On the “Reasonable” Handling of Personal Information Disclosed According to the Law
ZHAO Yi* & YANG Jie**
Abstract: The model for protection of personal information disclosed according to the law has changed from indirect protection to direct protection. The indirect protection model for traditional reputation rights and privacy rights was not enough to meet the practical needs of governance. However, due to the ambiguity in the application of the “reasonable” processing requirements, the direct protection model centered on Article 27 of the Personal Information Protection Law also is not enough to effectively respond to practical disputes.The essence of the problem is to resolve the tension between information circulation and risk control and reshape the legal order for the protection of personal information disclosed according to the law. The determination of “reasonable” should be centered on the scenario theory and holism interpretation and carried out by using the interpretation technique effect R.70of the dynamic system under Article 998 of the Civil Code. With the support of scenario-based discussions and comparative propositions, the crawling and tag extraction of personal information disclosed according to the law should be considered as reasonable processing; profiling and automated decision-making should not be covered in the scope of reasonable processing, in principle; for behaviors such as correlation analysis, elements like information subject, identifiability and sensitivity should be comprehensively considered to draw open and inclusive conclusions in individual cases.
Keywords: personal information that has been disclosed · legal disclosure of personal information · reasonable scope · holism theory · dynamic system
I. Introduction
In the age of intelligence, the ability to use the value of data has developed by leaps and bounds, and the large-scale use of data has increased the public’s awareness of information rights protection. The Personal Information Protection Law begins with the legislative purpose of placing equal emphasis on the “reasonable use of personal information” and “protecting rights and interests relating to personal information”, but the two are not without conflict. This conflict has been going on for several years and has intensified in the area of the reuse of personal information disclosed according to the law. In judicial practice in recent years, the judiciary has not given consistent responses to this problem, and there have even been diametrically opposed decisions.1
For a long time, the purpose of disclosing personal information according to the law has been more about giving play to the role of administrative law to limit the power and supervise the exercise of responsibilities, while upholding regulation and transparency. However, it is also in conflict with the rights and interests of citizens’ information. With the development of theory and institutional practice over the past decade and more, this conflict has largely developed into a relatively stable and peaceful state.2However, the heavy use of public information data in the age of intelligence has caused a deviation from the original function of public information to a certain extent. On the one hand, there is a profound iteration of the way public information is used and its value function; on the other hand, there is an update of the initiatives of the Personal Information Protection Law for protecting the rights and interests of citizens. Therefore, the reuse of legally disclosed information is not just about a simple binary conflict; it also manifests itself in a novel and turbulent state of order.
Specifically, when it comes to institutional and dispute resolution, the above issue concerns the application of the rules of Article 27 of the Personal Information Protection Law (referred to hereinafter as Article 27). It specifies the limits of processing personal information that can be disclosed according to the law, i.e., the handler of personal information can handle it “within a reasonable scope”. The balance of conflict and order generation in the reuse of personal information disclosed according to the law, in a sense, is the explanation of the “reasonable” requirements. The core of the discussion in this paper is also the regulatory ambiguity of the “reasonable” requirement of Article 27 and its disambiguation. For specific argumentation, we can find common controversial reuse cases in real-life judgments. This paper will rely to a large extent on the judgments disclosed according to the law. However, because of the extensive and typical nature of personal information on the judgments, this analysis does not unduly influence the evidentiary process and conclusion. This paper intends to take the content of the rule of Article 27 as an entry point to analyze the inherent causes of regulatory ambiguity and clarify the theoretical controversy on interpretation. Last, we return to the “reasonable” requirement of Article 27 to develop a concrete and holism interpretation.
II. The Ambiguity of “Reasonable” Processing of Personal Information Disclosed According to the Law
In the legislation of the Civil Code and the Personal Information Protection Law in recent years, great importance has been attached to the special scenario of processing personal information according to the law. The draft has been reworked many times during the process. Article 1036 of the Civil Code and Articles 13 and 27 of the Personal Information Protection Law all deal with the processing of personal information disclosed according to the law.3 The most important of these is still Article 27 of the Personal Information Protection Law. With two different standards, this article clearly delineates the three cases of processing personal information disclosed according to the law while giving each a differentiated basis of legality. However, due to the ambiguity of the semantic meaning of “reasonable”, it is difficult to adequately respond to the controversy of the reuse of information disclosed according to the law.
The issue of “reasonable” discussed in this paper can be traced back to the legislative process of the Civil Code. At the end of 2018, when the draft sub-part of the Civil Code was first unveiled, legislators made five provisions on the exemptions for processing personal information, including the act of “using information that is disclosed by a natural person or other information that has been legally disclosed”. Based on this provision, the processing of personal information disclosed according to the law, even if it has a certain impact on the natural person, does not in principle make the handler liable for infringement. However, if the natural person expressly refuses to let others handle the information, the information handler shall respect the natural person’s wishes and shall not handle the information without authorization.4 Successive drafts of the Civil Code have largely followed this expression.5 However, when the Civil Code was enacted in May 2020, legislators added the requirement of “reasonable processing” to Article 1036 (2) for the first time. The substantive amendment has not been explained by authoritative legislative information.6 The requirement of “reasonable processing” was used in the legislation of the Personal Information Protection Law and eventually led to the formulation of Article 27, a rule for processing personal information that has been disclosed.
The text structure of Article 27 is relatively clear: through two complete statements, the general rules and special cases of processing personal information disclosed according to the law are clarified in turn. The general rule gives the handler of personal information the right to handle personal information disclosed according to the law within a reasonable scope, with the exception of “explicit refusal by the individual”. The special case of “significant impact on the rights and interests of an individual”, as understood from the logic of the text, should exclude the application of the general rule of the preceding sentence and the information handler should obtain the consent of the individual. It is important to note that “explicit refusal” and “obtaining consent” are not identical but correspond to the “opt-out” and “opt-in” mechanisms in the protection of personal information, respectively. Obviously, the former places more emphasis on the efficiency of the use of disclosed information, while the latter is designed to place more emphasis on the control and self-determination of the information subject to disclose information according to the law.7
Since there are “reasonable” acts of processing personal information disclosed according to the law, there are also “unreasonable acts”. Legislators have not specified the legality basis of the “unreasonable” processing of personal information disclosed according to the law, but it is not difficult to interpret it as the general rule of processing personal information based on the principle of “obtaining consent” in Article 13 of the Personal Information Protection Law.8 In addition to “obtaining individual consent”, this article establishes a number of grounds for justifying the exclusion of the consent rule. If the “unreasonable” processing is in accordance with Items (2) to (7) (such as in response to public health emergencies or protecting the life, health, or property safety of natural persons under emergency circumstances), the consent of the individual is also not required.
As per whether the act of processing is within a reasonable scope and whether it has a significant impact on the rights and interests of individuals, the processing of personal information disclosed according to the law can be divided into the regulatory levels as follows:
According to the above table, everything from the opt-out consent for processing information within a reasonable scope to the opt-in consent for significantly affecting personal rights and interests constitutes a clear hierarchy for the processing of personal information disclosed according to the law. This rule is designed to define the specific boundaries of hierarchical types by the standards of “reasonable/unreasonable scope of processing” and “with/without significant impact on personal rights and interests”. The aim of the design is to promote the balanced development of information utilization and rights protection to the maximum extent. The specific connotation of “reasonable” will be directly related to the classification of the type of personal information and the determination of the legality basis in accordance with the law. However, as the legislators have not provided the criteria to interpret “reasonable”, Article 27 is still de facto ambiguous, which seriously affects the application of the rule in judicial practice. Recently, some researchers have also made detailed explanations on the criteria for identifying disclosed personal information, the theoretical basis for the protection of disclosed personal information, and the application of rules, with Article 27 as the core.9 However, most of these studies show a lack of refinement and do not fully clarify the specific meaning of “reasonable”, nor do they adequately respond to the conflicts and disputes in judicial practice. It is urgent to further clarify whether the act of reprocessing personal information disclosed according to the law is “reasonable” and how it is determined.
III. The Inherent Reason for the Ambiguity of the Application of “Reasonable” Processing
We can easily understand the reason behind the ambiguity of the “reasonable” rule if we look beyond the text of Article 27 of the Personal Information Protection Law and explore the controversy over the reuse of personal information from a broader perspective of economic and social development and changes in the legal order. Traditionally, the reuse of personal information disclosed according to the law has been more about seeking remedies for more traditional personality rights such as reputation rights and privacy rights. However, the rapid progress of information technology in the age of intelligence has significantly increased the risk of improper use of disclosed information to compromise the security of personal property as well as personal independence and autonomy. The indirect protection model implied by the traditional remedy of personality rights can no longer meet the realistic needs of protecting disclosed personal information today. The direct protection norms of personal information represented by the Personal Information Protection Law and the Civil Code are, on the one hand, a renunciation of the indirect protection model in the new era; but on the other hand, a hasty response to the emerging technological development. The controversy over the reuse of personal information disclosed according to the law is still in a state of confusion with alternation and change and has been highlighted as a vague standard for the “reasonable” requirement of Article 27.
