---
title: "How the Beijing Internet Court Found a Platform 'Lawfully Held' Its Data Under the New AUCL Article 13 — and Where It Meets the 'Right to Hold Data'"
author: "DCC Editorial"
published: 2026-06-24T03:00:00.000Z
url: https://datacompliancechina.com/posts/aucl-data-clause-first-case-platform-scraping/
description: "The Beijing Internet Court's 30 April 2026 judgment — the first published application of the data clause (Article 13) of the 2025-revised Anti-Unfair Competition Law, effective 15 October 2025 — turns on one threshold question: did the plaintiff platform 'lawfully hold' (合法持有) the scraped career data? DCC walks through exactly how the court got to 'yes', step by step: the data originated as personal information collected with user consent under the platform's Service Agreement and Privacy Policy (no unlawful processing on record); the operator's build-and-run investment aggregated scattered records into a dataset with standalone economic value; and that dataset is the foundational input for the platform's matching business and competitive advantage. From those three findings the court derives its operative definition — data lawfully collected/stored/used, formed through substantial investment, and capable of generating business benefit or competitive advantage — and holds that the defendant's crawler-and-resale scheme, circumventing login and access controls, was unfair competition (¥200,000 + ¥30,000-plus in costs). The brief then takes up the doctrinal question: does Article 13's 'lawfully held data' correspond to the 'right to hold data' (数据持有权) in the Data 20 Articles' three-rights framework? The answer is a functional yes — the court is enforcing the holding right's purely defensive content, exactly as Hong Yanqing's analysis predicted AUCL Article 13 would — but not a doctrinal one: it builds a competition-tort interest on investment and lawful sourcing, deliberately sidestepping any claim that data is a typed property right. DCC's case brief for overseas counsel, drawn against the earlier AUCL Article 2 general-clause data cases."
tags: ["anti-unfair-competition", "data-economy", "data-property-rights", "data-scraping", "platform-competition", "judicial-case", "beijing-internet-court", "data-holding-right", "web-scraping"]
laws_cited: ["anti-unfair-competition-law"]
domains: ["data-economy", "personal-information"]
account: "beijing-internet-court"
original_title: "e案e审丨不正当获取、使用平台用户数据，构成不正当竞争！"
original_author: "张倩、张晴 (Beijing Internet Court)"
original_publication: "北京互联网法院 WeChat Official Account"
original_url: "https://mp.weixin.qq.com/s/yUgyD3iFsRZOVc_h-2XknQ"
source_language: "zh"
---

> **Source: Data Compliance China** — https://datacompliancechina.com/posts/aucl-data-clause-first-case-platform-scraping/ · China data law, translated and annotated for overseas counsel. Cite as: Data Compliance China, "How the Beijing Internet Court Found a Platform 'Lawfully Held' Its Data Under the New AUCL Article 13 — and Where It Meets the 'Right to Hold Data'", https://datacompliancechina.com/posts/aucl-data-clause-first-case-platform-scraping/
> *Editor's Note — DCC.*
>
> This is DCC's case brief of a judgment the **Beijing Internet Court
> (北京互联网法院)** published in its "e案e审" case column, and which the
> presiding bench and an invited outside expert both describe as the
> **first published application of the data clause — Article 13 — of the
> 2025-revised Anti-Unfair Competition Law (反不正当竞争法)**, the
> revision that took effect on **15 October 2025**. The judgment was
> handed down on **30 April 2026** by the court's **Comprehensive Trial
> Division No. 1 (综合审判一庭)**, deputy chief judge **Zhang Qian (张倩)**
> presiding. In the published copy the **plaintiff and platform are
> anonymised** ("某科技公司" / the "platform at issue"); the defendant is
> referred to as **Mr. Wang (王某)**. The English renderings of the
> court's language, and the framing for overseas counsel, are DCC's.
>
> Read this alongside DCC's two earlier AUCL data cases — the
> [Datatang v. Yinmu data-IP case](/posts/datatang-v-yinmu-data-ip-registration-case/)
> and the [AI-ghostwritten "seeding post" case](/posts/ai-seeding-post-unfair-competition-case/).
> Both were decided under the **general clause (Article 2)** of the *old*
> AUCL. The significance here is that a court is now working from the
> **purpose-built data clause** the legislature added in 2025 — and is
> telling the market exactly how it reads it.

