Using IP umbrella to shield data shows legal gaps

In the age of the digital economy, data must be seen as one of the core factors of production. Yet, laws and regulations covering the data industry appear somewhat underdeveloped, with overarching and clear rules still to be established for many areas of data-related rights, functions and interests.

Data is usually understood as intangible assets similar to intellectual achievements, with its protectable value measured by “contributions”. However, it can be argued that data is not a product of creation by its nature, and thus not an object of IP protection. This article looks at the feasibility of, and trends in, protecting data rights within the IP law regime.

LEGISLATION ON DATA RIGHTS

Does a data processor have rights to the data processed? If yes, what is the right? Data, in its nature, is information recorded electronically or otherwise. However, is “information” a subject matter of the civil law, or does it fall within the category of works or trade secrets in the realm of intellectual property?

The law gives no clear answer and academics are split on the matter.

Article 127 of the Civil Code provides that, “where there are legal provisions, particularly providing for the protection of rights in data and online virtual assets, such provisions shall be followed”. Since this article is found in the code’s Chapter V: Civil Law Rights, it implies that civil subjects enjoy certain civil law rights to data. However, what are “such provisions” as stated in “such provisions shall be followed”?

The Data Security Law, which came into effect in 2021, does not answer this question. It imposes data security obligations on all parties involved in data processing, and protects the state and public interests related to data processing from a regulatory perspective. However, the law provides little for the value generated by participants in data processing, or the relevant rights they are entitled to.

On 2 December 2022, the Chinese Communist Party Central Committee and the State Council issued the Guidance on Building a Basic System for Data to Give Better Play to the Role of Data Elements. Unlike the Data Security Law, this guidance innovatively classifies data into public data, corporate data and personal data, and introduces three separate data-related rights, namely, the right to hold data resources, the right to process and use data, and the right to operate data products.

The guidance implies the legislators’ basic approach to addressing the above-mentioned questions. Maintaining the security of data, as a set of information, is bound to be intertwined with the protection of personal rights and property rights. Therefore, only by distinguishing data types can we determine which laws are applicable in regulating data processing activities. It is the first step to solving the puzzle of protecting data rights.

The second step is to grant different rights to participants in different links of the data value chain. According to the guidance, the data-related rights have the characteristics of property rights, but are neither ownership nor a real right other than ownership. This may be due to the exclusiveness of real rights, which contravenes the public nature of data, reflecting the prudence of legislators.

On 27 March 2023, the Zhejiang Provincial Administration for Market Regulation promulgated the Measures for the Registration of Intellectual Property Rights to Data in Zhejiang Province (Trial) (Draft for Comment), attempting to directly address the issue with another new solution: data processors are entitled to apply for the registration of IP rights to data that are lawfully collected, processed with certain algorithms, and with practical value and intellectual achievements. As there is no apparent difference between such IP rights and copyrights, the holder may pledge to trade with, or license others with, these rights.

To avoid conflict with the rights of the data subjects, data processors must anonymise and de-identify the data prior to application to ensure that the data cannot be restored to its original form, so as to protect the personal information security of the data subjects. The data subjects may raise objections during the notification period to safeguard their legitimate rights and interests.

At present, Zhejiang’s data-related IP system has begun to take shape, setting out a complete range of requirements for registration procedures, exercise of rights, supervision and management. However, the registration measures are more akin to standard operating procedures, lacking insight into the nature and content of data-related IP rights. As a result, many jurisprudential problems have arisen from the creation of data-related IP rights.

JUDICIAL PRACTICE

Many disputes over data collection and processing have emerged in recent years, and court orders are mostly grounded in either trade secret protections or anti-unfair competition.

Trade secret protection. Although trade secrets do not constitute a type of “intellectual property” in legal terms, they are usually protected by the Anti-Unfair Competition Law (AUCL) as objects similar to IP. In practice, data is protected as trade secrets in many data-related disputes.

In the civil judgment of Nansha District People’s Court in Guangzhou on Yue 0015 Min Chu No. 16941 (2021), the court held that:

1. The documents in question contained the clients’ names and contact information, which were not easily accessed by the public;
2. The purchase orders and other materials submitted by the plaintiff proved that the documents in question had commercial value; and
3. The plaintiff created the tables through the data security system and required its employees to assume the obligation of confidentiality, which was sufficient to prove that confidentiality measures were taken. Therefore, the documents in question have demonstrated the non-public, valuable and confidential characteristics of trade secrets, and the defendant shall compensate the plaintiff for its losses caused by the infringement.

