Introduction

In the digital economy era, data has become the fifth major production element after land, capital, technology, and labor (Central Committee of the Communist Party of China & State Council, 2020), serving as the core engine to drive digital economic development. The value of data elements is reflected in their circulation process, while data element circulation involves the entire life cycle of data, a process that has not yet been precisely defined. Various models, such as the CSA model (Atayero and Feyisetan, 2011), the DDI model (Emaldi et al. 2015), the Ecoinformatics model (Michener and Jones, 2012; Rüegg et al. 2014), the USGS model (Faundeen et al. 2013), as well as analyses by Tang Ke (2022) and Wang et al. (2022), have provided different descriptions. Data collection refers to obtaining raw data elements from various types of data sources, including data creation, acquisition, selection, discovery, reception, and extraction. Data processing refers to standardizing raw data, such as data encryption, processing, cleaning, maintenance, and format conversion. Data storage means storing and managing collected data and related contracts throughout the data flow process in structured or semi-structured form, including creating data indexes, backing up data and protocols, data recovery, and summarization. Data transactions refer to transferring data elements between different data subjects for the purpose of value exchange, including transaction preparation, matchmaking, delivery methods, pricing and deadlines, rights changes, signing transaction contracts, and settlement. Data usage refers to applying acquired data as a production factor in business, research, military, and civilian contexts to realize its value, such as reading, writing, analyzing, visualizing, mining, and reprocessing. These five stages cover the entire process of data element circulation and the entire lifecycle of data. This paper adopts this process, whereby different data subjects acquire, hold, and utilize data at each stage (Institute of Medicine et al. 2003), forming a complex network of interwoven data rights. Data rights refer to the rights of data subjects to autonomously decide on, control, process, benefit from, and seek compensation for damage related to specific data, for example data holding rights, data processing and usage rights, and data product operating rights. Clearly defining the rights subjects and their rights in data element circulation and establishing a reasonable data rights confirmation framework are crucial prerequisites for ensuring efficient and secure data circulation. Currently, research on data rights confirmation in major world economies mainly focuses on three levels: legal theory, academic theory, and practical implementation:

At the legal theory level, the European Union has developed a dualistic framework of data rights confirmation subjects based on “personal data and non-personal data,” which is increasingly mature. The United States has adopted a decentralized legislative model across federal and state levels, establishing a well-structured hierarchical judicial framework. In China, although there are no directly related regulations at the national level, some initial explorations have taken place at the local level in Guizhou, Shenzhen, and Shanghai. The data rights confirmation approaches of these three major economies each cover all stages of data element circulation, but the intensity and scope of protection for different stages and different data subjects vary significantly. At the academic theory level, research in the European Union and the United States primarily centers on protecting personal data rights (Evans, 2011; Safronov, 2021), while Chinese research places greater emphasis on distinguishing personal data, corporate data, and public data (Liu, 2019). There is a lack of systematic research that integrates data subjects with the various stages of data element circulation. At the practical level, judicial disputes are crucial research subjects. In the European Union, disputes often involve data privacy and security, as well as special rights concerning databases, frequently arising between personal data and corporate data. In the United States, disputes primarily pertain to data access rights and data usage rights, covering personal data, public data, and corporate data. In China, related disputes lack a clear legal basis and are mainly resolved from a commercial competition perspective, often occurring between corporate data subjects. In summary, major global economies do not yet have a comprehensive data rights confirmation framework capable of addressing the interests and needs of different data subjects, while ensuring the efficiency and security of data element circulation.

Therefore, this paper aims to build a “five rights separation” data rights confirmation framework based on the ternary data subjects, tailored to the process of data element circulation, in order to address the issues within existing data rights confirmation models. This paper adopts an evidence-based research methodology. Through text-mining-based quantitative analyses of the data rights confirmation models of the European Union, the United States, and China at the legal theory, academic theory, and practical levels, it compares and reflects on their advantages and disadvantages and proposes a theoretical framework for data rights confirmation oriented toward data element circulation.

The research framework of this paper is as follows: Chapter Two introduces the improved evidence-based research method. Chapter Three, from the perspective of data element circulation, employs a text-mining approach to quantitatively analyze the data rights confirmation systems in the European Union, the United States, and China, and compares and reflects on their advantages and disadvantages. Chapter Four applies the evidence-based research method to design a “five rights separation” data rights confirmation framework, oriented toward data element circulation and based on the ternary data subjects. Chapter Five uses the expert judgment method to compare and evaluate the proposed data rights confirmation framework against the existing systems in the European Union, the United States, and China, and verifies its effectiveness through real case studies. Chapter Six discusses the research contributions, limitations, and future prospects of this paper. Chapter Seven concludes by summarizing the content of this paper.

Research methodology

This paper adopts an evidence-based research method, aiming to integrate original research evidence to obtain higher-level, more universally significant scientific evidence (Zhou and Li, 2013). This method is intended to comprehensively analyze and interpret original scientific research results to address research questions and determine the sources of the research results (Gurevitch et al. 2018). The research question of this paper is “how to build a data rights confirmation framework that balances the interests and needs of different data subjects and effectively ensures the efficiency and security of data element circulation.” Using the European Union, the United States, and China as sources of evidence, this paper collects and analyzes data at the legal theory, academic theory, and practical levels, supporting the establishment of the proposed data rights confirmation framework and comparing, evaluating, and verifying its effectiveness.

The research steps are as follows:

  1. (1)

    Determine the research question, that is, the research objective of this paper, as mentioned above.

  2. (2)

    Retrieve relevant evidence and perform data mining, that is, collect valid textual data from authoritative data sources and extract high-dimensional features of the data through text mining methods. The data is divided into three levels: PR level (Policies & Regulations), SV level (Scholars’ Views in academic journals), and JC level (Judicial Cases). The PR level data comes from sources such as Congress, Curia, and Peking University Law Library. The SV level data comes from core databases such as WOS (Web of Science) and CNKI (China National Knowledge Infrastructure); the JC level data comes from sources such as Curia, CourtListener, and China Judgments Online. High-frequency keyword clustering and sentence-level semantic similarity analysis are used for policy inclination mining, keyword clustering for research focus mining in the literature, and qualitative text analysis combined with typical case descriptions for key points in judicial cases.

  3. (3)

    Comparative analysis of evidence, that is, graded, classified, and comprehensive analysis of the collected data. Compare the data rights confirmation models of the three major economies, evaluate their advantages and disadvantages, reflect on the issues observed, and explore directions for improvement to provide a reliable decision-making basis for constructing a data rights confirmation framework.

  4. (4)

    Apply the evidence and provide decision support, that is, design a data rights confirmation framework oriented to the data element circulation process based on the ternary data subjects and the “five rights separation,” and elaborate its theoretical logic and connotation based on the results of evidence analysis.

  5. (5)

    Comparative evaluation and practical validation of the framework, that is, using expert judgment, compare and evaluate the data rights confirmation framework designed in this paper with the rights confirmation frameworks of the EU model, US model, and China model from multiple perspectives, summarizing the advantages of the framework proposed in this paper, subsequently, simulate the proposed framework with real cases to verify its effectiveness and applicability in practical scenarios.

Comparative study of traditional approaches to data rights confirmation frameworks

Text mining

This paper employs text mining methods to analyze policy regulations documents, authoritative journal literature, and judicial case texts related to “Data Rights Confirmation” in the European Union, the United States, and China.

