Previous Article in Journal
A Bibliographic Analysis of Research Trends on Privacy in Technology Adoption: Information Synthesis Perspective
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 16
Issue 12
10.3390/info16121028
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Exploring the Paradigm of Enterprise Data Protection: Constructing Enterprise Data Rights Under the Rightification of Behavioral Regulation

by
Xiaowei Hu
1,
Wen Ding
2 and
Deqian Fu
3,*
1
School of Law, Linyi University, Linyi 276005, China
2
School of Law, Wuhan University, Wuhan 430072, China
3
School of Information Science & Engineering, Linyi University, Linyi 276005, China
*
Author to whom correspondence should be addressed.
Information 2025, 16(12), 1028; https://doi.org/10.3390/info16121028
Submission received: 13 October 2025 / Revised: 11 November 2025 / Accepted: 20 November 2025 / Published: 25 November 2025
Browse Figures
Versions Notes

Abstract

Against the backdrop of the marketization of data as a production factor, the configuration of enterprise data rights has become a core legal issue for incentivizing data production and promoting data circulation and utilization. However, the complexity of enterprise data—manifested in its object forms, interest subjects, and usage scenarios—has made both the traditional rights-protection paradigm and the behavioral-regulation paradigm difficult to apply. Through an analysis of existing enterprise data protection models, this study identifies that the “rightification of behavioral regulation” paradigm—originating from the bundle of rights theory and applied in the intellectual property law—combines and designs the object types and object utilization methods it encompasses to design a rights architecture logic. This framework effectively overcomes the challenges of the variability of object forms, the diversity of subject definitions and the dynamism of power division in the construction of enterprise data rights, providing a crucial paradigm foundation for the construction of enterprise data rights. This effectively overcomes the variability of object forms, the diversity of subject definitions and the dynamism of power division in the construction of enterprise data rights, providing a crucial paradigm foundation for the construction of enterprise data rights. Building upon this theoretical basis, the study proposes a systematic framework for enterprise data rights: at the level of system positioning, positioning them as a new form of property right parallel to real rights and intellectual property rights; and at the level of rights content, defining their objects to include both data sets and data products, while designing a dynamic bundle of rights centered on possession, processing and use, and operation.

Graphical Abstract

1. Introduction

What rights are held, who holds them, and what rights are possessed constitute important propositions in rights construction. In recent years, multiple global legal regions have deepened legal discussions on data rights, and they have enacted legislation to establish data governance rules to balance the relationship between data utilization and protection. For instance, the EU’s General Data Protection Regulation (GDPR), the UK’s Data Protection Act 2018, and Singapore’s Personal Data Protection Act (PDPA) all feature specialized legislative arrangements for protecting and restricting data-related rights. Driven by the new wave of the revolution of science and technology and industrial transformation, China is actively exploring a corporate data property rights protection model suited to its domestic context. The exploration of data property rights in China is increasingly refined and systematized, showing a development trend from macro strategy to specific system, from national implementation to local pilot. The practice of data property rights registration is also increasingly rich and mature. First, China has successively introduced a comprehensive package of data property rights policies and regulations. At the policy level, these include the Notice on Issuing the Action Plan for Promoting Big Data Development (2015), the Opinions on Establishing a More Comprehensive Market-Based Allocation System for Production Factors (2020), the Opinions on Establishing a Data Foundation System to Better Leverage the Role of Data as a Production Factor (2022) (hereinafter referred to as the “Twenty Data Provisions”), Guidance on Promoting the Development of the Data Security Industry (2023), among others. Local governments have also issued implementation guidelines, opinions, and action plans related to the data industry. Beyond the Civil Code, Personal Information Protection Law, and Data Security Law, local governments have enacted data-related legislation in forms such as “Data Application Regulations,” “Data Economy Promotion Regulations,” and “Data Circulation Promotion Regulations.” Second, China is exploring data property rights registration pilots across regions. Local intellectual property bureaus, data management agencies, finance departments, data exchanges, and enterprise-level data platforms are actively experimenting with diverse registration models [1], such as data intellectual property registration, granting data asset certificates, comprehensive data element registration, and data resource notarization, continuously enriching practical registration approaches. For instance, 17 provinces and municipalities in China have launched data intellectual property pilot programs.
However, it should be pointed out that although China’s legislation and practice have accumulated a lot of experience in data property rights, the current difficulties such as poor circulation of data elements and insufficient utilization efficiency that are caused by the unclear definition of enterprise data property rights are still prominent. In practice, a growing number of judicial precedents on data disputes have emerged, including landmark cases such as “China’s First Search Engine Dispute: Dianping v. Aibang” and “China’s First Big Data Unfair Competition Case: Sina v. Maimai.” Representative judicial cases are listed in Table 1.
The real dilemma is mainly caused by these deep contradictions: first, there is tension between the unity of the right object and the variability of the enterprise data form, and the dynamic evolution of data from resources, collections to products is difficult to be accommodated by a single object definition; Second, there is a conflict between the oneness of the subject of rights and the diversity of the subject of interests of enterprise data, and the relationship between the rights and interests of data sources, controllers, processors and users is complex; Third, there is a contradiction between the legality of the content of rights and the diversity of data utilization scenarios, and the rigid power settings are difficult to adapt to complex business practices. Differences in recognizing the dominant role of these contradictions have led to various frameworks for rights protection, including usufructuary rights, data exclusive rights, intellectual property rights, data property rights, and the “three rights separation” approach. The “Twenty Data Provisions” propose the “three-rights separation” framework for data. However, key questions remain unresolved: whether the separation of data resource ownership, data processing/usage rights, and data product operation rights represents the division of functions within a single entity or the allocation of distinct rights among different entities; and whether the scope of these rights or functions comprehensively encompasses data sets, data products, and other critical elements. In addition, there are still divergences on the approaches of “empowerment protection” and “behavior regulation” for enterprise data in academia. In the “empowerment protection” approach, the subject and object of data empowerment are still unresolved and controversial. In order to solve the problem of enterprise data protection and promote the efficient circulation and utilization of enterprise data, we must combine the data characteristics and business practice scenarios, and break through the thinking of planarization. The research found that the “rightification of behavioral regulation” paradigm—originating from the bundle of rights theory and applied in the intellectual property law—combines and designs the object types and object utilization methods it encompasses to design a rights architecture logic. This framework effectively overcomes the challenges of the variability of object forms, the diversity of subject definitions and the dynamism of power division in the construction of enterprise data rights, providing a crucial paradigm foundation for the construction of enterprise data rights. This effectively overcomes the variability of object forms, the diversity of subject definitions and the dynamism of power division in the construction of enterprise data rights, providing a crucial paradigm foundation for the construction of enterprise data rights; and on this basis, gradually form a parallel enterprise data rights system with property rights and intellectual property rights.

2. Literature Review

We have found that in academic literature, there are various debates over enterprise data rights protection models, including “de-property rights,” “generalized property rights,” “limited property rights,” and “specialized property rights.” Enterprise data protection aims to regulate the utilization behavior of enterprise data and the protection model mainly consists of technical control and legal control. Technical control emphasizes governance beyond the law; legal regulation encompasses two approaches: behavioral regulation and rights protection. The choice of an enterprise data protection paradigm is essentially a progressive decision-making process: first, a choice between “technical control” and “legal control” (i.e., whether legal protection is necessary); second, a choice between “behavioral regulation” and “rights protection” (i.e., whether a legal right needs to be established); and finally, a choice between “rights in rem” and “rights in use” (i.e., what type of right should be created). These sequential decisions give rise to different paradigms of enterprise data protection.

2.1. Research Trends and Examination of the “Technical Control Paradigm”

Code serves as the bedrock of the internet ecosystem, regulating individual behavior through technical means and shaping a behavioral control model where “code is law, and code regulates code” [2]. The development of technologies such as digital encryption, data access control, digital signatures and backup, digital watermarking, and Digital Rights Management (DRM) systems has enabled the gradual penetration and integration of technical controls into diverse enterprise data utilization scenarios. As some scholars have pointed out, the boundaries of emerging online rights are effectively delineated through technological architecture. Even when these boundaries remain unrecognized by law, they still play a role in factual regulation [3]. However, relying solely on technological controls not only raises technical barriers to data utilization, causing the obstruction of enterprise data circulation, but also traps technical safeguards for “access control” and “usage control” in a vicious cycle of technological confrontation and abuse of technological power. Technological control is not an isolated system; it permeates political, ethical, economic, and cultural domains. The neutrality of technology is not absolute. While humanity struggles to master what Hobbes’ “political Leviathan,” it must also maintain sufficient vigilance and guard against the “technological Leviathan” [4] to prevent the dissolution of human agency under technological rationality and instrumental rationality, thereby avoiding enslavement to capital and technology. For instance, certain platforms—especially super platforms—exploit their control advantages in algorithms, technology, data, capital, and platform rules. Leveraging formidable governance authority, they abuse technological power to form digital Leviathans, algorithmic Leviathans, and other technological Leviathan entities within the platform economy.
Due to the limitations of the “technical control paradigm”, academia has developed several theories addressing the symbiotic relationship between technological governance and legal governance. These include the “dual co-governance theory,” which posits that technology empowers law while law regulates technology; the “convergence theory,” emphasizing the mutual integration and construction of code technology and law; and the “bidirectional convergence theory,” advocating for the harmonization of technological logic and rule-of-law thinking under the foundational status of law [5]. In the digital era, rights protection relies not only on legal norms but also on technological empowerment to drive effective enforcement [6]. But technology should become a tool for faithfully practicing legal rules and ensuring the realization of rights, rather than the rules themselves. The protection of enterprise data should not only avoid replacing legal control with technical control, but also prevent the mechanical integration of technical control and legal control. We should base ourselves on legal principles, clarify the boundaries and integration space between technological control and legal control, and achieve dynamic adjustment of legal systems in technological evolution through the interweaving of the two.