A. Indirect protection model for information disclosed according to the law
The reuse of personal information disclosed according to the law has been more about seeking remedies for more traditional personality rights such as reputation rights and privacy rights. Judicial practice related to this can be traced back as far as 2014.10 It was also in this year that the Supreme People’s Court promulgated and implemented the Provisions of the Supreme People’s Court on Several Issues Concerning the Application of Law in the Trial of Cases Involving Civil Disputes over Infringements upon Personal Rights and Interests Through Information Networks (hereinafter referred to as the Interpretation) in response to the new issues arising from the use of information network to infringe upon the personal rights and interests of others. Article 12 and Article 13 of the Interpretation are highly relevant to the reuse of personal information disclosed according to the law. After the implementation of the Interpretation, the court has often cited these articles for interpretation and reasoning in judicial practice.11
Article 12 of the Interpretation specifically provides for the use of information networks to improperly disclose private and personal information. The Interpretation clearly stipulates that the act constitutes infringement and offers six exceptions. According to Item (4), a person who is “re-disclosing the information disclosed voluntarily by the natural person on the network or any other personal information that has been disclosed in accordance with the law” is not liable for infringement. This exception clearly can be applied to information processors who reproduce and disseminate personal information disclosed according to the law. Therefore, in judicial practice, the court mostly cites this provision to argue that the defendant is not liable for the tort. Unfortunately, the content of this provision, which was an early norm for the protection of personal information, was largely superseded by the provisions of the Civil Code on privacy and personal information protection. In the wave of judicial interpretation revisions on the eve of the implementation of the Civil Code, Article 12 was deleted in its entirety and is now not available as a direct basis for adjudication.
In contrast, Article 13 of the Interpretation,12 which is still binding, is more important. According to the provision, where the information issued by the network user or NSP from the information sources such as the official documents prepared by the state organ according to its powers and the exercise of powers publicly falls under any of the four specific circumstances, which infringes upon any other’s personal rights and interests, the network user or NSP needs to bear the personality rights infringement liability. However, in the specific judicial practice, the cases that meet the specific four circumstances are rare.13 In practice, the court has also invoked this provision to find that the reuse does not constitute an infringement of the legitimate rights and interests of the information subject after ascertaining that there are no acts associated with the four circumstances by the information processor.
Further examination of the background and content of the Interpretation reveals that although the judicial interpretation basically recognizes the legitimate rights and interests of personal information and gives targeted protection, it does not give personal information an independent status of personality rights. A person using the information network to infringe upon the personal information of others is only liable for civil liability if the act infringes upon the personal rights and interests of others, such as the right to name, reputation, honor, portrait, and privacy, and causes damage.14 Article 12 of the Interpretation, as an early norm on the protection of personal information, only regulates the infringement caused by the improper disclosure or leakage of information. The developers of the Interpretation believed that the protection of personal information through civil justice has its inherent institutional requirements: the governance of other violations of personal information represented by illegal collection and use requires legislation to further clarify the means of governance, compensation methods, and damage determination.15 But the underlying reason is that the disclosure of private information is a typical infringement of privacy, while the illegal collection and use of personal information are less likely to be regarded as a privacy matter. Since privacy rights are intended to protect private matters that are not public knowledge, any public matter that can be viewed by anyone is not protectable privacy.16 With this concept, the exception in Article 12 (4) was created and the court has mostly relied on it as a legality basis for the act of reuse. Article 13 of the Interpretation, although ostensibly able to adjust the reuse of personal information disclosed according to the law, was formulated by the Supreme People’s Court with the purpose of clarifying the specific criteria for judging “media infringement” (“press infringement”).17 From the perspective of the background and the continuation of the legislative intent, the essence of the article is the interpretation of the requirements of the tort of the reputation such as “insult and defamation” in Article 101 of the General Principles of Civil Law (now Article 1024 of the Civil Code) in the context of “media infringement” and the reuse of information disclosed according to the law. While “Adding insulting and defamatory information” naturally constitutes a typical reputation infringement, “refusing to correct when the information does not match” is closer to a “false statement of fact” in the requirements of reputation rights. It is not part of the regulatory system of personal information protection. Due to the ambiguous premise of application and the profound constituent requirements, Article 13 has been expanded from focusing on the original field of “media infringement” to concerning the general scenario of the reuse of information disclosed according to the law.
On the whole, before the enactment and implementation of the Civil Code and the Personal Information Protection Law, personal information disclosed according to the law was mostly protected indirectly through the provisions related to traditional tort damage of personality rights. The court draws on the norms of Article 12 and Article 13 of the Interpretation to analyze the constituent requirements of the right to reputation and privacy in depth and to adjudicate the dispute of reuse. However, it is obviously difficult for the disclosed information that is not known to specific people to be classified as a matter of traditional personal privacy; and it is also difficult to equate the usual information reuse with “insult and defamation”. Therefore, traditional infringement lawsuits against the reuse of personal information disclosed according to the law are difficult to be upheld by the court.However, with the implementation of the Personal Information Protection Law and the Civil Code, personal information protection has emerged as an independent object and cause of action today. This means that the protection model of personal information disclosed according to the law is undergoing a transformation.
B. From traditional personality rights to personal information: risk evolution and normative reconstruction
The transformation of the personal information protection model has profound social drivers. For a long time, information has been a public resource or material in the public domain due to its low production and circulation costs and high exclusive use costs.18 Public information, a resource that anyone can use freely, is even more so. However, in the era of intelligence, the tremendous progress of information technology has had a revolutionary impact on information collection, processing, and utilization. This means that there are almost no boundaries for the information that is stored, recorded, to be analyzed, or mined, whether they are temporal, spatial, or quantitative boundaries.19 The rapid development of information technology has brought enormous risks and challenges to people’s information autonomy, privacy protection, personal and property safety, and even personality independence.
Overall, the act of reusing information disclosed according to the law is associated with three kinds of risks: information storage risk, information dissemination risk, and information aggregation risk.20 On the one hand, the cost of information storage and dissemination today is approaching zero. Therefore, even events that occur for a short period of time, within a specific geographical area and involving only a few individuals may be permanently stored, endlessly distributed, and widely known. The use of disclosed judgments is the best proof: by permanently recording a specific event in the form of a judgment in the information network space, the limitations of the original event in terms of time, geography, and object are eliminated.
On the other hand, the more serious harm caused by reusing data lies in the risks associated with information aggregation and analytical mining. In the era of big data, a single piece of information may not be identifiable or sensitive. However, through information aggregation, non-sensitive or unidentifiable information can be overlaid and interconnected as clues that can be analyzed to reveal identifiable or highly sensitive information.21 For example, The New York Times was able to easily identify a 62-year-old widow from Lilburn, Georgia, in a specific database of anonymous search data that had been made public by America Online.22 By aggregating and analyzing massive, permanent information that is associated with a specific individual, it is even possible to form accurate analyses and predictions of an individual’s preferences, personality, and behaviors, leading to the establishment of a “digital personality”.23 Using legally disclosed judgments as an example, based on the information of judges or lawyers in the documents, it is possible to create a “profile” of the judges and analyze whether they have personal biases in their rulings. Similarly, based on the information of lawyers in the documents, it is possible to analyze the actual effects of their legal representation and evaluate and recommend lawyers. All of these are potential uses of judgments disclosed according to the law. However, France has taken the lead in banning targeted data mining based on the identities of judges and court clerks from judgments disclosed according to the law.24 Regardless of whether such legislation is reasonable, the aggregation, association analysis, and targeted mining of personal information based on legally disclosed information certainly carries a significant risk of privacy violations that cannot be ignored.
As pointed out in the previous section, the traditional model of personality rights protection with privacy at its core often focuses only on non-public personal information and is powerless against personal information that has already been disclosed. However, privacy is not just made up of locked doors and closed curtains. If privacy protection only focuses on strengthening doors and curtains, then modern methods of collecting fragments of our public lives that threaten privacy are likely to be overlooked.25 Of course, the inappropriate use of disclosed personal information is only one of the social factors driving changes in the personal information protection model. The rampant collection, illegal acquisition, excessive use, and illegal trade of personal information have made personal information protection the most concerned, direct, and practical issue for the vast majority of people.26 From the Civil Code to the Personal Information Protection Law, a series of direct provisions for the protection of personal information have been issued, including those related to information disclosed according to the law. However, settled legal texts do not always mean a good legal order. Nowadays, the necessity of protecting personal information disclosed according to the law has become a consensus; however, there are still unresolved disputes regarding the implementation of specific protection measures and protection boundaries.
C. Direct protection model for information disclosed according to the law
The transition from indirect protection to direct protection has occurred for information disclosed according to the law, but a stable order is still lacking. In the era of big data, the development and utilization of information disclosed according to the law are in tension with risk control and personal information rights protection. This is the main contradiction in the information disclosed according to the law and the primary reason for the disorder and ongoing debate. The “reasonable” processing rule in Article 27 discussed in this paper reflects this contradiction at the regulatory level.
In judicial practice, the direct protection of personal information disclosed according to the law began with the Yi v. Suzhou Berta Data Technology Co., Ltd. personality rights dispute and Liang v. Beijing Huifa Zhengxin Technology Co., Ltd. online copyright infringement dispute. At that time, the direct protection of personal information was only supported by principal provisions such as Article 111 of the General Principles of the Civil Law, which was not yet able to provide effective and definite adjudication guidelines for resolving the dispute over the information disclosed according to the law. Fortunately, the court did not avoid this emerging issue and conducted analyses using highly similar methods, but with differences in their final conclusions.
