---
title: "Wang Nian — Data Source's Rights as a 'Fair Use' Right Alongside the Three Rights"
author: "DCC Editorial"
published: 2026-05-28T05:30:00.000Z
url: https://datacompliancechina.com/posts/wang-nian-data-source-rights-as-fair-use/
description: "Wang Nian (Tsinghua Law) takes on the unresolved fourth-right question in the Data 20 Articles framework: what is the data source's right (数据来源者权), and how does it relate to the three rights (hold/use/operate)? Drawing on the 'data symbiosis' (数据共生) framework from the ALI-ELI Data Economy Principles and the EU Data Act, Wang argues that pre-existing legal entitlements — privacy, PI rights, IP, trade secrets — cover only part of the source's interest, leaving a residual that needs an independent legal protection. He frames the data-source right as a 'fair use right' (公平使用权): a contractual-relationship right against the specific data processor, distinct from the property-style three rights, that captures the value contribution of the source's participation in data co-creation. The corporate-data-portability analog DCC flagged in our NDA brief gets its doctrinal foundation here."
tags: ["data-property-rights", "data-twenty", "data-source-rights", "data-economy", "commentary"]
laws_cited: ["data-foundation-system-opinions", "data-property-rights-registration-guide-draft", "pipl", "civil-code-personal-info"]
domains: ["data-economy", "personal-information"]
account: "dejyfz"
original_title: "学术｜王年：数据来源者权利及其实现——基于数据共生的视角"
original_author: "王年 (Wang Nian), Tsinghua University Law School"
original_publication: "《财经法学》(Finance and Economics Law Journal), Issue 5, 2025; reposted via 数字经济与法治 WeChat Official Account"
original_url: "https://mp.weixin.qq.com/s/DeoiXUp2emdS-yjzWl8o7g"
source_language: "zh"
---
> *Editor's Note — DCC.*
>
> The Data 20 Articles created four data-property concepts: the three
> rights of the processor (hold / use / operate) and — almost as an
> afterthought in the policy text — the *data source's right*
> (数据来源者权), the entitlement of the party whose information was
> collected to obtain or copy and transfer the relevant data. The
> [NDA's policy interpretation](/posts/nda-data-processor-property-rights-allocation/)
> introduced the right in operational vocabulary; this academic piece
> by Wang Nian provides its doctrinal scaffolding. The piece is also,
> in DCC's reading, the most useful single resource for overseas
> counsel structuring B2B data arrangements with Chinese counterparties:
> it frames the *corporate data portability* lever that has no clean
> Western analog.

## The unresolved question

The Data 20 Articles framework allocates three rights — hold, use, operate — to the data processor (the party that collects, processes, and decides means and purposes of data handling). It also says the *data source* (数据来源者) — the party whose information was collected — has the right to "obtain or copy and transfer" data its participation gave rise to. But the policy text doesn't say:

- What *kind* of right this is — property, contract, statutory, sui generis?
- How it relates to existing rights — privacy, PI, trade-secret, IP?
- Who can invoke it — only natural persons (already covered by PIPL)? Or corporate "information subjects" too?
- What is its scope — only data that *identifies* the source? Or any data the source's activity helped generate?

These questions matter because the answer determines whether overseas counsel structuring a B2B data arrangement with a Chinese counterparty can rely on the data-source's right as a contractual baseline. Wang's piece reconstructs the doctrinal foundation that the operational rights need.

## The "data symbiosis" foundation

Wang's starting move is to import the concept of **co-generated data** (共生数据) from the ALI-ELI *Data Economy Principles* (a joint product of the American Law Institute and the European Law Institute, 2024) and the EU Data Act framework.

The concept's claim: most operationally significant data is *not* the product of the processor's investment alone, nor is it the property of the source alone. It's the product of joint activity — the processor's technology + the source's contribution. Examples:

- **Social platform data** — generated by user activity + platform infrastructure.
- **Connected-vehicle data** — generated by driver behavior + vehicle sensors.
- **Platform-merchant operational data** — generated by merchant transactions + platform observation.
- **Travel data** — generated by passenger movement + carrier systems.
- **Industrial robot production data** — generated by industrial-process activity + manufacturer telemetry.

