---
title: "Will Judicial Review 'Reset' the Data Registration Rush? — Reading Wang Qinglan on the SPC's New Data Disputes Case Category"
author: "DCC Editorial"
published: 2025-12-19T01:00:00.000Z
url: https://datacompliancechina.com/posts/spc-data-disputes-case-category-and-data-registration/
description: "Wang Qinglan, head of compliance at a Chinese data exchange, asks what the Supreme People's Court's new 'data disputes' case category — effective January 1, 2026 — does to the data property rights registration certificates that institutions across the country have been issuing. Her argument: certificates issued through formal-only review will not survive substantive judicial scrutiny, and a single rejected certificate could erode trust in the entire registration regime. The path forward is a three-tiered protection model and aligned standards across regulators, registration institutions, and courts."
tags: ["data-property-rights", "data-registration", "spc", "judicial-review", "commentary"]
laws_cited: ["data-property-rights-registration-guide-draft", "public-data-registration-interim-measures", "data-foundation-system-opinions"]
domains: ["data-economy", "enforcement"]
account: "qinglan-data"
original_title: "数据确权登记热潮，要被司法审查\"打回原形\"了？"
original_author: "王青兰 (Wang Qinglan)"
original_publication: "青兰数据观察"
original_url: "https://mp.weixin.qq.com/s/wvM52Sexl8UWlr_dHD1yBQ"
source_language: "zh"
---
> *Editor's Note — DCC.*
>
> Wang Qinglan, a legal-tech PhD turned post-doctoral computer scientist
> and now head of compliance at a Chinese data exchange, is one of the few
> commentators writing inside the data property rights registration system
> with both the operational vantage and the willingness to push back on
> where the regime is going. This piece, published two days after the
> Supreme People's Court released its revised *Provisions on Civil Case
> Categories* on December 17, 2025, asks a deceptively simple question:
> *what does the new "data disputes" case category — effective January 1,
> 2026 — do to the data registration certificates that institutions across
> China have been issuing under the Data 20 Articles' three-rights-split
> framework?* For overseas counsel watching the data property registration
> regime emerge, this is a useful corrective read against the institutional
> explainers. We summarize her argument in DCC's own words, with the source
> credited and linked. Not a verbatim translation.

## The trigger: a new SPC case category for data disputes

On December 17, 2025, the Supreme People's Court released its revised *Provisions on Civil Case Categories* (《民事案件案由规定》), adding **"data disputes" (数据纠纷)** as a first-tier civil case category effective January 1, 2026. Three sub-categories sit underneath:

- **Data rights disputes** (数据权属纠纷)
- **Data contract disputes** (数据合同纠纷)
- **Data rights infringement disputes** (侵害数据权益纠纷)

Before this revision, data-related civil suits had to be filed under awkward proxies — most often **anti-unfair-competition** (the AUCL general clause) or **intellectual property** brackets. The case-category mismatch was a perennial frustration: data disputes were being adjudicated, but courts had to reach into adjacent regimes to do so. Now, under Wang's reading, the SPC has formally placed **data ownership adjudication squarely with the courts** — and equipped them with a dedicated procedural channel.

That, she argues, is the trigger for a reckoning about what data property rights registration certificates actually *are*.

## The doctrinal puzzle: a certificate is not a property right

The doctrinal point Wang makes is sharp and worth restating. Under the Data 20 Articles framework and the NDA's *Data Property Rights Registration Work Guide (Trial)* — currently in public-consultation draft — registration institutions issue certificates evidencing **data holding rights, data use rights, and data operation rights** (the "three-rights split"). Industry has, Wang says, slid into treating *registration = title*: as if obtaining a registration certificate vests legal ownership over a dataset the way recording a deed vests ownership of real property.

It does not. Wang's framing:

- **Real property** (e.g., a house) has a defined property-right concept under the Civil Code; once registered, the registry produces legally recognized *in rem* rights.
- **Data property rights** have *no defined statutory concept yet*. The Data 20 Articles is a policy directive; the NDA Registration Guide is a draft trial measure. A registration certificate issued under that draft is, at best, a **trust credential** (可信凭证) — evidence that the registrant invested effort in compliance review and that an institution reviewed the materials.
- A trust credential is not a legal title. Whether it carries weight in a courtroom is a *separate question* — one the SPC has now placed squarely on the table.

## The risk Wang flags: a single failed certificate erodes the regime

Wang's most operationally important argument is this: **the registration regime is more fragile than its market position suggests**, because failure mode is *systemic*, not local.

Her hypothetical: a company holds a data property rights certificate purportedly conferring a "right to hold data" over a dataset. In litigation, the opposing party produces evidence that the data originated from a government-commissioned project, with the commissioning contract restricting the data to specific permitted uses. The registration institution conducted only **formal review** — it did not verify the underlying data source. The court looks at the actual provenance, finds the certificate was issued without substantive verification, and the certificate's evidentiary effect is **"reset to zero" (清零)**.