Within the framework of tort liability, the question of whether the disputed act of reusing personal information constitutes an infringement of the right to personal information is based on Article 6 of the Tort Liability Law (i.e., Article 1165 of the Civil Code). In the process of proving the requirements of tort liability, the first step is to determine whether the reuse of personal information disclosed according to the law constitutes an act of “infringing upon the civil rights of others” under Article 6 of the Tort Liability Law. This is another way of expressing the illegality requirement: unless there is a legal justification, the illegality of the infringement of rights should be presumed; and whether an interest is protected in tort liability depends on whether it is a legally protected interest.27 If a strict formalistic position is adopted, neither Article 111 of the General Principles of the Civil Law, which was then an auxiliary norm, nor the relevant provisions of the Civil Code and the Personal Information Protection Law today clearly recognize the personal information rights of natural persons. This requires judges to fully establish whether the personal information interests of the plaintiff are protected by the law in the specific scenario. However, when defining the scope of protection for interests recognized by the law, the possible conflicts or contradictions between different interests should not be ignored, and the conflicting or opposing interests should be considered from a value perspective: On the one hand, whether there are interests that need to be protected as fully as possible should be considered. On the other hand, it is important to give maximum freedom of action to others as much as possible.28 This conflict of values is also the focus of the dispute between the two courts in this case.
Both the Beijing Railway Court and the Suzhou Intermediate People’s Court, which handled the two cases, pointed out that the cases involve “the issue of balancing the public interest and social and economic interests of reusing judgments on one hand with the personal interests and personal information rights on the other hand”; and “the relationship between the legitimate circulation of personal information that has already been disclosed and the control of information dissemination by the individual information subject should be appropriately balanced”. The difference is that Beijing Railway Court tended to protect the legally disclosed interests of reuse and the interests of information circulation. It advocated that the legal disclosure and use of personal information should be effectively coordinated to maintain the purpose of data circulation and that such disclosure and use are open, in line with the trend of personal information protection and the trend of digital economic development. Suzhou Intermediate People’s Court placed greater emphasis on the control and self-determination of individuals over their personal information. It advocated that consideration should be given to the control the information subject has over their personal information and there should be respect for the information subject’s desire for secondary dissemination. The basic contradiction between the protection of the rights and interests of the victim and the freedom of action of the perpetrator in the tort liability system is manifested in specific scenarios as a conflict between the personal information interests of natural persons and the interests of others in obtaining and using disclosed information.
Abstractly speaking, in the context of big data, the ability to use and process personal information disclosed according to the law has significantly improved. However, it is precisely this improvement that has given rise to the need for risk control in personal information disclosed according to the law, further leading to a shift in the mode of personal information protection. Therefore, in today’s direct protection model, the balance between protecting and utilizing personal information disclosed according to the law requires a “return to the fundamentals” approach and further discussions in the broader context of social, political, economic, and technological development. This is a completely different logic of balancing interests and governance from those concerning traditional personality rights such as privacy rights.29 New issues brought about by the development of the times inevitably lead to disputes over values and disorder. The ambiguous rule reflected in the “reasonable” requirement in Article 27 is, in a sense, also a reflection of this contradiction. However, more importantly, the lack of governance mechanisms at the regulatory level caused by the ambiguity of the “reasonable” requirement may further affect the already chaotic practice of reusing personal information disclosed according to the law. That is why it is imperative to provide supplementary interpretations of the “reasonable” requirement to resolve the dilemma of reusing personal information disclosed according to the law.
In summary, in the transition of regulatory models, the old order centered around the right to privacy and reputation has been almost overturned. Today, Article 9 of the Provisions of the Supreme People’s Court on Several Issues Concerning the Application of Law in the Trial of Cases Involving Civil Disputes over Infringements upon Personal Rights and Interests Through Information Networks (Revised in 2020)can hardly effectively meet the practical need for protecting personal information disclosed according to the law. However, judges cannot apparently “maintain a conservative attitude and promise to repeat the mistakes of their predecessors in future cases”.30 The issue of reusing personal information disclosed according to the law must be independent of the above-mentioned judicial interpretation and indirect protection model of personal information, and it must be analyzed within the framework of direct protection of personal information. On the other hand, the vague rule of the existing “reasonable” requirement indicates that the governance model for reusing personal information disclosed according to the law has not yet been fully established. This lack of clarity in the applicable scope is closely related to the imbalance of benefits and disorder caused by the advancement of information technology and social changes. Therefore, the interpretation of the “reasonable” requirement cannot simply be a closed response based on traditional value judgments and balancing interests; it is more about seeking clues for an open and inclusive explanation.
IV. The Method for Determining the “Reasonable” Processing of Personal Information Disclosed According to the Law
The interpretation of the “reasonable” requirement in Article 27 is inevitably and closely related to the practical scenarios of disclosing personal information according to the law. In addition to traditional methods of interpretation such as literal interpretation, systemic interpretation, and purposive interpretation, the choice of interpretive stance is essential. According to the well-known scenario theory of personal information, the narrative method of the “reasonable” requirement is the holism interpretation. As an important achievement of modern philosophy and legal hermeneutics, holism theory has become one of the core methods of legal reasoning and proof of the difficult case. This section aims to construct a “reasonable” interpretation framework in an open system based on the holism theory, starting from the existing purpose-based interpretation.
A. The difference between the regulatory functions of “purpose-based” and “reasonable”
Many viewpoints show that a “reasonable” interpretation should draw on the “purpose” standard in the various drafts of the Personal Information Protection Law and anything beyond the reasonable scope related to the “purpose of being disclosed” would be considered unreasonable.31 When opinions for the draft of the Personal Information Protection Law were collected for the first time in October 2020, the rules for processing personal information that had already been disclosed were indeed centered around “compliance with the purpose of the personal information being made public”. However, in the third draft, the rules centered on the “purpose of being disclosed” were deleted and replaced with the current Article 27. Regarding this modification, the Constitution and Law Committee interpreted it as “making the relevant provisions of the draft law consistent with those of the Civil Code”.32 Since the “purpose of being disclosed” was abandoned solely for the sake of legal consistency, this “purpose-based” interpretation still seems to have a guiding force for judicial application.
The viewpoint is debatable and there are three reasons for it. First, it is highly difficult to clarify the “purpose” of disclosing and processing personal information. Natural persons may have various purposes for voluntarily disclosing personal information on social media such as Sina Weibo and WeChat Moments. It is not easy to determine the actual purpose behind such voluntary disclosures. In contrast, the purpose of disclosing information according to the law in the context of legal requirements is relatively clear, as the disclosure is mainly aimed at preventing abuses of power and meeting the needs of public supervision. However, the information processor who handles personal information disclosed according to the law usually has multiple purposes. An example would be Faxin and Qichacha as two Chinese business information providers using legally disclosed judgments: on the one hand, these commercial institutions can create profitable data products or services by processing public information; on the other hand, this processing objectively expands the dissemination scope of information disclosed according to the law. It is conducive to the realization of public supervision, but also makes it difficult to determine whether the processing purpose conforms to the purpose for which the personal information is disclosed. In addition, the draft also explicitly stipulated that “when the purpose of disclosing personal information is not clear, the personal information processor should reasonably and prudently handle the disclosed personal information”. However, this still involves the specific interpretation of “reasonable” in the context of reuse.
Second, even if the purpose of disclosing personal information is clearly stated, it is extremely difficult to fully and effectively convey the “purpose of disclosing information” to the information processor as information flows in the Internet environment. In fact, the “purpose of disclosing personal information” itself is a type of information; and it is highly personalized, subjective, and non-structured. More importantly, this “purpose information” is only valuable to the information processor. For most “spectators” who simply access and disseminate public information, the “purpose of disclosing information” is often useless since it does not involve the processing defined in the Personal Information Protection Law. If the general public would spend time and money conveying the complete purpose information to the true personal information processor, it is essentially an altruistic behavior that lacks intrinsic motivation. In short, if it is required that the “already disclosed personal information” must carry the “purpose information when it is disclosed”, the cost of circulating and disseminating the disclosed information will increase greatly. How much of the “purpose information” that is contrary to the idea of information network sharing and utilization can ultimately be conveyed to the final processor remains a big question.
Third, even if the purpose of disclosing personal information is fully retained by the information processor, the legitimacy of such disclosure is still open to debate. The essence of the “purpose of disclosing personal information” is to respect the starting point of information disclosure and dissemination — in scenarios where natural persons voluntarily disclose information, it is important to respect their control and decision-making over their personal information. However, when it comes to the public interest, it can be found that personal information has a strong public attribute: besides being used as a collective display element, it also has social authentication, connection, and reputation functions in the infrastructure dimension.33 If we overemphasize the “purpose of disclosure”, we will overlook the social attributes of personal information and the public interests it carries. Therefore, some researchers have proposed that when applying the “purpose of disclosing personal information” to explain the “reasonable” requirement, we should avoid mechanically using “whether the purpose is absolutely consistent” as the sole criterion for judgment. Instead, these researchers advocate for the incorporation of the “legitimate interest exemption” and “balancing test” mechanisms when considering the purpose of disclosing personal information. This approach can effectively examine the necessity of protecting individual information rights.34 However, it not only eliminates the semantic content of the “purpose of disclosing personal information”, but also represents a regression to the abstract value conflict and interest balance, making it difficult to provide specific and effective judgment guidelines for judicial practice.
Further examination of the purpose-based theory shows a close relation to the “purpose limitation” principle of personal information protection. According to Article 6 of China’s Personal Information Protection Law, the information processor should abide by the agreed purpose of the initial collection of personal information when processing it. In scenarios where personal information has been disclosed, this “agreed purpose” can be roughly equated with the “intended use of the personal information when it is disclosed”. However, in practices outside of this domain, the strict principle of purpose limitation has been abandoned. The principle of purpose limitation in the EU’s General Data Protection Regulation (GDPR) is expressed as “processing of personal data shall not be incompatible with the initial purposes”. “Not incompatible” does not mean identical. It means that the purpose of processing personal information can deviate from the original purpose. In theory, the EU has also abandoned the strict principle of purpose limitation and developed the “appropriate use” standard to judge whether additional purposes deviate from the agreed purposes.35 Strictly adhering to the purpose limitation of “fitting the purpose for which the information is disclosed” can seriously limit the possibility of free use of information and commercial innovation and it is difficult to become the only criterion for judging the legality of information reuse.