2.2. Research Trends and Review of the “Behavioral Regulation Paradigm”

The legal-technical principles governing the generation of legal interests fall into three categories: the principle of statutory determination for absolute rights, the principle of contractual determination for relative rights, and the principle of presumption for legal interests not yet elevated to rights [7]. These principles correspond to the rights-based model, the contract law model, and the legal interests protection model, respectively [8]. The legal interests protection model aligns with the rights protection model, and the behavioral regulation model serves as a crucial means to achieve legal interests protection. Under the “behavioral regulation model,” the law does not grant exclusive rights to new interests but instead regulates certain behaviors through contract law, administrative law, anti-unfair competition law, and criminal law [9]. Opting for this model generally requires meeting conditions such as “the existence of legal interests not yet elevated to rights, the failure of existing legal systems to provide effective protection, and an urgent practical need for agile regulation” [10]. Because the conduct regulation model emphasizes negative list protection rather than absolute rights protection, it can transcend rights attribution to safeguard specific legal interests. That is, it constructs an interest space from the perspective of controlling others’ conduct, maintaining the interests of beneficiaries by regulating specific actions of others [11]. Since the behavioral regulation model does not rely on clear rights boundaries or elaborate rights systems, it can directly regulate specific unlawful or improper conduct. Specifically, in the field of tort law, by establishing general provisions for violating protective norms and applying public law norms protecting data rights through behavioral regulation, it indirectly achieves the allocation of data rights. This aligns with the characteristics of data rights, such as non-exclusivity, blurred boundaries, and complex structures [12]. In contract law, relying on traditional property rights pathways faces challenges such as obstructing data circulation and hindering rights allocation [13], necessitating the construction of an intermediate rights model centered on contracts [14]. In unfair competition law, amid the absence of formal data rights, judicial practice often bypasses data ownership disputes when resolving corporate data conflicts, developing a preference for applying unfair competition law [15]. For example, in Sina v. Maimai, the judge did not explore the issue of civil rights over data, but instead regarded it as a competitive legal interest and regulated unfair data acquisition through the Anti Unfair Competition Law. However, behavioral regulation typically lacks clear, specific objects of protection, with unclear boundaries of interests, leading to uncertainty in regulating others’ conduct and its limits [16]. Beyond ambiguous protection boundaries and unpredictable conduct, the behavioral regulation model also struggles to provide systematic protection for corporate data rights due to the absence of a standardized protection system.

2.3. Research Trends and Examination of the “Rights Protection Paradigm”

Unlike the behavioral regulation paradigm, rights protection can only be established over specific objects, whereas interests generally lack objects or have uncertain objects [17]. Academic discussions have extensively explored rights protection for enterprise data from perspectives such as ownership (usufructuary rights), exclusive rights, intellectual property rights, and specialized property rights, forming a complex cluster of rights. Specific arguments are summarized in Table 2.

2.3.1. Review of Property Rights Protection Paradigms for Enterprise Data

First, examining the ownership protection model. The ownership allocation model is rooted in the theory of separation of powers. The “ownership theory” posits that corporate data rights resemble property ownership rights, representing the data controller’s entitlement to possess, use, dispose of, and derive benefits from the data set [18]. Based on the differing sources and degrees of contribution to data formation by various entities, data ownership should be assigned to the original data creator, while data usufruct rights should be granted to the data processor [19]. However, ownership rules designed for tangible property cannot be directly applied to data rights allocation. A single dataset may simultaneously involve multiple data ownerships or usufruct rights [20]. Crucially, data carries complex, interwoven rights structured like a network, defying explanation through ownership-based separation theories. Granting any entity exclusive control would intensify conflicts among stakeholders [21]. Simultaneously, under the “maternal rights-derived rights” allocation model, the subjects of self-property rights and limited property rights share interests in the same object. The object should inherently possess unity. However, the object referenced by the “dual structure of data ownership and data usufruct rights” is torn between “personal data with personal attributes and its aggregates” and “data resources or products resulting from data processing.” This creates a situation where the rights of data originators far exceed those of data users, leading to a disjunction in the logic of powers between maternal rights and derived rights.
Second, examining the data monopoly rights protection model. The “data monopoly rights theory” posits that data operating rights are established through legal authorization or administrative concessions, endowing such monopoly rights with specificity and exclusivity over particular matters [22]. Maternal rights perform “hereditary functions” and “procreative functions.” Without the “heredity” and “procreation” of maternal rights, the powers of possession, use, and profit inherent in quasi-property rights become castles in the air. Once detached from maternal rights, quasi-property rights transform from private rights tinged with public authority into purely public rights [23]. Therefore, establishing data monopoly rights without addressing data ownership fundamentally fails to resolve the issue of data rights allocation. Moreover, protecting data through exclusive rights implies treating corporate data as administratively controlled resources and characterizing its utilization as generally prohibited activities. Before such activities receive administrative approval, data controllers and processors effectively hold only de facto possession of corporate data. This easily creates scenarios where “use constitutes illegality,” hindering data sharing and circulation.
Third, examining the multi-tiered usufruct rights model. The theoretical foundation of this rights allocation model lies in the theory of rights exercise, where the rights holder may dispose of the rights according to their own will, forming a unified expression of intent with other civil subjects to establish independent rights for the latter [24]. Through the exercise of rights, the separation of ownership functions can be achieved, thereby establishing a multi-tiered usufructuary rights system. According to the theory of rights exercise, the enjoyment of rights and the exercise of rights belong to two distinct and independent categories. In this context, the generation of usufructuary rights is not the result of a separation of rights, but rather the result of the exercise of rights. Although the principle of statutory property rights forms the foundation of the property rights system, there are exceptions to the framework of rights, thereby reserving space for the development of the theory of rights exercise. The purpose of the multi-tiered beneficial rights configuration model for corporate data protection lies in establishing a meticulously hierarchical statutory framework of rights. This framework then permits right holders to dispose of relevant rights through contracts or agreements, thereby creating corresponding rights for transferees. For instance, some scholars propose creating corporate data usage rights via contractual means [25]. Some scholars have also proposed that entities holding exploitative data property rights could generate secondary exploitative data property rights based on their existing rights [26]. While the multi-tiered usufruct model plays a positive role in enriching multi-level utilization of corporate data and promoting openness in corporate data rights protection, it also faces numerous challenges. On one hand, although the exercise of rights is independent from the enjoyment of rights, it is predicated upon it. Based on the theory of rights exercise, Original rights are assumed to be ownership, with multi-tiered usufruct rights generated through rights exercise. However, significant debate currently surrounds how to construct corporate data ownership. Bypassing the foundational right of enterprise data ownership and attempting to construct multilayered usufructuary rights over enterprise data represents a fundamentally erroneous direction. On the other hand, based on the principle of statutory rights, protecting enterprise data through multi-tiered usufruct rights necessitates a pre-established framework of rights. The relatively stable nature of statutory rights categories and the rights system limits the applicability of this protection model.

2.3.2. Review of Intellectual Property Protection Paradigms for Enterprise Data

Current intellectual property protection for enterprise data intertwines three approaches: traditional IP protection pathways, emerging IP protection pathways, and cross-protection between traditional and emerging rights.
First, “traditional IP protection” focuses on expanding the scope of existing IP systems to safeguard enterprise data. Some scholars propose typological and scenario-based protection: trade secret protection for non-public enterprise data; special rights protection for semi-public database data; and competition law protection for publicly accessible online platform data [27]. Protecting enterprise data through the existing intellectual property system mainly involves adapting to various object types such as copyright, patent rights, and trade secret rights based on the form of the enterprise data, thereby achieving scenario-based protection. However, traditional rights confirmation pathways have specific scopes and functional purposes; they were not designed specifically for data protection [28]. Each intellectual property category imposes strict requirements for the protection of the objects. Not all enterprise data meets the intellectual property protection requirements for creative works. This has led to the current intellectual property protection framework having an overly narrow scope of coverage for enterprise data.
Second, “emerging rights protection” focuses on establishing novel data intellectual property rights to safeguard enterprise data. “Intellectual property protection for data rights” and “data intellectual property” represent distinct concepts [29]. Data intellectual property does not equate to intellectual property protection for data rights; rather, it involves creating a new intellectual property regime specifically designed to protect data as its subject matter [30]. This entails establishing proprietary rights over corporate data within the intellectual property framework [31], particularly data proprietary rights centered on derivative data as the subject matter [32]. However, adopting an emerging rights protection model may present the following challenges. First, the scope of the subject matter of rights remains ambiguous. Granting equal legal protection to corporate data types with varying degrees of originality—such as compilation data and deductive data—poses significant doctrinal difficulties. Second, the distinction between human and machine creation remains contentious. Establishing new data proprietary rights under intellectual property law requires that corporate data be products of human creation [33]. Yet big data products, including derivative data, are algorithm-generated outputs—derivative data products created through specific algorithms or manual processing, analysis, and integration of massive user datasets [34]. For derivative data generated through algorithmic intervention, distinguishing the contributions of human thought and machine learning proves challenging. The difficulties in identifying the objects and ownership of artificial intelligence-generated products also extend to the emerging field of intellectual property protection for enterprise data. Finally, the path of rights protection remains ambiguous. There are three main approaches to incorporating enterprise data into the intellectual property system: first, classifying it under existing rights such as geographical indications; second, creating new types of rights, analogous to the protection of integrated circuit layout designs; and third, granting enterprise data the same legal status as traditional intellectual property subject matter while relying on the framework of unfair competition law, such as trade secrets, for protection. Due to the unclear ontological attributes of enterprise data, the lack of a referable rights protection paradigm gives rise to this dilemma in choosing an appropriate path.
Third, “hybrid protection of traditional and emerging rights” focuses on the combined intellectual property protection of corporate data. Some scholars argue that derived data constitutes a new type of intellectual property subject matter—a novel right within the intellectual property framework. However, when it simultaneously meets the protection criteria for copyright, patent rights, trade secrets, or other specific rights, the parties may choose the specific protection method [35]. Specific data sets that already possess the form of intellectual property subject matter are subject to intellectual property protection (e.g., databases); the path for datasets that are not included in the scope of intellectual property objects to obtain legal rights protection [33]. Enterprise data meeting the criteria for intellectual property subject matter protection is fundamentally no different from other intellectual property subjects. The hybrid protection model fails to resolve issues such as “the protection of enterprise data rights that do not meet existing intellectual property protection criteria” and “whether to permit cross-protection scenarios between traditional and emerging rights, allowing rights holders to choose their protection method.” This further exacerbates the contradictions and conflicts between traditional and emerging rights protection models.