Introduction to text mining methods

  1. (1)

    Text Mining Methods for Policy and Regulatory Documents

The paper employs a high-frequency keyword clustering method to cluster the policy themes of these economic entities and uses a sentence-level text similarity calculation method to divide the policy stages. The specific steps are as follows:

Keyword extraction

The Jieba segmentation tool (Ling and Bing, 2023; fxsjy, 2020) is used to perform Chinese word segmentation on the EU and US policy and regulatory texts, which have been uniformly translated into Chinese, as well as on China’s Chinese-language policy and regulatory texts. This process segments continuous Chinese text sequences into meaningful units. The TF-IDF algorithm (Sparck, 1972) is then used to extract “keywords” from the segmented texts of the three major economies, and significant high-frequency words are selected manually. This algorithm assesses the importance of a word in a document by calculating its term frequency (TF) and inverse document frequency (IDF).

High-frequency keyword clustering

The Roberta model (Liu et al. 2019) is utilized to convert high-frequency keywords into word vectors that contain rich semantic information. The Roberta model is currently the most stable pre-trained language model for Chinese text and is capable of effectively extracting key semantic information by learning the contextual representation of text semantics. Subsequently, the mainstream K-Means algorithm (Rousseeuw, 1987) clusters these word vectors, determining the types of policy themes related to data rights confirmation in the three major economies. The Silhouette Coefficient is calculated to identify the optimal number of clusters (Rousseeuw, 1987), with manual collaboration used to select and record the best results.

Sentence-level similarity calculation

The Sentence Transformers model (Reimers and Gurevych, 2019) is employed to calculate the similarity between each policy and regulatory text and five data flow process texts. Following manual evaluation, the policy tendencies of the three major economies regarding data rights confirmation within the data element circulation process are identified.

  1. (2)

    Text Mining Methods for Journal Literature

    This paper uses the LLR (Log-Likelihood Ratio) (Chen, 2004) algorithm within CiteSpace software to cluster literature keywords, providing an intuitive view of research hotspots and the knowledge structure in the data rights confirmation field. By computing the statistical significance of co-occurring keywords, the algorithm identifies which keywords appear together in the literature more frequently than would be expected by chance, thus automatically clustering them and building a knowledge map of this research domain.

  2. (3)

    Text Mining Methods for Judicial Case Documents

This paper establishes a four-dimensional qualitative evaluation standard to select the most typical and highly valuable cases for analysis from a large pool of judicial cases retrieved from professional databases, thereby providing empirical support for the discussion.

The specific criteria are as follows: Firstly, select cases with significant influence within the judicial systems of various economies. These cases involve important legal principles or policies and provide guidance for subsequent similar cases. Secondly, considering the differences in how data rights issues are handled in different countries and judicial systems, choose representative cases that cover major legal disputes, such as data subject rights, data processor obligations, and data transfer. Thirdly, select cases that are innovative in legal interpretation and application, especially those that introduce new laws for the first time. Lastly, to facilitate qualitative text analysis, choose cases with detailed reasoning, clear logic, and robust legal argumentation.

Text mining results for policy and regulatory documents

Policy and regulation samples were retrieved through full-text fuzzy searches using keywords “Data Rights Confirmation” and “data rights” from Congress, Curia, and Peking University Law Database. Irrelevant, duplicate, and invalid samples were filtered out, resulting in 69, 83, and 100 relevant policy and regulation samples for the European Union, United States, and China respectively.

To ensure consistency in data processing, the English documents from the EU and the US were translated into Chinese and then processed together with the Chinese documents using Jieba for word segmentation. After removing stop words, the TF-IDF algorithm was employed to extract the top 20 keywords ranked by importance from each policy and regulatory document. Each keyword within a document was counted only once when calculating frequency. After manually screening for practically meaningful high-frequency keywords, the RoBERTa model converted these keywords into word vectors, which were then clustered using the K-Means method. Set the random seeds from 0 to 100 with an interval of 10, resulting in a total of 11 random starting points. The number of clusters for clustering is limited to between 2 and 5. By computing the Silhouette Coefficient for comparative evaluation, the largest value for the EU when selecting three clusters is 0.0565 (Seed = 70), the largest value for the US when selecting three clusters is 0.1003 (Seed = 100), and the largest value for China when selecting three clusters is 0.1392 (Seed = 100). The highest silhouette coefficient value indicates the best clustering performance. The clustering results of the top 30 high-frequency keywords in policy and regulatory texts are shown in Tables 13.

Table 1 EU policy and regulatory text keyword clustering table.
Full size table
Table 2 US policy and regulatory text keyword clustering table.
Full size table
Table 3 China policy and regulatory text keyword clustering table.
Full size table

Analyzing the above clustering results, the EU’s Topic1, Topic2, and Topic3 are respectively viewed as “individual,” “institution,” and “nation/union”; the US’s Topic1 can be viewed as the “federal level,” while Topic2 and Topic3 can be viewed as the “non-federal level”; and China’s Topic1, Topic2, and Topic3 are respectively viewed as “data rights attributes,” “data rights subjects,” and “data rights objects.”

In order to describe the relationship between data rights confirmation policies and the five processes of data element circulation in the three major economies, this paper applies the Sentence Transformers model to calculate the similarity between each policy and regulatory text and the definitions of the five circulation processes. Considered relevant if the threshold is above 0.65 and manually reviewed and judged to determine if it is highly relevant. Some calculation results are shown in Table 4.

Table 4 Partial statistical results of the association calculation between EU, US, and China policy texts and the five processes of data element circulation.
Full size table

Text mining results for journal literature

For European Union (EU) and United States (US) literature, documents were retrieved from the core collection of the Web of Science (WOS) database using the search query TS = (“data right*” OR “data property right*” OR “data sovereignty*” OR “digital right*” OR “digital property right*” OR “digital sovereignty*”) AND TS = (“EU” OR “European Union” OR “Europe*”)/TS = (“USA” OR “America” OR “The States” OR “United States of America” OR “US”). After manual review, 124 relevant documents were identified for the EU and 74 for the US in the field of data rights confirmation. Chinese literature was retrieved from the CNKI database using combinations of “Data Rights” and “China” as well as “Data Rights Confirmation” and “China” as core search terms. Through manual screening of titles, abstracts, and other information, 64 relevant articles were selected.

This paper employed CiteSpace software, using the LLR algorithm as the clustering method. Clustering of keywords resulted in graphical maps of keyword clusters from WOS literature for the EU and US, and from CNKI literature for China. Refer to Fig. 1 for the EU, Fig. 2 for the US, and Fig. 3 for China.

Fig. 1: Cluster map of keywords in EU WOS literature.
figure 1

The visualization results of keyword clustering in the field of data rights confirmation in the EU literature are presented, showing 15 categories. The “#number” represents the category index, and the phrase following the “#number” indicates the generated category name.

Full size image
Fig. 2: Cluster map of keywords in US WOS literature.
figure 2

The visualization results of keyword clustering in the field of data rights confirmation in the US literature are presented, showing 10 categories. The “#number” represents the category index, and the phrase following the “#number” indicates the generated category name.

Full size image
Fig. 3: Cluster map of keywords in Chinese CNKI literature.
figure 3

The visualization results of keyword clustering in the field of data rights confirmation in literature on China are presented, showing 11 categories. The “#number” represents the category index, and the phrase following the “#number” indicates the generated category name.

