| 摘要: |
| 源于新浪微博诉脉脉案的“三重授权原则”,要求数据获取企业在获取数据持有企业的用户数据时,需满足用户对数据持有企业、用户对数据获取企业,以及数据持有企业对数据获取企业的“三重授权”。将这一原则普遍适用于所有数据类型并不妥当。企业间数据获取规则应根据数据类型的不同而作类型化构建: 获取可识别的原生数据时,需获得用户同意,无须数据持有企业的同意;获取非可识别的衍生数据无需取得用户同意,但需取得企业同意;获取可识别的衍生数据需同时获得用户和企业的同意;获取非可识别的原生数据时,无须取得用户同意,是否需取得企业同意取决于数据是否公开。 |
| 关键词: 企业数据权 三重授权原则 原生数据 衍生数据 不正当竞争 |
| DOI: |
| 分类号: |
| 基金项目: |
|
| Reflections on the “Triple Authorization Principle” of Enterprise Data Acquisition and Its Typological Construction |
|
Xu Wei
|
|
|
| Abstract: |
| The Triple Authorization Principle, which was first raised in Sina Weibo v. Maimai, requires three authorization before a data collector collects data from a data holder: the Internet user's authorization to data holder, the Internet user's authorization to the data collector, and the data holder's authorization to the data collector. This principle should not be applied to all kinds of data. The basic rules of data collection among companies should be decided by the category of data: in the case of collecting identifiable and original data, the Internet user's rather than the data holder's consent is required; when collecting unidentifiable and derived data, the data holder's rather than the Internet user's consent is required; when it encounters to identifiable and derived data, both the Internet user and the data holder's consent are required; as for the unidentifiable and original data, the Internet user's consent is not required, and the data holder's consent is mandatory or not depends on whether the data is publicly available. |
| Key words: Company's Data Rights, the Triple Authorization Principle, Original Data, Derived Data, Unfair Competition |
