Data, in the age of the digital economy, has gained unprecedented attention at both the international and national levels. In China, the Action Outline for Promoting the Development of Big Data was issued in 2015, and then the Opinions of the CPC Central Committee and the State Council on Improving the Systems and Mechanisms for Market-based Allocation of Factors of Production issued on March, 2020 officially added data to the list of factors of production, after land, labor, capital and technology. Recently, China stepped up its focus on data-related law-making processes. The Personal Information Protection Law (Draft) and Data Security Law (Draft) have already been put forward for consideration. Additionally, the Global Initiative on Data Security proposed on September, 2020 advocates for a global consensus on data security and seeks opportunities for data cooperation in the digital economy.
Data has near-unlimited potential, and the key to activating the value of data lies in how to promote the circulation of data elements, expand the supply of production materials, and create new ways of supplying production elements. Based on ensuring that the basic rights of individuals are not infringed, all countries are actively exploring the design of systems and rules that meet the development needs of the times, to maximize the free flow and efficient use of data. In all these efforts, Data portability rules are worthy of attention and discussion. After years of deliberation, data portability finally officially found expression in the EU’s General Data Protection Regulation (“GDPR”) that took effect in 2018. The EU’s WP29 also issued the Guidelines on the Right to Data Portability in 2017, which further develops the legal framework for data portability and provides specific behavioral guidance for data stakeholders.
In China, data portability has aroused extensive discussions. There have been fierce debates about the issue, including competition concerns that data portability might trigger. At present, China has not formally adopted data portability rules, but it is heavily discussed at the theoretical level. Traces of Data Portability can be seen in recent Chinese laws and judicial decisions.
II. Academic Discussions on Data Portability in China
The form of data portability stipulated in Article 20 of the GDPR grants data subjects the right to access and receive personal data2 from the original data controller, and the right to transfer the data to other controllers. For the data subject, this right enables the data subject to have a stronger data control capacity; for the data controller, this right imposes on the data controller the obligations that the data should perform in the process of data migration. This right promotes the free flow of data within the EU, and to a certain extent, it will also lead to increased competition among data controllers. As a new type of right, data portability is also constantly improving and developing. Therefore, even if the design of this right is originally designed for good, it still causes a lot of worries and discussions in China.
A. Propositions and Reasons Why China Should Not Introduce Data Portability
Up to now, a considerable number of scholars in China who are concerned about the issue of data portability have written papers or articles and published their opposition to the introduction of data portability. After sorting out, this paper found that the reasons for the overall oppositions mainly come from the following concerns:
- National Difference and the Timing: unlike the EU, China has a large number of Internet companies. In the era of data-driven digital economy, it is not appropriate to set too high standards for data protection, nor to impose excessive responsibilities and obligations on enterprises, so as not to hinder the development and international competitiveness of data enterprises;3 In addition, data portability is not a single independent right item, and requires the cooperation of other legal provisions. However, China’s current data legal system is not yet fully mature and lacks the legal soil to introduce data portability4, and other scholars believe that it is not suitable for the introduction until the industry has adequately been investigated and tested in practice.5
- Inherent Flaws of Data Portability: Data portability has its own inherent shortcomings such as technical risks and its difficulty to operate in practice.6 Not only is it difficult to implement technically, but it is also quite complicated in practice. In addition, there is also the issue of data security. Data portability regulations make the transmission and transfer of personal data very frequent, and this frequent transfer provides opportunities for malicious attacks.
- Compliance Costs for Data Controllers: The implementation of data portability will increase the burden on data controllers, especially the compliance costs of some small and medium-sized enterprises will greatly increase, because it means that enterprises have to invest more energy, technology and manpower to comply with related rules and regulations.7 In addition, as far as data controllers are concerned, it may also lead to a “free-riding effect” in obtaining data, undermining the willingness and enthusiasm of enterprises to actively invest in collecting, storing, and protecting data. Furthermore, even if it is enforced, the increased compliance costs of enterprises will eventually be passed on to consumers, who will ultimately suffer.