This is a typical case of maintaining rights in data from the perspective of trade secrets. Trade secrets and data have several things in common. According to article 9 of the AUCL, a trade secret refers to any commercial information unknown to the public, including but not limited to technology or business information, with commercial value, and for which its lawful holder has taken proper confidentiality measures.

Data, on the other hand, is the raw material to represent information. So, both trade secrets and data are information in essence, and the data that meets those legal requirements can be identified as trade secrets. Therefore, illegally obtaining or processing data is also an act of trade secret infringement, which is why the court can cite provisions of the AUCL on trade secret protection.

Naturally, protecting data as trade secrets has its limitations. In particular, plenty of data, such as securities price information, originated from open channels, with inadequate secrecy required for trade secret protection. Some data, such as real-time traffic information, has no value unless made public and thus cannot apply to confidentiality measures. Protecting such data as trade secrets may not be justified.

Anti-unfair competition. In some disputes over data interests, as the data involved cannot be recognised as trade secrets, the court orders are grounded in the general provisions of the AUCL. In such cases, the court often argues that the data (product) has generated economic benefits and competitive advantages for the plaintiff, and the illegal acquisition and processing of such data undermines the competitive position of the plaintiff, which constitutes an act of unfair competition. These cases did not affirm the absolute “rights” to data, but rather recognised the relative competitive “interests” of data controllers in the data.

In Taobao v Meijing (2018), a dispute over unfair competition, the court affirmed the plaintiff’s independent “property interests” in data. The reason why the court used the word “interests” instead of “rights” is mainly because data is not an object of IP rights, nor a subject matter of the civil law.

Only by using the word “interests” can the protection of plaintiff’s interests be justified without violating the statutory principle of real rights. Furthermore, the court pointed out that the products involved created a competitive advantage for Taobao, and the defendant’s behaviour evidently undermined this advantage, thus constituting unfair competition.

In addition to e-commerce platforms, social media platforms are also important participants in the data industry. In 2022, the Beijing Intellectual Property Court held, in the civil judgment of Yifang Software v Weimeng Chuangke Network Technology (2019), that online data is capable of being integrated and is interactive in nature, and the platform operator should tolerate lawful collection and use of public data by others.

In other words, the data is divided between public data and non-public data. In this judgment, the court conveys the idea that data protection is not about finding a one-size-fits-all solution, but should be differentiated for various data types with the goal of encouraging technological innovation and progress.

FEASIBILITY AND PROSPECTS

Is it possible to protect data rights under the intellectual property umbrella? It is true that the data-related IP system can fundamentally solve the problems about ownership and protection of data interests, thus unleashing the potential of data, exploring the ways of using data elements and expanding the data market. However, there are apparent differences between data and other objects of IP rights, as well as theoretical and practical dilemmas in data-related IP protection.

IP is exclusive and represents a legitimate monopoly, which means that the rights holder is entitled to prohibit a third party from collecting and processing the data over which it has acquired monopoly. However, large amounts of public data not protected by confidentiality measures or access restrictions have already taken on the characteristics of “public goods”, to which exclusiveness is neither reasonable nor realistic. If the data is subject to absolute monopoly, data resources will inevitably fall under the control of a small group of subjects.

Unlike the objects of traditional IP protection, data is not a product of creation, but inherently has primitive and public attributes. The traditional forms of IP protection will probably lead to data monopoly and unavailability of data sources for analytics and application. Such protection of data interests will be a hurdle to data industry development, rather than a catalyst for market innovation.

If data-related IP protection is subject to the rules and regulations relevant to fair use, serving as a curb on data monopoly, then how do we define “fair use”? What are the similarities and differences between such fair use and “competition” under the AUCL in judicial practice? Are there universal rules for the fair use of data?

Similar to the frameworks of the traditional IP system, data-related IP protections must take into account the balance between the interests of data controllers, data users and the public. It is necessary to grant certain interests, even a near-monopoly, to the original owners of data and participants in the process of data formation. On the other hand, such protection should avoid stifling the circulation of data while allowing and encouraging its broader use.

Yang Xun is a partner at Llinks Law Offices. He can be contacted by phone at +86 21 3135 8799 or by e-mail at xun.yang@llinkslaw.com
Yan Yi is a paralegal at Llinks Law Offices.