2.3.3. Examination of the Special Property Rights Protection Paradigm for Enterprise Data

The specialized property rights protection paradigm primarily establishes enterprise data rights parallel to property rights and intellectual property rights within the existing property system, giving rise to two branches: the complete property rights model and the dispersed property rights model.
Review of the “complete property rights theory”: data property rights are a type of property right originally acquired through collection activities, representing an independently existing right of control. Within the civil rights system, data property rights exist in parallel with property rights and intellectual property rights [36]. The “Integrated Property Rights Theory” attempts to carve out a niche for corporate data rights within the existing property rights framework, but it essentially constitutes a modified application of the theory of separation of rights. Some scholars propose establishing data property rights as a third category of property rights coexisting with real property rights and intellectual property rights, possessing universal enforceability and encompassing functions such as control, use, enjoyment of benefits, and disposition [37]. However, their exclusivity is weaker than that of traditional real property functions [38]. Under the theory of complete property rights, the law clearly defines the boundaries and precedence of rights. The rights system begins with the concept of complete rights, from which a series of sub-rights are subsequently derived [39]. However, data fundamentally differs from traditional property objects. Corporate data exhibits characteristics such as intangibility, ease of replication, and reusability, rendering its exclusivity significantly weaker than that of traditional physical assets. Treating data as a rights category parallel to property rights or intellectual property rights and directly embedding it into a rights structure centered on possession, use, enjoyment of benefits, and disposal would encounter severe institutional compatibility obstacles.
Examination of the “Dispersed Property rights Theory.” Rooted in the “bundle of rights” theory, this approach differs from the “umbrella-style” framework emphasizing the derivation of subsidiary rights from a parent right. Instead of focusing on meta-rights, it breaks free from the ownership-based rights structure, adopting a “decentralized” parallel rights assembly model. The “bundle of rights” theory originates from Hovland’s rights analysis, which posits that a right can be decomposed into “entitlement, liberty, power, and immunity” [40]. In Hofmann’s view, an individual’s rights over specific property do not constitute a legal relationship between that person and the property itself. Instead, they represent a composite of the aforementioned four rights that the individual holds over others in relation to that property. According to the bundle theory, any fixed arrangement of rights is redundant. Complex divisions of ownership and transfers of rights can be achieved through agreements and other arrangements [41]. The “Twenty Provisions on Data,” which downplays ownership while emphasizing usage rights, creatively proposes a data property rights framework featuring the “three-rights separation” of data resource holding rights, data processing and usage rights, and data product operation rights. This bears the imprint of bundle theory. Some scholars further suggest that data resource holding rights, data processing and usage rights, and data product operation rights correspond, respectively, to data resources, data elements, and data products [42]. However, the “three-rights separation” does not establish an overarching parent right. These rights no longer rest on the foundation of “data object ownership” nor follow a logic of derivative rights—where data processing and usage rights stem from data resource holding rights, and data product operation rights derive from data processing and usage rights. Instead, they appear as mutually separate and independent entities [43]. This rights separation model also carries inherent drawbacks that are difficult to overcome. First, it readily leads to rights proliferation. The common denominator of a “bundle of rights” lies in its “bundling point,” yet selecting this point lacks concrete standards. Once the scope becomes overly broad, it results in the entanglement and bundling of corporate data rights, causing shifting boundaries. Second, it fails to encompass all data types. Data, as an integrative concept, evolves from personal information to data resources and further to derivative data. The object attributes of different data forms are not homogeneous. The “bundle of rights” model, characterized by “multiple rights for a single object,” does not meet the requirement of object singularity. Finally, it weakens expectations for data market transactions. Under the rights-segregation configuration model, the lack of hierarchical separation guided by meta-rights makes it difficult to precisely define corporate data rights through the penetration of meta-rights. Instead, rights boundaries rely on judicial dynamic, ex-post demarcation based on specific scenarios, resulting in weak stability.

3. Method

This study employs literature review, normative analysis, and case study methodologies to ensure both theoretical depth and practical relevance to data transaction needs. By identifying the core challenges in the legal protection of corporate data in practice, this study analyzes and reviews the existing protection paradigm in the academic field. It then explores a feasible path that addresses both the theoretical demands for defining data rights and constructing a rights framework, while also aligning with China’s policy orientation and practical operational

3.1. Literature Review Method

By searching for relevant papers on enterprise data rights, data governance, intellectual property, and property law theories through websites such as China National Knowledge Infrastructure and Google Scholar, this study focuses on papers included in the CSSCI and SSCI systems, and systematically reviews the viewpoints in the literature. It is found that there are three main paradigms for protecting enterprise data in the academic community: technology control paradigm, behavior regulation paradigm, and rights protection paradigm. Building on this foundation, comparative and critical analysis methods are employed to examine the theoretical foundations, applicability boundaries, and practical outcomes of each paradigm, clarifying their inherent strengths and limitations. Subsequently, drawing on the strengths of each paradigm, this study proposes and argues for a novel protective approach that combines flexibility and operability—the “regulation of behavior through rights-based measures”—through theoretical integration and logical deduction. This approach aims to systematically address core challenges in constructing corporate data rights, including the uncertainty of objects, the multiplicity of subjects, and the dynamic nature of rights.

3.2. Normative Analysis Method

Based on China’s current laws and policy documents—including the Civil Code, Data Security Law, Guidelines on Promoting the Development of the Data Security Industry (2023), and the “Twenty Data Provisions”—this approach systematically organizes and interprets China’s policy orientation and practical focus in the corporate data domain, thereby identifying institutional design preferences aligned with real-world needs. Simultaneously, employing the transformative logic of “interest-legal interest-right,” this approach dissects the institutional pathway through which corporate data evolves from factual control to legal entitlement. It reveals the inherent tension and comparative advantages of “rightification of behavioral regulation” within the corporate data rights framework. Ultimately, it provides a systematic normative interpretation of core issues concerning the legal attributes, object matter types, and capacity structures of corporate data rights.

3.3. Case Analysis Method

Among the typical cases published annually by major courts in China, cases related to enterprise data disputes have been selected. These cases, such as Sina v. Maimai and Taobao v. Meijing—have a strong impact and often serve as the first cases in various fields and become landmark precedents frequently cited in academic research. Using the PKULaw database, we retrieved and analyzed the full judgments of these cases, focusing on the judges’ reasoning and the legal provisions applied. Through a comparative examination of judicial approaches to defining data rights and determining the ownership of enterprise data, we found notable inconsistencies in how courts characterize data rights and choose corresponding protection paths. These divergences reveal the practical difficulties currently faced by the judiciary in constructing data rights and providing adequate institutional support. The above analysis not only provides empirical evidence for reflecting on the limitations of existing paradigms but also further validates the feasibility and institutional advantages of the “rightification of behavioral regulation” approach in addressing dynamic data utilization and balancing diverse interests.
This study organically integrates the aforementioned research methodologies to establish an analytical framework that combines theory with practice and unifies normative and empirical approaches. This foundation lays a solid methodological groundwork for the subsequent proposal and systematic construction of the “rightification of behavioral regulation” paradigm. However, while the use of multiple methods enhances the comprehensiveness and scientific rigor of this paper, the study also has some limitations: First, the research primarily relies on legal texts, policy documents, and a limited number of typical cases, failing to fully cover the diversity of corporate data practices; Second, the scope of the study is confined to the Chinese context, which may affect the applicability of its conclusions in other jurisdictions; Third, the absence of large-scale empirical data or interdisciplinary economic models prevents quantitative validation of the “rightification of behavioral regulation” paradigm’s practical efficacy. Fourth, due to space constraints, this study does not explore legislative structure, content, or coordination mechanisms for corporate data rights. Future research may integrate empirical surveys, data analysis, or law-and-economics methodologies to refine and validate the paradigm’s institutional effectiveness while detailing related institutional designs.

4. Paradigm Shift: The Explanatory Power of the “Rightification of Behavioral Regulation” Paradigm for Enterprise Data

With the rapid advancement of information technology, enterprise data has become a vital factor of production. Faced with increasingly complex scenarios of corporate data utilization, linear and singular approaches—such as technical controls, behavioral regulation, and rights protection—exhibit numerous inadequacies. “Rightification of Behavioral Regulation” is neither a simple hybrid nor modification of behavioral regulation and rights protection pathways, nor the rights-based transformation of legally protected interests under the “behavioral regulation” model. Instead, it is another path of rights protection that has emerged from the framework of the rights protection paradigm. Some scholars propose three models for corporate data protection: “behavioral regulation,” “rights protection,” and “rightification of behavioral regulation” [44]. The “rightification of behavioral regulation” approach does not negate the exclusivity of rights. Rather, “the process by which law confers exclusivity upon property is one of typifying the utilization patterns of the object, enabling the establishment and transfer of such property rights through contractual means” [45]. However, in terms of the level of rights protection, the strength of rights generated by “rightification of behavioral regulation” is weaker than general ownership but stronger than the behavioral regulation model. It represents a pragmatic choice addressing the reality that intangible property cannot be fully controlled [46]. As an evolutionary form of traditional rights protection paradigms, “rightification of behavioral regulation” has found extensive application in intellectual property law. However, its independence remains obscured due to intellectual property protection’s path dependence on the prior determination of object eligibility. Establishing corporate data rights under this framework involves designing combinatorial rights based on different corporate data types and utilization behaviors. This flexible rights architecture facilitates the mutual accommodation of “technical control” and “legal control,” the interlocking of “legal interest protection” and “rights protection,” and the integration of “rights based on objects” and “rights based on use.”