- Competition and Innovation: Data portability is contrary to the goals pursued by the competition policy.8 It will not only hinder the enthusiasm of market players to participate in the competition, but will ultimately reduce the well-being of consumers.
B. Arguments that China Should Consider Introducing Data Portability
In favor of China’s introduction of data portability, the views mainly explain the positive effects of data portability from the aspects of consumers, enterprises, and market competition. These views are also generally consistent with the original purpose of the EU’s original intention to develop data portability. However, among these views, in addition to affirming the benefits of data portability, there are also views expressing that it should be introduced slowly or after modification.
1. Positive Impact of Data Portability: Firstly, from the consumer’s point of view, data portability not only affirms and strengthens consumers’ personal control and use rights over their data and information, but also gives consumers more possibilities to independently choose market products or services. While reducing the cost of switching between consumer products, it can also improve consumers’ diversified experience of products or services and their trust in data controllers, which in turn can stimulate consumers’ willingness to contribute personal data to enrich data market supply.
Secondly, from the perspective of data controllers, for companies that have formed certain data advantages, the acceptance and implementation of data portability is a good opportunity to show market regulators and consumers their strength, credibility, and integrity. This is also a business strategy that can create more market opportunities;9 for companies that have just entered or even have not yet entered the existing market, data portability has broken through the barriers to market access, greatly reducing the entry-related difficulty of this type of company. The threshold of the market allows these companies to compete freely and equally with existing market players.
Finally, from the perspective of competition and innovation incentives, data portability can effectively promote the free flow of data among market entities, avoiding companies that have a market advantage based on data from implementing behaviors that exclude and restrict competition, and ensure that market competition is conducted in an efficient, fair, free and orderly manner. At the same time, the technical requirements achieved by data portability can also promote the standardization process in the data field and increase the interoperability of data processing between various data controllers. The design of data portability rules helps to promote the independent and orderly flow of data elements, improve the efficiency of the allocation of data elements, and then promote the continuous innovation of information technology and drive the development of the digital economy.
2. Arguments that China should Slowly Introduce or Remodel Its Entry: (1) In addition to seeing the many benefits of data portability, some scholars have also noticed the concerns of opponents of data portability, so they expressed their views on partial or slow introduction of such rules. This kind of view believes that the development of big data economy in China and the EU is different. Therefore, the construction of data portability in China’s Personal Information Protection Law should take a slower path, that is, the establishment of data receiving rights in advance to effectively enhance the data subject’s for data control; when conditions are ripe, the right to transfer data can be considered to be included.
(2) There are also views that suggest that data portability should be reintroduced after transformation. Such views believe that China should not blindly introduce or blindly reject the right to data portability. It should be based on specific national conditions, learn from its experience and make localized choices. In order to strike a balance between the development of China’s data industry and the protection of the rights and interests of individual data subjects, we should construct the content of portability suitable for China.10 The introduction of the right to data portability in China should not be implemented in one step, but should be implemented gradually by industry and by stages.11 Some scholars have further constructed the path selection of data portability in China,12 and some scholars have also outlined how to localize the design of the Chinese version of data portability in the relevant laws and regulations that are currently in force in China or are being formulated and drafted. 13 In General, this kind of view advocates treating data portability dialectically, absorbing the essence, removing the dross, and then based on China’s actual national conditions, adjusting and transforming data portability before introducing the application.
III. “Data Portability” and its Influence in China
Although data portability has not yet officially become a definitive and effective right in China, and there are still many controversies in the academic circle, some traces of data portability can be found in the recent relevant laws and regulations and judicial practices in China. From these traces, it can be seen that data portability is scattered in various levels and types of legal norms and standards, but the cases in judicial practice mainly involve China’s Anti-unfair Competition Law.