Full size image

Based on the labels of each cluster in Fig. 1, they can be categorized into two groups: non-personal-related and personal-related. Non-personal-related clusters include #4 migration management, #6 cybercrime, #3 education, #7 intellectual property rights, #10 digital rights, and #14 fog computing. Personal-related clusters include #1 ethics, #2 multiple imputation, #5 right censoring, #8 right-censored data, #0 right censored data, #11 dependence competing risks, #9 measurement, #12 rights, and #13 personal responsibility.

Based on the labels of each cluster in Fig. 2, they can be categorized into three groups: data rights attributes, data rights objects, and data rights subjects. Clusters related to data rights attributes include #0 evolution, #2 climate variability, #4 body temperature, #5 reliability, and #8 rectified linear unit. Clusters related to data rights objects include #1 landsat, #3 land management, #6 alternative energy, and #7 prescribed fire. Clusters related to data rights subjects include #10 ciro.

Based on the labels of each cluster in Fig. 3, they can be categorized into three groups: data rights attributes, data rights objects, and data rights subjects. Clusters related to data rights attributes include #0 big data, #2 digital economy, #5 data, #4 data security, and #8 legal framework. Clusters related to data rights objects include #1 intellectual property rights, #3 data sovereignty, #10 blockchain, and #7 blockchain technology. Clusters related to data rights subjects include #6 personal information and #9 public data.

Text mining results for judicial case documents

This paper retrieved 124 EU judicial cases on the theme of “data protection” from the Curia website, 830 US judicial cases on the theme of “data protection” from the Court Listener website, and 261 Chinese judicial cases on the themes of “data rights,” “data protection,” and “intellectual property rights” from the China Judgments Online website.

Due to the complexity of judicial cases, this paper selects eight typical cases that demonstrate significant influence, representativeness, innovative legal interpretations and applications, and detailed reasoning with clear logic and comprehensive legal arguments within the judicial systems of various economies, for qualitative text analysis and case descriptions, as shown in Table 5.

Table 5 Typical judicial case descriptions in the EU, the US, and China.
Full size table

EU model

PR level: policy and regulatory texts and their implementation evaluation

Based on the cluster analysis results in Table 1, it is evident that the European Union (EU) has established a binary framework focusing on two major areas: personal data protection and non-personal data protection, supported by comprehensive data rights-related laws. In the domain of personal data protection, early conventions such as the “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data” (The Council of Europe, 1981) and the “Directive on the protection of individuals with regard to the processing of personal data” (The European Parliament and of the Council, 1995) outlined legislative principles in the form of conventions and directives without imposing mandatory requirements on member states, thus limiting the circulation of data elements within the EU market. Regulations introduced post-2000, including the “General Data Protection Regulation” (The European Parliament and of the Council, 2016) apply uniformly across all EU member states, fostering consensus on data rights confirmation within the EU and injecting vitality into the circulation of data elements across its market. In the realm of non-personal data protection, recent EU legislation such as the “Regulation on a framework for the free flow of non-personal data” (The European Parliament and of the Council, 2016) and the “Data Governance Act” (The European Parliament and of the Council, 2022) aims to regulate rights concerning public data and corporate data, broadening the scope of rights for data subjects such as SMEs and public sectors to access non-personal data.

Based on the similarity calculation results in Table 4, from the circulation perspective, the EU data rights are structured on a binary architecture, establishing a comprehensive rights framework covering the entire process of data element circulation, including collection, processing, storage, transaction, and usage. In the data collection phase, the “General Data Protection Regulation” within the EU protects individuals’ legitimate rights to data through rights such as the right to information and access. The “Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union” (The European Parliament and of the Council, 2016) legally regulates the conduct of data subjects in non-personal sectors such as enterprises and public sectors. In the data processing phase, rights such as correction in the “Data Governance Act” aim to protect personal rights in processing phases, while the “Regulation on a framework for the free flow of non-personal data” explicitly defines the freedom of non-personal data subjects in data element processing. In the data storage phase, rights in the “Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data” regarding acceptance and transmission of information enable citizens to better protect their interests. Non-personal data subjects leverage the right to data sharing and the right to data portability in the “General Data Protection Regulation” and “European Data Strategy” (The commission to the European Parliament et al., 2020) to protect information security and enhance innovation and market competitiveness. In the data transaction phase, privacy rights in the “Directive on privacy and electronic communications” (The European Parliament and of the Council, 2002) ensure the security of individuals during data transaction processes, while the “Data Governance Act” provides clear guidelines on pricing standards and usage specifications in data transaction phases. In the data usage phase, the “General Data Protection Regulation” effectively protects personal data from illegal or unauthorized use, while the “Directive (EU) 2019/1024 on open data and the re-use of public sector information” (The European Parliament and of the Council, 2019) expands forms of data element exchange among different data subjects, enhancing the freedom of information exchange.

SV level: empirical research on authoritative academic journal literature

Based on the clustering results in Fig. 1, scholars’ research on EU data rights has often been categorized based on the division of data subjects, with a significant focus on personal data protection (Eskens, 2020; González Fuster and Gutwirth, 2013; Safronov, 2021). Additionally, there has been research on the data rights objects (Heath and Bizer, 2011) as well as data attributes (Schwartz and Solove, 2013). Within the realm of studying data rights subjects, scholars have pointed out the issue of excessive protection of personal data under the current EU legal framework. This has led to considerations about the broader protection of non-personal data, such as public and corporate data, raising discussions about the rigid patterns that constrain data collection and hinder the circulation of data elements (Banterle, 2020; Lynskey, 2015; Naimi and Westreich, 2014). These voices have called for a shift away from the overly protective stance towards personal data in traditional EU legal thinking, prompting recent legislative developments in the EU to address security and innovation potential concerning the circulation of non-personal data like public and corporate data (Keenan and Hildebrandt., 2016; Li and Quinn, 2024).

JC level: focus of judicial precedents

Based on the analysis of typical case contents from Table 5, EU judicial precedents reflect the principles and focal points in resolving data disputes within the European Union. Overall, EU judicial rulings primarily hinge on the protection of data subject rights and the principle of data subjects’ informed consent, often arising between personal and corporate data. For instance, in cases such as the British Horseracing Board (BHB) v. William Hill Organization (BHB, 2004) and Ryanair v. PR Aviation (Ryanair, 2015), the reasons for the defendant’s non-infringement were attributed to the lack of protection over data in the plaintiff’s database. Conversely, in cases like Breyer v. Federal Republic of Germany, Operator of Bundeszentralregister (Patrick, 2016) and Norwegian Data Protection Authority v. Grindr (DPA, 2021), the defendants were found to have infringed due to their processing of data without obtaining the data subjects’ informed consent.

US model

PR level: policy and regulatory texts and their implementation evaluation

Based on the analysis of the clustering results in Table 2, it can be seen that the laws and regulations related to data rights in the United States are promulgated by the federal and state levels, forming a decentralized legislative model. At the federal level, laws and regulations are mostly “patchwork” legislation, which protects specific industries and specific types of data. Federal agencies such as the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) are responsible for legislation and enforcement, such as the “Gramm-Leach-Bliley Act” (The United States Congress, 1999) and the “Electronic Communications Privacy Act” (The United States Congress, 1986). State-level laws and regulations were promulgated late, and most of them were innovative and forward-looking in personal data protection, but there were differences and conflicts among different states. For example, the “California Consumer Privacy Act” (The California State Legislature, 2018) stipulates the right to privacy and consumer privacy in personal data rights at the state level for the first time. After that, the “Colorado Privacy Act” (The Colorado State Legislature, 2021) further refined the right to personal data.