## Why this one matters

China's courts spent the better part of a decade policing data scraping
and data free-riding through **Article 2**, the AUCL's general
good-faith / business-ethics clause, because the statute contained no
provision aimed at data. The **2025 revision changed that**: Article 13
now expressly prohibits an operator from using "fraud, coercion,
circumventing or breaking technical management measures, or other
improper means" to **acquire or use data lawfully held by another
operator** in a way that harms that operator and disrupts market
competition order.

The open question after October 2025 was whether a dedicated clause
would actually change how courts reason — or just relabel the existing
Article 2 framework. This judgment is the first data point, and it does
two things overseas counsel should note: it **builds a four-element test
on the face of the new clause**, and (in the accompanying expert
commentary) it **drops the "competitive relationship" inquiry** that
Article 2 data cases used to run through.

## The case at a glance

| | |
|---|---|
| **Court** | Beijing Internet Court (北京互联网法院), Comprehensive Trial Division No. 1; deputy chief judge Zhang Qian (张倩) |
| **Decided** | 30 April 2026 — judgment now effective (no appeal by either side) |
| **Legal basis** | Anti-Unfair Competition Law (2025 revision, effective 15 Oct 2025), **Article 13(3)** — the data clause |
| **Plaintiff** | A technology company operating a well-known professional / career-networking platform (anonymised) |
| **Defendant** | Mr. Wang (王某), operator of the infringing site and reseller of access to it |
| **Cause of action** | Unfair competition (不正当竞争纠纷) |
| **Result** | Wang to pay **¥200,000** in economic loss + **¥30,000-plus** in reasonable enforcement costs (fully supported); plaintiff's other claims dismissed |

## The facts

The plaintiff operates a well-known **professional / career-networking
platform** (think of the LinkedIn-style category). The platform holds a
large body of **career data** — user names or handles, current employer
and job title, years of experience, and **complete work and education
histories**.

The platform's **Service Agreement** bars users from registering
multiple accounts or using controlled accounts to scrape data, and the
operator had deployed **login verification, access-permission controls,
and traceable encrypted parameters** to keep non-members out of the data
and to track anyone accessing it in violation of the rules.

Mr. Wang did the following:

- **registered platform accounts using multiple phone numbers** and
  topped them up to **business-membership (商务会员)** tier;
- **obtained the page source code, wrote crawler programs, and stood up
  his own unlawful website**, onto which he **automatically scraped the
  platform's career data**; and
- **resold access** — selling the usernames and passwords needed to
  query his copycat site through **second-hand-marketplace accounts**
  (i.e., resale-platform listings), as short-term **day-passes**.

The plaintiff sued under **Article 13(3)** of the revised AUCL, seeking
damages and reasonable enforcement costs.

**Wang's defence** was, in essence, "no substantial substitution and no
bad faith": he argued his site sold only **1-to-15-day short-term
access** to users with **temporary, simple look-up needs**, offered only
a **single "contacts-view" (人脉查看) function**, served a completely
different audience, and therefore did **not substantially substitute**
for the platform; that he had **no subjective intent to infringe** and
had **voluntarily stopped**; and that the claimed loss was excessive and
the claimed costs above industry norms.

