The Way to Optimize the Right to Personal Data Portability in Chinese Practice——Based on Empirical Analysis of the Privacy Policies of 66 Mobile Apps

Although the existing legal norms and judicial practic-es can provide basic guidance for the right to personal data portabili-ty, it can be concluded that there are obstacles to the realization of this right through empirical research of the privacy policies of 66 mobile apps, such as whether they have stipulations on the right to personal data portability, whether they are able to derive copies of personal in-formation automatically, whether there are textual examples, whether ID verification is required, whether the copied documents are encrypt-ed, and whether the scope of personal information involved is consis-tent. This gap in practice, on the one hand, reflects the misunderstand-ing of the right to personal data portability, and on the other hand, is a result of the negative externalities, practical costs and technical lim-itations of the right to personal data portability. Based on rethinking the right to data portability, we can somehow solve practical problems concerning the right to personal data portability through multiple measures such as promoting the fulfillment of this right by legislation, optimizing technology-oriented operations, refining response process mechanisms, and enhancing system interoperability.

Personal Data Use and Morality in the E-Business Environment

This paper deals with personal data use by firms in the e-business environment from the viewpoint of business administration and information ethics. Whereas the tremendous development of information and communication technology (ICT) has made it easier for firms to acquire, store, share, and utilise personal data on their customers, firms that use personal data are exposed to risks related to privacy issues. Since individuals fear the invasion of their privacy, the failure of a firm to appear or remain trustworthy would make it difficult for it to maintain accurate, up-to-date databases and to construct desirable business processes, which would affect the bottom line. Therefore, modern firms should do what they can to ensure that their customers trust them. For them, one promising way to remain trustworthy is to behave as a moral agent. Although it is difficult for any firm to meet the conditions necessary to be a moral agent, competence in behaving as a moral agent is a hard-to-imitate capability af firms for which personal data use is vital for enjoying the benefits of business relationships in the e-business environment.

On the Right to the Protection of Personal Data as a Constitutional Right

The right to the protection of personal data is an important human right in the era of big data and a constitutional right based on the national protection obligation and the theory of human dignity,making it of special significance for the realization of citizenship in a digital society.It can be seen from an examination of the constitutional texts of various countries in the world that the right to the protection of personal data as a constitutional right has rich normative connotations,and the key legal link to realize this right lies in the national legislature actively fulfilling its obligation to shape and specify the protection of personal data in accordance with the entrustment of the constitutional norms.Given the constitutional principles of fundamental rights protection,i.e.,realizing the constitutional status of the right to the protection of personal data as a basic right by means of institutional guarantees,the legislature should first adhere to the constitutionality principle of data protection legislation.Second,a multi-level data protection legal system centered on the right to the protection of personal data should be established.Finally,the institutional guarantee mechanism for the protection of personal data should be continuously improved through constitutional interpretation.

Personal data security and stock crash risk:Evidence from China’s Cybersecurity Law

Using China’s Cybersecurity Law(CSL)as an exogenous shock,I examine how personal data security affects stock crash risk.I find that the stock crash risk of treatment firms(which collect personal data)significantly decreases after the CSL,and such decrease is larger when firms face greater personal data breach risk and have less transparent information environments before the CSL.Furthermore,treatment firms increase their investment in personal data protection after the CSL.Finally,enhanced personal data security increases firm value and promotes firms’social responsibility to stakeholders.Overall,I provide evidence of the importance of data security for the digital economy from the perspective of capital market stability,which may present implica-tions for data security policy worldwide.

A Pricing Model for Big Personal Data

Big Personal Data is growing explosively. Consequently, an increasing number of internet users are drowning in a sea of data. Big Personal Data has enormous commercial value; it is a new kind of data asset. An urgent problem has thus arisen in the data market： How to price Big Personal Data fairly and reasonably. This paper proposes a pricing model for Big Personal Data based on tuple granularity, with the help of comparative analysis of existing data pricing models and strategies. This model is put forward to implement positive rating and reverse pricing for Big Personal Data by investigating data attributes that affect data value, and analyzing how the value of data tuples varies with information entropy, weight value, data reference index, cost, and other factors. The model can be adjusted dynamically according to these parameters. With increases in data scale, reductions in its cost,and improvements in its quality, Big Personal Data users can thereby obtain greater benefits.