Based on the similarity calculation results in Table 4, from the perspective of data circulation, the data rights confirmation in the United States also encompasses various stages of data element circulation, but the levels of protection and scope differ across these stages. In the data collection phase, legal provisions such as the “Family Educational Rights and Privacy Act” (The United States Congress, 1974) grant data owners the rights to be informed and to choose. In the data processing phase, the “Privacy Act of 1974” (US, 1974) restricts federal government agencies from using citizens’ information, granting citizens the rights to permit, be informed consent, view, and modify information (Zhou, 2001). Concerning the data storage phase, the Privacy Act of 1974 establishes regulations for federal agencies concerning the management of personal information, emphasizing the need for safeguarding individual privacy through structured and controlled information management practices. In the data transaction phase, the “California Consumer Privacy Act” (The California State Legislature, 2018) stipulates that individuals possess the rights to be informed and to choose regarding their data transaction information and mandates that enterprises must store consumers’ personal information based on the purposes of collection and reasonable durations. In the data usage phase, the “California Consumer Data Protection Act” states that companies must disclose how they collect and use personal information to ensure transparency in data processing.

SV level: empirical research on authoritative academic journal literature

Based on the clustering results in Fig. 2, it can be seen from the analysis that the classification of American data rights by scholars is mainly divided into data rights attributes, data rights objects and data rights subjects. Among them, the study of data rights attributes is the most common, and some scholars think that data rights is a kind of privacy right (Harris and Wyndham, 2015) or an intellectual property right (Mohtadi and Ruediger, 2014), which reflects the protection needs of personal and corporate data in the United States. The division of data right objects mainly focuses on the identification of original data (Kuempel, 2016) and compiled data (Harison, 2010) in intellectual property protection, which is conducive to expanding the scope of rights protection for factual data and non-factual data. There are many views on the division of the subject of data rights, including that the data rights should belong to the owner, and the data should belong to the user or the data owner personally (Lessig and Tribe, 2017; Wechsler, 2011), but there is no consistent standard.

JC level: focus of judicial precedents

Based on the analysis of typical cases in Table 5, it can be seen that American judicial decisions are mainly based on the judgment results of similar cases in the past and are adjusted and supplemented according to specific circumstances. Due to the lack of directly related data rights laws, judicial decisions often have problems such as long-time span and conflicts of rights and interests of multiple data subjects. In the case of Oracle v. Google case (Oracle, 2021), due to the lack of precedents involving new data, judges need to fully consider technical, strategic and legal issues, resulting in a trial span of ten years. In the case of Carpenter v. United States case (Carpenter, 2018), personal privacy conflicts with government rights when obtaining personal data during government investigation, which leads to the interest game among privacy right, data control right of the third-party organization and criminal investigation right (Wang, 2021).

China’s model

PR level: policy and regulatory texts and their implementation evaluation

Based on the analysis of the clustering results in Table 3, it can be seen that the research on data rights confirmation in China is mainly divided into three dimensions: data right subjects, data right attributes and data right objects. In the subject of data rights, the emphasis is on personals, enterprises and public data rights (Ran and Liu, 2024). In the attribute of data right, it includes the right of informed consent and the data collection rights. In terms of data rights objects, it includes foundational data, anonymized data and so on. Correspondingly, China’s policies on data rights confirmation can also be analyzed from these three dimensions.

First of all, in terms of the subjects of data rights, the government of China focuses on regulating public data rights. The “Opinions on Providing Judicial Services and Safeguards for Accelerating the Construction of a Unified National Market.” (Supreme People's Court, 2023) clarifies the unified regulation and management of public data, and emphasizes the openness, sharing and orderly utilization of data to ensure compliance with laws, regulations and institutional standards. In recent years, with the “Personal Information Protection Law of the People’s Republic of China” (National People’s Congress, 2021), China has also strengthened the protection of personal data, reflecting the differentiated protection of different data subjects.

On the attributes of data right, China’s policies and regulations focus on the regulation of data element circulation. The State Council’s “Opinions on Building a Better Data Basic System to Give Full Play to the Role of Data Elements” (Central Committee of the Communist Party of China & State Council, 2022) provides an authoritative endorsement for the theoretical research and legislative practice of data element circulation and data rights. Local governments have also formulated specific management regulations, such as “Shenzhen Special Economic Zone Regulation on Data Management” which focus on data rights protection, data circulation and utilization, and data security management to promote data flow and development and utilization.

As for the objects of data right, China’s policies and regulations mention the object of each link in the circulation of data elements. For example, “Personal Information Protection Law of the People’s Republic of China” (National People’s Congress, 2021) and “Shenzhen Special Economic Zone Regulation on Data Management” (Shenzhen Municipal People’s Congress, 2021) clarify the rights of personal information subjects in the process of data processing, so that they can effectively control and supervise their information. In addition, “Opinions on Building a Better Data Basic System to Give Full Play to the Role of Data Elements” also emphasizes the construction of a nationwide integrated data trading market system and defines the data processing and usage rights and the data revenue rights, which reflects the protection and utilization of data rights objects.

Based on the similarity settlement results in Table 4, from the perspective of circulation, China’s data confirmation covers all links in the circulation of data elements, but the protection strength of each data subject is quite different. In terms of data collection, the “Personal Information Protection Law of the People’s Republic of China” and the “Cybersecurity Law of the People’s Republic of China” (National People’s Congress, 2016), among others, emphasize that information processors should adhere to the principles of legality, legitimacy, and necessity when collecting information. Regarding data processing, the “Personal Information Protection Law of the People’s Republic of China” and the “Shenzhen Special Economic Zone Regulation on Data Management”, for example, specify rights such as querying, rectifying, and deleting personal information. This enables data subjects to effectively control and supervise the processing of their information. Concerning data storage, the “Personal Information Protection Law of the People’s Republic of China” emphasizes the responsibilities and obligations of personal information processors in data storage, requiring them to prevent data leakage, damage, or loss. Regarding data transactions, “Opinions on Building a Better Data Basic System to Give Full Play to the Role of Data Elements” highlights the need to accelerate the construction of a nationwide integrated data trading market system. It also requires clarifying data processing and usage rights, as well as revenue rights. In terms of data usage, the Cybersecurity Law of the People’s Republic of China and other regulations stipulate that data subjects have the right to request the cessation of use and deletion of personal information.

SV level: empirical research on authoritative academic journal literature

Based on the clustering results from Fig. 3, the analysis reveals that scholars’ categorization of data rights in China primarily revolves around data rights subjects, data rights attributes, and data rights objects. Data rights attributes are divided into rights of informed consent (Liu, 2019), data collection rights (Xiao and Wen, 2015), and others. Data rights objects are categorized as foundational data and anonymized data (Wang et al. 2017; Wu and Chang, 2018). A more mainstream approach is based on categorizing personal and collective data rights further into personal, corporate, and public data rights based on data rights subjects (Shi, 2018; Qi and Pan, 2015). This provides theoretical support for resolving practical issues such as market-oriented allocation of data elements, protection of personal data rights, and cybersecurity of network data sovereignty.