## The holding

### 1. How the court found the platform "lawfully held" the data

The whole case runs through one threshold: is the scraped material
**"data lawfully held" (合法持有的数据)** by the plaintiff within the
meaning of Article 13? This is where most of the court's reasoning sits,
and it is worth following the chain, because the court is effectively
*defining the term* through its application. It built the conclusion in
**three findings**:

1. **Lawful sourcing → the "lawfully" prong.** The dataset was formed by
   the platform **collecting and processing personal information with
   user consent**, under its **Service Agreement and Privacy Policy**,
   and the record showed **no unlawful data processing**. So the holding
   is *lawful* at its root — the platform's own PIPL-side compliance is
   what makes the dataset "lawfully" held. (Flip side: a platform whose
   upstream collection was unlawful would struggle to clear this prong.)
2. **Aggregation through investment → a protectable dataset, not raw
   records.** By **building and continuously operating** the platform,
   the plaintiff **aggregated scattered, single data points into a
   dataset of meaningful scale**, which gave the collection an **economic
   value distinct from any single raw record**. The protected object is
   thus the **operator's invested-in dataset**, not the underlying
   individual facts — the value is created by the *holding and
   integration*, i.e. by substantial investment.
3. **Competitive function → "brings business benefit or competitive
   advantage."** The fields at issue — name, employer and title, work and
   education history — are **strongly correlated with job-seeking,
   recruiting, and networking**, and are the **foundational input** that
   lets the platform precisely match social and hiring demand and keep
   improving its service; they are therefore important to the platform's
   **core business and to building and widening its competitive
   advantage**.

Stacking those three, the court reaches its **operative definition**: a
dataset that is **lawfully collected, stored or used, formed through the
operator's substantial investment, and capable of bringing it business
benefit or competitive advantage** is **"data lawfully held"** under
Article 13(3).

Note *what the court did not do*. It did **not** ask whether the platform
owned the data, whether data is a typed civil property right, or whether
some "data right" had been registered. "Lawful holding" is built from
**conduct and investment**, not from title — which is exactly why it can
be decided on the facts without waiting for China's data-property
legislation to settle. That move is what connects this case to the
[right-to-hold-data debate](#does-lawfully-held-map-onto-the-right-to-hold-data-数据持有权), below.

### 2. Wang's conduct was improper acquisition and use → unfair competition

Wang **registered and topped up multiple business-member accounts**,
then **obtained source code, wrote crawlers, and built an unlawful
site** to **circumvent the platform's login verification and
access-permission controls**, **auto-scraped** the data, and **disclosed
it publicly to an unspecified audience**. That conduct:

- **improperly seized the plaintiff's users and market share**;
- produced a **substantial substitution effect** on the platform's core
  business;
- **created data-security risk**; and
- **harmed the plaintiff's lawful interests and damaged the existing
  competitive order of the data-supply-and-circulation market**.

That is unfair competition under the data clause. Note what the court did
**not** require: it did not demand that Wang be a head-to-head competitor
running an equivalent career-networking platform.

### 3. Damages — a four-factor calculus

With statutory data-clause damages unsettled, the court fixed **¥200,000**
by weighing four factors:

1. **Manner of conduct** — Wang committed **both** prohibited acts
   (improper acquisition *and* use); his scraping targeted the platform's
   **entire dataset** and pushed it to **unspecified outside users**,
   with significant impact on the core business and on data security.
2. **Subjective fault** — as a **paying business member**, Wang **should
   have known** the platform bars multiple accounts and scraping; after
   the platform **banned some of his accounts he simply registered new
   ones** and carried on — **obvious fault**.
3. **Scope of impact** — he ran a **self-operation-plus-distribution**
   model, selling **card-key access codes (卡密)** across multiple
   platforms, and his resale accounts moved **high volumes** — a wide
   footprint (the expert commentary notes sales **in the tens of
   thousands of orders**).
4. **Duration** — the infringing site ran from **at least April 2025 to
   at least December 2025**, i.e. **not a long period**.

The court **fully supported** the plaintiff's claimed **reasonable
expenses** (attorney and evidence-collection fees), given the necessity
of enforcement and the difficulty of the case — adding **¥30,000-plus**
on top of the ¥200,000.