In fact, even if we adopt the previously published personal information processing rule centered around “the purpose at the time of public disclosure”, it does not seem to compromise the connection with Article 1036 (2) of the Civil Code; it also provides clear guidance on the “reasonable” requirement in the Civil Code. The more profound consideration of the legislator for this change may be that at the regulatory level, rules centered around “the purpose at the time of public disclosure” are still unable to effectively respond to practical controversies, while at the value level, it reflects a negative evaluation of the control of already publicly disclosed information by the data subject. Helen Nissenbaum has correctly pointed out that any attempt to reduce privacy and personal information protection standards to a single element, such as sensitive personal information, or a single principle, such as enhancing personal information control, is a futile endeavor.36 No single rule or principle can effectively ensure personal information protection. The governance framework for publicly disclosed personal information that is built around the core principle of “compliance with the purpose of information disclosure” overlooks the diverse interests and complex conflicts mentioned in this paper. While this interpretation may be reasonable in certain highly sensitive scenarios, it may not necessarily align with the legislative principle of promoting the flow and use of information as the scenario changes. For example, the act of collecting and obtaining publicly disclosed information for general purposes should be considered “reasonable”, while examining the purpose of disclosing personal information does not have any evaluative significance. After all, “forcing others to ignore the information you have displayed is an unfair burden imposed on others.”37 With the development and changes in the reuse scenarios, we will find it difficult to use a purpose-based interpretation to guide a broad judicial practice.
B. The basis of holism value in the scenario-based personal information protection
In a big data environment, the collection, circulation, and utilization of information are becoming increasingly complex and diverse. The traditional single and static regulatory model represented by the purpose-based approach is no longer able to meet the demands for protecting publicly disclosed personal information in the era of big data. In contrast, Nissenbaum’s Contextual Integrity Theory (often referred to as the scenario theory or the scenario concept in China) has become a more powerful theoretical solution for personal information protection.
The scenario theory aims to answer the question “Under what circumstances is the circulation, processing, and utilization of personal information reasonable? The theory holds that the flow of information needs to be constrained by specific scenario factors. Complex social systems such as history, customs, culture, morality, etc. jointly shape the norms of information flow. Therefore, there is no universal standard for information norms that can be applied everywhere, and standards for privacy and personal information protection must be considered in specific scenarios.38 Accordingly, the scenario theory can be applied by determining elements such as information subject, information type, communication principle, etc., so that whether the information flow is reasonable can be tested through specific models.39 Nowadays, this kind of analysis has been advocated by more and more researchers.
The birth of scenario theory is inevitable and has a profound foundation in holism theory. Holism, which originated in the field of philosophy, was initially intended to solve epistemological problems: “Our knowledge is not a house built on solid bricks, but rather rafts floating on the sea. They are interconnected to support each other”.40 Similarly, unlike the deductive reasoning of the traditional judicial syllogism, the holism theory in legal studies is not concerned with the truth or falsity of propositions, but rather focuses more on the interdependence between propositions and beliefs. The correctness of a belief or proposition depends on the degree of support it receives from other beliefs or propositions. If the various reasons that collectively support a conclusion can form such a holistic relationship of mutual support, then it greatly enhances the persuasiveness of the conclusion.41
The “contextual integrity” that scenario theory aims to achieve is a requirement for holism protection. In the era of big data, the processing and utilization of personal information are becoming increasingly diverse, and the balancing of value judgments and interests is becoming increasingly complex. The boundaries between “identifiable” and “non-identifiable”, “sensitive” and “non-sensitive”, and “private” and “public” are becoming obscure. In diverse processing scenarios, the scenario theory aims to find a common standard for protecting personal information and this logical consistency is one of the important features of holism theory.42 However, logical consistency is only a necessary but not sufficient condition for holism theory. As a pioneer of the theory in the field of law, Dworkin offered his concept of “integrity”, which not only requires consistency but also goes beyond it.43 Another aspect that needs to be emphasized is the openness and refutability of the argumentation process.
In the field of legal argumentation, the collapse of conceptual jurisprudence highlights the impossibility of purely deductive logic. Deductive reasoning aimed at logical consistency cannot easily respond to inevitable legal loopholes and value judgments, nor can it guarantee the acceptability of conclusions. The holism theory was originally introduced into the field of law to improve the closed nature of the legal system. The introduction of non-legal reasons such as morality, politics, and ethics into the legal system also ensures the non-arbitrariness of judicial decisions.44 Similarly, in the process of achieving “scenario justice”, the scenario theory is used to incorporate external values such as morality, politics, and ethics into the evaluation as internal factors, connecting all legitimate reasons into a single whole and building “rafts floating on the sea”. In essence, in the process of shaping the regulation for information flow based on the scenario theory, it is inevitable to integrate diverse values and judgments. This means that the conclusions of the scenario theory are not absolutely “right” or “wrong”, but can only be described as “good” or “bad” to some extent.This is also the most prominent feature of the holism theory.
C. The dynamic solution for the holism protection of personal information disclosed according to the law
In regards to the reuse of personal information disclosed according to the law, its “reasonable” interpretation must be guided by the holism theory to find diverse and open paths of explanation within specific contexts. However, as a legal system that emphasizes the rules, the law should still try to avoid resorting to abstract concepts and “exclude the option of finding an easy solution with the general terms”. Upon examining the entire legal system, Article 998 of the Civil Code (hereinafter referred to as Article 998) stands out. This is because, when viewed from the perspective of typical civil torts, the “unreasonable” processing of personal information disclosed according to the law, if without other legal bases such as Article 13 of the Personal Information Protection Law, is likely to infringe on the personal information rights of natural persons. The issue of civil liability for damages arising from the processing of personal information naturally involves the application of Article 998. More importantly, Article 998 can form a “chain novel” relationship with the scenario theory and they can be understood and explained in the way of holism.45 It can even be said that Article 998 is the “best narrative” for the “reasonable” processing of personal information disclosed according to the law.
First and foremost, Article 998 can offer an effective binding force to the “reasonable” interpretation when it comes to information disclosed according to the law. In terms of private law, as the Personal Information Protection Law and the Civil Code represent the relationship between “special law” and “general law”,46 it is natural to apply Article 998 to decide whether the processing of personal information disclosed according to the law is “reasonable”. However, in the context of public law, it is worth studying whether the “reasonable” standard for personal information processing based on Article 27 can be compatible with Article 998. This involves the development of the external “available/unavailable” boundaries of personal information processors and their compliance obligations, which is of great significance. The essence of the problem is whether the criteria for the illegality of personal information are understood the same way in public and private law. The response to this is that rules such as Article 27 on personal information processing represent instrumental rights that adjust the relationship structure between individuals and information processors, and a way to implement the state’s obligation to protect personal information.47 This means that violating Article 27 in the processing of personal information directly infringes upon the legal order in public law rather than civil rights and interests. The infringement on the latter should still be determined around the damage to civil substantive rights and interests.48 In other words, the “right to the protection of personal information”, represented by Article 27, presents a distinct characteristic of administrative law precedence: if the information processors constitute a post-event infringement of personal information rights, they will inevitably violate the prior compliance obligation of personal information. Therefore, the application of Article 998 in civil tort determination naturally involves the judgment standards of public law compliance obligations. This view also conforms to the legal integrity principle under the pen of Dworkin: whether it is the legislators who create the law or the judges who enforce the law, they should make every effort to secure the moral integrity of the whole legal system.49
More importantly, the interpretive method based on holism theory necessarily requires an open and diverse range of interpretive approaches. Through Article 998, legislators have demonstrated the basic position on civil liability for infringement of personality rights: while recognizing the judge’s power of discretion in specific cases, the scope of the application of such power is limited and the legal and open elements for balancing considerations are also retained.50 From the perspective of legislative technique, this provision adopts a method similar to those in the dynamic system theory, which avoids the rigid concept of “all or nothing” legal application and also avoids the extreme arbitrariness and irrationality of free jurisprudence. The dynamic system theory proposed by Walter Wilburg provides a normative application framework similar to a rubber band through the synergy of elements and dynamics, refining highly abstract and declarative legal principles into specific rules with clear guidance and operability, opening up a “middle way” between conceptual jurisprudence and free jurisprudence. This is a legislative technique that has characteristics of holism.51 The system holism pursued by this legislation is closely related to the reasoning holism emphasized in making judgments.52 Of course, Article 998, as a general provision for identifying violations of personal rights, may lack specific protection for personal information. However, in individual cases, judges can comprehensively consider the elements of the system to determine a more open and flexible approach, while further achieving the balanced objectives intended by the legislators.53 In summary, the open and diverse regulations pursued by the interpretation based on holism theory are highly consistent with Article 998 and its dynamic system. Therefore, it is natural to apply this provision and its underlying principles to a “reasonable” interpretation.
V. The Scenario-based Interpretation of “Reasonable” Processing of Personal Information Disclosed According to the Law
After recognizing Article 998 as the “best narrative” for interpreting “reasonable” processing, this section aims to further analyze the differences in the application of Article 998 in different scenarios and clarify the boundaries when it comes to different levels of reasonable processing based on the scenarios. The interaction between the holism theory and judicial practice is presented while the legitimacy and refutability of individual case judgments are ensured.