JC level: focus of judicial precedents

Based on the analysis of typical cases in Table 5, it can be seen that intellectual property disputes are the main cases involving data rights in China judicial circles. The data rights confirmation framework has not been established in China’s legislation, and disputes related to data rights can only be found in other fields as legal basis. Due to the vague rules of rights confirmation, there will be some problems such as inconsistent penalty standards and uncertain rights and obligations between different subjects when judging cases, which reflects the urgent demand of China judicial circles for laws related to data rights confirmation. The case of Beijing Weimeng Chuangke Network Technology Co., Ltd. v. Shanghai Fuyu Culture Communication Co., Ltd. (FanYou App Weibo Data Crawling Unfair Competition Dispute, 2019) did not specifically discuss the division of data rights but used the anti-unfair competition law to impose penalties. The case of Shenzhen Tencent Computer System Co., Ltd. v. Zhejiang Soudao Network Technology Co., Ltd. (Unfair Competition Dispute, 2019) involves the determination of the data rights and interests and the determination of the legitimacy of data grabbing behavior and reasonably divides the ownership of various data rights and interests, providing examples for preventing data monopoly.

Comparison and reflection on traditional models of data rights confirmation

Comparative reflection on legal aspects

Through the comparison of a series of legal measures surrounding data rights delineation in the three major economies, it becomes evident that the EU has established a binary framework of “personal data” and “non-personal data” through regulations such as the GDPR and the Regulation on the Free Flow of Non-Personal Data (The European Parliament and of the Council, 2016). This has led to a comprehensive, unified, and innovative data rights confirmation framework. In the United States, legal provisions like the federal Electronic Communications Privacy Act (The United States Congress, 1986) and the California Consumer Privacy Act (The California State Legislature, 2018) have been cobbled together for application in various scenarios. However, they lack systematic and forward-looking attributes and lack the impetus to promote specialized regulations centered around data elements. In the early stages of legislation, both the EU and the US primarily focused on safeguarding personal data rights. However, with the surge in the circulation of data elements in the market in recent years, excessive protection of personal data rights within existing laws has made it challenging for both the enterprise and public sectors to effectively provide data services to customers in compliance with the law. China, on the other hand, has gradually expanded from the domain of public data to the protection of personal data, strategically laying out legislation through acts like the Data Security Law of the People’s Republic of China (National People’s Congress, 2021) and the Personal Information Protection Law of the People’s Republic of China (National People’s Congress, 2021). However, the protection and regulation of data elements in the domain of corporate data remain ambiguous. Therefore, in the legislative planning surrounding the data elements circulation, economies should take an all-encompassing approach, balancing the interests of individuals, enterprises, and the nation. Simultaneously, it should draw lessons from the experiences and lessons learned in data rights confirmation from advanced economies in this field, in order to formulate a legal framework for data rights policies that align with its national conditions and developmental requirements.

Comparative reflection on theoretical aspects

Scholarly research concerning the European Union often originates from the perspective of data rights subjects. Many scholars offer recommendations and insights for legislation concerning data rights for the two categories of data subjects: personal and non-personal. Conversely, research on the United States is constrained by its national circumstances, particularly the complexity arising from cross-state issues, which presents significant obstacles for scholars. Consequently, a substantial portion of research in this context focuses on privacy rights and intellectual property. When studying China, scholars combine the concept of data rights subjects with China’s specific national conditions. They have proposed three categories of subjects: personal, corporate, and public data. These categories have been further delineated and classified from various angles. However, the alignment of the data attributes of these three subject categories with the lifecycle attributes of data elements in the context of data element circulation has not been adequately explored.

As a result, economies should enhance research efforts that converge the attributes of different data subjects with the various stages of data element circulation. This effort would culminate in the development of a comprehensive, systematic, and scientifically grounded theoretical framework for data rights confirmation that supports the circulation of data elements.

Comparative reflection on practical aspects

In the analysis of judicial precedents within different economic regions, the absence of comprehensive legislative frameworks often places China and the United States in the situation of having to seek tangentially related legal provisions from other domains when addressing disputes concerning data rights. Conversely, the more comprehensive data rights confirmation framework in the European Union, exemplified by the GDPR, enables it to render fairer and more equitable judgments in cases. These challenges underscore the pressing need for the judicial sector to possess pertinent laws governing data protection and data rights confirmation. Addressing the array of issues arising from data rights confirmation in economies necessitates the establishment of laws and regulations specifically addressing data rights confirmation. Such a legal foundation would fundamentally resolve questions pertaining to data rights confirmation, thereby enhancing the data element market and providing the necessary foundation to facilitate the circulation of data elements.

Preliminary explanation of the “five rights separation” framework based on ternary data subjects

Based on a comparison and reflection on the traditional models of data rights confirmation in the three major economies of the European Union, the United States, and China, this paper proposes a new framework for data rights confirmation aimed at the full process of data element circulation, namely the “five rights separation” framework based on the ternary data subjects. The core idea of this framework is to divide the data rights confirmation framework into five dimensions: data collection rights, data management rights, data holding rights, data revenue rights, and data usage rights, according to the intertwined nature of rights during the five processes of data collection, data processing, data storage, data transactions, and data usage in data element circulation. At the same time, data rights confirmation subjects are categorized into three types: public data, corporate data, and personal data. By establishing the “five rights separation” standards for data rights, this framework delineates the scope of data rights and responsibilities for different data subjects in each dimension, thus enabling the one-by-one confirmation of rights.

Under the data rights confirmation framework, clarifying the applicable scope of different rights is extremely effective for realizing the separation of rights and responsibilities. On this basis, the “five rights separation” framework based on the ternary data subjects aligns the five stages of data collection, data processing, data storage, data transactions, and data usage in the full process of data element circulation with data collection rights, data management rights, data holding rights, data revenue rights, and data usage rights, clearly defining the main participating stages and potential participation stages of different rights. Throughout the full process of data element circulation, data elements can participate in any process and will adapt to different circulation sequences based on different usage scenarios. This process involves the transfer of rights among data subjects, with data subjects ultimately making corresponding changes to the rights of different categories of data, as shown in Fig. 4.

Fig. 4: The “five rights separation” framework for ternary data subjects.
figure 4

The framework demonstrates the adaptation of the five stages of data element circulation to the five data rights, clearly defining the main participating stages and potential participation stages of different rights.

Full size image

Data collection rights

Data collection rights refer to the entitlement of data subjects to acquire data. If the data generation process involves only a single subject, that subject concurrently possesses both data holding rights and collection rights. The attribution of data collection rights is often jointly determined by the subject generating the data and the subject creating the environment for data generation. Acquiring data collection rights often accompanies data value transactions and data holding rights transactions. In order to obtain data production and transaction environments, data subjects often need to pay data collection rights to platform providers to obtain data holding rights. In the full process of data element circulation, data collection rights are primarily used to describe data collection activities. Data subjects usually need to obtain permission from the platform in order to collect data through the platform.

Public data collection rights

Different types of public data have varying collection scopes. Among them, public data that is legally prohibited from being opened or that could cause serious harm to the nation if unauthorized operations are performed, have collection rights solely attributed to the nation and relevant nation sector. No other enterprise or individual is permitted to collect such data (Regulating data processing activities, safeguarding national sovereignty and security interests (Shi, 2018; Thomson, 2022)). For public data with high requirements for data security and processing capabilities, strong timeliness, continuous or collection authority, the subjects with the data holding rights establish reasonable conditions for acquiring collection rights, allowing other enterprises or individuals to conditionally collect data upon meeting the conditions; for data that is legally mandated to be open, desensitized or declassified, any data subject can collect it unconditionally (Promoting the discovery and reuse of public sector information (The European Parliament and of the Council, 2019)). The nation holds the collection rights over public data (Public data is collected by the government (The European Parliament and of the Council, 2022; Lynskey, 2015; Qi and Pan, 2015)).

