China’s Supreme People’s Court Issues the 47th Batch of Guiding Cases: Focusing on Judicial Protection of Data Rights
Published 3 September 2025
Sarah Xuan
On August 28, 2025, the Supreme People’s Court released the 47th batch of guiding cases (Nos. 262–267), for the first time issuing a set of six cases under the special theme of “judicial protection of data rights”.These cases address core issues of public concern, including the determination of data ownership, the use of data products, personal information protection, and the delivery of online platform accounts. Their purpose is to unify adjudication standards and clarify judicial rules.
A summary of the cases is as follows:
Guiding Case No. 262 — Dispute over Unfair Competition between a Technology Co., Ltd. and a Cultural Media Co., Ltd.
Case Background
In this case, the Supreme People’s Court concentrated on the legal attributes of data collections and the competition law evaluation of data scraping and migration behaviors. The dispute arose from Company A (a technology firm) operating App A, which, through long-term operation, had accumulated a large collection of short videos, user registration information, and comment content. This data collection had substantial scale and commercial value. Company B (a cultural media firm), without authorization, scraped and migrated such data, displaying it in App B, thereby making the two apps highly homogeneous. Litigation ensued.
Key Issues
The central issues were: (1) whether the platform enjoys legally protected rights over user-uploaded content and the resulting data collection; and (2) whether a competitor’s unauthorized acquisition and use of such data constitutes unfair competition.
Court’s Reasoning
The Court held that each short video could be protected under copyright law as either a work or a video recording. However, Company A was not the copyright owner, and its aggregation of videos lacked originality; thus, copyright law could not offer relief. Nevertheless, the data collection was not naturally aggregated but instead formed through platform rules, technical support, long-term investment, and user interaction. This collection carried independent commercial value and embodied substantive operational interests of the platform, which deserved legal protection.
Company B’s large-scale scraping and migration made App B’s content substantially identical to App A’s, enough to replace App A’s products and services, harming Company A’s commercial interests and disrupting market order. Although this conduct did not fall under the specific types listed in Chapter II of the Anti-Unfair Competition Law, it could be regulated under the catch-all provision of Article 2.
Doctrinal Significance
The case established an important line of reasoning: while data collections are not directly governed by copyright law, the platform’s operational interests therein fall within the protection scope of the Anti-Unfair Competition Law. This ruling fills gaps left by traditional IP protections and responds to new needs for data rights protection in the digital economy. Notably, the 2025 amendment to the Anti-Unfair Competition Law added a clause in Article 13(3) addressing “infringement of data rights,” providing clearer legal basis for such disputes. The case thus clarifies the logic of protecting data collections and provides guidance for curbing malicious data migration and safeguarding fair competition.
Guiding Case No. 263 — Dispute over Unfair Competition between a Network Information Technology Co., Ltd. and an Information Technology Co., Ltd.
Case Background
Company A operated Website A, providing recruitment and job-search services. Employer users could receive resumes through applications or purchase search services to access resumes. Company B operated Website B, offering recruitment and resume management functions. Its “link external account” service allowed employer users, upon authorization, to input their Website A credentials, automatically log in, and synchronize obtained resumes to their Website B accounts.Company A argued that Company B, by circumventing captcha mechanisms via this linked account function, obtained, stored, and used resumes from Website A in bulk, constituting unfair competition. It filed suit seeking injunctions and damages.
Key Issues
The main question was whether Company B’s linked account service—when accessing and synchronizing Website A’s resume data with user authorization—constituted unfair competition.
Court’s Reasoning
The Court held that linked account services are common online, designed to let users bind accounts and transfer information across platforms for convenience. If they do not harm data security, personal information rights, or public interests, then authorized data transfers are legitimate.
1. Although Company A invested resources into Website A’s data, it could not obstruct employer users from reasonably handling data they had lawfully collected. Employers who obtained resumes by applications or paid searches had the right to transfer such data to other platforms; the linked account service merely provided technical support.2. Company B’s service was legitimate. The function required users to voluntarily input credentials, and synchronized resumes remained in the employer’s private account on Website B, not in a public database; thus, no privacy or public interest was harmed.3. The technical measures (including captcha handling) used only enabled auto-login, not interference with Website A’s services.