A. “Data Portability” in China’s Legal Norms
China’s previous laws and regulations on privacy, personal information and data are scattered throughout different specific laws and regulations. However, in recent years, China has accelerated the legislative work in this field, from the Cyber Security Law implemented in June 2017 to the Personal Information Protection Law (Draft), Biosecurity Law (Draft), and Data Security Law (Draft), China has gradually moved from decentralized legislation to unified legislation. In addition to the level of legal provisions, judicial interpretations, regulations, local regulations, and various standard guidelines have also been issued in large numbers or are being drafted, and relevant regulatory documents have emerged from scratch, and develop from rough to detailed. China’s Civil Code, which is scheduled to take effect on January 1, 2021, sets provisions in principle in article 111, Article 999, Article 127 of the General Provisions, and stipulates in the Chapter VI of the Sub-Provisions. The right to privacy and the protection of personal information have also provided a basis for related legislative work.
Specifically, for data portability, similar regulations in China were first reflected in Article 16 “Right to Information Portability” in the Personal Information Protection Law (Draft) (hereinafter referred to as the “Draft”) published in March 2017. It is basically consistent with the content of EU GDPR data portability rights. The word “Information Portability” appears directly in Article 1114 of the Draft (2017), and Article 1615 of the Draft (2017) further stipulates the “Right to Information Portability”, which clearly stipulates the information subjects possess the right to obtain copies and the right to transfer personal information, but the prerequisites for the exercise of the latter rights need to be based on “technically feasible.” On October 21, 2020, the new Personal Information Protection Law (Draft-2020)” was announced and publicly solicited public opinions. However, it is worth noting that in the Draft (2020), the relevant provisions of data portability have been deleted, and no trace of it can be found.
In addition to legal provisions, China has also issued a large number of standards and guidelines. Article 8.616 of the non-mandatory national standard Information security technology—Personal information security specification (GB/T 35273—2020) took into effect on October 1, 2020 stipulates that personal information subjects can obtain copies of personal information. The article further stipulates that “on the premise of technically feasible, directly transmit a copy of … personal information to a third party designated by the subject of personal information.” Although the GB/T 35273—2020 does not directly use the term “Data Portability”, the article actually covers the acquisition and transfer of copies of the information by the information subject. It is worth noting that, unlike the EU GDPR regulations, the GB/T 35273—2020 limits the scope of data migration to only two types of personal information: (1) the basic information and identity information of the information subject; (2) Personal health and physiological information, education and occupational information.
The People’s Bank of China issued the “Implementation Measures of the People’s Bank of China for Protecting Financial Consumers’ Rights and Interests (Draft for Comments)” 17on December 27, 2019. The Article 36 of the Implementation Measures says “[….] Financial institutions are encouraged to transfer their financial information to other financial institutions designated by financial consumers on the premise of technical feasibility and based on the request of financial consumers.” Although the Implementation Measures does not provide for the right to obtain copies, it directly stipulates the financial information migration rights of consumers in the financial sector. This can be understood as the embodiment of “data portability” in specific industries.
In the field of e-commerce and express delivery, The Guiding Opinions of the State Post Bureau and the Ministry of Commerce on Regulating the Interconnection and Sharing of Data between Express Delivery and E-commerce Industries18 jointly issued by the State Post Bureau and the Ministry of Commerce in June 2019 also proposed that under the premise of ensuring user information security, e-commerce operators and those operating express delivery services are encouraged Enterprises carry out data interconnection and sharing in accordance with relevant standards to jointly improve distribution efficiency.
In addition, in the telecommunications sector, the Provisions on Switching Telecoms Carriers While Keeping Phone Numbers Unchanged issued by the Ministry of Industry and Information Technology of China on December 1, 2019 stipulates that users of cellular mobile communications (excluding Internet of Things users) may apply to telecom operators for transference service in accordance with these provisions. Meanwhile, it is stipulated that telecom operators should clearly inform users of the risks and losses they may face through transference service in appropriate ways, and obtain the user’s confirmation. Although this rule does not directly invoke “data portability”, it is not only reminiscent of the 2002 European General Service Regulations, but also stipulates that users of public telephone services and mobile services can retain their Numbers independently of the business providing the service. The General Service Regulation has always been regarded as the original source of “data portability.” It is not difficult to see that the General Service Regulation is similar to the number portability service provided by the three major telecommunication operators in China.19 In recent years, China’s three major telecom operators began to provide the service of transferring passengers to the Internet. At that time, there were some opinions that it harmed the inherent commercial interests of enterprises, but in fact, it promoted the competition among enterprises, which ultimately benefited consumers and increased social welfare.