Corporate data collection rights

Data concerning core interests of enterprises such as finances, reputation, and technology shall not be collected. Regarding business data generated during the production and operational processes of enterprises, the portion over which they hold data holding rights can be directly or indirectly collected by other subjects through contractual authorization. (Clearly outlines data sharing among private economies and data sharing between enterprises (BHB, 2004)) As for enterprise public data that are mandated to be open by law or the nation, any data subject possesses its data collection rights.

Personal data collection rights

Personal data related to the reputation and personal and property safety of natural persons shall not be collected. (Considers personal data protection as a human rights protection (The Council of Europe, 1981)) Governments and enterprises may only collect personal data in the process of providing data production or transaction services to person within the scope permitted by low. And they should fulfill notification obligations, including the scope, methods, purposes, etc., and obtain consent from the person being collected. (Protects student information in educational institutions from unauthorized disclosure (The United States Congress, 1974)) If individuals lack the capability to collect data themselves, they may delegate their collection rights to capable data subjects through rights transactions.

Data management rights

Data management rights refer to the right to define and oversee the use and storage of data. Data subjects with data holding rights possess the nominal data management rights. Data management rights are transitioned among rights-holders through processes such as data production, processing, collection, and circulation. These rights entail both privileges and responsibilities. Holding data management rights allows for the specification of the scope of data usage, methods, format standards, and more. Simultaneously, it necessitates accountability for the proper use and transactions of the data. Due to the critical importance of data security and reliability in data transactions, data management rights are often obtained by governments or enterprises with platform capabilities through grants or transactions. In the full process of data element circulation, data subjects usually upload data to platforms in order to engage in activities such as processing, transactions, storage and usage. Therefore, they need to transfer management rights to the platform to conduct data processing activities.

Public data management rights

Public data management rights primarily encompass the authority over the outbound and inbound transmission of public data, as well as the management of data generation, processing, utilization, transactions, and storage. These rights are generally held by the government, especially concerning classified and semi-open data, as only the government possesses the capability to implement protective measures for public data to prevent risks such as tampering, forgery, damage, theft, and leakage. (Public data is managed by the government (Lynskey, 2015)). Some public data management rights for open data can be transferred to enterprises through government authorization. Enterprises or individuals actively involved in the production of public data typically acquire management rights over the portions they contribute and are subject to government oversight.(Implementing the cybersecurity level protection systempi (Central Committee of the Communist Party of China & State Council, 2022)).

Corporate data management rights

The data subject with data holding rights over corporate data possesses data management rights. For data within enterprise datasets that are legally mandated to be open for use, management rights remain with the enterprise but are subject to government oversight. (Educational institutions must protect educational information from unauthorized disclosure (The United States Congress, 1974)). For data that is not legally required to be open for use, management rights belong solely to the enterprise itself. In cases where corporate data is co-owned by multiple parties, management rights can be jointly held or allocated through agreed-upon divisions.

Personal data management rights

Individuals hold the rights to query, update, correct, and delete their own personal data, in order to prevent data loss, leakage, damage, and unauthorized access. (Establishes general rules for personal data protection and rights of data subjects (The European Parliament and of the Council, 2016)). Exercising personal data management rights often requires assistance from data platforms or data tools and can be achieved through value transactions (payment or entitlement authorization) to obtain services that substitute for the exercise of management rights. However, this process necessitates strict oversight from both individuals and the government. (Defines actions of financial institutions concerning the handling of non-public personal information (The United States Congress, 1999)).

Data holding rights

Data holding rights refer to the absolute holding granted to data subjects over their data. Apart from basic attribute data, data holding rights often originate from data production activities and are acquired by the data production subjects. Possessing data holding rights does not imply possession of other rights related to the data; but it does grant the authority to determine other data rights. In the full process of data element circulation, data holding rights originate from the data production activities conducted by the data subject and are typically used to confirm the holding subject of the data. These rights are mainly reflected in the data storage phase of the circulation process.

Public data holding rights

Public Data is considered a new form of state-owned asset, including government information data, information data controlled or held by public utilities, and other organizations or entities engaged in social welfare undertakings (Definition of Public Data (Cyberspace Administration of China et al. 2018; Shi, 2018; Thomson, 2022)). The data holding rights of all public data belong to the nation, including public data produced with the participation of enterprises or individuals (Individuals or enterprises do not hold public data holding rights (EarthCam, 2014; hiQ Labs, 2022; Thomson, 2022)).

Corporate data holding rights

Corporate data includes a series of data involved in data collection, storage, management, processing, mining, analysis, presentation, evaluation, and transactions within enterprises and along the industrial chain, as permitted by laws and regulations. (Definition of Corporate Data (Naimi and Westreich, 2014; Ryanair, 2015; Shi, 2018)). Enterprises hold absolute data holding rights over data relevant to their legal production and operations (Other institutions will constitutes infringement if they collect or use other enterprise’s corporate data without permission (FanYou App Weibo Data Crawling Unfair Competition Dispute, 2019; The European Parliament and of the Council, 2022; Thomson, 2022)). For the data produced through multi-party cooperation, its holding rights can be attributed to multiple subjects involved in production (Compilers participating in data compilation jointly own the copyright of the data (Keenan and Hildebrandt., 2016) (Kuempel, 2016)). Data that enterprises legally obtain through exercising collection rights and have been processed for desensitization do not need to share holding rights with data source subjects if they meet data heterogeneity requirements. (Enterprises can obtain data rights through anonymization processes (Shi, 2018)).

Personal data holding rights

Under the legal framework, data containing personal identity information, biometric information and other sensitive personal information belongs to personal data, except the data after anonymization. (Definition of Personal Data, (Shi, 2018; Wang et al. 2017; Wu and Chang, 2018)). For data produced by individuals, the data holding rights belong to the individuals themselves. Besides, for the data that individuals are not willing to disclose, the rights they hold includes the right to be forgotten, the right to informed consent, the right to modification, and other data personality rights (Individuals have personality rights over their personal data, and any institution acquiring personal data requires consent from the data subject (The Colorado State Legislature, 2021; DPA, 2021; Earthcam, 2014; The European Parliament and of the Council, 1995; The European Parliament and of the Council, 2016; The European Parliament and of the Council, 2002; Liu, 2019; Safronov, 2021; The United States Congress, 1999; The United States Congress, 1974; Wang, 2021)). For data produced by individuals on data platforms and data infrastructures established by other subjects, data holding rights are either jointly shared with the platform provider or can be fully acquired by the individual through service fees or purchase fees (Creators involved in data creation have primary rights over the data (Kuempel, 2016)).

Data revenue rights

Data revenue rights refer to the entitlement to benefit from the value generated during data production, transactions, and circulation. Guided by the principle of “who participates, benefits,” all subjects exercising data holding rights, data collection rights, data usage rights, and data management rights in the process of data value generation will share a portion of the data revenue rights. Subjects that only possess rights but do not exercise these rights are not involved in the distribution of data revenue rights. Data subjects who exercise data usage rights are the direct beneficiaries of data revenue rights and can distribute data revenues to other participating subjects without violating relevant laws and regulations. Generally, the method for distributing data revenue rights must be negotiated and finalized before the data value increases, with the distribution typically fully held directly by the participants generating the data value through exchanging other rights or making prepayments. In the full process of data element circulation, data revenue rights often accompany data transactions. Data holders can transfer the revenue rights of data to other data subjects through data transactions. After the data generates value, all those who have rights to the data can share the revenue according to agreed proportions.