A. Typical types of scenarios for processing personal information disclosed according to the law
The first typical scenario is represented by Faxin, Jufa, and China Law Info Co. Ltd., all of which focus on the simple mirroring and specific panel element extraction of information disclosed according to the law. Compared to official public databases such as the China Judgments Online, these commercial institutions conduct relatively simple tag extraction of highly structured element information (such as the cause of action, nature of the document, parties involved, trial procedure, court, lawyers, judges, and cited legal provisions) based on their crawling and storage behaviors. They provide more accurate, professional, and visual (chart-based) search services based on the tagged content.
The second typical scenario is represented by Qixinbao, Qichacha and Tianyancha, which focus on behavior analysis through association. In addition to crawling, mirroring, and tagging information, these business information query platforms conduct further association analysis based on highly structured personal and enterprise information, forming an information network similar to a knowledge graph. Taking Tianyancha as an example, its core function is to “search for companies, bosses, and relationships”, focusing on specific companies and their executives. It associates legally disclosed information such as judgments, court notices, case enforcement, and administrative penalties with these entities to provide alerts and warnings for potential business risks.
The third typical scenario is the act of deep organizing and processing based on the less structured information in the legally disclosed information (e.g., case facts and court opinions on the judgments). As deep data processing technology is not fully developed at this stage, a typical commercialization case has not emerged for the scenario in China. However, from the perspective of technology practices outside the field and the development direction of utilizing public documents in China, typical representatives of this application scenario include the big data-based intelligent recommendation of similar cases, document analysis and prediction, litigation risk assessment, and judge/lawyer profiles. Taking the intelligent recommendation of similar cases as an example, as a further development of the traditional information retrieval model, it mainly relies on natural language processing (NLP) technology to identify and recommend similar cases through algorithms based on unstructured data such as publicly disclosed case facts and dispute focus, making it possible to push intelligent cases.54
The distinction between the three scenarios is closely related to the three risks of reuse behaviors mentioned earlier. The first scenario is mostly related to the risks of information storage and transmission, while the other two scenarios present varying degrees of information aggregation risk. It should be noted that deep mining in the third scenario has different purposes and various forms. Next, this paper will mainly discuss representative profiling and automated decision-making. Obviously, these three scenarios are only relatively ideal and typical and the reuse of publicly disclosed information in real society presents more continuous and spectrum-like features. However, this is not causing problems in the discussion in this paper. The specific explanation of the term “reasonable” can be further integrated and developed from the three typical scenarios, becoming a standard with the same dynamics and spectrum-like features. Other behaviors of reusing personal information disclosed according to the law can be concluded from this integrated or holism standard.
B. The system of elements for defining “reasonable” processing of personal information disclosed according to the law
Based on the analytical framework of Article 998, we will first examine the method of defining the “reasonable” standard by separately applying elements such as “the professions of the perpetrator and the victim, the scope of impact, the degree of fault, and the purpose, manner, and consequences of the conduct”. Then, we will focus on the collaborative effect of multiple elements when they exist together. Based on the differences in elements, the following analysis can be made for the above three typical scenarios:
1. The professions of the perpetrator and the victim
Legislators briefly listed how the professions of perpetrators and victims can make a difference. The infringement judgment of individuals engaged in the lines of news reporting and public opinion supervision should be more cautious and the personality rights of public figures who are victims should be appropriately restricted.55 Such consensual viewpoints are also applicable in the reasonable judgment concerning the reusing in this paper, but require analysis based on the specific circumstances of the parties involved. Additionally, when it comes to the information subject, special attention needs to be paid to the issue of the personal information of minors. The Personal Information Protection Law identifies the personal information of minors under the age of 14 as sensitive personal information, requiring stricter protection measures. This involves special protection issues for sensitive personal information, which will be further discussed in the following pages.
2. The scope of impact of the behavior
Regarding the scope of influence of behavior, generally speaking, the larger the scope, the more serious the impact. In the first two scenarios, as personal information has already been publicly disclosed and can be known by unspecified individuals, the reuse of such information is also significant and can be known by unspecified individuals. However, in the third scenario, due to the high value of in-depth mining, the typical commercialization model is not entirely open to the public, but more directed towards specific users such as law firms, courts, and universities.
However, the potential large scope of impact in the first two scenarios is not equivalent to the scope of the legal evaluation. When considering the scope of social impact, the court will also balance it with the protection of personal dignity and freedom of action, and comprehensively consider the specific scope of impact and responsibility based on the general social evaluation.56 In judicial practice, some courts believe that the audience of databases such as China Law Info mainly consists of legal professionals.57 The purpose is to prove that the processing is reasonable through the limitation of the scope of impact. A more common example is the phenomenon of “vanity searches” — some people search for their own personal information such as their name in search engines but this is a typical low-frequency search behavior.58 Through vanity searches, victims can often find personal information related to themselves at the top of search results and consciously realize the huge scope of impact. However, objectively speaking, this type of search is rare. In practice, there was also a defendant who, after checking the backend data, pointed out in defense that the viewings of the litigation documents only totaled 57 times, most of which were generated by crawler programs. Among them, there were only 10 records with an access IP in Beijing and 7 of them were from the same IP, which may be the plaintiff.59 Therefore, it is argued that the impact of the behavior is quite small.
3. The degree of fault of the act
On the degree of fault of the act, first, it is necessary to clarify the difference between the element of illegality and the degree of fault of the act: the former is an objective determination of whether the actor has violated the legal norms, while the latter takes into account more the subjective psychological blameworthiness of the actor. A fault is usually judged by the standards of a rational person or “a bonus pater familias”.60 However, personal information is still an emerging civil right, and the standards for determining the degree of fault for the infringement of personal information have not yet been universally recognized. In the judicial practice of personal information infringement, the courts have rarely examined the subjective fault of the perpetrators in depth.61 In terms of the typical scenario of reuse in this paper, because it combines the new personality rights and interests of personal information with the new business model brought by technological progress, we should not be too arbitrary when making the judgment about the degree of fault of the act. In the dual value of freedom of conduct and freedom of information, it is difficult for us to identify the subjective malice to infringe on personal information in all three types of typical scenarios. In fact, after Article 69 (1) of the Personal Information Protection Law clarified that the presumption of fault liability applies to personal information infringement, it has also been argued that the need to examine the degree of the fault has been significantly reduced.62
4. The purpose, manner, and consequences of the act
The judgment of the purpose, manner, and consequences of the act is more important in the scenarios of this paper. In this section, we first discuss the purpose, manner, and consequences of the acts in the first and second scenarios in turn. In the first scenario, the actor aims mainly to provide high-quality and market-competitive retrieval services for information disclosed according to the law; in the second scenario, the actor mostly aims to reveal business risks through correlation analysis. Although these scenarios involve the commercial use of public information, they do not show the malicious purpose of violating the rights and interests of personal information and are not highly blameworthy.
In terms of behavior, the above scenarios all involve common crawling and storage behaviors, on the basis of which differentiated analysis and processing are carried out. As for crawling and storage, in these scenarios, the complex anti-crawling protection of China Judgments Online is mostly compromised and there is a risk of violating the website’s announcement of “prohibiting the establishment of a judgment mirror by commercial websites”. However, the legal effectiveness of the announcement by China Judgments Online is still questionable. With the widespread use of crawling technology today, we cannot just determine that the behavior is immoral. In fact, in terms of crawling behavior and crawling platforms, the legally disclosed databases represented by China Judgments Online mostly consist of massive raw or basic data. To avoid potential data separatism and data feudalism,63 the prohibition of crawling seems to be even less justified, as long as it does not affect the normal operation and use of the system. In addition, besides their unique value compared with general raw or basic data, legally disclosed data also carry a significant interest in “the constitutional right to know”.64 Although the above scenarios somehow involve more than information disclosure and judicial supervision, they do not exclude public supervision. Through higher-quality data processing and services, citizens may be in an even better place to exercise their constitutional right to know. From the perspective of personal information protection, therefore, the information crawling behavior, which usually exists, is hardly obviously improper. Regarding differentiated data analysis and processing, data analysis technologies such as structured data extraction and data correlation have been applied for many years and their technical logic is relatively well-known. Objectively, if the public would spend a considerable amount of time and energy, they can independently tag and organize public information and also perform associated analysis on specific small amounts of public information to mine the valuable information. Therefore, there is no obvious impropriety associated with the simple processing and correlation analysis in the first and second scenarios.
Last, when considering the consequences of behavior, personal information infringement is generally mild and decentralized; and the slight harm caused by the social behavior of the actor to personality rights should be tolerated by society.65 The typical scenarios of reuse mentioned above do not unreasonably expand the scope of personal information disclosure. Even if there is damage to the rights and interests of personal information, it is relatively minor. Although in the first two scenarios, victims can often find their personal information being reused at the top of search engine results. This is not only about “vanity searches”, but also a reasonable result of search engine ranking technology. The harm caused cannot be proven severe, and it is also less related to the information processors who implement the processing behavior.