B. “Data Portability” in Chinese Judicial Cases
In the past, most cases related to personal information in China would be classified under the category of civil rights such as privacy rights for settlement, or, more serious, would prompt the attention of the Criminal Law. However, in recent years, disputes between companies due to data have occurred one after another, and many well-known companies have been involved. This shows that data has become an important resource that Internet companies are currently competing for. From 2011 to 2020, data-related disputes of all sizes have been brought to the court continuously, and the court’s trial thoughts on these cases and the results of the judgment have also been paid much attention to. After studying these cases, we can find out the footprints of data portability. This paper has selected some typical cases to get a glimpse of the evolution of data portability in Chinese judicial practice.
1. Case One
In December 2016, the Beijing Intellectual Property Court ruled on a case of “unfair competition dispute over illegally capturing user information” in the second instance.20 This case was selected as one of the “Top Ten Cases of Judicial Protection of Intellectual Property Rights Issued by Beijing Courts in 2016.” It is a very typical case of data-related disputes in China. The key issues involved in the case and the thinking of the court’s judgment also became the focus of academic debate.
In this case, the plaintiff claimed that the defendant used software to illegally capture and use user information on the plaintiff’s platform, including avatars, names (nicknames), professional information, educational information, user-defined labels, and user-published content. The plaintiff believed that this behavior constitutes unfair competition. After comparison of evidence and trial, the court finally found that the defendant’s behavior violated the Anti-unfair Competition Law. This case is one of China’s earlier cases involving the sharing and transfer of user information between different platforms under the Open API model, and this has also triggered discussions on the rights and protection of user information and derived data.
One of the important highlights of the judgment in this case is the innovative proposal of the “triple authorization principle”, that is, different platforms should adhere to the triple authorization principle of “user authorization + platform authorization + user authorization” when obtaining user information, otherwise it may violate the principle of good faith and Internet business ethics and then constitute anti-unfair competition. It is worth noting that data portability did not receive enough attention in China at that time, and data portability was not directly mentioned in this case. However, the proposal of the triple authorization principle actually affirmed the basic rights and interests enjoyed by users in their data. It also requires that the transfer of personal data must be subject to the authorization of the data subject. This laid the foundation for data portability’s subsequent emergence and concerns in China.
2. Case Two
In December 2018, there was another case of unfair competition dispute over derived data in China.21 This case was called “The first case involving a new type of data resource development application and ownership determination”, and it was also selected as “Top Ten Civil Administrative Cases in People’s Courts of the Year 2018” and “50 Typical IP Cases in Chinese Courts in 2018.”
In this case, the plaintiff argued that the original data and derivative data in the data product involved are its intangible assets, and the plaintiff has the property ownership in this case; the data product involved is the plaintiff’s core competitive interests, and the defendant’s actions have already affected the data product involved. It constituted a substantial substitution, and maliciously undermined the plaintiff’s business model and then constituted unfair competition. The defendant argued that the data content of the data product involved was user information provided by network users, and network users had property rights to the information provided, and the plaintiff had no right to claim.
Regarding the question of who has the right to claim the data involved in the case, the court finally affirmed the user’s rights to the original information, and at the same time determined the plaintiff’s “competitive property interest” in the derivative data, which also made this case a typical and significant case. Although this case still has not directly involved the concept of data portability, careful observation shows that the court has divided the boundaries of the legitimacy of stakeholders’ behavior in data portability, and has also dealt with issues such as adhesion involved in data portability. Therefore, this case can be regarded as data portability in China’s relevant components of the development.
