Location : Home > Resource > Paper > Theoretical Deduction
​Xu Tianxi | The Reciprocal Logic and Trust Mechanization of Personal Data Utilization in China
2024-05-23 [author] ​Xu Tianxi preview:

[author]​Xu Tianxi


The Reciprocal Logic and Trust Mechanization of Personal Data Utilization in China

*Author Xu Tianxi

PhD student at Kouguan School of Law and research assistant at China Institute for Socio-Legal Studies of Shanghai Jiao Tong University

Abstract: At present, the informed-consent utilization system is the main link of Chinese citizens' personal information entering the scene of data use and circulation. The system does not currently regulate the use of personal data. Through the method of interests reduction, it can be seen that the main reason is that it is not ideal to reconcile the conflict of data interests between the data subject and the data controller. The legal hermeneutic models of protection of personal information right “do not respond properly from the theoretical level. On the one hand, they do not realize that to meet the personal interests and economic interests of data subjects and data controllers respectively, it is necessary to effectively take into account the three legal values of person al information security, data benefit development and fair distribution of data benefits at the normative and institutional levels. On the other hand, it fundamentally starts from the promotion of efficiency, explains and adjusts the system arrangement and operation according to the logic of property rights allocation to achieve mutual benefits and win-win situation. The conception of reciprocal personal data utilization explores the reciprocal legal values system of personal data and its trust mechanism, which is the moral basis of our country's data legal norms. It also puts forward the concept of “core interest” of personal data and the reciprocal logic of value convergence, in order to overcome the logic of mutual benefits and property rights allocation, which is limited to specific legal interests and insufficient normative force. It uses the interpretation method of the personal data trust to explore the reciprocal trust of the informed-consent utilization system and the obligations of the data law, and pays special attention to the f air distributions of personal data benefits under various data utilization scenarios.

1. The dilemma of the "informed consent" utilization model of personal data: based on the restoration of data benefits

China is striving to develop a new economic form with digital industrialization and industrial digitization as the primary driving force. One of the extremely important tasks is to achieve the digitization, element transformation, and even industrialization of personal information, as they all rely on the reality of full sharing of personal data, after all, personal data is the "raw material" of the digital process. China has introduced a series of specialized laws on personal information protection, data security, and network security, which can be said to provide legal basis for the development and utilization of personal data. But the problem is that even if these regulatory legal norms are used to legalize and institutionalize the use of personal data, we cannot effectively integrate the various life periods of data collection, organization, analysis, use, and transfer. As the most important public good in political society, the primary function of law is to determine and stop disputes. So we need to rely on these data legal norms to clarify the interests and internal disputes of all parties, promote the rational use of personal data, and promote the long-term development of China's digital economy.

Firstly, it should be declared that the fundamental concept used in this study - personal data - does not exist in the current data legal norms in China. However, in the perspective of theoretical exploration, there is a conceptual referential connection between it and the subject matter (personal information, data) referred to in legal acts. For the convenience of writing and to avoid misunderstandings, the following text first defines the connotation and extension of the concept of personal data.

1.1 The concept and classification of personal data

As the name suggests, personal data is the digitized existence of personal information. Using an equation is more intuitive:

Personal data=personal information (content)+data (form)

On the one hand, personal information here exists in electronic storage devices and can be accessed through specific information processing technologies with power support. Personal data is a binary bit format arranged in a specific order of 0 and 1, with information technology attributes such as encryptability, modifiability, transferability, replicability, excavatability, and deletability. Due to these digital characteristics, personal data has completely different characteristics from the material property pointed to by traditional property rights, such as non-entity, non-exclusivity, simultaneous utilization, and factual representation. It is also different from the intellectual labor achievements pointed to by traditional intellectual property rights, because it does not possess or mainly reflects human intellectual creativity. On the other hand, personal data here, whether it is a single item or a collection, should have "recognizability", that is, after reading, it can be associated with specific data subjects (usually natural persons). It includes but is not limited to the name, gender, date of birth, identity, occupation, home address, contact information, economic income or assets, health status, consumption habits, biological characteristics, illegal records, medical records, and others of a specific natural person. Because some of this information is sensitive in social interactions and even belongs to private content, personal data usually carries the personal interests of related parties.