4.1. Mutual Compatibility Between “Technical Control” and “Legal Control”

Relying solely on legal control while disregarding the factual control power of technical measures will either result in excessively high legal control costs for corporate data or render legal control ineffective against technical control. Since the rights-based approach to behavioral regulation follows the principle of “rights based on use,” when technical control of corporate data utilization methods is embedded within various corporate data usage scenarios—or even becomes integrated with them—technical control can enable corporate data holders to achieve effects similar to the exclusivity of rights. Controlling data utilization through technical measures can yield effects akin to the exclusive proprietary rights of intellectual property [47]. The control rights over enterprise data safeguarded by corporate technical measures encompass the right to use or license data to others, as well as the right to prevent unlawful use or access by third parties [25]. When the behavioral patterns of technical controls highly overlap with the utilization methods of enterprise data rights, this approach not only overcomes the potential ambiguity in utilization boundaries associated with the “rights-based-on-use” model—which categorizes enterprise data based on usage types—but also mitigates the closed nature of enterprise data utilization caused by technical controls. It enhances the incentive for rights holders to authorize others to use enterprise data through licensing, thereby promoting the market-oriented allocation of enterprise data elements and achieving the integration of factual control and legal control over enterprise data.
Beyond the legalization of technical control behaviors, when technology itself cannot be included within the scope of legal protection, the rights protection system can safeguard the technology itself based on the logical dependency between the technology and the behaviors it controls. Corporate data technical controls broadly encompass access control over data formats and usage control over information content, corresponding to the holding of data formats and the utilization (processing, operation) of data content. Under the “rightification of behavioral regulation” approach, where technical control behaviors and rights-based control behaviors are highly integrated, protecting the technology itself must be embedded within rights protection. Once others breach technical measures, the disruption of the technical control behavioral order rapidly propagates into the legal order protected by rights. China’s third revision of the Copyright Law marked the first legal inclusion of technical protection measures for “access control” and “use control,” prohibiting the provision of copyright circumvention technologies—a prime example of symbiotic technical and rights protection. The “rightification of behavioral regulation” approach not only affirms the behavioral patterns of technical control through legal rights but can also extend the scope of corporate data rights protection. This can be achieved by following the model of copyright law to incorporate technical measures governing access and use of corporate data into legal protection. The “rightification of behavioral regulation” approach demonstrates strong interpretive tension regarding the mutual compatibility of “technical control” and “legal control” for enterprise data. It delineates the boundaries: those controlled solely by technology beyond rights protection, those where technology empowers rights protection, and the protective scope of technical measures themselves. This seeks to transition enterprise data protection from a technological order to a legal order, bridging the gap between technical and legal controls.

4.2. The Interlocking of “Legal Interest Protection” and “Rights Protection”

“Rights are limited to those nominally designated as such, forming the core component of broad legal interests. All other civil law interests are termed other legal interests, regulating tortious or unlawful acts through two models: rights (guarantee) law and conduct (regulation) law” [48]. The former focuses on rights with explicit objects, while the latter addresses conduct patterns defined by obligations stipulating people’s actions [49]. Legal interests that have not been elevated to rights are primarily protected through the conduct regulation model. For the same object, “legal interest protection” and “rights protection” present an “either-or” dilemma. Traditionally, for a given legal object, there has often been a dichotomous choice between rights protection and legal interests protection. However, in the data domain, a single data object typically embodies multiple and interrelated interests. As these interests overlap and intertwine, legal interests protection and rights protection are no longer mutually exclusive but rather become mutually embedded within one another [50]. Data interests frequently intersect or intertwine with other rights. For instance, when corporate-collected and stored data contains personal information, such data not only carries the enterprise’s data property rights but also embodies the natural person’s personal data rights and even public interests [12].
When configuring enterprise data rights through the path of behavioral regulation legalization (i.e., transforming behavioral norms into rights structures), not all data-related interests are indiscriminately granted the status of rights. Instead, an initial process of interest delineation is required. Specifically, property-oriented behaviors involving enterprise data—such as possession, processing, and commercial operation—are subject to rights-based construction, forming the core of what may be termed enterprise data rights. In contrast, enterprise data utilization behaviors that fall outside this rights-based framework are regulated through the protection of legal interests. This protection manifests primarily in two dimensions: first, the ancillary obligations arising during the establishment of enterprise data rights, such as the duties to avoid infringing upon personal information interests and to comply with data registration and security requirements; and second, public law regulation of enterprise data, which targets acts of unfair competition, monopolistic conduct, and threats to data security within the data domain.
“The purpose of law lies in regulating human conduct; all legal relationships must be oriented toward standardizing human behavior” [51]. From the perspective of a bundle of rights, property is not merely a relationship between an owner and an object, but rather a set of legal relationships between individuals [52]. A concrete example of a data transaction can clearly illustrate this transformation in essence. Suppose that Enterprise A intends to sell a dataset of anonymized user information it holds to Enterprise B. From the “person–object” perspective, this transaction merely represents Enterprise A’s disposal of its data asset, emphasizing A’s “ownership” or “control” over the data. However, from the “person–person” perspective, the transaction involves a complex web of legal relationships: (1) Between A and B: governed by the rights protection framework, their relationship is defined primarily by contractual obligations. At the same time, B’s conduct remains constrained by the legal interests protection framework—for instance, B may not obtain or use the data through unfair competition or other improper means. (2) Between A, B, and users: governed by the legal interests protection framework. Although the data have been anonymized, both A (in collection) and B (in use) still bear duties to protect user privacy and adhere to user agreements, reflecting the protection of users’ personal information interests as a legal interest. (3) Between A, B, regulatory authorities, and the public: also governed by the legal interests protection framework. The transaction must comply with public law regulations such as the Data Security Law and the Anti-Monopoly Law to safeguard market competition order and public security.
Therefore, in the shift in legal relationships concerning enterprise data from “person-to-object” to “person-to-person,” “legal interest protection” and “rights protection” are not mutually exclusive. First, we distinguish between property interests with commercial utility and public interests with restricted utilization. These distinctions then translate into two distinct types of enterprise data utilization behaviors, each requiring different protective models to achieve the nested relationship between “legal interest protection” and “rights protection.”

4.3. The Integration of “Property-Based Rights” and “Usage-Based Rights”

Rights protection encompasses two empowerment models: the “property-based rights” model typified by ownership, and the “usage-based rights” model typified by intellectual property [53]. Amid the convergence of these two approaches, enterprise data rights protection has evolved into flexible variants such as relational boundary rights, incremental rights confirmation, scenario-based rights confirmation, and “rights bundles” versus “rights blocks.” These approaches offer more adaptable and moderate solutions to circumvent the drawbacks of traditional rights protection [50]. Although “rightification of behavioral regulation” is deeply influenced by bundle theory, it does not simply establish a series of parallel rights based on specific corporate data utilization methods. Instead, it builds upon a comprehensive corporate data right framework, combining rights designs tailored to different data types and corresponding utilization methods. This approach overcomes the limitations of direct control over tangible objects or subjects by rights holders, thereby promoting the integration of “property-based rights” and “usage-based rights.”
First, ensuring the inclusiveness of the subject matter of corporate data rights. Viewed through the lens of the corporate data lifecycle, corporate data follows a three-part classification: “data resources—data sets—data products” [54]. The scope of rights that can be property-titled primarily encompasses two fundamental forms: data sets and data products. However, due to significant differences between data sets and data products in terms of intellectual input, form of expression, and value magnitude, traditional models of granting comprehensive rights—such as ownership, usufructuary rights, or even intellectual property rights—would result in the subject matter of rights failing to maintain consistency. The “rightification of behavioral regulation” adopts a rights structure combining different subject matter types with distinct utilization methods, de-emphasizing complete control over the subject matter of rights. This approach overcomes the closed nature of subject matter systems under traditional rights protection models.
Second, it ensures the diversity of corporate data rights holders. To maximize resource utilization, the property rights system establishes usufructuary rights as a statutory category based on the theory of separation of rights and duties. However, due to the limitations of the principle of statutory property rights, establishing multi-tiered usufructuary rights faces legal obstacles. In response, scholars have proposed framework rights to accommodate changes in property rights content, effectively creating new types of property rights indirectly [55]. The theory of rights exercise provides theoretical support for establishing multi-layered usufructuary rights. Nevertheless, a centralized rights structure originating from ownership struggles to systematically arrange rights for diverse utilization methods of different corporate data forms. Simultaneously, a distributed rights allocation system without a rights origin cannot find a foothold within China’s existing property rights framework. Under the “rightification of behavioral regulation” approach, typical enterprise data utilization methods are transformed into distinct rights functions and encompassed by specialized enterprise data rights. The absence of one or more functionalities does not affect the independent existence of enterprise data rights. Entities possessing different functionalities can all transfer rights under the name of enterprise data rights. The functionalities held by different holders of enterprise data rights exist in a dynamic combination, significantly alleviating the challenges of determining rights attribution arising from the diversity of enterprise data utilization entities.
Third, ensuring the openness of the content of enterprise data rights. Since the “rightification of behavioral regulation” approach uses “behavior” as the fulcrum for its rights architecture—that is, by typifying utilization methods for specific objects and then transforming typical utilization methods into rights—it forms a networked rights structure between the object of rights and the content of rights. Although constrained by technological development, it is impossible to exhaust all utilization methods for specific objects, and certain statutory utilization methods may become obsolete at particular developmental stages. However, corresponding legislative techniques can dynamically adjust the statutory utilization methods for enterprise data. Regarding the “rights entry point” for corporate data utilization, the system of legalized utilization methods can be expanded or restricted through institutional dynamic adaptation. For instance, the “right of communication to the public via information networks” under copyright law represents a newly added legalized capacity driven by information technology advancements. Similarly, to foster artificial intelligence industry growth, some scholars propose legitimizing the reproduction of works during AI data training by narrowing the scope of reproduction rights [56]. Regarding the “rights exit” of corporate data utilization, after granting corporate data rights, some scholars propose establishing a fair use system for corporate data rights [57] to reasonably define utilization boundaries and impose necessary restrictions on corporate data rights, thereby further ensuring data circulation.