The danger, Wang argues, is contagion. Once one certificate is judicially repudiated, market confidence in the entire class of registration certificates drops sharply. *"It's like a tea shop using expired ingredients,"* she writes. *"Consumers instinctively start questioning the food safety of every tea shop."* A regime built on the public-trust premise of certificates loses its trust premise when courts begin disregarding individual instances.

## Why pure substantive review is not the answer

The intuitive solution — require registration institutions to conduct full substantive review of every dataset — fails, Wang argues, for three reasons.

**No unified standard.** There is no statutory standard for what substantive review must encompass. Each institution sets its own threshold. The result: registrants face inconsistent expectations across institutions, and certificates from different issuers carry different evidentiary weight.

**The cost is prohibitive.** Full substantive review of, say, a personal-information dataset would require verifying the consent of every data subject in the dataset — a chain-of-authorization audit at potentially massive scale. For an important-data dataset, the review institution would need to verify CII designation status, confirm no anti-scraping measures were circumvented, and so on. Wang's analogy is medical: *"You can't determine someone is healthy with just a temperature reading, but you also can't run CT, MRI, and every test on every patient — it's prohibitively expensive."*

**Friction kills circulation.** If substantive review is too demanding, registrants and traders will avoid the system. Data sits in the corner. The market never matures. *"It's like setting up so many checkpoints on a highway that traffic just stops."*

## Wang's proposed five-point fix

Her recommendations describe what a workable middle path looks like.

**1. A three-tier protection model.** Replace pure formal review with the combination:

- **Third-party legal opinion** (第三方法律意见书) — a qualified law firm verifies the legal basis of source and authorization.
- **Limited substantive review** (有限实质审查) — registration institutions review against defined high-risk categories (personal information, public data, important data) at three checkpoints (legality of source, completeness of authorization chain, protection of third-party rights).
- **Public-announcement objection** (异议公示) — give third parties a window to challenge before the certificate is issued.

**2. Unified standards for limited substantive review.** Establish a national "baseline checkup" so registration institutions across China apply the same review depth, with risk-graded sampling for large datasets (e.g., sampling-rate verification for personal-information datasets, random spot-checks for industrial data).

**3. Alignment between regulators, registration institutions, and courts.** Publish SPC guiding cases and judicial interpretations so registration institutions know what courts will look for. Without alignment, the SPC will reach one conclusion about what valid title looks like and registration institutions will be issuing certificates under a different conception.

**4. Companies should stop treating certificates as a one-stop solution.** Build the underlying compliance documentation regardless: clear data-rights provisions in trading contracts, retained authorization files, processing-activity records, anonymization records. Those documents will outperform a formal-review certificate in court.

**5. Tolerant judicial scrutiny.** Courts should *prefer to credit* certificates from institutions that genuinely conducted substantive review, and should not reject the entire evidentiary effect of a certificate for non-material defects. Data law is still maturing; "rule of judicial prudence" is more useful than "absolute zero tolerance."

## Why this matters for overseas teams

Three takeaways for foreign counsel and compliance leads engaging with the Chinese data property regime.

- **The registration regime's defensibility is now an open question.** Compliance teams that have been advising clients to obtain a registration certificate as a one-stop ownership-proof are now operating under a closing window. A certificate from a formal-review-only institution may not carry the evidentiary weight clients have been told it does.
- **The SPC has taken the adjudicator's seat.** The "data disputes" case category change reads, on its face, as procedural housekeeping — but the substantive consequence is the *centralization of judicial review over data property rights claims*. Courts now have a dedicated case channel and will produce a body of precedent. Compliance documentation should be built to survive judicial review, not just registration review.
- **Watch which institutions adopt substantive review.** Wang's piece is, among other things, a soft argument that the **Shenzhen Data Exchange and other institutions that have invested in substantive review** will outperform those that haven't, as the regime matures. For overseas counsel advising on data deals tied to a specific registration institution, the choice of institution is now a meaningful risk variable.

The deeper observation in Wang's piece is that **China's data property rights regime is moving through the same maturity sequence as any property-rights system** — from informal claim, to administrative registration, to judicial review. The "rush" stage is ending. What follows depends on whether registration institutions, regulators, and courts can converge on a single standard before the first certificate gets struck down in open court.

---

— Wang Qinglan (王青兰), *数据确权登记热潮，要被司法审查"打回原形"了？* (Will Judicial Review "Reset" the Data Registration Rush?), 青兰数据观察 WeChat Official Account, December 19, 2025. [Original article (Chinese).](https://mp.weixin.qq.com/s/wvM52Sexl8UWlr_dHD1yBQ)

*Not legal advice. The above is DCC's structured summary of Wang's commentary; not a verbatim translation. The author's views are her own and do not represent her employer.*