However, again based on the consideration of the purpose, manner, and consequences of the behavior, the conclusions of the profiling in the third scenario are significantly different. As an act that may cause a serious infringement on digital personality, there should be stronger regulation on the personal information in profiles disclosed according to the law. In terms of the purpose of the behavior, profiling means far more than the original purpose of judicial supervision in information disclosure. In terms of behavior and consequences, profiling and other targeted analyses and mining of personal information are mostly aimed at revealing information closely related to individuals. This type of digital identity formed based on automated decision-making may be completely separated from the physical personality and the prior knowledge of the parties involved.66 It is even possible for this identity to dominate the information subject, causing damage to the digital personality.67 Considering the high sensitivity of automated decision-making, there are also special strict regulations in the Personal Information Protection Law for it. In our scenarios, it is also necessary to adopt more stringent control measures.
5. Identifiability and sensitivity of the information
The open Article 998 allows judges to expand the system of elements in individual cases. In the personal information discourse system, the identifiability and sensitivity of information should naturally be considered in a comprehensive way. This is because the stronger the identifiability of personal information, the more clearly the victimized individuals can be identified among a wide range of people; and the greater the sensitivity of personal information, the more likely the infringement behavior will cause serious harm. More importantly, both the identifiability and sensitivity of personal information present differences in degree. There should not be a simple binary distinction between “identifiable” and “non-identifiable” or between “sensitive” and “non-sensitive”. Represented by PII 2.0, differentiated personal information system rules with diversified designs have become the mainstream solution for personal information protection in recent years.68 The sufficiency measurement in the dynamic system is highly consistent with this differentiated regulation and can naturally be used for reference.
Overall, the identifiability and sensitivity of personal information disclosed according to the law require careful case-by-case judgment. Depending on the nature and content of the disclosure, there are significant differences in the identifiability and sensitivity of the information. Using court judgments as an example, personal information in anonymous court judgments has significantly lower identifiability than that in ordinary court judgments. In addition, court judgments involving natural persons in financial loan contract disputes, securities disputes, and medical service contract disputes often involve natural persons’ financial and medical information, while custody disputes often involve minors’ personal information. The information in these judgments has higher sensitivity than that in ordinary judgments. One of the information reuse disputes in this paper is a medical service contract dispute coming from a miscarriage surgery.69 In general, information related to having undergone a miscarriage should be highly sensitive. From the perspective of evaluating the elements of a dynamic system, the stronger the identifiability and sensitivity of personal information, the more protection should be given to natural persons’ rights and interests of personal information and the more likely it is to evaluate the reuse as “unreasonable”.
C. The dynamic synergy for ‘reasonable’ processing of disclosed personal information
Based on Article 998, after evaluating the sufficiency of various elements, legal effects can be determined based on the coordination of these elements. This coordination is often expressed in the form of a comparative proposition, such as “the more... the better” or “the less... the worse”. The determination of legal effects depends on the interpretation of dynamic interaction and coordination of the various elements.
Here is the specific expression in the context of “reasonable” processing of personal information disclosed according to the law:
Victim’s public attribute A x sufficiency degree a + scope of impact of behavior B x sufficiency degree b + degree of fault in behavior C x sufficiency degree c + blameworthiness of the purpose, manner, and consequence D x sufficiency degree d + degree of identifiability and sensitivity of information E x sufficiency degree e = legal R.70
However, whether it is deciding the weights or the sufficiency of the elements, it is impossible to achieve the same level of precision as with specific numerical values. In the absence of principled instances and basic evaluations, the comparative propositions of the dynamic system are like trees without roots and water without sources. In order to further simplify the model, we consider the weight of each element to be equal. For the sufficiency of the elements, we simplify the preliminary analysis by putting them into two categories: the elements of proof (i.e., the elements that support the recognition of unreasonable processing behavior) and the elements of negation (i.e., the elements that support the recognition of reasonable processing behavior). In the context of dynamic synergy, the sufficiency of the elements in the former is higher, while the sufficiency of the elements in the latter is lower.
In Scenario 1, the scope of impact, degree of fault, manner, purpose, and consequences are all elements of negation, while the elements concerning the information and the subject require further case-by-case judgment. Comprehensive analysis shows that the extraction and preliminary collation of tagged information disclosed according to the law in Scenario 1 are hardly “unreasonable” given the overwhelming majority of elements of negation, even for the collection and collation of sensitive personal information. In this paper, we believe that such simple and primary collation and processing of personal information disclosed according to the law do not go beyond the original scenario of information disclosure; there is no need for the Personal Information Protection Law to intervene and start regulation and the relevant reuse behavior should be considered “reasonable” personal information processing.
With Scenario 1 as the basis for evaluation, the analysis of Scenario 2 and Scenario 3 can be carried out in the form of comparative propositions: with respect to the comparison of Scenario 2 and Scenario 1, the attributes of the general public of the victim, the identifiability and sensitivity of the information still need to be judged on a case-by-case basis; and the degree of fault in both scenarios is basically the same (no obvious fault). However, in Scenario 2, the scope of the impact caused by the correlation analysis will be larger than that of the tag extraction in Scenario 1; the manner, purpose, and consequences of the behavior will also be somewhat beyond those in the scenario disclosing personal information according to the law. A relatively arbitrary judgment is that such a simple correlation analysis is “unreasonable” processing when the victim is a member of the general public and the personal information disclosed according to the law is highly identifiable and sensitive (including the personal information of minors under 14 years of age); however, the correlation analysis is still reasonable when the victim is a public figure or when the personal information disclosed according to the law is not highly identifiable and sensitive.
In Scenario 3, due to the in-depth use of intelligent technology, the way personal information is reused becomes more profound: whether it is the scope of impact, or the manner, purpose, and consequences of the behavior, profiling and automated decision-making greatly exceed the original information disclosure and connotations of Scenarios 1 and 2, with a higher risk of damaging personal integrity. The theory of dynamic synergy concludes that all profiling behaviors based on personal information disclosed according to the law are not, in principle, acts of processing within a reasonable scope.
The element sufficiency judgments and specific conclusions for the three scenarios are shown in the following table.
Last, three points in particular still need to be emphasized. First, the three types of scenarios selected in this paper are only based on the division of typical processing behaviors. The explanatory path adopted in this paper, however, is highly open and inclusive. Supported by comparative propositions, the reuse of other legally disclosed personal information can be analyzed in this same framework. Take the “intelligent recommendation of similar cases” as an example, the scope of “reasonable” processing in this scenario can be concluded by comparing it with other scenarios. To begin with, the scope of impact for the intelligent recommendation of similar cases should be greater than that for the behavior in the second scenario. This is because the correlation analysis in Scenario 2 is often carried out based on panel information only, but the essence of intelligent recommendation of similar cases is to correlate and analyze all instances similar to this case. For example, such kind of recommendation can filter out all medical disputes due to abortion. Besides, it is unlikely that blameworthiness of the purpose, manner, and consequences of the intelligent recommendation of similar cases can lead to damage to the digital personality. The blameworthiness of the behavior is still significantly smaller than that of the profiling behavior. Last, the degree of fault, in this case, is basically consistent with those in the three scenarios. This will make the “reasonable” scope of intelligent recommendation of similar cases smaller than that in Scenario 2 and larger than that in Scenario 3. Therefore, a simple conclusion on the “reasonable” processing standard of intelligent recommendation is that as long as the intelligent recommendation involves personal sensitive information with strong identifiability, this behavior does not fall into the scope of reasonable processing. By analogy, the dynamic and holistic nature of our conclusion can be presented.
Second, processing that is not within the reasonable scope does not necessarily lead to the illegality of the act. In the event that other legality bases, such as Article 13 of the Personal Information Protection Law, are satisfied, the corresponding act of processing is still legal. This section discusses the processing of personal information disclosed according to the law (including but not limited to the disclosure of judgments and information on defaulted executors) by credit agencies as an example. As an important part of the construction of the social credit system, the information processing behavior of credit agencies obviously assumes a more important social function. However, in the analytical framework of this paper, the intrinsic idea of balancing interests has been represented by the evaluation of elements and their coordination, and such social attributes can be reflected in the discussion of the purpose, manner, and consequences of the behavior and externalized as the legal effects after the dynamic synergy. In short, compared with the general commercial institutions in this paper, credit agencies process information with a purpose that has more social and public interest properties. This makes the scope of “reasonable” processing by credit agencies greater than that of commercial institutions in general, with other factors such as processing behavior being equal. After comparing with the above-mentioned typical scenarios, we believe that the collection and simple data extraction by credit agencies for personal information disclosed according to the law are reasonable processing of personal information, while automated decision-making such as credit profiling, scoring, and rating based on the information, as well as further disclosure, are not within the reasonable scope. However, these acts of processing beyond the reasonable scope clearly are not illegal when the consent of the individual information subject is obtained.71 In addition, the basic database of personal credit information established by the credit center of the People’s Bank of China can also obtain the legality basis of the processing behavior through Article 37 of the Personal Information Protection Law against the provisions of the state organs for processing personal information.
Third, although the analysis and proving process of this paper is largely based on judicial disclosure (especially the disclosure of judgments), its analytical framework and conclusions can be widely applied to all personal information disclosed according to the law. This section discusses the reuse of the specific travel information of patients diagnosed with COVID-19 disclosed according to the law. In order to protect the privacy of diagnosed patients from undue discrimination, the existing location tracking information is often disclosed in a highly de-identified and desensitized form. But as mentioned earlier, one of the important features of the big data era lies in the almost unlimited ability to aggregate and correlate information for analysis. With the progress of data analysis and the increase in data volume, absolute anonymity is no longer possible.72 When it comes to the reuse of the tracking information, the boundary of “reasonable” processing should be defined with the identifiability of the information as the core. In other words, all processing behaviors that do not significantly increase information identifiability (e.g., the production and distribution of COVID-19 maps, intelligent matching of personal travels with those of confirmed patients, etc.) should be considered reasonable processing, while processing behaviors that significantly increase information identifiability are highly likely to constitute unreasonable processing. The reason for this is that in the framework of this paper, which focuses on sufficiency, the definition of “reasonable” depends on the dynamic synergy among the elements. Even when one or more elements do not yet clearly reflect the legal effect if one element is typical (e.g., with low information identifiability), the corresponding legal effect can be determined (i.e., the processing behavior is within the reasonable scope).73 In the case where the processing behavior significantly increases the information identifiability, it is necessary to further consider the elements of the subject and the behavior, and appropriately derive the specific boundaries of “reasonable” processing by means of dynamic synergy and comparative propositions.