3. Case Three
In June 2020, the Hangzhou Internet Court tried and judged a data rights dispute case in China.22 This case is called China’s “the first case of unfair competition in data rights caused by group control software.” In this case, the defendant used the personal number function module operating on the group control software developed and operated by it to be embedded in the personal social software product operated by the plaintiff to assist the users who purchased the software service to develop business marketing management activities on the platform.
The plaintiff believed that the defendant’s actions hindered the normal operation of the platform, damaged the plaintiff’s data rights and interests in data collected on its platform, violated the provisions of the Anti-unfair Competition Law, and constituted unfair competition. During the trial of this case, the defendant directly raised the defense of “the right to portability of personal data”, believing that the rights and interests of the social data of the accused software users and their buyers and friends shall belong to the users. The users shall have the right to carry their personal data, and the way they choose to backup and store their personal data has nothing to do with the data controller. The two plaintiffs do not have any rights and interests in the user information they control.
In response to this defense, the court ruled that even if the defendant gained the license from related business users on plaintiff’s platform or business users have “the right to data portability” over the their data on plaintiff’s platform, but the relevant operating data in this case are not involved in the user information unilaterally, it also involved the personal account data of other users who are business users’ friends in the plaintiff’s platform and the user data jointly provided by business users and their friends through mutual intersection. The defendant, without authorization, transfers the data of users without their knowledge to be stored or used by himself, which did not meet the user’s basic requirement of “the right to data portability” and constituted an infringement on the plaintiff’s user information rights.
It is worth noting that during the trial and judgment of this case, data portability has attracted a lot of attention and discussion in China. Unlike the aforementioned cases that indirectly involved data portability, this case is so far the first case in China that came across directly in data portability, and the court also responded to it.
IV. “Data Portability” in China: Choice, Challenges and Potential Future Developments
From the previous discussion on the introduction of data portability in China, as well as the current embodiment of data portability in China’s legal norms and judicial practice, it can be seen that the emergence of data portability in China is a gradual and progressive development process, and at present China has a high level of attention on data portability, and the dimensions of study and analysis are also diverse. At the same time, the construction of rules and the handling of disputes in practice are simultaneously exploring and trying to respond to the introduction of data portability in China. Through the analysis of the status quo of data portability at the theoretical and practical levels in China, the development of personal information and data in China can also be observed.
A. Path Choice and Challenge
Based on the above analysis, although the earlier cases involved disputes over data portability, it did not cause sufficient discussion in China at that time, so it was not formally mentioned until 2020 in judicial cases. At the legal norm level, it first appeared in the Personal Information Protection Law (draft-2017) but it was removed in the latest version draft (2020). It can be seen from the evolution of data portability in China that data portability and its upper concept personal data or data protection are also experiencing multiple contradictory processing and multiple path choices in China.
First of all, as for personal information or data, China has not yet reached a consensus on its legal attributes at the legislative level. Thinking and discussion about whether it is “Right” or “Interest” is still in progress, but the judgments of judicial cases have clearly pointed out that personal data and its derivative data have “competitive property benefits.” Secondly, the choice of protection path was initially handled through civil norms such as the Tort Liability Law and the Consumer Rights Protection Law. Later, there were also views that it should be handled under the Intellectual Property Law. The exploration of the levels is mostly the design of rules in the field of private law, but practical disputes are basically resolved in accordance with the Anti-unfair Competition Law. It can be seen that China is currently facing challenges such as the choice of multiple protection paths and the coordination of potential conflicts between multiple departments. Finally, in the case of data portability, whether China needs to introduce it, how to introduce it, and other issues still face the aforementioned two choices. In addition, at the level of law enforcement, issues such as administrative leadership or private parties’ independent resolution also require further demonstration and thought.