Personal Data Rights in the Era of Big Data

Personal data rights in the era of big data involve coordination of the protection of civil rights and interests of natural persons on the one hand and the freedom of data companies’data activities on the other.Personal data can be the object of civil rights and as such should be regulated and protected through the system of private rights.The right of natural persons to personal data is aimed at protecting their self-determination interests in relation to those data and thus preventing the infringement of existing personal and property rights due to the illegal collection and use of personal data.Unlike real right,the right of natural persons to personal data is not an absolute right that can be positively employed;it is protected by tort law only if its infringement leads to the infringement of other civil rights.Data companies’right to personal data derives from their factual actions in legally collecting,storing and paying for these data.The data rights of data companies are a new type of property right.Their protection cannot be left solely to anti-unfair competition law;rather,they should receive systematic protection as absolute rights.

Comparative Study on the Legal Regulation of a Cross-Border Flow of Personal Data and Its Inspiration to China

In the context of today's big data and cloud computing,the global flow of data has become a powerful driver for international economic and investment growth.The EU and the U.S.have created two different paths for the legal regulation of the cross-border flow of personal data due to their respective historical traditions and realistic demands.The requirements for data protection have shown significant differences.The EU advocates localization of data and firmly restricts cross-border flow of personal data.The U.S.tends to protect personal data through industry self-regulation and government law enforcement.At the same time,these two paths also merge and supplement with each other.Based on this,China needs to learn from the legal regulatory paths of the EU and the US,respectively,to establish a legal idea that places equal emphasis on personal data protection and the development of the information industry.In terms of domestic law,the Cybersecurity Law of the People's Republic of China needs to be improved and supplemented by relevant supporting legislation to improve the operability of the law;the industry self-discipline guidelines should be established;and various types of cross-border data need to be classified and supervised.In terms of international law,it is necessary to participate in international cooperation based on the priority of data sovereignty and promote the signing of bilateral,multilateral agreements,and international treaties on the cross-border flow of personal data.

Allocating Personal Data Rights: Toward Resolving Conflicts of Interest over Personal Data

Conflicts of interest over personal data arise from the variety of legal subjects involved and the value of personal data in today’s information society.This article attempts to resolve such conflicts of interest by examining the possibility of allocating data rights which balance competing interests.It suggests that the allocation of personal data rights should follow certain rules to ensure that the interests of relevant data subjects are protected.By examining the reasons for conflicts of interest over personal data,as well as the subjects and substance of such conflicts,the article puts forward an appropriate approach for allocating personal data rights by balancing the interests of different data subjects.For source data subjects,personal data rights are allocated,to protect personal information and data property interests;for data controllers,data property rights are allocated to protect their data property interests when they make data valuable,meanwhile liabilities are allocated to data controller,in case of infringing on other subjects'interests;for data supervisors(mostly the government),allocating the right to protect or make use of data on behalf of public interests and the power of supervising data use industry;for the data users,they are allocated data property rights with the consents of source data subjects and data controllers when make use of data.

Legal Coordination of Conflicts of Interests among Stakeholders in the Processing of Personal Data

The processing of personal data involves various stakeholders,such as natural persons,personal data processors,and supervisors.These stakeholders process or supervise personal data based on their respective interests or duties.However,because several interests are involved,conflicts may occur due to the value of the data in question.This paper builds a theoretical framework based on the methodology of interest measurement to alleviate conflicts of interest concerning data.It explores,from the perspectives of rights,obligations,and liabilities,the supervisors’duty of protecting the public interest.Regarding personal data of natural persons,corresponding rights are allocated according to the relevant provisions of the Civil Code and the Personal Information Protection Law of the People’s Republic of China.For personal data processors in superior positions,obligations and liabilities are allocated according to the relevant provisions of the above laws,and in light of the core of reasonable restrictions on individual standards against society’s standards,the duties of supervisors and protection of public interests are clearly defined.

Lessons Learned as President of the Institute for Systems Biology(2000–2018)

I stepped down as president of the Institute for Systems Biol- ogy （ISB） on Jan 1, 2018. As I think about my 17-year term as President, I am astounded at how much I have learned, not only about science but also about, among other things, what it takes to build a unique world-class institution.