China’s Supreme Court releases six Guiding Cases on data rights providing insights for corporate counsels
In August 2025, China’s Supreme People’s Court (SPC) issued the 47th Guiding Cases, six decisions representing the latest judicial guidance for legal disputes in the technology, data, and internet sectors. This release is the first time the SPC has issued Guiding Cases on the judicial protection of data rights and interests, which directly addresses the legal friction now emerging in China’s fast-evolving digital economy. The six Guiding Cases involve unfair competition in data utilisation, protection of personal information, enforcement of online account rights, and liability for unauthorised data collection. Because Guiding Cases steer lower-court adjudication, they provide guidance and insights on compliance for companies operating or holding data in China.
The six cases
1. A Technology Co., Ltd. v. B Culture Media Co., Ltd.
Summary: Unauthorised large-scale scraping of another platform’s short videos, user data, and comments and providing this data to the public but substantially substituting the original platform’s products or services and disrupting the market competition order, was ruled unfair competition. The online platform operator’s business interest deriving from its curated dataset should be protected.
Takeaway: Platforms may invoke the Anti-Unfair Competition Law to protect curated datasets that do not qualify as traditional “works” for copyright protection or trade secrets.
2. A Network Information Technology Co., Ltd. v. B Information Technology Co., Ltd.
Summary: Where a network platform provides services allowing users to transfer their own data from another platform to this platform, such services do not constitute unfair competition, provided that:
- user authorisation was explicit;
- processing stayed within reasonable, expected bounds; and
- the market competition order was not disrupted.
Key takeaway: Platforms may design APIs and migration tools to enhance user experience and collect user data provided the applicable personal information protection laws are followed.
3. A Steel Co., Ltd. v. B E-commerce Co., Ltd.
Summary: Factory prices publicly disclosed by manufacturers were deemed outside the scope of trade-secret protection. A data processor may lawfully collect, standardise, and commercialise such public information.
Takeaway: Companies in business in the traditional sectors should take into account the value and commercial potential of their data in light of today’s technological advancement, and carefully consider and segregate confidential data to prevent it from entering into the public domain. For technology companies, Chinese courts tend to protect the free movement of data and emphasise that in order to prevent “data barriers”, excessive control should be avoided except for statutory reasons.
4. Luo (INDIVIDUAL) v. A Technology Co., Ltd. – PI collection on education platforms
Summary: For educational platforms, only the mobile phone number was considered “essential” to provide basic education-platform services. Forced bundling of additional profiling fields (e.g. occupation, English proficiency) without a “skip” option invalidated user consent.
Takeaway: This case demonstrates the judiciary’s protection of personal information. PI controllers should audit registration flows to ensure optional fields are truly optional or demonstrably essential.
5. Huang (INDIVIDUAL) v. A Credit Management Co., Ltd.
Summary: For a platform with the services of “Buy-Now-Pay-Later”, collecting credit-worthiness data was held to be as “necessary for contract formation or performance,” provided disclosures are conspicuous (i.e. bold, coloured text) and opt-out mechanisms exist, and that the information collected complies with the principle of minimal necessity. In this event, such information collection does not constitute infringement.
Takeaway: credit-service providers can rely on necessity grounds, but only after robust, front-loaded transparency and minimal-scope collection.
6. A Cultural Media Co., Ltd. v. You (INDIVIDUAL) – enforcement of a court order for online account delivery
Summary: When a court ruled that an online account was owned by the Plaintiff and ordered the Defendant to deliver the online account to the Plaintiff, the Defendant’s delivery of the password is insufficient. The Court held that effective “delivery” of an online account requires transfer of real-name authentication and bound mobile numbers in addition to passwords, and requested the online platform to assist in changing the account's real-name authentication information.
Takeaway: When drafting agreements that contemplate handover of social-media or e-commerce accounts, specify the handover of identity credentials and anticipate judicial enforcement steps.
Conclusion
These Guiding Cases illustrate the balance that China intends to achieve in approaching issues arising from its digital marketplace within the relevant legal framework. China encourages lawful data flows and innovation while combatting opportunistic scraping, coercive personal information practices, and account-management abuses. Companies operating in China can treat the decisions in the Guiding Cases as benchmarks for policy revisions, contract drafting, and dispute-resolution strategies.
If you have any questions or would like information on the obligations of businesses handling data in China, , contact your CMS client partner or these CMS experts: Jonathan Chu, Mengyi Chen, Anqi Qin or Tana Bao.