5. Paradigm Construction: Structuring Enterprise Data Rights Under the “Rightification of Behavioral Regulation” Approach

Constructing an enterprise data rights system under the “rightification of behavioral regulation” approach requires first clarifying the positioning of enterprise data rights within the broader property rights framework. Subsequently, the types of objects subject to enterprise data rights and the specific powers of these rights must be defined. Finally, based on the combination of enterprise data types and specific powers, the rights system for enterprise data should be designed.

5.1. Positioning Corporate Data Rights Within the System Under the “Rightification of Behavioral Regulation” Approach

Property rights can be categorized into three types: real rights, creditor’s rights, and intellectual property rights [58]. While the modern property rights spectrum should maintain a degree of continuity, real rights and creditor’s rights cannot encompass all types of rights. It is necessary to extract distinguishing elements through comparative analysis and reconstruct the property rights system using a typological approach [59]. With the advancement of science and technology and the development of commodity economies, the traditional “real rights-creditor’s rights” dual structure has faced challenges. New types of property rights continue to emerge, forming a modern property rights system that is open, dynamic, and continuously evolving [60]. Since data rights constitute complex “bundles of rights,” traditional property law research paradigms—such as those centered on ownership, the property-contract dichotomy, and property rights theory—struggle to explain data rights issues in the virtual world [61]. The direct incorporation of enterprise data into existing legal frameworks such as property rights or intellectual property rights faces significant theoretical challenges. First, compared with property rights, enterprise data lack the essential characteristics required of a property object—namely specificity, tangibility, and absolute controllability. The intangible, replicable, and highly iterative nature of data makes it incompatible with property law rules centered on “possession” and “tangible things.” Second, in contrast to intellectual property, the economic value of enterprise data primarily derives from its scale and utility, rather than from any creative or expressive originality. Consequently, it does not meet the stringent requirements of “originality” under copyright law or “inventiveness” under patent law.
Article 127 of the Civil Code of the People’s Republic of China stipulates that “where the law provides for the protection of data and virtual network property, such provisions shall apply.” This declarative clause underscores the unique nature of data as a novel form of civil interest, while simultaneously revealing the legislative difficulty of directly categorizing it within traditional forms of property rights. As the structure of property rights continues to expand, the question of whether data property rights can stand alongside real rights and intellectual property rights has sparked extensive scholarly debate. Some scholars argue that information property rights should be positioned alongside tangible property rights and intellectual property rights as the three pillars of the information society’s property rights system [62]. Others contend that data property rights should be established as a third category of property rights with universal applicability, parallel to tangible property rights and intellectual property rights [28]. Taken together, as the economic and proprietary value of enterprise data becomes increasingly prominent, enterprise data rights should not remain detached from the broader framework of property rights but should instead secure a legitimate position within it. Considering the distinctive nature of enterprise data protection, it is appropriate to conceptualize enterprise data rights as a parallel category of proprietary rights, standing alongside real rights and intellectual property rights within the modern property law system. The systemic positioning of corporate data rights within property rights is shown in Figure 1.

5.2. Defining the Subject Matter of Enterprise Data Rights Under the “Rightification of Behavioral Regulation”

The issue of identity in the protection object of enterprise data rights impacts the construction of such rights. Enterprise data is not a concept of identity, and the vagueness in the scope of the protected object may lead to blurred boundaries of the rights. The property rights protection model under the rights separation paradigm suffers from issues like singularity of the protected object. The multi-tiered usufructuary property rights model under the rights creation paradigm, besides inheriting the inherent drawbacks of the property rights model, also heavily relies on a robust enterprise data registration and public disclosure system and a comprehensive statutory classification of rights. The intellectual property protection model faces challenges such as excessively high protection thresholds and overly narrow scope of protected objects. The specialized property rights model suffers from issues like overgeneralization of the protected object. Currently, academic theories outline the fundamental evolutionary forms of enterprise data—such as “raw data, data sets, and data products” [63]—by integrating different lifecycle stages including collection, aggregation, analysis, processing, and utilization. Raw data emphasizes unprocessed data collections, data sets indicate aggregated data, while derived data focuses on substantially processed data [64]. Scholars analyzing 17 local “data registration” policy documents in China found that regions categorize data registration into data resources and data products. The former includes data collections (containing raw data), while the latter encompasses, but is not limited to, datasets, data analysis reports, application programming interfaces (API data), algorithmic models, data visualization products, data reports, data applications, and data services [65]. Since data owners do not possess exclusive rights to collect and use raw data, let alone ownership of data resources, raw data—which retains personal attributes and lacks independent property value—can be protected through legal interests such as the Anti-Unfair Competition Law and personal information protection rules, rather than under a rights-based protection framework. For instance, when registering corporate data on Shandong Province’s Data Intellectual Property Rights Registration Platform, data containing personal information must either have obtained individual authorization or undergone anonymization. To ensure conceptual consistency, the corporate data rights discussed herein primarily encompass two forms: data collections and data products. This aligns with current theoretical research and registration practices concerning corporate data.

5.3. Specific Functions of Enterprise Data Rights Under the “Rightification of Behavioral Regulation” Approach

Property rights manifest differently across various legal domains. Real property rights encompass “possession, use, enjoyment of income, and disposition” [66]. Compared to ownership, other property rights such as usufructuary rights and security interests lack certain corresponding property rights functions. As an independent property right, ownership encompasses all four functions, thereby constituting the complete state of property rights. Creditor’s rights encompass the right to demand performance, the right to accept performance, the right to seek protection of the claim, and the right to dispose of the claim [67]. Intellectual property rights include the right to identify, the right to control, the right to reproduce, the right to derive benefits, and the right to dispose [68]. Different types of intellectual property further subdivide into specific rights: for instance, copyright comprises moral rights and economic rights, with moral rights including the right to authorship, the right to publish, and the right to protect the integrity of the work; economic rights encompass reproduction, rental, online transmission, broadcasting, and over a dozen other functions; patent rights include manufacturing, use, offer for sale, sale, importation, and related functions of rights; trademark rights comprise exclusive use, licensing, marking, renewal, prohibition, and other functions of rights, all of which inherently involve usage, profit generation, and disposal. Although certain functions of rights are sometimes labeled as “rights,” this does not imply they possess independent legal status. That is, “though termed a right, its essence is not a right but a function—the effect produced by a right—referred to as a right merely for academic convenience” [69]. As previously noted, under the functional separation paradigm, the functional components of enterprise data rights primarily reference the property rights model, encompassing control, use, enjoyment of benefits, and disposition. Under the functional allocation model, enterprise data functions mainly include holding rights/control rights, processing and usage rights, and operational rights. Treating enterprise data rights as a new type of property right implies that their functional prototype should be configured independently based on the unique characteristics of enterprise data rights, thereby maintaining a certain distinction from the functional systems of “possession, use, enjoyment of benefits, and disposal” in property rights and the “three-rights separation” functional system. According to the “Twenty Data Provisions” property rights separation scheme, typical data control and utilization activities—such as collection, storage, use, processing, transmission, provision, and disclosure—are institutionally categorized as holding rights, processing and usage rights, and operational rights.
Regarding enterprise data holding rights, academic debate persists over whether they constitute an independent right or merely a functional capacity. The “independent right theory” posits that holding rights “equate to a weakened or modified form of ownership” [70], encompassing capacities for possession, use, enjoyment of benefits, and disposal. The “specific capacity theory” contends that enterprise data holding rights function only within transient, limited spheres of capacity, including autonomous control, limited enjoyment of benefits, and reasonable disposal [71]. Some scholars further contend that data holding rights encompass faculties such as data possession, data usage, and data destruction [72]. Within the three-rights separation framework, data holding rights primarily include specific faculties such as usage (processing, analyzing, and utilizing data for the holder’s own purposes), circulation (providing processed data products to others for use), and profit (obtaining returns or compensation through data usage and circulation) [73]. Comprehensively speaking, data holding rights serve as a state protecting factual control over data. Holders share their controlled data with relevant parties through access permissions such as open application programming interfaces (API data), requesting data ports from designated resources (GET data), submitting data for processing to designated resources (POST data), download permissions, and specialized software client links to data services. Corporate data holding rights, as a specific capacity within corporate data rights, encompass sub-rights such as possession, licensing, and remuneration rights to prevent unauthorized access and use of data. It is worth noting that corporate data holding rights span the entire lifecycle of corporate data, maintaining constancy within the corporate data rights framework. This means holding rights are assigned both to data collections and data products, though the rights over data collections and those over data products carry distinct meanings. Data holding rights are established separately based on the data value formation process (different data forms), covering the journey from data resources to final products [74]. However, after transferring data, the data holder retains the right to continuously circulate and utilize the transferred data as long as they do not relinquish ownership. They may also continuously add new data to produce new data products [75]. During data circulation and utilization, data continuously transforms in form and value while also changing hands among holders. The rights enjoyed by holders vary depending on the data form [73]. In other words, the “derivative structure” of data ownership encompasses two distinct data ownership rights. These are not “parallel structures” formed on the same data but rather different rights established on two distinct types of objects [76]. Due to the infinite replicability of enterprise data, much like how the exhaustion principle of distribution rights in copyright law struggles to apply to digital works, a holder’s permission or transfer of enterprise data does not signify the loss of ownership. While others acquire ownership of the data, recipients may also hold ownership rights over new data products or datasets created through processing the acquired data.
Regarding the right to process and use enterprise data, this right takes the form of a positive entitlement, granting the data holder the right to process their own data and receive corresponding compensation; it also takes the form of a negative entitlement, preventing others from processing the corresponding data without the data holder’s permission [77]. Unlike ownership rights, which denote the actual control status of the data holder, processing and usage rights primarily refer to the qualification of the subject to perform processing, usage, and other handling actions on the data [78]. Data set processing and usage rights require interpretation within two distinct contexts: original rights and derivative rights. Original rights refer to the processing and usage rights that enterprise data producers possess over generated big data collections resulting from activities such as collection, cleansing, and computation, based on their lawful original possession of the data. Derived rights refer to the operational rights and ownership rights that data processors acquire over data products generated through the exercise of these processing and usage rights, obtained through means such as licensing or transfer.
Regarding the operational rights to enterprise data products, since these products manifest as data service-oriented transactions—such as “services oriented toward data outcomes” and “services oriented toward data usage”—they confer rights to benefits including usage, updates, revenue, and re-circulation [79]. Operational rights to enterprise data products encompass sub-rights such as usage rights, licensing rights, transaction rights, remuneration rights, and disposal rights.