B. Current Concerns under the Anti-Unfair Competition Law
In China, there are still disputes about whether data portability promotes or hinders competition. The creation of data portability is based on the theoretical basis that data portability can reduce the market dominator’s monopoly on the market and improve the market competition environment, so that new companies can use data to innovate services and attract customers from existing services come. Under the framework of data portability, data subjects can switch to and use services provided by different service providers at low or even zero cost, thereby reducing the lock-in effect of service conversion.23 However, there are also views that data portability will hinder the enthusiasm of market players to participate in competition, and will ultimately reduce the well-being of consumers. Although there are still controversies at the theoretical level, related disputes have already appeared in practice. From the current practice, it can be seen that China has the following points worthy of attention and discussion when dealing with data portability related disputes under the Anti-unfair Competition Law:
First, the court basically recognized that certain data enjoys “competitive property benefits”, and the latest case shows that the court also initially affirmed the “right to data portability” enjoyed by data subjects of their personal data. With the development of data portability in China, it can be foreseen that more footprints of data portability will appear in judicial practice in the future. Second, many basic issues of the anti-unfair competition law were involved in this dispute, such as the identification of competition relationships, the establishment of unfair competition behavior, and the determination of tort liability, which are often the focus of disputes between the two parties.24 In recent years, the phenomenon of “injunction first” often appears in cases, that is, measures of behavioral injunctions are taken before the actual trial of the case. In such new cases, the issue of how to determine the injunction standards still needs further discussion. Finally, it is worth noting that local anti-unfair competition legislation is also exploring data acquisition and utilization, such as the Article 21 of the Regulations on Anti-Unfair Competition (Revised Draft) (draft for comments) promulgated by Shanghai on October 9, 2020 stipulates that operators who use technological means to obtain network data from other operators shall not violate relevant laws, regulations, business rules, and industry practices. The use of the acquired data shall not impair the legitimate rights and interests of the acquired party or disturb the order of fair competition.
V. Conclusion and Outlook
At present, China is stepping up the formulation and promulgation of a series of laws and regulations such as the Personal Information Protection Law and the Data Security Law, and data legislation is also moving towards a unified legislation model. The key points of strengthening protection and promotion of openness, data utilization and security are also weighed and achieved in the relevant legislative process of China. In addition to the top-level design at the national level, local governments are also actively working on local exploration, especially Shenzhen, which is the first province in China to explore the “data property rights” system in the Comprehensive Reform Pilot Implementation Plan for Building a Pilot Demonstration Zone of Socialism with Chinese Characteristics (2020-2025). In the future development trend, this paper believes that personal information, data and other topics will be a point of concern from multiple perspectives and fields, and this determines that data protection and the adjustment of data legal relations will also be diverse. Therefore, even if unified legislation is introduced in the future, it does not mean that competition law will no longer play a role. Various departmental laws can still start from their own legal interests, complement each other, and jointly promote the protection and use of data.
In terms of data portability, this paper submits that one-sided opposition and consent are irrational. Many disputes have arisen in practice in China: therefore the discussion of this problem is both a theoretical and a practical necessity. Therefore, based on the current situation in China, dialectical discussion and analysis of the introduction of data portability require more systematic and empirical bases. For example, in order to further promote data circulation between enterprises, China’s data portability rules could also consider breaking through the main body of the EU GDPR. The subject of data portability is not necessarily limited to a single natural person, but can also be extended to legal persons and other organizations. In addition, the protection of personal information and data governance are also a global issue. As mentioned in the Global Initiative on Data Security in September 2020, seizing digital opportunities and seeking cooperation for development are also important issues facing all countries.
1 Meiling Xu, PHD Candidate of Peking University Law School; Visiting Scholar at University of California, Berkeley. Wei Han, Associate Professor at University of Chinese Academy of Social Sciences.
2 In China, “personal data” is generally referred to as “personal information.” Unless otherwise specified, “personal information” in the Chinese context can be equated to “personal data” commonly used at the international level, and “data subject” corresponds to “information subject.”
3 Hui-qiang Xing, On the Introduction of Right to Data Portability in China——From the Perspective of Open Bank, Journal of Political Science and Law, 2020(02):14-24.
