充好,并推荐、销售违规有害产品”等问题,涉及内容包括魔术擦、乳胶床垫、儿童湿巾、免洗洗手液、戴可思系列产品以及对“老爸抽检”流程的评测等。老爸评测”及其创始人魏文锋遂向杭州铁路运输法院提起商业诋毁的诉讼。“老爸评测”认为,上述视频、文章和直播在内容上严重违背了事实,系虚假的、误导性言论,极易导致消费者对其及其销售的产品产生质疑,对“老爸评测”的测评能力产生否定评价,故要求两被告立即停止一切针对原告的商业诋毁等不正当竞争行为,赔礼道歉、消除影响,连带赔偿200万元。“小红花测评”答...
  • 点击次数: 1000008
    2024 - 04 - 19
    作者:刘艳玲作为商标权人,你对自己的注册商标拥有垄断权,可以许可其他人使用你的注册商标。通过与被许可人之间签订许可协议,商标权人可以获得许可费作为一笔营收或收入,相应地被许可人获得你的商标使用权。商标使用许可合同中一般会约定许可期限、许可范围和许可费。许可合同需要在合同签订之日起3个月内由商标权人向国家知识产权局报送备案,否则该许可合同不能对抗善意第三人。这里的善意第三人是针对不同被许可人之间的关系,属于商标许可意义上的对抗而非商标侵权意义上的对抗。未经备案并不影响商标权人或独占许可人等有起诉资格的人进行商标维权[1]。商标许可使用的类型包括独占使用许可、排他使用许可和普通使用许可,被许可人仅能按照许可合同中约定的类型使用商标,并符合《商标法》第43条规定的管理规范。 商标能反映产品或服务的起源、质量以及留在消费者中的独特印象。随着商标的知名度越高,商标权人的市场地位也越强,商标的经济价值也越高,与此同时商标的保护力度也越强。商标权人在进行销售区域扩展时,可以考虑利用商标使用许可的方式与某一地区或某一国的经销商增进更多的商务合作可能性。例如,在品牌管理下,汽配市场中的店铺未经商标权人本田公司的许可擅自使用中国的核准注册商标“本田”、“HONDA”等标识做招牌是侵犯商标权的。我们知道,未经商标权人的许可,在相同商品上使用与注册商标相同的商标;在相同商品上使用与注册商标近似的商标或在类似商品上使用于注册商标相同或近似的商标,容易导致混淆的;属于侵犯注册商标权。根据《商标法》第63条的规定,权利人的损失或者侵权人获得的利益难易确定的,参照该商标许可使用费的倍数合理确定。那么司法实践中,是如何根据商标许可使用费来确定侵权赔偿额的呢? 由于商标使用许可在国内并没有形成一个惯常使用的方法,法院需要基于真实实际的许可使用合同作为证据来计算侵权赔偿额,因此以商标许可使用费作为赔偿基准的判决...
× 扫一扫,关注微信公众号
北京市铭盾律师事务所 www.mdlaw.cn
Copyright© 2008 - 2020北京市铭盾律师事务所京ICP备09063742号-1犀牛云提供企业云服务
X
1

QQ设置

3

SKYPE 设置

4

阿里旺旺设置

5

电话号码管理

6

二维码管理

展开