5.4. Designing the Functional Combination of Enterprise Data Rights Under the “Rightification of Behavioral Regulation” Approach

Regarding the powers associated with corporate data rights, extensive academic discussions have been conducted. For instance, the limited property rights over data collections encompass the powers of control, use, licensing to others, or transfer; while the property rights over data products (corporate data rights) include powers such as control, use, transmission, and disposal [80]. Some scholars further categorize enterprise data into raw data, data collections, and data products, proposing a “three-rights separation” model to structure rights: data resource holding rights, data control rights, and data product operation rights [71]. As a rights system fundamentally designed to ensure simultaneous data utilization by multiple parties, enterprise data rights should follow a “behavioral regulation through empowerment” technical approach. This involves categorizing data usage behaviors to construct an imperfect control right and limited exclusive right centered on prohibition rights and remuneration rights [81]. Given the diversity in the form and utilization methods of enterprise data objects, the design of combined rights for enterprise data types and utilization must account for both the evolution of data objects and the flow of subjects across different lifecycle stages, as well as the diverse utilization needs of multiple stakeholders regarding enterprise data. As intellectual property rights function as a means to regulate behavioral patterns [82], they do not pursue complete control over objects but instead adopt a technical approach of “rightification of behavioral regulation.” This approach constructs a protective space for interests around specific utilization behaviors of the object [83]. Taking copyright as an example, the law does not establish a complete set of exclusive rights but instead designs rights based on the type of work and the manner of use, combining them into a bundle of rights. Consequently, certain work types struggle to secure comprehensive copyright property rights—for instance, the “rental right” within copyright property rights is exclusively allocated to computer software and audiovisual works. In the realm of enterprise data capability allocation, one must account for the characteristic that enterprise data capabilities may be concurrently or separately held by different/same entities across distinct lifecycle stages. Design should be tailored through combination based on enterprise data types and the capability-oriented utilization methods of enterprise data.
Enterprise data rights constitute a composite of powers including possession, licensing, exclusivity, disposal, and profit-sharing. The resulting rights—such as holding rights, processing/usage rights, and product operation rights—formed by different combinations of these powers must be allocated among various entities at different stages [84]. However, under the “rightification of behavioral regulation” approach, the structure of enterprise data rights is not a simple aggregation of powers but involves the integrated design of object types and specific rights. As previously discussed, enterprise data is categorized into two main types: data collections and data products. The rights-based forms of controlling and utilizing enterprise data primarily manifest as holding rights, processing and usage rights, and operational rights. Some scholars argue that the separation of data property rights should facilitate the allocation of data processing and usage rights, as well as operational rights, to data consumers either individually or in combination [85]. In designing the combination of rights, one should not mechanically map enterprise data—including data collections and data products—to holding rights, processing and usage rights, and operational rights from a static, two-dimensional perspective. Instead, a dynamic, multidimensional approach should be adopted to allocate corresponding rights based on the distinct characteristics of different enterprise data forms. The rights framework for enterprise data should be constructed by first determining the data type, then structuring rights based on the “three rights” established in the “Twenty Provisions on Data.” Specifically, data collections should be assigned holding rights and processing/usage rights, while data products should be assigned holding rights and operational rights. In other words, the configuration of enterprise data rights can be divided into three combinations: “Data Collection Holding Rights + Data Collection Processing/Usage Rights,” “Data Product Operational Rights + Data Product Holding Rights,” and “Data Collection Holding Rights + Data Collection Processing/Usage Rights + Data Product Operational Rights + Data Product Holding Rights.” The first model refers to the data owner acquiring data set ownership and processing rights through large-scale data aggregation and organization. The second model describes a data processor obtaining operational and ownership rights over data products derived from processing the enterprise data set, based on acquired processing rights. Since data set processing rights result from data product generation, this model does not require separate enterprise data processing rights. The third approach primarily describes scenarios where the same entity maintains control throughout the entire lifecycle of enterprise data—including collection, storage, usage, processing, transmission, provision, and disclosure. This represents a more complete state of data rights ownership by a specific entity, as shown in Figure 2.

6. Conclusions

As key entities activating the value creation and realization of data elements, enterprises must establish a scientific data property rights allocation system. This is crucial for stabilizing market transaction expectations, promoting reasonable resolution of data disputes, facilitating data transactions, and unlocking the value of data elements. Through comprehensive literature review, institutional analysis, and case studies, this research addresses the theoretical and practical demands for establishing enterprise data rights. Currently, three major paradigmatic divergences exist regarding enterprise data protection: the technical control paradigm, the behavioral regulation paradigm, and the rights protection paradigm. Enterprise data exhibits characteristics such as complex forms, diverse stakeholders, and varied utilization patterns. Linear, singular protection paradigms demonstrate numerous incompatibilities, with this incompatibility being particularly pronounced in the rights protection paradigm [86]. While it is inappropriate to arbitrarily create new rights in response to emerging risks or phenomena—as some rights may be viewed as extensions of traditional rights—mechanically applying existing rights frameworks not only fails to resolve the challenges of protecting enterprise data rights but also risks creating an overly complex hierarchy of rights protection. This could result in convoluted and entangled channels and structures for granting enterprise data rights. We should examine the practical interests and expectations of enterprise data protection within the existing rights protection framework, grounded in the realities of enterprise data utilization. By reflecting on the limitations, adaptability, and transformative potential of the current rights system, we have identified a superior path for protecting enterprise data rights: the “Behavioral Regulation as Rights” paradigm. Emerging from the theory of rights bundles and applied in intellectual property law, the “rightification of behavioral regulation” paradigm not only aligns with the complex characteristics of corporate data but also effectively bridges tensions between technological control and legal control, protection of legal interests and rights protection, and rights based on objects versus rights based on usage. Furthermore, we have concretely constructed enterprise data rights based on this paradigm: First, in terms of positioning within the rights system, enterprise data rights under this paradigm are property rights parallel to property rights and intellectual property rights. Second, the objects of enterprise data rights encompass two forms of data: data collections and data products. Third, enterprise data rights possess three functions: holding rights, processing and usage rights, and operational rights. Fourth, considering data lifecycles and subject succession, the three functions are combinatorially designed based on different corporate data types and utilization methods. Specifically, three functional combinations are proposed: “Data Collection Holding Rights + Data Collection Processing and Usage Rights,” “Data Product Management Rights + Data Product Holding Rights,” and “Data Collection Holding Rights + Data Collection Processing and Usage Rights + Data Product Management Rights + Data Product Holding Rights.” This flexible configuration of rights and interests significantly facilitates the resolution of data disputes and promotes the circulation and utilization of enterprise data.
As a basic element of new quality productive forces, the protection of enterprise data rights depends on both legislative advancement in key and emerging sectors and solid theoretical justification for newly recognized rights. Following the establishment of a top-level theoretical framework, the practical implementation of the enterprise data rights architecture—constructed under the paradigm of “rightification of behavioral regulation”—should further align with the “Threefold Rights Separation” policy articulated in the Twenty Measures on Data, as well as current practices in enterprise data registration and transactions. Continuous refinement and institutional improvement are therefore essential to enhance the operability and practical adaptability of this paradigm, thereby enabling it to better serve data circulation and market-oriented data transactions.

Author Contributions

Conceptualization, X.H.; methodology, X.H. and W.D.; validation, W.D.; formal analysis, W.D.; investigation, X.H.; resources, D.F.; writing—original draft preparation, X.H.; writing—review and editing, W.D.; visualization, W.D.; supervision, D.F.; project administration, D.F.; funding acquisition, X.H. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by Shandong Provincial Social Science Planning Project, “Research on the Configuration and Normative Construction of Enterprise Data Rights” (Grant No. 24CFZJ04).

