Language

The WeRead Case: Discussion on Reasonable Digital Privacy Expectation

Authored by Yingying Zhu

 

March 2021

Each of us leaves a lasting digital footprint on the internet and would expect businesses that we are dealing with could treat our digital privacy with reasonable care and consideration. Can users have a reasonable privacy expectation in the friends made and the books read online? The Beijing Internet Court in its recently released WeRead judgment holds that, friends list and reading data are not eligible for privacy protection in the case under dispute but nevertheless entitled to protection as personal information.

Background

The judgment is in relation to a dispute between an individual, Huang, a user of a book reading app named WeRead, and the digital giant, Tencent, the operator of the most successful social media in China, WeChat, and its sister app WeRead. The WeRead app wishes to set up an app-based reading community, where people who enjoy reading can read & connect. The plaintiff Huang was complaining that WeRead sneaked away her friends list from WeChat and then automatically turned those who are also subscribers of WeRead as her connections. Huang was also complaining that the information regarding the books she read and how she felt about the reading was widely open to all her connections without her permission while she intended to keep such information private. In its defense, the defendant Tencent alleged that users’ friends list and reading data were obtained with a preapproval from users therefore it should not be held liable for the utilization of the data.

Decision of Beijing Internet Court[1]

The Beijing Internet Court (hereinafter the “BIC”), the Court of First Instance, decides that Huang’s friends list and reading data shall not be categorized as private information, hence not eligible for privacy protection.

To define what constitutes private information, the BIC’s reasoning is based on the classification of the following three layers of personal information:

1.     personal information reasonably recognized by the society as private information, such as one’s sextual orientation, sex life, history of disease and unreleased criminal records, etc.

2.     personal information on which one may hold a defensive expectation or a utilization expectation; and

3.     general information that has no traits of privacy at all.

 

The BIC holds, because one’s friends list and reading data do not constitute private information as listed in layer 1 in the above classification, Tencent is not liable for invasion of the plaintiff’s privacy.

 

The BIC goes on to reason that one’s friends list and reading data shall be classified under layer 2 in the above classification, where the information is considered personal but not private and therefore the emphasis of protection is to give the data subject a right to decide whether to hide or to use such information.

 

The BIC further holds that in this case the plaintiff did not get the chance to decide how to deal with her personal information, because Tencent failed to give proper and transparent notices to the plaintiff and failed to obtain her affirmative consent before utilizing the information under dispute. The BIC then decides that Tencent should be held liable for violation of the plaintiff’s legitimate interests in her personal information. The BIC’s decision is majorly based on Article 43 of the Cybersecurity Law of China. [2]

Discussion

1.    What is Privacy?

According to Eric Hughes, an American mathematician, computer programmer, and cypherpunk, “Privacy is the power to selectively reveal oneself to the world.” [3] Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.[4]

 

The Civil Code of China (2021) defines privacy as peace in a person’s private life and the private space, private activities and private information that a person does not intend for others to know.[5]

 

As a governing law, the Civil Code’s definition of privacy is vague. As we know, privacy varies greatly from person to person: while one person may be comfortable with showing his or her diet recipe online, another person may be embarrassed to let others know how little (or how much) he or she eats over a meal. Similarly, while one person may be at ease with disclosing many details of his or her personal life to online social connections, another person may feel ashamed of posting anything personal on the internet. So exactly what kind of privacy does the Civil Code protect? Some guidance from a concurring opinion in a US Supreme Court decision might shed some light on this.

 

2.    Reasonable Expectation of Privacy

To define the right to privacy under the Fourth Amendment, [6]  the US Supreme Court Justice John Marshall Harlan, in his concurring opinion in Katz, [7]  formulated a “reasonable expectation of privacy” test. The test has two prongs:

1)     the person must exhibit an “actual (subjective) expectation of privacy”; and

2)     society recognizes the expectation as “reasonable.”