4 Congjing Ran & Mo Zhang, Study on the Data Portability of EU GDPR and Its Reference for China, Journal of Information Resources Management, 2019,9(02):25-33+45.
5 Lin Xie & Jun-sen Zeng, A Review of the Right to Data Portability, Electronics Intellectual Property, 2019(01):28-39.
6 Fu-ping Gao & Chao Yu, Study on right to data portability of European Union, Big Data Research, 2016(04):102-107.
8 Yue Zhu, The Distinction and Complementation between the GDPR Right to Data Portability and Competition Law Remedy, Journal of Beijing College of Politics and Law, 2020(01):49-56.
9 Cai-xia Zeng & Xue-zhong Zhu, The Role, Limitations and Enlightenment of the EU Data Portability Right in Regulating Data Monopoly: Taking Data Access as a Research Approach, Deutschland-Studien, 2020,35(01):133-147+164.
10 Hai-tao Shang, The Moderate Path of Data Portability Right in China, Journal of Science, Technology and Law, 2020(01):86-94.
12 Xin-Hua Fu, Analysis of the Dual Path of Data Portability: Focusing on Personal Data Protection Law and Competition Law, Journal of Henan University (Social Science), 2019,59(05):65-69.
13 Cai-xia Zeng & Xue-zhong Zhu, The Role, Limitations and Enlightenment of the EU Data Portability Right in Regulating Data Monopoly: Taking Data Access as a Research Approach, Deutschland-Studien, 2020,35(01):133-147+164.
14 Article 11 of Personal Information Protection Law (Draft-2017): [Personal Information Rights] The personal information rights of natural persons include information decision, information confidentiality, information inquiry, information correction, information blockade, information deletion, information portability, and the right to be forgotten, and the right to dispose, control, and exclude others’ infringement of personal information in accordance with the law.
15 Article 16 of Personal Information Protection Law (Draft-2017): [Information Portability] The information subject has the right to obtain the corresponding copy of the personal information collected and processed by it, and can directly request the information controller to transmit such personal information to another controller when the technology is available and feasible.
16 Information security technology—Personal information (PI) security specification
8.6 [Obtaining a Copy of Personal Information]
According to the request of a Personal Information Subject, the Personal Information Controller should provide the Personal Information Subject with a method to obtain a copy of the following Personal Information, or where technically feasible, transmit a copy of the following Personal Information to the third party designated by the Personal Information Subject:
- a) Basic Personal Information and identity information;
- b) Personal health and physiological information, education and occupational information.
17 Level of Authority: Departmental Regulatory Documents
18 Level of Authority: Departmental Regulatory Documents
20 This case has gone through two trials. The first-instance judgment was made by the People’s Court of Haidian District, Beijing. The case number is: (2015) Haimin (Zhi) Chu Zi No. 12602; the second-instance judgment was made by the Beijing Intellectual Property Court with the case number: (2016) Jing 73 Min Zhong No. 588; the first instance judgment was upheld in the second instance.
21 This case has gone through two trials. The first instance judgment was made by Zhejiang Hangzhou Railway Transportation Court, the case number is: (2017) Zhejiang 8601 Minchu No. 4034; the second instance was made by the Hangzhou Intermediate People’s Court of Zhejiang Province, and the case number is: (2018) Zhejiang 01 Minzhong No. 7312.
22 For details of this case, please see https://www.chinacourt.org/article/detail/2020/06/id/5264431.shtml
23 Cai-xia Zeng & Xue-zhong Zhu, The Role, Limitations and Enlightenment of the EU Data Portability Right in Regulating Data Monopoly: Taking Data Access as a Research Approach, Deutschland-Studien, 2020,35(01):133-147+164.
24 Wei Han & Yajie Gao, Promote Openness or Strengthen Protection? Application of Law to Data Competition in China, CPI Antitrust Chronicle, Spring 2018, Volume 1, Number 2.