VI. Conclusion
As per the law, information disclosed according to the law is a rich data mine in the information network environment. From the relatively traditional mirror database to the enterprise information query platform, to the infinite possible reuse scenarios in the future, information disclosed according to the law has fully demonstrated the value of in-depth utilization in addition to public supervision. However, it is also a rich mine of personal information, always posing the risk of violating the rights and interests of personal information. At a time when the practice of legal information disclosure and reuse is common, it is necessary to examine the controversy over the reuse of personal information disclosed according to the law from the perspective of the Personal Information Protection Law that has been implemented.
Article 27 of the Personal Information Protection Law was established as an inherent requirement for risk control of personal information that has been disclosed. The complex data activities in the context of big data make it impossible to continue the traditional protection model of personality rights and interests, nor is there a “panacea” of monolithic static rules for the protection of disclosed personal information. Instead, a dynamic protection model with openness and coherence should be adopted. The application of Article 998 of the Civil Code and the interpretation technique of the dynamic system theory behind it to a “reasonable” interpretation of the reuse of personal information disclosed according to the law, although not perfect, is indeed an appropriate path for the concrete presentation of the scenario theory in judicial practice. At the very least, it provides a powerful method of interpretation and reasoning tool for the resolution of the relevant disputes; it enhances the clarity and refutable nature of the adjudication while avoiding rambling value judgments. The comprehensive analysis of these elements can also help provide clear guidance on the boundaries of reasonable behaviors of relevant subjects in the regulatory system. More importantly, this paper attempts to establish a coherent interpretation of Article 27 of the Personal Information Protection Law and the traditional civil law rights protection system through Article 998 of the Civil Code. The concept of personal information protection scenarios and the balance of interests in the study of cyber law are thus integrated into the interpretation techniques of the dynamic system. By consciously exploring the entry point of theories and doctrines in the judicial application, we can further enhance the power of theory to guide practice, with an expectation to achieve the ultimate goal of securing “protection of the rights and interests of personal information” and “reasonable use of personal information” at the same time.
(Translated by SU Yilong)
* ZHAO Yi ( 赵艺 ), Researcher, Human Rights Research Institute, Southeast University, and Judicial Big Data Base of the People’s Court, Southeast University.
** YANG Jie ( 杨洁 ), Associate Professor and Master’s Supervisor, School of Law, Southeast University, and researcher, Judicial Big Data Base of the People’s Court, Southeast University.
1. Yi v. Suzhou Berta Data Technology Co., Ltd. Personality Rights Dispute, (2019) S05 Civil Judgment No. 4745 (Final), Suzhou Intermediate People’s Court; Liang v. Beijing Huifa Zhengxin Technology Co., Ltd. Online Copyright Infringement Dispute, (2021) J04 Civil Judgment No. 71 (Final).
2. For a recent discussion of this issue, see Zhang Xinbao and Wei Yanwei, “Study on the Privacy and Personal Information Protection of Judicial Information Disclosure”, Journal of Comparative Law 2 (2022): 104-120.
3. The above-mentioned articles classify disclosed personal information into two categories: “information disclosed by an individual” and “other personal information that has been legally disclosed”. Some researchers further classify them into information disclosed by an individual (voluntarily) and information disclosed passively (legally and compulsorily). This paper only focuses on personal information disclosed according to the law and its connotation is basically the same as that of information disclosed passively (legally and compulsorily), which mainly refers to personal information disclosed based on administrative and judicial acts. We argue that personal information disclosed by an individual and personal information disclosed according to the law have distinct theoretical bases and values and are difficult to be combined for discussion. See Cheng Xiao, “On the Reasonable Use of Personal Information in China’s Civil Code”, Peking University Law Journal 4 (2020): 1015-1016; Ning Yuan, “‘Personal Information Publicly Disclosed’ as a Legitimate Cause for Processing — Jurisprudential Basis and Application of Rules”, Global Law Review 2 (2022): 71-73.
4. Huang Wei, Annotation on Personality Rights of Civil Code of the People’s Republic of China (Beijing: Legal Press China, 2020), 203.
5. The first and second reviews of the Book of Personality Rights of the Civil Code (Draft) were only about the regulation of the collection and use of personal information. The third review of the Book of Personality Rights in August 2019 included all acts of processing, transmission, provision, and disclosure of personal information. See “Report of the Constitution and Law Committee of the National People’s Congress on the Revision of the Personality Rights Section (Draft) of the Civil Code (August 22, 2019)”, edited by the Writing Group, The Complete Collection of Background and Views on the Legislation of the Civil Code (Beijing: Legal Press China, June 2020), 53.
6. Interpretation of the Civil Code only provides examples for the four concepts of “disclosure by the person concerned”, “other legal disclosure”, “explicit refusal by the natural person”, and “processing information against the vital interests”, but the meaning of “reasonable” is not elaborated. Huang Wei, Annotation on Personality Rights of Civil Code of the People’s Republic of China, 203-204.
7. Zheng Jianing, “The Application of the Principle of Informed Consent in Information Collection and Rule Construction”, Oriental Law 2 (2020): 201.
8. For a similar view, see Zhang Xinbao, “On the Application of the Personal Information Protection Law to Media Activities”, Modern Publishing 6 (2021): 48-49.
9. Wang Haiyang and Guo Chunzhen, “The Recognition and Processing Rules of Disclosed Personal Information”, Journal of Soochow University (Law Edition) 4 (2021): 64-76; Liu Xiaochun, “The Construction of Rules for the Protection and Utilization of Disclosed Personal Information”, Global Law Review 2 (2022): 52-68; Ning Yuan, “‘Personal Information Publicly Disclosed’ as a Legitimate Cause for Processing — Jurisprudential Basis and Application of Rules”, Global Law Review 2 (2022): 69-84.
10. Dong Ruirong v. Hangzhou Fatu Network Technology Co., Ltd. Privacy Dispute, (2014) HG Civil Judgment No. 281, Hangzhou Gongshu District People’s Court.
11. Of the 15 cases we found involving disputes over the reuse of personal information disclosed according to the law, 5 invoked Article 12 of the Interpretation and 8 invoked Article 13.
12. Article 9 of the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in the Trial of Cases involving Civil Disputes over Infringements upon Personal Rights and Interests through Information Networks (2020 Amendment):
Where the information issued by the network user or NSP from the information sources such as the official documents prepared by the state organ according to its powers and the exercise of powers publicly falls under any of the following circumstances, which infringes upon any other’s personal rights and interests, and the infringed party requests the infringing party’s assumption of tort liability, the people’s court shall support such a request.
(1) The information issued by the network user or NSP is inconsistent with the information from the aforesaid information sources.
(2) The network user or NSP misleads people by means such as adding insulting content, defamatory information, improper titles, adding or deleting information, adjusting the structure, and changing the sequence.
(3) The aforesaid information source has been corrected in public, but the network user or NSP fails to make a correction.
(4) The aforesaid information source has been corrected in public, but the network user or NSP still issues the incorrect information.
13. Of the 15 relevant cases in this article, the only one that could have fallen into one of the four circumstances was lost due to the complexity of the facts and the difficulty of proof and reasoning by the relevant party. See Hou Dongjia v. Beijing Huifa Zhengxin Technology Co., Ltd. Reputation Right Dispute, (2019) S0585 Civil Judgment No. 2949, Taicang City People’s Court, Jiangsu Province.
14. Wang Cheng, “The Choice of Model for Civil Law Protection of Personal Information”, Social Sciences in China 6 (2019): 137.
15. “Head of the Supreme People’s Court Civil Division 1 Answers Question on the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in the Trial of Cases involving Civil Disputes over Infringements upon Personal Rights and Interests through Information Networks”, Xi Xiaoming, Understanding and Applying the Judicial Interpretation of the Supreme People’s Court on the Use of Networks to Infringe on Personal Rights and Interests (Beijing: People’s Court Press, 2014), 38.
16. Wang Zejian, “The Concretization of Personality Rights and the Scope of Protection: Privacy Rights (Part III)”, Journal of Comparative Law 2 (2009): 7.
17. Xi Xiaoming, Understanding and Applying the Judicial Interpretation of the Supreme People’s Court on the Use of Networks to Infringe on Personal Rights and Interests, 187-196.
18. Gao Fuping, “Personal Information Protection: from Individual Control to Social Control”, Chinese Journal of Law 3 (2018): 94.
19. Helen Nissenbaum, “Protecting Privacy in an Information Age: The Problem of Privacy in Public”, Law and Philosophy 17 (1998) 559 and 576-577.
20. Lv Yaohuai, “Privacy in Public in the Context of Information Technology”, Studies in Dialectics of Nature 1 (2014): 54-55; Wang Haiyang and Guo Chunzhen, “The Recognition and Processing Rules of Disclosed Personal Information”, 68-71.