In all five examples, neither party can claim sole authorship of the data. The processor's investment in collection technology is necessary but not sufficient; the source's participation is the other necessary input. Wang frames this as **data symbiosis** (数据共生): a joint-creation relationship that produces an interest split *both parties hold simultaneously over the same data*, with the processor's interest being primarily proprietary and the source's interest being primarily relational.

This is the foundation that the Data 20 Articles framework, in Wang's reading, needs to articulate.

## What "source" means — and what it excludes

Wang's definition: a data source is a subject (natural or legal person) that **(a) makes a substantial contribution to data generation** and **(b) does not in fact hold or control the resulting data**.

The two-part test:

**Test 1 — Substantial contribution.** Three factors:
- *Type of contribution.* Wang distinguishes three contribution modes: (i) the source is *the subject described or recorded* by the data; (ii) the source is *the owner / operator / user of an object* whose activity is recorded; (iii) the source *uses a connected device* to collect or provide data.
- *Directness.* Where contribution is too indirect (e.g., the source's data has been so heavily processed that the original contribution is "remote or attenuated"), the source-right does not attach. Wang's example: a person's PI becomes anonymized; the original PI subject's contribution to the anonymized dataset is too attenuated to support a source-right claim.
- *Substitutability.* If the same data could be obtained by any other route, the source's contribution is fungible and the source-right does not attach. The right reflects the source's *non-substitutable* role.

**Test 2 — Non-control over the data.** Even where contribution is substantial, the source-right requires that the source does *not* actually hold or control the data. Wang's example: a large flagship e-commerce store has both the technology and the resources to process the data its merchants generate; it is not a "source" under the framework — it is a co-processor. A small or individual-merchant store, by contrast, is a source — it contributes to the data but lacks the technical capacity to control it.

This second test is the structural answer to a question overseas counsel often raise: *can a corporate entity be a data source?* Wang's answer: yes, if it lacks practical data control. The framework is not nat-person-restricted in the way PIPL is.

## Why pre-existing legal entitlements don't cover the source-right interest

A central counter-argument to creating a separate "data source's right" is that the source's interests are already protected by existing rights: privacy, PI, IP, trade secrets. Wang takes this on directly and rejects it on four grounds.

### 1. The "existing rights" framework misclassifies the source as a passive recorded subject

The "existing rights" view treats the source as the *subject of recording* — the party whose information is captured. But Wang's data-symbiosis framework treats the source as a *co-creator* — an active participant whose contribution co-produces the data. Existing rights protect what the source *has* (privacy, PI); they don't recognize what the source *did* (participate in generation).

### 2. Existing rights are defensive; the source-right interest is participative

Privacy, trade-secret, and IP rights are primarily *negative defensive rights* — the right to exclude or prevent improper use. The source's interest in co-generated data is *positive participative* — the interest in *accessing and using* the data the source helped create. The existing-rights framework has no analog to this.

### 3. Knowledge IP rights protect single-author creation; data-source rights protect co-creation

Copyright and patent rights protect the *single-party* originator of creative or inventive work. Co-generated data is, by definition, multi-party. The IP model can't be transposed.

### 4. The PIPL right of copy and transfer (Article 45) is the *closest* analog — but limited

PIPL Article 45 establishes the natural-person's right to copy and transfer their personal information. This is conceptually the closest to the Data 20 Articles' source-right. But three structural gaps:

- PIPL Article 45 applies only to PI; the source-right is broader (any co-generated data).
- PIPL Article 45 applies only to natural persons; the source-right extends to legal-person sources.
- PIPL Article 45's scope is the *data identifying or relating to* the subject; the source-right's scope is data the source's *participation contributed to*, which is broader.

PIPL is the floor; the source-right is what extends the entitlement past PIPL's boundaries.

