Comparing Data Property Rights and Credit Reporting Systems in Asia-Pacific Countries

Since the emergence of digital economy, technologies such as the internet, big data and AI have undergone innovation at an increasingly faster pace and been integrated in various fields of economic and social development at a deeper level. As an important part of the social credit system, the credit reporting industry is playing a key role in the development of the digital economy. This article focuses on the data property rights and credit reporting systems in Asia-Pacific countries, explores the construction of the data infrastructure system in the credit reporting industry, and ‒ by analysing current challenges ‒ discusses China’s development path under the guidance of Twenty Articles on Data.

Challenges in building a data infrastructure system in the credit reporting industry

The construction of the data infrastructure system in the credit reporting industry is facing multiple challenges. At the macro level, the construction of the data property rights system is fairly incompatible with the traditional legal framework. The non-material aspect of data leads to a lack of exclusivity and raw data is difficult to incorporate into the IP protection system, owing to a lack of originality. At the micro level, credit data involves multiple parties, with complex ownership of rights and a lack of clear rules for profit distribution, which severely hinders data flow and value realisation.

In terms of application, data has both personal and property attributes. As such, it is necessary to co-ordinate data flow and privacy protection under regulatory frameworks such as the Personal Information Protection Law, which poses tough challenges to institutional design.

Data credit rights and credit reporting legal framework in Asia-Pacific countries

In the Asia-Pacific region, different countries have formed different data credit rights and credit reporting legal frameworks, each with their own characteristics.

Japan adopts the compromise mode in the governance of cross-border data flow. Japan’s Personal Information Protection Law has been revised several times, providing a fundamental legal framework for cross-border data flow. Japan has decided upon the quadruple compliance channels of “obtaining the consent of data subjects as the principle and three statutory exemptions as exceptions” and has decided to join international systems and agreements such as Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system to stimulate cross-border data flow.

South Korea has developed the “Three Laws for Data” system, comprising the Personal Information Protection Law, the Information and Communication Network Utilisation and Information Protection Law and the Credit Information Utilisation and Protection Law. Significant amendments to these laws in 2020 introduced the concept of “pseudonymous information” to identify the “grey zone” between personal information and anonymous information.

Among the key concepts enabled by these laws, the most featured is the “MyData” mode. This explicitly stipulates that information subjects have the right to download their personal information from financial institutions or enterprises directly or to demand that data processing agencies make their personal information available to third parties ‒ meaning that information subjects retain the decision-making power when it comes to their own data.

How China’s Twenty Articles on Data compares with the Japanese and South Korean modes

China’s Twenty Articles on Data creatively proposed a structural separation system for data property rights by establishing the “three-right separation” property rights framework ‒ comprising data resource holding rights, data processing and use rights, and data product operation rights ‒ for the purpose of resolving the data property rights dilemma by downplaying traditional ownership and instead focusing on the data use rights and their potential for circulation. In terms of the construction of the credit system in the data factor market, suggested mechanisms include incentives for trustworthiness, penalties for dishonesty, and improving the recognition of dishonest behaviour in data transactions.

Compared with China’s path, Japan emphasises transparent processes and informed subjects, and the guidance released by its Personal Information Protection Committee provides detailed operation regulations for cross-border data flow. China’s Twenty Articles on Data lays more stress on framework design, while the specific operation regulations are left to be improved.

Meanwhile, South Korea’s “MyData” highlights the right to data self-determination, with laws explicitly granting information subjects the right to directly manage, control and share data ‒ creating a contrast with China’s “three-right separation”. Generally, South Korea puts the accent on personal dominance, whereas China concentrates more on the structural division of rights and interests among all parties.

Future development prospects of China’s credit reporting industry

Based on the international comparisons and the guidance of Twenty Articles on Data, the future development of China’s credit reporting industry can be strengthened in several areas. In terms of data property rights utilisation, the range of data collected shall be expanded to include diverse data sources such as public data and enterprise data. It is also important to understand industry demands, innovate credit reporting products, clarify rules for scenario-based utilisation of credit data, establish credit data service licensing and regulatory mechanisms, and grant credit data subjects the right to be forgotten.

To foster trading market integration, it is necessary to push forward the interconnection of local credit reporting platforms and unify data standards and trading rules. In this regard, Japan’s cross-border data governance mechanism and South Korea’s credit information transfer right system both provide useful references for China in terms of establishing a unified data trading market.

When it comes to cultivating the ecosystem of access institutions, it is important to develop innovative application scenarios, upgrade credit services for SMEs and promote credit reporting platforms. South Korea has set lower capital requirements for “MyData” operators, which can be a good example for China to follow in cultivating the ecosystem of credit institutions.

In terms of strengthening security management, it is necessary to enhance technical protection, adopt the blockchain encryption technology, and develop new security technologies such as privacy computing. The comprehensive network governance framework provided by Japan’s Cybersecurity Basic Act is worthy of reference for China’s credit industry.

Outlook

The practices in Asia-Pacific countries have revealed a common trend: under the premise of ensuring data security, data value can be released through property rights innovation, circulation mechanism reforms, and personal empowerment. Japan’s detailed regulations for data governance and South Korea’s self-determination mode with regard to personal data provide China with multidimensional reference points.

The future of the credit reporting industry lies in seeking a balance between security and development, as too loose management will lead to privacy risks and too tight management will obstruct innovation. China’s Twenty Articles on Data has pointed out the way ahead and the next step is to continually deepen the system details and technical standards. Only with such understanding can progress be made in terms of digital innovation.