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Zhang, S.H.; Deng, P. Exploration and Institutional Framework of a Unified Data Property Rights Registration System. E-Government 2024, 12, 28–40. (In Chinese) [Google Scholar] [CrossRef]
  2. Lawrence, L. Code 2.0: Law in Cyberspace; Tsinghua University Press: Beijing, China, 2018. [Google Scholar]
  3. Wu, L.H. The Theoretical Justification of Emerging Rights and the Construction of Emerging Rights in Cyberspace. Soc. Sci. Beijing 2022, 4, 74–84. (In Chinese) [Google Scholar] [CrossRef]
  4. Ren, J.T. Artificial Intelligence and the Rebirth of Human Politics. Probe 2020, 5, 52–65. (In Chinese) [Google Scholar] [CrossRef]
  5. Guo, C.Z.; Yong, Q. From Embedding to Convergence: The Relationshipand Optimization between Technological Governance and Legal Governance. Acad. Mon. 2024, 12, 100–111. (In Chinese) [Google Scholar] [CrossRef]
  6. Lv, P.S.; Gao, Y. The Systemic Composition and New Characteristics of Digital Rights A Theoretical Analysis from the Perspective of Information Flow. Wuhan Univ. J. Philos. Soc. Sci. 2025, 3, 51–63. (In Chinese) [Google Scholar] [CrossRef]
  7. Sun, S. Reinterpretation of the Statutory Principle of Intellectual Property Rights. Contemp. Law Rev. 2018, 6, 60–70. (In Chinese) [Google Scholar]
  8. Sun, S. The Concept Restoration and System Integration of Intellectual Property Law from the Perspective of Legal Interest Protection Theory. Zhejiang Acad. J. 2021, 4, 85–94. (In Chinese) [Google Scholar] [CrossRef]
  9. Ding, X.D. Behavioral Protection of New Data Property: Analysis Based on Property Rights Theory. Law Sci. Mag. 2023, 2, 54–70. (In Chinese) [Google Scholar] [CrossRef]
  10. Huang, L. Behavior Regulation Mode for Copyright Protection of AI-generated Content—Taking Sora as an Example. Journal. Mass Commun. 2024, 6, 59–73. (In Chinese) [Google Scholar] [CrossRef]
  11. Ye, J.Q. The Merits and Shortcomings of the “Civil Rights Chapter” in the General Provisions of the Civil Code. Peking Univ. Law J. 2017, 3, 645–655. (In Chinese) [Google Scholar]
  12. Shi, C. Behavior Regulation Model of Enterprise Data Rights Protection and Application. J. Dalian Univ. Technol. Soc. Sci. 2022, 6, 84–92. (In Chinese) [Google Scholar] [CrossRef]
  13. Jin, Y. Reflection and Transformation of the Legal Path of Data Governance. Sci. Law J. Northwest Univ. Political Sci. Law 2020, 2, 79–89. (In Chinese) [Google Scholar] [CrossRef]
  14. Zhang, S.H.; Li, Y.N. Path Selection for Data Protection. Academics 2018, 7, 52–61. (In Chinese) [Google Scholar]
  15. Zhong, C. Judgment Rules of Unfair Competition Cases Concerning Data. People’s Judic. 2019, 10, 16–21. (In Chinese) [Google Scholar] [CrossRef]
  16. Zheng, X.J. The Civil Law Interpretation and Protection Methods of Personal Information. Law Sci. 2021, 3, 116–130. (In Chinese) [Google Scholar]
  17. Li, Y.J. General Principles of Civil Law; China Legal Publishing House: Beijing, China, 2018. [Google Scholar]
  18. Xu, K. Three Approaches to Data Protection: Comment on the Case of Weibo Accusing Maimai of Unfair Competition. J. Shanghai Univ. Soc. Sci. Ed. 2017, 6, 15–27. (In Chinese) [Google Scholar]
  19. Shen, W.X. On Data Usufruct. Soc. Sci. China 2020, 11, 110–131. (In Chinese) [Google Scholar]
  20. Cui, C.C. Jurisprudential Foundation and Institutional Framework for the Initial Configuration of Data Rights. Sci. Law J. Northwest Univ. Political Sci. Law 2024, 4, 105–113. (In Chinese) [Google Scholar] [CrossRef]
  21. Wang, L.M. On Data Rights and Interests: From the Perspective of Bundle of Rights. Political Sci. Law 2022, 7, 99–113. (In Chinese) [Google Scholar] [CrossRef]
  22. Long, W.Q. On the Construction of New Data Property and its System Structure. Trib. Political Sci. Law 2017, 4, 63–77. (In Chinese) [Google Scholar]
  23. Cui, J.Y. Theory of Structure of Mother Right-Child Right and Its Significance. J. Henan Univ. Econ. Law 2012, 2, 9–19. (In Chinese) [Google Scholar]
  24. Cai, L.D. From “Separation of Powers” to “Exercise of Rights”. Soc. Sci. China 2021, 4, 87–206. (In Chinese) [Google Scholar]
  25. Fu, X.H. A Critic of the Theory on Enterprise Data Property Rights Protection. Orient. Law 2022, 2, 132–143. (In Chinese) [Google Scholar] [CrossRef]
  26. Zhang, S.H.; Wang, N. The Justification and Construction of “Bi-level Dual Structure” on Data Property Right. China Law Rev. 2023, 6, 138–156. (In Chinese) [Google Scholar]
  27. Ding, X.D. On Legal Protection of Enterprises’ Data: Analysis Based on the Legal Nature of Data. Sci. Law J. Northwest Univ. Political Sci. Law 2020, 2, 90–99. (In Chinese) [Google Scholar] [CrossRef]
  28. Long, W.Q. On the Property Law Protection of Company Data. Orient. Law 2018, 3, 50–63. (In Chinese) [Google Scholar] [CrossRef]
  29. Jia, L.P. Justification and Rules of Data Intellectual Property Rights. Law Soc. Dev. 2024, 4, 205–224. (In Chinese) [Google Scholar]
  30. Zhu, Y.N. Establishing and Improving the Data Intellectual Property Rights System. Guangming Daily, 28 March 2025; p. 11. [Google Scholar]
  31. Liu, X. On Theoretical Proof and Normative Construction for Intellectual Property Protection of Enterprise Data. China Law Rev. 2023, 2, 38–50. (In Chinese) [Google Scholar]
  32. Yang, L.X.; Chen, X.J. Derivative Data Constitutes the Subject Matter of Data Proprietary Rights. China Social Sciences News, 13 July 2016; p. 5. [Google Scholar]
  33. Xiao, D.M. Can “Data” be Integrated into the Category of Objects of Intellectual Property Rights? J. Political Sci. Law 2024, 1, 137–148. (In Chinese) [Google Scholar]
  34. Li, Y.M.; Dai, M.M. Research on Rights Attributes and Legal Protection of Big Data Products. J. Zhejiang Univ. Humanit. Soc. Sci. 2020, 2, 26–37. (In Chinese) [Google Scholar]
  35. Wang, D.F. The Institutional Guarantee of Social Innovation with Regards to China’s “Big Data Strategy”—From the Perspective of Intellectual Property Rights. J. Nanjing Univ. Sci. Technol. Soc. Sci. 2019, 3, 27–34. (In Chinese) [Google Scholar]
  36. Qian, Z.Y. On the Construction of Data Property Right. Jurist 2021, 6, 75–91. (In Chinese) [Google Scholar] [CrossRef]
  37. Zhang, X.B. On Data Property Rights as a New Type of Property Right. Soc. Sci. China 2023, 4, 144–163. (In Chinese) [Google Scholar]
  38. Li, B.L.; Cai, X.X. Digital Economy and the Legal Protection of Enterprise Data Property. Trib. Soc. Sci. 2023, 4, 180–191. (In Chinese) [Google Scholar] [CrossRef]
  39. Chang, Y.; Smith, H.E. An economic analysis of civil versus common law property. Notre Dame L. Rev. 2012, 88, 1. [Google Scholar] [CrossRef]
  40. Milne. Human Rights and Diversity—Philosophy of Human Rights; Xia, Y., Zhang, Z., Translators; Encyclopedia of China Publishing House: Beijing, China, 1995; p. 188. [Google Scholar]
  41. Smith, H.E. Exclusion versus Governance: Two Strategies for Delineating Property Rights. J. Leg. Stud. 2002, 31, 453–487. [Google Scholar] [CrossRef]
  42. Gao, L. An Interpretation of the System of the Tri-Right Separation of Data: Underlying Logic, Jurisprudential Reflection, and Legal Realization. J. Beijing Adm. Inst. 2024, 6, 76–87. (In Chinese) [Google Scholar] [CrossRef]
  43. Xu, K. From Bundle of Rights to Right as Modularity: Reflection and Reconstruction of the Separation of Three Rights in Data. China Law Rev. 2023, 2, 22–37. (In Chinese) [Google Scholar]
  44. Sun, Y.; Yu, Z.Y. Rethinking Competitive Relationship and Reconsidering the Pathof Anti-Unfair Competition Law for Data Rights Confirmation. Sci. Technol. Law Chin.-Engl. Version 2024, 5, 25–36. (In Chinese) [Google Scholar] [CrossRef]
  45. Wang, Y. Genealogy of Property Rights,Numerus Clausus of Property Rights and Property Law in General of Civil Law. Trib. Political Sci. Law 2016, 1, 103–118. (In Chinese) [Google Scholar]
  46. Hou, Z.Q. Theoretical Justification and Normative Construction of the Protection of Environmental Right Under Law of Intellectual Property. Law Sci. 2022, 8, 177–192. (In Chinese) [Google Scholar]
  47. Eckardt, M.; Kerber, W. Property rights theory, bundles of rights on IoT data, and the EU Data Act. Eur. J. Law Econ. 2024, 57, 113–143. [Google Scholar] [CrossRef]
  48. Long, W.Q. General Principles of Civil Law, 2nd ed; China Legal Publishing House: Beijing, China, 2002. [Google Scholar]
  49. Li, C.H. Absolute Rights,Absolute Duties and their Relativization A Unified Framework for Protection of Civil Rights and Legal Interests. Peking Univ. Law J. 2023, 3, 646–667. (In Chinese) [Google Scholar]
  50. Su, Y.; Cheng, Z.R. Behavioral Regulation Models for the Protection of Data Property Interests. J. Zhengzhou Univ. Philos. Soc. Sci. 2023, 6, 44–53+139. (In Chinese) [Google Scholar]
  51. Hohfeld, W.N. Fundamental legal conceptions as applied in judicial reasoning. Yale Law J. 1917, 26, 710–770. [Google Scholar] [CrossRef]
  52. Peng, C.X.; Huang, Y.B. On the Historical Origin and Realistic Implications of the Bundle of Rights. Dongyue Trib. 2025, 6, 68–79. (In Chinese) [Google Scholar] [CrossRef]
  53. He, S.W. On the Data Entitlement Framework: From Object to Model. J. Comp. Law 2024, 2, 135–148. (In Chinese) [Google Scholar]
  54. Shen, W.X. On the hierarchical nature of data property rights system: “Three Three System” Data Rights Confirmation Law. China Leg. Sci. 2023, 4, 26–48. (In Chinese) [Google Scholar] [CrossRef]
  55. Zhu, Q.Y. The Legislative Expression of the Principle of Numerus Clausus. ECUPL J. 2019, 5, 106–115. (In Chinese) [Google Scholar]