Personal data can be further differentiated according to the nature of usage needs. Firstly, based on the importance and privacy of the specific subject situation reflected in the data, it can be distinguished into general personal data and sensitive personal data. Secondly, according to the different registration and usage behaviors of individuals on online platforms, personal data can also be divided into metadata and usage data. Thirdly, based on the legal identity of the data controller and the purpose of data use, personal data can be classified as enterprise data and public data respectively. It should be noted in advance that this article starts from the background of data value and industrialization, mainly examining the collection, utilization, and benefit distribution of personal data as enterprise data between data subjects and data controllers. Occasionally, when discussing the use of personal data in the context of administrative management and providing social services, it refers to public data. The latter is not discussed as a model for personal data in this article. Of course, the rational utilization of personal data in public data is also closely related to the theme of this article.

1.2 Practical difficulties in realizing personal data benefits

Personal data benefits are rich in content and diverse in form. The data subject enjoys personal interests in their personal data, including free choice, privacy independence, and dignity equality. There are also economic benefits in the use and circulation of personal data, and in fact, they are occupied by data enterprises or platform economies. From representative legislative examples abroad, there is debate about the goal of safeguarding personal data interests. For example, the United States emphasizes the development of a data economy (efficiency), while the European Union places greater emphasis on the self-determination and equal protection (security) of data subjects. In the California Consumer Privacy Act (CCPA) enacted in 2018, the state of California in the United States adopted a negative protection of "opt out" for data subjects. Data subjects must resist the fair use behavior of data control companies by explicitly indicating "do not sell my personal information". In the General Data Protection Regulation (GDPR), the EU adopts an "express accession" protection method, and data control enterprises must obtain the right to reasonable use of their personal data by obtaining the explicit consent of the data subject. The attitude of scholars in the field of data law in our country towards this value balancing issue is at least inclusive, believing that maintaining the personal interests of data subjects is a prerequisite for promoting the development of personal data benefits.

The "informed consent" system usually includes one of the "user agreements" and "privacy policies", and is currently an important way to coordinate privacy security and information value. On the one hand, it maintains the independent choice of data subjects in using their personal information and protecting privacy by stipulating that users need to express their consent to the controller's reasonable use of behavior; On the other hand, it starts from the actual unequal status between data subjects and data controllers (such as technology, capital, and supply-demand inequality), emphasizing the "package" nature and post accountability of agreed content, which is in line with the "C&M Framework" to reduce transaction costs. Specifically, massive personal data is a production factor with value for exploration and exchange. Due to the multitude of scenarios and purposes used, it is unrealistic for the state to price personal data, so it can only promote the maximization of social wealth through price mechanisms and market regulation. Because personal data can only be voluntarily provided by the data subject, the "informed consent" system logically assumes that the data subject has a "natural right" over their personal data and can trade with the data controller. Furthermore, due to the fact that many data subjects do not have the ability to negotiate with data controllers regarding the transfer of their personal data in practice, and the products or services provided by the latter (as exchange value) meet the production and living needs of data subjects, this system, for the sake of facilitating transactions, stipulates the content and remedies of consent. But this cannot make us ignore its shortcomings in regulating the conflicting interests of data subjects and data controllers, which are reflected in the following aspects:

Firstly, there are difficulties in realizing the value of personal data exchange. In fact, the "informed consent" system between data subjects and controllers cannot promote the development of economic benefits - it is inefficient. From the user's perspective, providing personal information to the platform is only a prerequisite for enjoying the corresponding service, and the consideration here is the service itself, not including other economic benefits; We only view "barter" as a transaction at the fundamental level. In addition, formal format clauses have not effectively solved the problem of unequal transaction status between the two parties, nor have they guaranteed the self-determination of data subjects. According to the usual understanding in the current theoretical community, the natural right mentioned in the previous paragraph refers to this type of self-determination. But from the perspective of institutional economics and Coase's theorem, they are by no means property rights: personal data property rights should be allocated to data controllers who can maximize the value of personal data. So the right presumption logic of the "informed consent" system does not care about ownership or data controllers. However, this system actually satisfies the proposition of Coase's theorem: the presumption of rights does not hinder the advantageous position of data controllers in the "informed consent" system, and only when the data subject is logically predetermined to enjoy this right can people recognize that data controllers have obtained legal rights to personal data through this system. Some argue that this advantage is simply a reason to obtain reasonable exemption from data collection and use from data subjects in order to promote the commercial utilization of data. In summary, the "informed consent" system uses the presumed autonomy of data subjects as the legal basis for enterprises to obtain data property rights through transactions. It attempts to make us accept an unreasonable situation: the de facto unequal status of data subjects and data controllers. "Big data killing" disdains the equal trading identity of relevant data subjects and infringes on their fair trading rights, which is an example.