The Katz “reasonable expectation of privacy” test, while particularly useful in terms of defining privacy, also provokes further questions: what is reasonable? where to draw the line between “reasonable” expectation and expectation that is “unreasonable”? These questions matter hugely in today’s digital world, because every time a user creates a new account at an online platform, the user provides information with personal details, including name, birthdate, geographic location, and personal interests, etc. Users are entitled to know if they can have a “reasonable expectation of privacy” in such information and if such expectation could be respected by the platform.

 

3.    Exceptions to the Reasonable Expectation of Privacy

 

There are several recognized exceptions to the reasonable expectation of privacy, such as the Third-Party Doctrine, which means once an individual invests a third party with information, and voluntarily agrees to share information with a recipient, the individual loses any reasonable expectation of privacy in that information, [8] and the Voluntary consent Doctrine, which means individuals lose a reasonable expectation of privacy when they consent to a search of private information.[9]Other exceptions include the following: unlawful information is not protectable by the law and therefore there should be no reasonable expectation of privacy,[10] and public disclosure of private information will cause forfeiture of any reasonable expectation of privacy.[11]

 

4.    Where did the Court draw the Line?

 

The BIC obviously referenced the Katz test by reasoning that “the privateness in the information that one does not intend to disclose depends on a subjective intent, however, such subjective intent shall be reasonably recognized by the society.”

 

Then the BIC made the point that the information about one’s social relationship could only invoke reasonable expectation of privacy under the following circumstances: the relationship between the data subject and certain connections would be too intimate to let others know, or the disclosure of some social relationship would negatively affect the data subject’s social image.

 

With respect to the book reading data, the BIC made another similar point that one could only have reasonable expectation of privacy in one’s reading data if certain reading contents fall into some private and secret information region or the reading data, when generated at certain amounts, would reflect negatively on the data subject.

 

Then the BIC commented that the plaintiff’s online social relationship, i.e., the listed friends, is being identified by open-ID, profile and nickname, which should not show the real social relationship or the degree of intimacy between the plaintiff and her social connections. The BIC also went through the contents of the plaintiff’s reading data and found that neither of the two books displayed to her connections would cause any damage to the plaintiff’s social image. The plaintiff’s reading data therefore should not be categorized as private information, hence no reasonable privacy expectation in the data.

 

In a nutshell, the BIC was defining “reasonable expectation of privacy” in the digital world based on the content of certain information. If a piece of information contains nothing intimate or cannot reflect negatively on the data subject, then the data subject should not have a “reasonable expectation of privacy” in the information. The content-based approach is how the BIC drew the line between privacy and non-privacy related information.

 

5.    Content-based Approach is not Fair

 

The BIC’s views on this issue are deeply disturbing. Back to the definition of privacy, broadly speaking, privacy is the right to be “let alone”. It means when a person walks into an isolated space, the person could expect to be in a state in which one is not observed or disturbed by other people,[12] as long as nothing illegal is ongoing under the roof. By applying the Katz test, this person has a reasonable expectation of privacy because the person demonstrates a subjective expectation of privacy by “walking into the isolated space”, which is well recognized by the society as reasonable.  Furthermore, the person’s act does not fall into any of the aforesaid exceptions.

 

 In solitude, a decent citizen could expect the same degree of privacy as much as anyone would. The right to privacy does not depend on whether something shameful is being conducted inside that isolated space. The right to privacy does not depend on the activity happened inside. Instead, it depends on whether one’s demonstration of intent to be let alone could be accepted as reasonable by the society. However, under the content-based approach, a decent citizen would have less expectation of privacy than someone who conducts shameful behaviour in solitude, and this approach apparently leads to unfair results.

 

Here comes the digital world version of the above scenario. When an individual, like the plaintiff Huang, subscribes to open an account at an online platform, like WeRead, and secures it with a password, this would create an isolated space where this person could expect digital privacy. By applying the Katz test, this individual has a reasonable expectation of privacy as he or she demonstrates a subjective expectation of privacy by “creating a password-secured account”, which is well recognized by the society as reasonable.  Likewise, the person’s act does not fall into any of the aforesaid exceptions.