## The framework the bench wants you to take away

In the judge's own commentary (**法官说法**, Zhang Qian), the court frames
this as the **first case it has concluded under the AUCL's new data
clause**, and lays out a **four-element test** for applying Article 13:

1. **Object element (客体要件)** — the conduct must target **data
   lawfully held by another operator**.
2. **Subject element (主体要件)** — the actor must be an **operator
   (经营者)**.
3. **Conduct element (行为要件)** — there must be **improper acquisition
   or use** of the data.
4. **Result element (结果要件)** — the conduct must **harm another
   operator's lawful interests and disrupt market competition order**.

And the **"lawfully held data" standard**: a dataset **lawfully
collected, stored or used** by the operator, **formed through its
substantial investment**, and **capable of bringing it business benefit
or competitive advantage**.

## Does "lawfully held" map onto the "right to hold data"? (数据持有权)

The natural question for anyone tracking China's data-property debate:
is Article 13's **合法持有的数据 ("data lawfully held")** the same thing as
the **right to hold data (数据持有权)** — the first of the three rights in
the **Data 20 Articles' "separation of three rights" framework** (持有 /
加工使用 / 经营; see the regulator's own walk-through in
[NDA Explains the Three-Rights Framework](/posts/nda-three-rights-structural-separation/))?
The honest answer is a **functional yes, but not a doctrinal one** — and
the difference is the whole point.

- **Same instinct, different instrument.** Both ideas exist to protect
  the party that *holds* a dataset **without having to decide who owns
  it**. The Data 20 Articles invented a "holding right" precisely because
  data **ownership (所有权)** is contested; Article 13 protects "lawfully
  held data" precisely so a court can grant relief **without** ruling on
  ownership. The court here makes that explicit — it grounds protection
  in **lawful sourcing + investment + competitive value**, never in
  title. The verb 持有 ("hold") is doing the same work in both: protect a
  *position*, not a *property right*.

- **This case is the holding right's *defensive content* in action.** On
  the official "complete separation" reading of the three rights — the
  one DCC covered through Hong Yanqing (洪延青) in
  [Two Paths for the 'Right to Hold Data'](/posts/data-holding-right-two-paths/) —
  once you carve the **use** and **operation** rights out of it, the
  holding right shrinks to a bare **"lawful-control state"** whose only
  real content is **defensive**: the power to fend off third parties. And
  Hong's key observation was that this defensive content is **already
  supplied by existing law — PIPL Art. 10, DSL Art. 32, the Network Data
  Security Regulation, and AUCL Article 13** — not by any new property
  right. This judgment is that thesis made concrete: **a court using AUCL
  Article 13 to enforce the holder's defense against a scraper.** It is,
  in effect, the holding right doing the one thing it can reliably do.

- **But the court refused the property-rights frame.** It never called
  the dataset anyone's 持有权, never treated "holding" as a typed civil
  property right, and (as the expert notes below) did **not** start from
  "is there a legally protected data *right*?" What it protected is a
  **competition-law interest**, enforceable **in tort against
  improper-means competitors** — not *erga omnes* against the world. So
  the case **confirms** Path 1's conclusion (the enforceable substance of
  "holding" lives in competition law and contract, not in a standalone
  property right) rather than building out a property 持有权.

- **What that means in practice.** A formal holding-right artifact — a
  data-resource-holding registration, or the **data-IP registration
  certificate** that anchored [Datatang v. Yinmu](/posts/datatang-v-yinmu-data-ip-registration-case/) —
  is **strong evidence of "lawful holding" under Article 13, but is not
  required**; the platform here won with none. Conversely, clearing
  Article 13 does **not** give the holder **exclusivity** over the data:
  data is non-rivalrous, and others may *lawfully hold the same data in
  parallel* (see [Data 'Parallel Property Rights'](/posts/data-parallel-property-rights/)).
  Article 13 bars only **improper-means** acquisition and use. The wrong
  the court punished was **how** Wang took the data — circumventing the
  access controls and breaching the platform terms — not a monopoly over
  the facts themselves.

In short: read "lawfully held data" as the **competition-law
operationalisation of the holding right's defensive core** — the same
protective instinct, delivered through unfair-competition tort instead of
a not-yet-settled property right.