Public data revenue rights

Open and shared public data are, in principle, not intended for profit. However, subjects engaged in data services such as in-depth mining, analysis, adaptation, and visualization based on public data may obtain revenue rights from it. (Allows private sectors to share or use data with non-profit entities based on altruism to pursue common benefits (The European Parliament and of the Council, 2022)). Revenue rights for the same data held by different users are independent of each other, and governments often indirectly acquire these data revenue rights through taxation. For semi-open public data, the distribution of data revenue rights typically requires government authorization or can be obtained through value-based transactions. (A directive from the Chinese State Council emphasizes the establishment of an efficient and equitable system for distributing data element revenue (Central Committee of the Communist Party of China & State Council, 2022)). For confidential public data, revenue rights are exclusively held by the nation.

Corporate data revenue rights

For the corporate data that generate through investment in capital and technology, enterprises have the right to enjoy the revenue derived from their economic value addition. They acquire these revenue rights through various data transaction pricing models, including market-based pricing, platform predesignated pricing, negotiated pricing, hybrid pricing, etc. Subjects holding corporate data holding rights typically hold the revenue rights. (Chinese scholars have also explicitly introduced the concept of data revenue when delineating data rights. (Xiao and Wen, 2015)) Derived corporate data is obtained through the exercise of collection or usage rights, The subjects hold the original data’s holding rights only receiving the value transaction those collection or usage rights, and they do not participate in the distribution of revenue rights pertaining to derived data. But the revenue from derived data must not compromise the interests of the subject that hold the original data’s holding rights. (Scholars provide definitions concerning original data (Krishnamurthy and Wills, 2009).

Personal data revenue rights

Individuals who hold the data holding rights to their original personal data have partial rights to the data revenue. (Scholars posit that users have the right to benefit from their personal data (Liu, 2019)). During data transactions, individuals cannot directly gain the revenue. For personal data usage rights transferred by individuals, the authorized data subjects should provide monetary compensation or free value-added services derived from data development, enabling individuals to receive corresponding data dividends. (It highlights the distribution of data property rights, and believes that personal data should adhere for individual control (Shi, 2018)).

Data usage rights

Data usage rights refer to the permission and authority to utilize data for activities such as production, distribution, and processing. Data subjects with data holding rights can directly obtain data usage rights if they meet the conditions for data usage. They can also authorize these usage rights to other data subjects within the boundaries defined by laws. Such authorization need to have limitations in terms of duration or scope, and it also needs to be overseen by data subjects holding data management rights. It is important to note that the data usage rights obtained through authorization cannot be sublicensed to other subjects. In the full process of data element circulation, data usage rights often arise during the data usage stage. To ensure the compliance of data usage, data holders need to authorize data usage rights to the relevant subjects, thereby restricting their permissions to use the data.

Public data usage rights

The government holds full usage rights over all public data, whereas various units within the government hold restricted usage rights. Particularly, the usage right for confidential public data are only obtained by the data subjects who undertake the confidentiality obligation. (Provide a supplement to the issue of reusing public data within the European Union internal market. (The European Parliament and of the Council, 2019)). Enterprises and individuals, without impairing the rights of data producers, have partial usage rights over public data for which they hold collection rights, and are also subject to government oversight. (Proposing solutions to disputes regarding the utilization of public data (Liu, 2019; EarthCam, 2014)).

Corporate data usage rights

Enterprises have absolute usage rights over corporate data for which they hold data holding rights. For corporate data involving multiple data subjects in its production, usage rights are typically shared among all participants or determined through agreements. (Addressing disputes related to database usage by enterprises (BHB, 2004)). Corporate data generated through production based on authorized usage rights must be used in a manner that does not infringe upon the rights of the data subjects who granted those usage rights. Such use is jointly overseen by both the data subjects who granted the usage rights and those holding the data management rights. (Prior to collecting or processing personal data, data subjects must be informed and their consent obtained. (Xiao and Wen, 2015)).

Personal data usage rights

Individuals hold the usage rights over their original personal data, and they can authorize, or revoke permissions for enterprises and governments to use their data through user agreements. (Data subjects have the right to consent to or prohibit the collection of their data (Xiao and Wen, 2015); Aligning with the perspective of some scholars in the European Union regarding the rights division of personal data usage (González Fuster and Gutwirth, 2013). American scholars argue for protecting consumer data privacy rights and limiting the power of data brokers (Kuempel, 2016). Individuals have the right to use derivative data generated from their authorized personal data without any additional cost. For personal data produced on data platforms and infrastructure established by other subjects, the platform provider retains priority access to the usage rights of such data. (Disputes concerning the infringement of personal data rights by a German institution. (Patrick, 2016).

The “Five Rights Separation” framework based on the ternary data subjects integrates the data rights framework with the data element flow process, forming a dynamic, comprehensive, and systematic framework for data rights determination. This framework not only takes into account different types of data and stages of data processing but also considers the collaborative and competitive relationships among different subjects, as well as the interplay and checks and balances among various dimensions. This framework draws on the experiences and lessons learned from the European Union, the United States, and China in the field of data rights confirmation. Its purpose is to achieve the goal of “protecting data property rights while preventing data monopolies; promoting data sharing while clarifying rights and responsibilities; mining data value while preventing misuse and infringement.”

A comparative evaluation and verification of the “five rights separation” framework and the data rights confirmation framework of the three major economies

Comparative evaluation of data rights confirmation framework

This paper compares the constructed “five rights separation” framework with the data rights confirmation framework of the three major economies. By inviting three experts to conduct a comprehensive evaluation using a self-developed indicator system, it assesses their performance on three criteria: completeness, circulation relevance, and applicability. Scores range from 1 to 4 according to the ranking provided by the experts, with the top rank receiving 4 points and the bottom rank receiving 1 point. The average of the three experts’ scores is taken as the individual criterion score for each subject, and the sum of these criterion scores serves as the framework’s final score. The results are presented in Table 6.

Table 6 Comparative evaluation of the “five rights separation” framework and the data rights confirmation framework of the three major economies.
Full size table

In the field of data rights confirmation, the European Union focuses on data protection, but excessive protection hinders data circulation.The United States, due to its decentralized legislative model, has inconsistent protection strength and scope, resulting in fragmentation and lack of uniformity. China has significant differences in the protection and regulation intensity of data for various subjects in different stages of data element circulation. As shown in Table 6, the “five rights separation” framework based on ternary data subjects proposed in this paper scores the highest, offering an adaptive solution for the full process of data element circulation. In terms of completeness, the method proposes a data rights confirmation framework encompassing data collection rights, data management rights, data holding right, data revenue rights, and data usage rights. By clearly defining these five rights and adapting them to the stages of data element circulation, it achieves effective separation of rights. In terms of circulation relevance, it adapts the five rights to the five stages of data element circulation: data collection, data processing, data storage, data transactions, and data usage. It clarifies the applicable scope of different rights at different stages, effectively managing data rights and greatly avoiding issues that hinder data element circulation caused by disputes over data rights, thus enhancing the efficiency of circulation processes. In terms of applicability, the data rights framework is complete. It divides subjects into individuals, enterprises, and nations, clarifying the rights and responsibilities of each subject at different dimensions. It considers the collaborative and competitive relationships between different subjects while ensuring fairness and efficiency. This can achieve efficient circulation of data elements with clear rights and responsibilities.