21. Daniel J Solove, “Introduction: Privacy Self-Management and the Consent Dilemma”, Harvard Law Review 126 (2013): 1880 and 1889-1891.
22. Michael Barbaro and Tom Zeller, Jr., “A Face Is Exposed for AOL Searcher No. 4417749”, New York Times, August 9, 2006, at A1.
23. Zhang Li’an and Han Xuzhi, “The Private Law Attributes of the Personal Information Rights in the Era of Big Data”, Legal Forum 3 (2016): 119.
24. Wang Lusheng, “Jurisprudence Conflict, and Value Balance in the Application of Judicial Big Data: A Survey on the Article 33 of French Judicial Reform Act 2019”, Journal of Comparative Law 2 (2020): 135-136.
25. Jeffrey H. Reiman, “Driving to the Panopticon: A Philosophical Exploration of the Risks to Privacy Posed by the Highway Technology of the Future”, 11 Santa Clara Computer and High Technology Law Journal 11 (1995): 27 and 29.
26. “Explanation on the Draft Personal Information Protection Law of the People’s Republic of China”, Bulletin of the Standing Committee of the National People’s Congress 6 (2021): 1125-1126.
27. Fang Xinjun, “Proving the Rationality of the Protection of Distinguished Rights and Interests: An Interpretive Premise of Article 6 (1) of the Tort Liability Law”, Tsinghua University Law Journal 1 (2013): 134-156.
28. Helmut Koziol, Basic Questions of Tort Liability Law (vol. 1) from a Germanic Perspective, translated by Zhu Yan (Beijing: Peking University Press, 2017), 178.
29. Zhang Xinbao, “From Privacy to Personal Information: The Theory of Interest Re-measurement and Institutional Arrangement”, China Legal Science 3 (2015): 3
30. Sun Haibo, “Like Cases Be Treated Alike: Not A Fictional Myth of the Rule of Law”, The Jurist 5 (2019): 156.
31. Cheng Xiao, Understanding and Application of the Personal Information Protection Law (Beijing: China Legal Publishing House, 2021), 253; Ning Yuan, “‘Personal Information Publicly Disclosed’ as a Legitimate Cause for Processing — Jurisprudential Basis and Application of Rules”, Global Law Review 2 (2022): 80-81.
32. Report of the Constitution and Law Committee of the National People’s Congress on the Review Results of the Draft Personal Information Protection Law of the People’s Republic of China, website of the National People’s Congress of China, accessed December 1, 2022.
33. Hu Ling, “The Commonality of Personal Information and Its Realization from the Perspective of Social Function”, Law and Social Development 5 (2021): 4.
34. Liu Shuangyang, “‘Reasonable Treatment’ and the Excluding Mechanism of the Crime of Infringing Citizens’ Personal Information”, ECUPL Journal 6 (2021): 68-72.
35. Zeyu Liang, “The Interpretation and Application of Purpose Limitation Principle in Personal Data Protection”, Journal of Comparative Law 5 (2018): 22-24.
36. Helen Nissenbaum, “Respecting Context to Protect Privacy: Why Meaning Matters”, Sci Eng Ethics 24 (2018): 831 and 852.
37. Lawrence Lessig, Code: And Other Laws of Cyberspace, Version 2.0, translated by Li Xu and Shen Weiwei (Beijing: Tsinghua University Press, 2009), 233.
38. Helen Nissenbaum, “Privacy as Contextual Integrity”, Washington Law Review 79 (2004): 101-139.
39. Adam Barth, Anupam Datta, John C. Mitchell and Helen Nissenbaum, “Privacy and Contextual Integrity: Framework and Applications”, IEEE Symposium on Security and Privacy 32 (2006): 184-198.
40. Paul Thagard, Coherence in Thought and Action (Cambridge: MIT Press, 2002), 5.
41. Hou Xueyong, “The Role of Holism Theory in Legal Argumentation”, ECUPL Journal 4 (2008): 8-11.
42. Cai Lin, “Coherentism in Legal Reasoning”, Law and Social Development 2 (2006): 120-121.
43. Xu Yangyong, “Post-translation Notes”, in Law’s Empire, Ronald Dworkin, translated by Xu Yangyong (Shanghai: Shanghai SDX Joint Publishing Company, 2016), 354.
44. Hou Xueyong, “The Role of Holism Theory in Legal Argumentation”, 3.
45. For a discussion of “serial fiction”, see Ronald Dworkin, Law’s Empire, translated by Xu Yangyong (Shanghai: Shanghai SDX Joint Publishing Company, 2016), 180-188.
46. Shi Jiayou, “The Private Law Dimension of Personal Information Protection: The Relationship Between the Civil Code and the Personal Information Protection Law”, Journal of Comparative Law 5 (2021): 14-32.
47. Wang Xixin, “State’s Obligation of Personal Information Protection”, China Legal Science 1 (2021): 159.
48. Wang Xixin, “The Package of Personal Information Rights Seen from the Perspective of State Protection”, Social Sciences in China 11 (2021): 133.
49. Ronald Dworkin: Law’s Empire, translated by Xu Yangyong (Shanghai: Shanghai SDX Joint Publishing Company, 2016), 140.
50. Zhu Xiaofeng, “On the Application of the Clause of Determining the Civil Liability for the Infringement of Personality Rights”, China Legal Science 4 (2021): 47-48.
51. Fang Xinjun, “Compilation Techniques Integrating the Interior and Exterior Systems of Civil Code”, Law and Social Development 2 (2019): 40-41; Wang Lei, “Flexible System: The ‘Middle Way’ of Normative Form”, Law and Social Development 4 (2021): 159-176.
52. Hou Xueyong, “What Is a Valid Legal Norm? The Holism Theory in Jurisprudence”, in Legal Methodology, vol. 8, Chen Jinzhao and Xie Hui (Shanghai: Shandong People’s Publishing House, 2009), 358.
53. Fang Xinjun, “Compilation Techniques Integrating the Interior and Exterior Systems of Civil Code”, 49.
54. In practice, some “intelligent similar-case recommendation systems” do not use key artificial intelligence technologies such as NLP and are unable to match specific case scenarios. They only achieve refined information retrieval by automatically dividing the case into categories and splitting keywords. Such intelligent systems are obviously not able to generate the “intelligent recommendation” referred to in this paper. See Chen Kun, “Principles and Methods for Embedding the Similar Cases Push into Trial Scenario of Intelligent Court”, China Review of Administration of Justice 4 (2018): 94.
55. Huang Wei, Annotation on Personality Rights of Civil Code of the People’s Republic of China, 43-44.
56. Fang Xinjun, “Compilation Techniques Integrating the Interior and Exterior Systems of Civil Code”, Law and Social Development 2 (2019): 49.
57. Shan x and Beijing Beida Ying Hua Technology Co., Ltd. Privacy Dispute, Beijing First Intermediate People’s Court, (2017) B01 Civil Judgment No. 561 of Second Instance (Final).
58. Yao Ting, Zhang Min, Liu Yiqun, et al., “Empirical Study on Rare Query Categorization”, Journal of Computer Research and Development 11 (2012): 2371.
59. Cui Jingbo v. Jufa Technology (Changchun) Co., Ltd. Reputation Right Dispute, (2019) J0106 Civil Judgment 1046 (First Instance), Beijing Fengtai District People’s Court.
60. Fang Xinjun, “The Differentiated Protection of Rights and Interests and the Element of Illegality”, Nanjing University Law Journal 2 (2021): 5.
61. Li Yi, “Research into Judgment Rules on General Personal Information Infringement — Based on Categorized Analysis of 68 Cases”, Political Science and Law 6 (2019): 153, 156 and 158.
62. Li Hao, “The Normative Structure of the Tortious Liability for the Infringement of Personal Information”, Social Sciences in Guangdong 1 (2022): 253.
63. Ding Xiaodong, “Who Owns the Data? Platform Data Ownership and Protection from the Perspective of Web Crawler”, ECUPL Journal 5 (2019): 82.
64. Xu Ke, “The Legitimacy and the Boundary of Data Scraping”, China Legal Science 2 (2021): 186.
65. Huang Wei, Annotation on Personality Rights of Civil Code of the People’s Republic of China, 45.
66. Lu Qing, “Identity Construction and Its Legal Protection in the Digital Era: Consideration Centered on the Protection of Personal Information”, Chinese Journal of Law 5 (2021): 18.
67. Wang Haiyang and Guo Chunzhen, “The Recognition and Processing Rules of Disclosed Personal Information”, Journal of Soochow University (Law Edition) 4 (2021): 70.
68. Qi Yingcheng, “The Rule of Anonymization in Personal Information Protection in China and Its Alternatives”, Global Law Review 3 (2021): 61.
69. Shan x and Beijing Beida Ying Hua Technology Co., Ltd. Privacy Dispute, Beijing First Intermediate People’s Court, (2017) B01 Civil Judgment No. 561 of Second Instance (Final).
70. Xie Huan and Ban Tianke, “Misunderstood and Overestimated of Flexible System Approach”, Chinese Journal of Law 2 (2017): 50.
71. Xu x v. Sesame Credit Management Co., Ltd. Privacy Dispute, (2018) Civil Judgment Z0192 No. 302, Hangzhou Internet Court; Zhao Binghao, “Adjustment and Improvement of Credit Investigation System after Personal Information Protection Law”, Oriental Law 3 (2022): 49.
72. Shen Weixing, “On Data Usufruct”, Social Sciences in China 11 (2020): 113.
73. Wang Lei, “Flexible System: The “Middle Way” of Normative Form”, Law and Social Development 4 (2021): 170.