## The expert reading — what actually shifted (Meng Yanbei)

The published piece carries a **专家点评** by **Meng Yanbei (孟雁北)**,
professor at Renmin University Law School and a member of the expert
advisory group of the State Council's Anti-Monopoly and Anti-Unfair
Competition Committee. Her three observations are the most useful part
for predicting where this line of cases goes:

- **Competitive relationship is fading out.** The court **did not
  follow the habitual practice** of first establishing a "competitive
  relationship" between the parties. Consistent with a broad, modern
  reading of competition (platform competition, data competition,
  cross-sector competition), it **de-emphasised — even hollowed out —
  the competitive-relationship inquiry** when finding data unfair
  competition. For foreign businesses this widens exposure: your
  scraper-adversary need not be in your line of business.
- **The analysis no longer starts from "is there a data *right*?"** Under
  the old Article 2 cases, courts asked whether a **"legally protected
  data interest"** existed. Here the court **starts instead from the
  facts of lawful collection/storage/use + substantial investment +
  business benefit or competitive advantage** — the "lawfully held data"
  standard above. This is a deliberately **conduct- and
  investment-focused** route that sidesteps the unresolved question of
  data ownership.
- **"Substantial substitution" is sufficient here, but not the
  boundary.** Wang took the platform's **full core-user dataset** and
  disseminated it without limit, actually selling **tens of thousands of
  orders** — enough to show a substantial substitution effect on the
  core business. But Meng cautions that **substantial substitution is one
  way to show harm to a competitor**; whether market order is "disrupted"
  may need separate analysis, and conduct could **disrupt market order
  even without** a substantial-substitution effect. Read: don't assume
  "we didn't replace their product" is a safe harbour.

## What overseas counsel should take from it

- **There is now a named hook for data-scraping claims in China.** Where
  before a plaintiff had to argue the open-textured Article 2 good-faith
  clause, it can now plead **Article 13** directly. Expect more
  platform-vs-scraper suits framed this way.
- **The protected thing is the *aggregated dataset*, not a data
  "right."** Liability turned on the **operator's investment in
  building and running the platform** and the resulting dataset's
  economic value — not on any registered or statutory property right in
  data. A defendant cannot win simply by pointing out that "data" is not
  a typed civil property right. (This is the same investment-and-
  free-riding instinct that drove [Datatang v. Yinmu](/posts/datatang-v-yinmu-data-ip-registration-case/),
  now expressed through the purpose-built clause.)
- **Lawful *upstream* data handling matters to the *downstream*
  competition claim.** The court anchored "lawfully held" partly on the
  platform having **collected the personal information with consent under
  its Service Agreement and Privacy Policy**. A platform whose own PI
  collection was unlawful would have a weaker claim that its dataset is
  "lawfully held" — so PIPL compliance and competition-law standing are
  linked. This is why DCC files the case under both
  [Data Economy](/domains/data-economy/) and
  [Personal Information](/domains/personal-information/).
- **Circumventing technical controls is the core wrong.** Login
  verification, access tiers, encrypted/traceable parameters, and
  anti-multi-account terms are not just product hygiene — defeating them
  is exactly the "circumventing or breaking technical management
  measures" the clause targets, and it drives both liability and the
  fault finding that lifts damages.
- **The competitor-status defence is weakening.** "We serve a different
  audience / we don't substitute for you" did not save Wang, and the
  expert commentary signals courts will keep **relaxing the competitive-
  relationship requirement**.

---

*Source: 北京互联网法院 (Beijing Internet Court), "e案e审丨不正当获取、使用平台用户数据，构成不正当竞争！", WeChat Official Account, 5 June 2026 — [original](https://mp.weixin.qq.com/s/yUgyD3iFsRZOVc_h-2XknQ). Contributors credited: 张倩、张晴; expert commentary by 孟雁北 (Renmin University). The judgment was issued 30 April 2026 and is effective. DCC's translation and analysis; not legal advice.*