 

This person is fully entitled to assert a digital privacy right to be “let alone”. One can choose not to have any improper friends, and not to read any obscene books, but can still enjoy full privacy rights over one’s personal information. It literally means that being a decent netizen should not compromise one’s digital privacy rights. The content of the information stored in a password-secured account, if it is nothing unlawful, should not dictate if and how the person would enjoy the right to privacy.

 

The above scenario shows that the content-based approach taken by the BIC is not fair because it makes users’ digital privacy rights conditional on the content of personal information, i.e., if the information includes any embarrassing content or not. This approach leads to the unfair conclusion that being a decent netizen, one has nothing shameful to hide and therefore would not have reasonable expectation of digital privacy.

 

Conclusion

 

With the storage and processing of exabytes of data, social media users’ concerns about their privacy have been on the rise in recent years. Incidents of illegal use of data and data breaches have alerted many users and caused them to reconsider their interaction with social media and the security of their personal data.

The disputes caused by unauthorized use of personal information over the internet have spiked in the privacy law landscape. The Beijing Internet Court’s present decision, which echoes with the same court’s decision on the “Dou Yin (Tik Tok Chinese version) collection of personal information” case, [13] is among the first few decisions made by Chinese courts on this controversial issue. Significantly, the decision might impact ongoing litigation stemming from similar disputes. Other courts around the country might follow suit. Therefore, it is imperative to have a more clear and fair approach towards defining reasonable digital privacy expectation.

In the era of big data, defining privacy is under pressure in the digital world. As Bill Gates put it: “whether it’s digital cameras or satellites or just what you click on, we need to have more explicit rules — not just for governments but for private companies.” [14]

 

 




[1] Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 16142.

[2]  China Cybersecurity Law, Article 43, provides, “Where an individual finds that any network operator collects or uses his or her personal information in violation of the provisions of any law, administrative regulation or the agreement of both parties, the individual shall be entitled to request the network operator to delete his or her personal information. If the individual finds that his or her personal information collected or stored by the network operator has any error, he or she shall be entitled to request the network operator to make corrections. The network operator shall take measures to delete the information or correct the error.”

[3] Eric Hughes, The Cypherpunk Manifesto (1993), see https://www.activism.net/cypherpunk/manifesto.html.

[4] See https://iapp.org/about/what-is-privacy/.

[5] Article 1032, China Civil Code (2021).

[6] The Fourth Amendment of the US Constitution, ratified on December 15, 1791, protects the right of people “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”

[7]See Katz v. United States, 389 U.S. 347 (1967). Concurring opinion written by Justice Harlan.

[8] See Smith v. Maryland, 442 U.S. 735, 743-44 (1979).

[9] See Katz v. United States, 389 U.S. 347 (1967).

[10] See https://civillaw.com.cn/bo/t/?id=37410.

[11] Ibid.

[12] See https://www.igi-global.com/dictionary/privacy-data-protection-towards-elderly/23405.

[13]See Beijing Internet Court, (2019) Jing 0491Min Chu Zi No. 6694.

[14] See https://www.oipc.bc.ca/news/quote-of-the-day-bill-gates/.