Secondly, there is unfair competition among data controllers who crawl user personal information and use data without the consent of the actual controller and without the knowledge of the data subject (such as the "Weibo v. Momo case" and "Dianping v. Baidu case"). There are also advantageous enterprises as data controllers who abuse their market dominance and implement monopolies. Undoubtedly, crawling behavior does not lead to the appreciation of personal data, while monopolistic behavior and dominant position themselves can inhibit fair trade and market allocation efficiency. In addition, they will also affect the willingness of data subjects to access and utilize personal data by enterprises or platforms.

Thirdly, there are also many difficulties in realizing the value of personal data usage. The algorithmic dictatorship and precise push based on analyzing and mining personal data also impose unreasonable restrictions on the personal freedom of choice of data subjects, as a series of usage data generated in subsequent services have long been designed, and data subjects become the "data miners" of platform enterprises. Another reason is that due to illegal data leaks, the resulting precision fraud and private transactions put the personal and property security of data subjects and their fair distribution rights of data interests in a situation of being violated anytime and anywhere. The post accountability method mentioned earlier is not effective in addressing the risk of leakage here. In short, the "informed consent" system's maintenance of unequal status in facts will inevitably lead to the above-mentioned difficulties in the utilization of personal data.

In the author's opinion, some of the current practical difficulties that have emerged are due to the failure of parties to form mutually beneficial personal data utilization relationships under the separation of interests, while others are due to the lack of trust between people and their defense, isolation, and estrangement from each other. If we can further stimulate mutual favor and trust between data subjects and data controllers in the use of "informed consent" personal data, we should be able to promote the full sharing and beneficial development of personal data. This may sound quite attractive at first, but it is only at the practical and intuitive level. We should first examine the academic analysis and response of the current influential discourse on the protection of personal information rights to the aforementioned practical challenges.

2. Analysis and Reflection on the Hermeneutical Paradigm of "Personal Information Protection Rights" Law

The existing theories that adopt the approach of "protecting personal information rights" mainly prove the legitimacy and moral legitimacy of the "informed consent" system from the concept, position, and logic of sharing, and propose suggestions for further improving the system. Although the theory of personal information rights is essentially a legal discourse on personal data governance, its concept of autonomy and empowerment logic have not surpassed the utilitarianism and logical drawbacks of property rights allocation behind the "informed consent" system.

2.1 Existing theories on the protection of personal information rights

Many views advocate granting data subjects the right to personal information to safeguard their information interests, and recognizing and regulating it as a new type of personality right different from traditional privacy rights in the Civil Code. The intention of this right is to safeguard individual freedom of information; As a "bundle of rights", it includes specific rights such as "copying, accessing, modifying, correcting, deleting, and restricting processing" on top of the three fundamental rights of "right to know", "right to agree", and "right to delete". From a private rights perspective, the legal interests protected by personal information rights are typical negative freedoms of data subjects. But its exercise method is also positive, advocating that the data subject has participatory and supervisory rights in processing and usage behavior. Of course, empowerment advocates also acknowledge that the right to personal information is "limited" because public interest or common good is an external constraint on its reasonable exercise, meaning that the data subject's right cannot generate exclusive control over their personal data.

It is not difficult to find that the logical starting point of this theory of private rights protection is that personal information carries important personal interests, and this personal interest is different from privacy interests. But they seem to have paid little attention to how personality interests contain the most striking economic interests of the moment, and how to balance the protection of these two interests. However, we know that after the data subject provides personal information, the economic interests attached to it are preempted by the data controller. Can enterprises propose data rights based on their own processing behavior for the user dataset they possess? Perhaps seeing this issue, as a opposing protective perspective, some argue that the interests of personal information controllers are used to counter the personal interests of data subjects. From the perspective of maximizing overall utility, it views the opposing relationship between individual self-determination and social benefits on personal data, emphasizing the legitimacy of ensuring data circulation and data value. The collection behavior should be loosely regulated, the processing behavior should be strictly regulated, and the storage and disclosure behavior should be more strictly regulated.

2.2 Reflection and Reconstruction

Recognizing the right to personal information is essential for promoting the rational use of personal data and stimulating data efficiency, but this does not fully and effectively address the practical challenges mentioned earlier.