Instantiation verification of the framework

Instance overview

The “Pengcheng Intelligent Transportation System” project is a collaborative effort between Shenzhen Traffic Police and Huawei, designed to build an intelligent and efficient traffic control system that promotes smoother urban traffic operations.

Simulation experiment process

Data Collection Phase Simulation

At key traffic nodes throughout Shenzhen, high-definition cameras and sensor devices are deployed to capture real-time data on traffic flow, vehicle speeds, and vehicle types. As the primary collector of these data, the Shenzhen Traffic Police holds both data collection rights and data holding right through these devices. Meanwhile, Huawei provides technical support and equipment services, assisting the Shenzhen Traffic Police in achieving comprehensive data collection.

Data processing phase simulation

The large volumes of collected data are transmitted to the data center of the “Pengcheng Intelligent Transportation System,” where artificial intelligence technologies are used for data analysis and mining. The key tasks in this phase are data cleaning and analysis to extract information valuable for traffic control. Both the Shenzhen Traffic Police and Huawei are jointly responsible for data processing and management, ensuring the accuracy and reliability of the data. Both parties possess data management rights.

Data storage phase simulation

Processed data is stored in the system’s servers and cloud storage devices for future analysis and use. Data storage is jointly managed by Shenzhen Traffic Police and Huawei, ensuring data security and integrity through technical means, with both parties having data management rights.

Data transaction phase simulation

Shenzhen Traffic Police and Huawei reach a data transaction agreement allowing the latter to access certain data to optimize the intelligent traffic system or for other research purposes. Both parties collaborate on formulating data transaction plans to ensure legal compliance, while specifying the scope and limitations of data usage. Shenzhen Traffic Police retains data usage rights and benefits from data revenues.

Data usage phase simulation

Shenzhen Traffic Police utilizes collected, processed, and stored data to optimize urban traffic management systems, devise scientifically sound traffic control strategies, and enhance traffic operational efficiency. Simultaneously, citizens access real-time traffic information through traffic management applications to plan travel routes based on road conditions, enjoying convenient travel services and possessing data usage rights for processed traffic information. During this phase, Shenzhen Traffic Police and Huawei share data usage rights to ensure fair and effective data usage in serving smooth citizen travel.

Analysis of verification results

The above simulation process demonstrates that, in the “Pengcheng Intelligent Transportation System” project, data holding right, data collection rights, data management rights, data usage rights, and data revenue rights are all clearly delineated and implemented at various stages. Moreover, the roles and rights of Shenzhen Traffic Police, Huawei, and citizens as ternary data subjects in the data element circulation process are clearly defined and implemented, providing a feasible solution for determining data rights in urban traffic management. This demonstrates the practical application value and effectiveness of the model framework.

Discussion

Since 2023, research in the field of data rights confirmation has focused on two aspects: the improvement of the legal system and the optimization of specific rights. In terms of legal system improvement, Zheng criticizes the current claims of data rights confirmation, arguing that the existing legal system, especially intellectual property law, is sufficient to protect the interests of data products (Zheng, 2024). Data rights confirmation not only encroaches on the public knowledge domain but also potentially disrupts the balance mechanism of the existing property rights system. Zhang, from the perspective of economic law, advocates regulating data behavior through economic regulation, believing that this method can not only protect the legitimate rights and interests of relevant subjects but also maintain the stability of the legislative system, avoiding logical inconsistencies in data governance (Zhang, 2023). Wang suggests constructing a dual rights structure for data originators and data processors (Wang, 2023). Research on the optimization of specific rights covers various aspects such as management rights, holding rights, revenue rights, usage rights, property rights, and access rights. In terms of collection rights and management rights, Wan proposes the “data mitosis” theory, aiming to solve the theoretical dilemma in the confirmation and authorization of public data rights, emphasizing the construction of a control and management-oriented system in data property rights to ensure the openness and efficient utilization of public data (Wan, 2024). In terms of holding rights, Yu & Chen discusses the legal interpretation of data resource holding rights, pointing out that data holding rights should be interpreted as the legitimate control rights of the holding subject over data resources, and proposes to remedy the loss of holding interests through tort law (Yu and Chen, 2024). In terms of revenue rights, Ma & Xia discusses in detail the confirmation of data assets and the revenue distribution mechanism, pointing out that data revenue rights should be allocated based on the establishment of data originators, data processors, and data users, clarifying the rights and obligations of all parties in data assets (Ma and Xia, 2023). In terms of usage rights, Shen proposes the “three-three system” data rights confirmation method, constructing a data property rights system through hierarchical thinking, defining the rights of data collection, data processing and usage, and data product operation in three stages, ensuring the legal use of data in each link (Shen, 2023). In terms of property rights, Wang & Ma proposes the creation of property rights protection for tangible data products to fill the “loopholes” in the current property rights system (Wang and Ma, 2024). In terms of access rights, Lähteenmäki-Uutela proposes to open public access to public resource data so that every citizen can benefit from it (Lähteenmäki-Uutela et al. 2023). In terms of right to data portability, Lobo et al. propose methods to protect citizens’ portability rights in the era of artificial intelligence (Lobo et al. 2023). Li & Quinn analyze how the public sector and individuals can better exercise data rights and their limitations under the background of the EHDS proposal (Li and Quinn, 2024). These studies collectively provide theoretical support and practical guidance for constructing a sound data rights confirmation framework but lack systematic research on clearly defining the scope of different data rights and responsibilities of various data subjects in the data element circulation process. This paper provides for the first time the construction method and theoretical framework for the data rights confirmation framework in data element circulation, which completes the lack of research in the field. This paper provides an evidence-based study of the experiences of three major economies, the European Union, the United States, and China, with respect to data rights, and finds that the European Union is highly systematic and innovative, the United States is highly relevant and adaptive, and China is highly collective and developmental. This paper adopts an improved evidence-based research method and formulates a “five rights separation” framework based on the ternary data subjects, combining the process of data element circulation with the data rights framework, taking into account the interests and needs of different data subjects, collaboration and competition, and forming a dynamic, comprehensive and systematic framework for the data rights confirmation.

Nonetheless, certain limitations and shortcomings exist. The study’s evidential and comparative research is limited to the three major economic entities and does not encompass data rights confirmation in other countries, possibly leading to bias and partiality. The proposed new framework lacks practical validation, which may result in a gap between theoretical propositions and practical implementation. In future research endeavors, it is recommended to expand the scope and depth of evidential research. This expansion could include incorporating a broader range of countries, diverse data types, and more specific industry sectors, thereby cultivating a comprehensive, objective, and multifaceted perspective on data rights confirmation. Collaboration with a local government department responsible for data management or a data exchange platform in a particular economy could facilitate empirical research and pilot projects. Such initiatives would validate and assess the feasibility and effectiveness of the proposed new framework in real-world applications. Additionally, challenges and issues encountered during implementation could be identified, allowing for timely adjustments and improvements.

Conclusion

This paper uses the improved evidence-based method to compare and reflect on the traditional means of data rights confirmation in the three major economies of the European Union, the United States and China, and puts forward a new method and framework of “five rights separation” based on the ternary data subjects. The framework can take into account the interests and needs of different data subjects, realize the efficiency and safety of data elements circulation, and effectively protect the interests of the nation, enterprises and individuals. In conclusion, this paper provides a new idea and scheme for the establishment of data rights confirmation framework in the data elements circulation. This paper hopes to provide valuable reference for scholars and practitioners in related fields.