  • 相关资讯 More
  • 点击次数: 5
    2023 - 01 - 13
    作者:李标田经常有人咨询,对方坚决不同意同意,说拖也要拖死我的,在离婚案件中,被告到底能拖多久?今天就从法律层面和大家分享一下这个问题,在弄清楚能拖多久之前,我们先梳理一下我国现行的离婚方式。我国现行的离婚只有二种方式,一种是协议离婚,另一种是诉讼离婚。协议离婚就是夫妻双方都同意离婚,并且双方对孩子抚养权、抚养费、探视权以及财产如何分割等问题达成协议,双方自愿去民政局申请离婚登记,然后经过30天的离婚冷静期,双方在去民政局办理离婚手续,这个过程最快需要32天。如果一方不同意离婚,或者对孩子抚养权、抚养费、探视权以及财产如何分割等问题达不成协议,而另一方又坚定离婚,这个时候就不能协议离婚了,只能去法院诉讼离婚,诉讼离婚能否成功?以及被告就是不同意离婚,最长能拖多久?根据《民法典》相关条款的规定,法院认定应该判决离婚的唯一标准是夫妻之间感情破裂,在离婚诉讼中法院如何认定夫妻之间感情破裂?又分为2种情况,一种是有法定的感情破裂判决离婚认定标准,另一种就是没有法定认定感情破裂的标准,而是根据法院实务经验总结出来的认定标准。我们分别来讨论,先分析《民法典》第一千零七十九条的规定法定判决离婚情况,主要有以下几种:有下列情形之一,调解无效的,应当准予离婚:(一)重婚或者与他人同居;(二)实施家庭暴力或者虐待、遗弃家庭成员;(三)有赌博、吸毒等恶习屡教不改;(四)因感情不和分居满二年;(五)其他导致夫妻感情破裂的情形。经人民法院判决不准离婚后,双方又分居满一年,一方再次提起离婚诉讼的,应当准予离婚。针对上述的规定,我们一一分析。第一种是重婚或者与他人同居,这儿需要注意的,民法典规定的是重婚或与他人同居,而不是出轨,根据最高人民法院关于适用《中华人民共和国民法典》婚姻家庭编的解释(一)的第二条:“民法典第一千零四十二条、第一千零七十九条、第一千零九十一条规定的“与他人同居”的情形,是指有配偶...
  • 点击次数: 11
    2022 - 12 - 30
    作者:张琳为了保护公司的商业秘密,公司可与负有保密义务的员工签订竞业限制协议,限制员工在离职后的一定期限内不得到与公司存在竞争关系的其他公司工作或自己经营、从事同类业务。竞业限制在保护公司商业秘密的同时,对员工的择业自由构成了一定的限制,因此公司通过在竞业限制期限内向员工支付经济补偿的方式弥补员工因此可能遭受的损失。竞业限制协议主要是为了保护公司的商业秘密,因此相关法律和司法解释赋与公司任意解除权,但对员工的解除权进行了较为严格的限制,仅在《最高人民法院关于审理劳动争议案件适用法律问题的解释(一)》(2021年1月1日实施)第三十八条规定:“当事人在劳动合同或者保密协议中约定了竞业限制和经济补偿,劳动合同解除或者终止后,因用人单位的原因导致三个月未支付经济补偿,劳动者请求解除竞业限制约定的,人民法院应予支持。”但是,由于有些员工对竞业限制解除的相关法律规定认识不足,认为只要公司不按时支付竞业限制经济补偿,员工就不用履行竞业限制义务,导致在实践中产生了大量的劳动纠纷。现本文拟通过北京地区的二个案例来分析和探讨上述法律问题。由于各地和不同时期的司法实践有所差异,本文的分析过程可能不够全面系统,分析结果仅供大家参考借鉴。一、案例简介案例一:北京市东城区人民法院(2015)东民初字第02422号一审民事判决书、北京市第二中级人民法院(2015)二中民终字第05775号二审民事判决书刘先生与某金融设备公司于2011年7月4日签订劳动合同,2014年10月10日签订竞业限制协议,约定竞业限制期间为劳动合同解除或终止后6个月内,列举了相应的竞争公司,约定了竞业限制补偿费标准且第一个月的竞业限制补偿费将由劳动关系终止或解除的工资结算同时发放至刘先生的工资卡,以后每月的竞业限制补偿将于每月发薪日转账至被告工资卡,还约定了任何一方违反竞业限制约定,违约方应向另一方支付竞业限制违约金,数额为已付...
  • 点击次数: 7
    2022 - 12 - 23