Therefore, with user authorization, Company B’s conduct did not disrupt market order and did not constitute unfair competition.
Doctrinal Significance
The case clarified the legitimacy of linked account services within lawful boundaries. The Court recognized platforms’ data investment rights but emphasized users’ rights to transfer and reasonably use lawfully obtained data. Provided the conduct stays within user authorization, does not infringe privacy, and does not harm competition, it should not be deemed unfair.
This ruling balances platform data rights with user autonomy, preventing data monopolies from blocking reasonable use while giving new internet service models legal predictability and compliance space.
Guiding Case No. 264 — Dispute over Infringement Liability between a Steel Co., Ltd. and an E-Commerce Co., Ltd.
Case Background
A steel company produced specialty steel and released ex-factory prices daily via WeChat groups and phone calls. Some groups had many members and were open, so prices circulated publicly. An e-commerce company, a data service provider, collected steel price data from producers and agents, processed it algorithmically into a steel price index, and published it to members. The index was certified as a “Shanghai Standard.”
The two companies had previously signed a cooperation agreement authorizing data collection. After termination, the e-commerce firm continued to release indices including the steel company’s prices. The steel company claimed its ex-factory prices were trade secrets, and unauthorized collection/publication infringed its rights, seeking deletion.
Key Issues
Did the e-commerce firm’s collection, processing, and publication of the index infringe the steel company’s data rights, creating liability?
Court’s Reasoning
1. Division of rights: Ex-factory prices were business data belonging to the steel company, but since they were shared in open groups, they lacked trade secret confidentiality. Agent prices arose downstream, with no evidence of control by the steel firm. The e-commerce firm’s index, formed from multiple sources and algorithmic processing, was an independent data product, carrying commercial interests of its own.2. Legitimacy: Data is non-exclusive. Except for state secrets, personal info, and trade secrets, data should circulate freely to avoid “data barriers.” The e-commerce firm’s collection via open groups, phone inquiries, and contracts was lawful. The index complied with regulatory requirements and the “Shanghai Standard.” The steel firm failed to prove secrecy or confidentiality measures.3. Lack of damages: The steel firm retained its data and suffered no economic loss. The e-commerce firm’s processed product was a legitimate use of public data.
Doctrinal Significance
The ruling distinguished between enterprise data and data products: enterprise-generated data remains with the enterprise, while processed products derived from open data create independent commercial rights. It also stressed that open data should not be over-controlled, and only data meeting secrecy and value criteria can be protected as trade secrets.
Thus, the case set boundaries between enterprise data and processed products, affirming lawful data circulation and preventing waste from overprotection—guidance valuable for a healthy data economy.
Guiding Case No. 265 — Luo v. a Technology Co., Ltd. (Privacy and Personal Information Protection Dispute)
Case Background
A technology company operated an English-learning website and apps. In 2021, Luo’s phone number was collected without consent by an offline store and used to register an account. When logging in, Luo was required to fill in “occupation,” “purpose of learning,” “school stage,” “English level,” etc. Without providing this, login was impossible; no “skip” option or explicit consent prompt existed.Luo argued the company collected and used his phone number and profiling data without consent, and sent him marketing SMS, infringing his personal info and privacy rights. He sought cessation, deletion, a data copy, apology, and damages. The company argued profiling was necessary for service provision via automated recommendations, so no extra consent was needed.
Key Issues
Could collection of profiling data under automated recommendation be deemed “necessary for contract performance” and thus exempt from requiring consent?
Court’s Reasoning
1. Necessity standard: Under the Civil Code’s “notice–consent” rule and PIPL Article 13(1)(2), contract necessity applies only where lacking the data would prevent basic or chosen additional functions.2. Profiling not necessary: The official scope for education apps’ necessary data is only phone number. Profiling is not needed for basic online course services. Automated recommendation is a business choice, not a contractual necessity.3. Invalid consent: With no skip option, users were forced to provide data. Such “consent” lacked voluntariness and was invalid.