  56. Shi, X.X. Restructuring Reproduction Rights: Legal Path for Data Training in Generative Artificial Intelligence. Orient. Law 2024, 6, 70–83. (In Chinese) [Google Scholar] [CrossRef]
  57. Li, Y.; Yang, X.Z. Constructing a System for the Fair Use of Enterprise Data Rights. Inn. Mong. Soc. Sci. 2025, 2, 108–117+213. (In Chinese) [Google Scholar] [CrossRef]
  58. Wang, L.M. Property Rights Legislation: Adopting Property Rights or Property Rights. People’s Court Daily, 27 August 2001. [Google Scholar]
  59. Jin, K.K. The constituent elements of the theory of distinction between creditor’s rights and real rights. Chin. J. Law 2005, 1, 20–31. (In Chinese) [Google Scholar]
  60. Wu, H.D. The Categorization, Institutionalization and Codification of Property Right: Taking the Draft of Civil Code as the Research Subject. Mod. Law Sci. 2017, 3, 31–41. (In Chinese) [Google Scholar]
  61. Wang, L.M. Data Rights and Interests Expression Civil Law. Jingchu Law Rev. 2024, 1, 19–29. (In Chinese) [Google Scholar]
  62. Qi, A.M. On the Legal Protection of Information Property and the Establishment of the Property Right System in the Civil Law System: Also on the Relationship within Property Law, intellectual property law and information property law. Acad. Forum 2009, 2, 145–152. (In Chinese) [Google Scholar] [CrossRef]
  63. Li, D.E. The Legal Nature and Sectional Protection of Data Rights. Theory Mon. 2020, 3, 113–123. (In Chinese) [Google Scholar] [CrossRef]
  64. Sun, Y. Research on the Mechanism for the Ownership and Authorization of Corporate Data Rights. J. Comp. Law 2020, 3, 56–73. (In Chinese) [Google Scholar]
  65. Wang, Q.; Huang, Y.Z.; Wang, Y.W. Research on Local Policies in China for Data Rights Confirmation and Registration from the Perspective of Enterprise Data Assetization. J. Inf. Resour. Manag. 2024, 6, 85–98. (In Chinese) [Google Scholar] [CrossRef]
  66. Wang, L.M. Civil Law; China Renmin University Press: Beijing, China, 2005; p. 309. [Google Scholar]
  67. Wei, Z.Y. Civil Law; Peking University Press: Beijing, China, 2000; p. 304. [Google Scholar]
  68. Xu, X.X. Legal Analysis on the Power Structure of Intellectual Property. Res. Rule Law 2014, 7, 112–119. (In Chinese) [Google Scholar]
  69. Lin, C.E. General Principles of Civil Law (Volume I); China Law Press: Beijing, China, 2005; p. 79. [Google Scholar]
  70. Lai, X.P. The Effective Utilization of Data as a Factor of Production Requires a Proper Understanding of the Fundamental Connotation of Data Resource Holding Rights. Science and Technology Daily, 5 September 2022; p. 8. [Google Scholar]
  71. Fang, S.K.; Zhou, X.J. Ownership of Data Resources: Generative Logic, Institutional Positioning, and Operation Paradigm. J. Yanbian Univ. Soc. Sci. 2024, 3, 85–99+143. (In Chinese) [Google Scholar] [CrossRef]
  72. Yun, J.S. The Construction of Data Holder’s Right under Possession Theory. Jinan J. Philos. Soc. Sci. 2023, 4, 50–61. (In Chinese) [Google Scholar]
  73. Gao, F.P. Rights Allocation of Data Holders:Legal Implementation of Structural Separation of Data Property Rights. J. Comp. Law 2023, 3, 26–40. (In Chinese) [Google Scholar]
  74. Ma, B. The Discomfort of Dividing Data Property Rights—Turning to Data Ownership Based on Module Theory. Orient. Law 2024, 1, 47–57. (In Chinese) [Google Scholar] [CrossRef]
  75. Gao, F.P. On Data Holder’s Right Towards a New Paradigm to Achieve Orderly Data Flow. Peking Univ. Law J. 2023, 2, 307–327. (In Chinese) [Google Scholar]
  76. Zhang, S.H. The Data Holding Right. ECUPL J. 2025, 2, 6–19. (In Chinese) [Google Scholar]
  77. Shang, J.G. Chinese Solution for the Allocation of Data Element Rights and Interests. J. Shanghai Norm. Univ. Philos. Soc. Sci. Ed. 2023, 3, 82–94. (In Chinese) [Google Scholar] [CrossRef]
  78. Yu, H.C.; Chen, R.K. Legal Interpretation of Data Resource Holding Rights. Sci. Technol. Law Chin.-Engl. Version 2024, 2, 21–30. (In Chinese) [Google Scholar] [CrossRef]
  79. Zhang, Z.Y. Interest Construction and Institutional Safeguards for the Right to Operate Data Products. Digit. Law 2024, 4, 56–70. (In Chinese) [Google Scholar]
  80. Ji, L.L. The Judicial Dilemma of Enterprise Data Protection and the Dimension of Breaking the Situation: The Road to Typed Right Confirmation. Leg. Forum 2022, 3, 109–121. (In Chinese) [Google Scholar]
  81. He, R. On Intellectual Property Protection of Enterprise Data. Soc. Sci. Shenzhen 2024, 2, 75–88. (In Chinese) [Google Scholar]
  82. Tamura, Y. Modern Japanese Intellectual Property Law Theory; China Law Press: Beijing, China, 2010; p. 7, Li, Y., et al., Translators. Available online: https://baike.baidu.com/item/%E6%97%A5%E6%9C%AC%E7%8E%B0%E4%BB%A3%E7%9F%A5%E8%AF%86%E4%BA%A7%E6%9D%83%E6%B3%95%E7%90%86%E8%AE%BA/570268 (accessed on 11 November 2025).
  83. Lv, B.B. Justifying the Right to Personal Information as a Civil Right:Taking Intellectual Property as the Reference. China Leg. Sci. 2019, 4, 44–65. (In Chinese) [Google Scholar] [CrossRef]
  84. Geng, Z.; Li, D. The Right Explanation and Legal Expression of the Data Property Right Separation. J. Guangxi Univ. Philos. Soc. Sci. 2024, 1, 183–193. (In Chinese) [Google Scholar] [CrossRef]
  85. Ning, Y. From Data Production to Data Circulation: A Double-layer Allocation Scheme for Data Property Rights. Chin. J. Law 2023, 3, 73–91. (In Chinese) [Google Scholar]
  86. Yao, J. Forming an Autonomous Digital Jurisprudence Theory. Guangming Daily (Theory Edition), 16 December 2024. [Google Scholar]
Information 16 01028 g001
Figure 1. Positioning of Enterprise Data Rights within the Property Rights System.
Figure 1. Positioning of Enterprise Data Rights within the Property Rights System.
Information 16 01028 g001
Information 16 01028 g002
Figure 2. Complete Operational State of Enterprise Data Rights.
Figure 2. Complete Operational State of Enterprise Data Rights.
Information 16 01028 g002
Table 1. Analysis of Typical Judicial Cases Involving Corporate Data.
Table 1. Analysis of Typical Judicial Cases Involving Corporate Data.
Case NameCase NumberCase ImpactJudicial Characterization of Data
Dianping v. AibangBeijing No. 1 Intermediate People’s Court (2011) Yizhong Minzhong No. 7512China’s First Case Involving Local Search PlatformsCompetitive Property Rights in Data Aggregates
Sina v. Maimai CaseBeijing Intellectual Property Court (2016) Jing 73 Min Zhong No. 588China’s First Unfair Competition Case Involving Big DataCompetitive Property Rights in User Data Information
Taobao v. MeijingHangzhou Intermediate People’s Court of Zhejiang Province (2018) Zhe 01 Min Zhong No. 7312China’s First Unfair Competition Case Involving Big Data ProductsData Products Possess Competitive Property Rights Interests but Do Not Constitute Property Ownership
KuMiKe App v. CheLaiLe App Unfair Competition CaseHangzhou Binjiang District People’s Court (2019) Zhe 0108 Min Chu No. 5049China’s First “Web Crawler” Software CaseIntangible Property and Competitive Interests in Data Collections
Tencent v. Juketong Company et al. Unfair Competition CaseHangzhou Binjiang District People’s Court (2019) Zhe 0108 Min Chu 5049China’s First Unfair Competition Case Involving Recognition of WeChat Data RightsUser Information Possesses Data Rights of Different Natures.
Ant Microloan v. Suzhou Langdong Network TechnologyHangzhou Intermediate People’s Court, Zhejiang Province (2020) Zhe 01 Min Zhong 4847China’s First Unfair Competition Case Involving Public DataCompetitive Rights in Public Data
Douyin v. LiujieHangzhou Intermediate People’s Court, Zhejiang Province (2020) Zhe 01 Min Zhong 4847China’s First Live Streaming Data Rights CaseCompetitive Property Rights in Live Streaming Data
Table 2. Overview of Perspectives on the Rights Protection Paradigm for Corporate Data.
Table 2. Overview of Perspectives on the Rights Protection Paradigm for Corporate Data.
Specific Rights FrameworkBasic CharacteristicsProtection Model
Property Rights FrameworkIntertwined “Separation of Rights and Exercising of Rights”Ownership Protection Model
Data Exclusive Rights Protection Model
Multi-tier Usufruct Rights Model
Intellectual Property SystemThe Clash Between Traditional and Emerging RightsTraditional Intellectual Property
Emerging Intellectual Property Rights
Scenario-Based Protection of Intellectual Property
Data-Specific Property RightsThe Interplay Between “Full Property Rights and Limited Property Rights”Specialized Property Rights
Separate Property Rights
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Hu, X.; Ding, W.; Fu, D. Exploring the Paradigm of Enterprise Data Protection: Constructing Enterprise Data Rights Under the Rightification of Behavioral Regulation. Information 2025, 16, 1028. https://doi.org/10.3390/info16121028

AMA Style

Hu X, Ding W, Fu D. Exploring the Paradigm of Enterprise Data Protection: Constructing Enterprise Data Rights Under the Rightification of Behavioral Regulation. Information. 2025; 16(12):1028. https://doi.org/10.3390/info16121028

Chicago/Turabian Style

Hu, Xiaowei, Wen Ding, and Deqian Fu. 2025. "Exploring the Paradigm of Enterprise Data Protection: Constructing Enterprise Data Rights Under the Rightification of Behavioral Regulation" Information 16, no. 12: 1028. https://doi.org/10.3390/info16121028

APA Style

Hu, X., Ding, W., & Fu, D. (2025). Exploring the Paradigm of Enterprise Data Protection: Constructing Enterprise Data Rights Under the Rightification of Behavioral Regulation. Information, 16(12), 1028. https://doi.org/10.3390/info16121028

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Article metric data becomes available approximately 24 hours after publication online.
Back to TopTop