    作者:金涟伊2021年10月28日发布的《“十四五”国家知识产权保护和运用规划》中指出,要“推动企业实施商标品牌战略,加强商标品牌资产管理,强化商标使用导向,支持开展海外商标布局,培育具有市场竞争力、国际影响力的知名商标品牌”。加强建设高质量的商标品牌,企业可以从做好商标管理做起,注册商标和未注册商标的管理重点略有区别。 一、注册商标的管理 注册商标是由企业向国家知识产权局提交申请,经国家知识产权局审核通过并公告注册的商标。商标注册后可获得商标注册证,列明该商标的注册号、商标标识、核定使用商品或服务类别及项目、注册人、注册人地址、注册日期及有效期等信息。商标注册证记载该商标的关键信息,是商标注册人拥有商标专用权的重要凭证,企业应当注意留存。并且商标专用权届满前,企业应根据需要及时续展。 实践中,为向公众宣告商标已获准注册,企业可在使用注册商标时在该商标右上角标注注册商标标志“®”,同时应在使用中注意以下几点: 1、 应注意保存使用证据 根据商标法第四十九条的规定,注册商标没有正当理由连续三年不使用的,任何单位或者个人可以向商标局申请撤销该注册商标。合法合规地使用注册商标并妥善留存商标使用证据是企业商标管理的重点内容。 商标使用证据的主要形式可分为书面材料及实物材料。书面材料包括交易文书、产品检验报告、加工销售合同发票、宣传海报、媒体广告材料、荣誉资质证书等;实物材料包括承载商标的产品容器、标签、说明手册、包装盒、服务场所装潢等。如需提交复印件或照片的,应委托公证机关办理公证。 2、 应注意维护商标专用权 商标获准注册后,商标注册人便在核定使用的商品服务上享有商标专用权,可对侵犯其商标专用权的情况主动进行商标行政、司法保护,以维护合法权益。积极维护商标权有助于企业建立...
  • 点击次数: 7
    2022 - 12 - 16
    作者:李标田笔者代理一个离婚案件,大概案情是男女双方于2011年12月同居,同居期间财产混同,2013年5月份在北京购房,登记在男方名下,首付资金240万元,贷款260万元,100万元来源男方父母,其余140万元来源于同居期间的共同财产,双方于2015年1月登记结婚,现在双方因为感情不和要求离婚,双方有分割财产产生争议。该房屋是按份共有还是共同共有?我们在分析案涉房屋属于按份共有还是共同共有之前,需要分析当事人的婚姻关系起算时间,这个非常重要。案涉的当事人于2011年12月同居,2015年1月补办结婚证,根据我们以往的经验,补办结婚证之前的同居分为两种情形:一种是双方不具备结婚的实质要件,如未达法定婚龄,或者一方有家庭,对于这类情形,登记的效力肯定不能追认,同居期间的财产不能认定为夫妻共同财产;另一种是同居时双方已具备结婚实质要件,只是未领结婚证的情形,对此争议比较大:有的观点认为根据民法典第一千零四十九条既然规定了允许双方补办登记,那么登记的效力就应追溯到双方具备实质结婚要件的同居期间,对同居期间的财产应按夫妻共同财产处理。当然,也有不同观点则认为婚姻是以登记结婚为准,我国现行的民法典已不承认事实婚姻,民法典第一千零四十九条明确规定“完成结婚登记,即确立婚姻关系”,如果追认补办前同居行为,亦变现的承认事实婚姻,是和我们现行的法律矛盾。对于上述的二种不同观点,我们认为第一种观点是正确的,根据《最高人民法院关于适用〈中华人民共和国民法典〉婚姻家庭编的解释(一)》第6条规定,男女双方依据民法典第一千零四十九条规定补办结婚登记的,婚姻关系的效力从双方均符合民法典所规定的结婚的实质要件时起算。同时根据上述规定第七条规定:“未依据民法典第一千零四十九条规定办理结婚登记而以夫妻名义共同生活的男女,提起诉讼要求离婚的,应当区别对待:(1)1994年2月1日民政部《婚姻登记管理条例》公布实...
× 扫一扫,关注微信公众号
北京市铭盾律师事务所 www.mdlaw.cn
Copyright© 2008 - 2020北京市铭盾律师事务所京ICP备09063742号-1犀牛云提供企业云服务
X
1

QQ设置

3

SKYPE 设置

4

阿里旺旺设置

5

电话号码管理

6

二维码管理

展开