## The source-right as a "fair use right"

Having shown that the source-right is not reducible to existing entitlements, Wang articulates its positive content: a **fair use right** (公平使用权).

Three properties define it:

**(a) Contractual, not property.** The source-right is not a property right in the data — it is a contractual-relationship right against the *specific processor* who is symbiotically linked to the source. The source cannot enforce the right against third parties; it can only enforce against the processor it co-created with.

**(b) Bundled with content.** The right contains a bundle of operational entitlements:
- *Right to be informed* (知情权) of how the data is used
- *Right to access* (访问权) the data
- *Right to transfer / port* (转移权) the data to another processor
- *Right to correct* (更正权) inaccuracies
- *Right to delete* (删除权) under specified conditions

These mirror PIPL's individual rights for personal information, generalized to any co-generated data.

**(c) Scoped by the "relevance interest" standard.** What data does the right cover? Wang proposes the **"related interest" (相关利益) standard**: the source's right extends to data that meaningfully reflects the source's contribution — even if the data does not directly identify the source. This is the doctrinal answer to the corporate-data-portability question: a merchant operating across e-commerce platforms can invoke the source-right against each platform for the merchant's operational data — even though the data may not "identify" the merchant in PIPL's strict sense.

## What this tells overseas compliance teams

- **The corporate-data-portability lever is now doctrinally founded.** Wang's framework provides the academic foundation for treating the data-source's right as a meaningful B2B contracting baseline. Multinationals contracting with Chinese counterparties as either the data source or the data processor should pay attention to how the right is being articulated — it is reshaping the operational defaults for data exchanges, platform partnerships, IoT vendor contracts, and joint-venture data arrangements.

- **Treat the "data source's right" as PIPL Article 45 generalized.** When designing Chinese counterparty contracts, use Article 45's operational structure (knowledge / access / transfer / correction / deletion) as the template for source-right clauses for non-PI data. The PIPL precedent + Wang's doctrinal framework + the NDA's policy interpretation now jointly support that posture.

- **The "related interest" scope is broader than PI scope.** Where a multinational's Chinese affiliate generates operational data on a third-party platform, that data may not be PI under PIPL — but it may still be within the source-right scope as data the affiliate's contribution generated. Don't infer no entitlement from "no PI."

- **The non-control test (Test 2) is the structural threshold for who has the source-right.** If your Chinese affiliate has both substantial contribution *and* substantial data-control capability, it is a co-processor, not a source. The source-right is the right of the *less powerful party* in the data-symbiosis pair. Map this carefully in joint-venture and SLA contexts where the contribution / control allocation may not align with formal ownership.

- **The "substantiality + non-substitutability" filter rules out fungible inputs.** Multinationals worried about source-right claims from every party whose data ever touched a system should note that the doctrinal framework filters out attenuated, fungible, indirect contributions. The right is reserved for parties whose contribution is *non-substitutable* — the source whose unique participation made the data possible.

The deeper architectural shift Wang's piece signals: Chinese data law is moving toward a *participative* (not just *consent-based*) framework for individual and corporate interests in data. The PI subject's consent matters; so does the data source's *participation*. Where the two coexist (a natural person who both consented to PI processing and contributed to data co-generation), the two rights operate in parallel, with the source-right adding the participative-protection layer PIPL alone doesn't provide. This is the direction in which downstream rulemaking — including the [Data Property Rights Registration Guide draft](/laws/data-property-rights-registration-guide-draft/) — is moving.

---

— *王年, 数据来源者权利及其实现——基于数据共生的视角 (The Data Source's Rights and Their Realization — From the Perspective of Data Symbiosis), 《财经法学》Issue 5, 2025; reposted via 数字经济与法治 WeChat Official Account, October 28, 2025. [Original article (Chinese).](https://mp.weixin.qq.com/s/DeoiXUp2emdS-yjzWl8o7g)*

*Not legal advice. The above is DCC's structured summary of Wang's analysis, with framing for overseas counsel; the data-symbiosis framework, the two-part test for data-source status, and the "fair use right" articulation are Wang's.*