Thus, the company’s forced collection of profiling data constituted an infringement of Luo’s rights.
Doctrinal Significance
The case clarified that necessity must be tied to basic or optional chosen functions, not business models. It also reinforced that valid consent must be voluntary, clear, and unforced. This ruling strengthens substantive consent safeguards and clarifies boundaries for profiling and automated recommendation, protecting user autonomy against coerced consent.
Guiding Case No. 266 — Huang Mouhuan v. a Credit Management Co., Ltd. (Personal Information Protection Dispute)
Case Background
While using an app for Chongqing public transport QR codes, Huang chose the “consume first, pay later” function, which automatically created a credit account. The credit company collected his name, phone, ID, etc. for assessment. Huang later closed the account and deleted data. When opening a Qingyuan transit card, he again encountered similar credit terms.Huang claimed the company misled users and forcibly collected personal data, violating the necessity principle, and sued for injunctions and damages.
Key Issues
Did the company’s collection of credit-related information for “consume first, pay later” services constitute necessary contract performance, and thus lawful?
Court’s Reasoning
1. Contract necessity: Such services are credit consumption, with the company bearing risk. Credit info is essential for assessing repayment ability, thus necessary under PIPL Article 13(1)(2).2. Notice obligations: Agreements highlighted terms in bold/blue, with clickable details. This sufficed as prominent notice.3. User choice: Users could instead pay cash or use physical cards, and cancel authorization anytime. No forced bundling occurred.4. Minimal necessity: The company only provided “admission or not” results to transit operators, not excessive data.
Thus, the collection complied with necessity, minimality, and notice obligations, not infringing rights.
Doctrinal Significance
The case clarified lawful data collection boundaries for credit consumption services. It confirmed that essential contract-related info can be collected, provided minimality and notice standards are met. This balances consumer rights with innovation in credit services, offering compliance guidance for data handling in such contexts.
Guiding Case No. 267 — Cultural Media Co., Ltd. v. You Moumei (Case Execution on Account Delivery)
Case Background
In a prior unfair competition dispute, the court confirmed that the “Langmou Xian” online account belonged to the media company and ordered You Moumei to deliver the account and password. After judgment, You was detained in a criminal case and failed to comply. The company sought enforcement, asking the court to compel the platform to clear old real-name info and change it to the company’s identity. Chongqing First Intermediate People’s Court ruled in favor, ordering the platform to assist in changing login credentials, real-name info, and bound phone numbers, ensuring full control for the rights holder.
Key Issues
When executing delivery of an online account, must enforcement include changing real-name info and bound phone numbers, in addition to login credentials, to ensure full control?
Court’s Reasoning
1. Completeness: Delivery means not just login credentials but also ensuring independent full control. Otherwise, the original registrant could reset passwords and retain control.2. Real-name & public interest: Accounts rely on real-name and phone verification. Without changes, the account could be retaken or misused, posing risks. Only by changing these can rights be fully realized in compliance with cybersecurity laws.3. Necessity: Normally, account changes follow platform processes. But since You was detained and unable to act, the court ordered the platform to cooperate in changing info to enforce the judgment.
Doctrinal Significance
The case, for the first time, defined account delivery standards: it includes not only login credentials but also real-name and contact changes. This extends enforcement concepts to virtual assets, confirming online accounts as property subject to control. It also aligns execution with real-name and security requirements, preventing misuse.
This provides a model for handling online account enforcement, bridging execution law with internet governance.
Conclusion
Reviewing the 47th batch of guiding cases, their significance lies not only in resolving individual disputes but also in using judicial rulings to explore the legal boundaries and institutional pathways of data rights. The cases systematically address data ownership, utilization, and protection, offering courts a normative basis and contributing to the construction of a future data law framework. They highlight the judiciary’s active role in institutional innovation in the digital era.