Firstly, granting personal information rights to data subjects does not directly respond to the practical needs for the development and benefits of personal data. From a practical perspective, the exercise of personal information rights by data subjects can indeed ensure the authenticity, validity, and even stability of personal data in the process of data circulation and utilization, and maintain data quality. However, this does not directly promote the growth of the economic value of personal data. The economic value enhancement of personal data depends on two aspects: firstly, the quality of personal data, the content it contains becoming richer and more refined with the user's usage behavior, the portrayal of user portraits and behavioral preferences becoming more refined, and personal data has more commercial analysis value; The second is the quantity of personal data. The larger the amount of personal data gathered, the more valuable it is for data controllers to predict the market and trends. The supervisory significance of the exercise of personal information rights by data subjects seems to be only related to the first point. Granting personal information rights to data subjects can meet the preset prerequisites in the logic of property rights allocation, but due to the inherent limitations of property rights allocation logic, this cannot constrain the superior position and strength of data controllers, nor provide a defense of legitimate sources for the latter to obtain possession, use, and distribution rights of personal data. Furthermore, from the perspective of legal economics, the protection model of personal information rights has not responded positively to the institutional value of the "informed consent" system in promoting economic benefits; Of course, in the perspective of property rights allocation as the underlying logic of personal information utilization, it is interrelated.

Secondly, although the theory of personal information rights prioritizes individual data subjects who are in a disadvantaged position, the methods of empowerment and the perspective of autonomy of will cannot make user agreements and privacy policies the result of fair agreements between data subjects and data controllers. This is manifested in two aspects: firstly, as has been demonstrated in practice, the right of data subjects to personal information does not necessarily benefit their privacy security and sensitive information protection; Secondly, granting personal information rights cannot effectively constrain the capital and technological advantages of data companies and platforms as data controllers, and the effectiveness of contract regulation methods is very limited. We can see that the data controller, relying on the deep logic of the above "informed consent" system, is "as stable as Mount Tai", and its goal of pursuing economic benefits is always priority.

Finally, examining the moral concepts behind empowerment theory, moral legitimacy relies on the classic negative concept of freedom, that is, prioritizing the protection of moral subjects from external "coercion" and free choice between private and public subjects. The law recognizes the autonomy of citizens and safeguards the self-discipline of data subjects. But these theoretical statements do not provide further defense for the socio-economic conditions on which the integrity of negative freedom depends. The connotation of fairness involved in the second criticism above urgently needs to be expanded. We need to move from defending the fair contractual relationship between data subjects and data controllers to promoting fair protection for data subjects to obtain their rightful share of benefits from the process of data industrialization.

In summary, the theory of personal information rights is lacking in promoting the economic benefits of personal data and promoting fair distribution of data benefits. To some extent, this is related to the theory's focus on maintaining the dignity and autonomy of data subjects. Even under the theory of personal information rights, researchers have significant differences in the fundamental value orientation of legal adjustments to the rational use of personal data. Some views suggest that addressing the challenges of personal data governance requires a proper balance between protecting personal information rights (security), promoting the free flow of information (efficiency), and maintaining the public interest (order) of data regulation. These three aspects should be appropriately balanced in the data law principle of "fair use of data". Some scholars also advocate that the core of solving the problem should be to coordinate the relationship between personal information protection ("control theory") and commercial utilization ("sharing theory"). For example, a specific solution is to use personal information rights as the premise and foundation of (enterprise) data property rights, and data subjects always retain the right to their personal information - security is the foundation of efficiency, and the latter is embedded in the former.

The above personal data values mostly adopt the basic positions of interest theory and consequentialism. They tend to analyze the potential benefits and cost-effectiveness of various governance models. If a structural relationship of coordinated and integrated values cannot be provided, and the moral basis on which this structure relies cannot be explained clearly, the legal governance of personal data will be a constantly updating and repeatedly playing "governing skill", and it cannot be distinguished from the governance discourse dominated by utilitarian moral concepts and statistical thinking.

Therefore, when conceptualizing a personal data utilization relationship that neither the data subject nor the controller can reasonably reject, we should abandon the "profit oriented" utility evaluation policy. At least a rough value structure can be summarized, which means that the utilization of personal data should be coordinated with the protection of personal information security, the development of data economic benefits, and the maintenance of public interests. Of course, "roughness" means that the confrontation between the three is very strong, and it is difficult to coordinate with a transcendent moral perspective (such as fair utilization). The author believes that what is truly important is to grasp the common denominator between personal information security and the promotion of economic benefits, which are two of the many value theory viewpoints, and to discuss them as the core. On the one hand, the independence and self-determination of personal dignity behind personal data security are clearly opposed to the value of efficiency; On the other hand, the right to equality behind personal data security also conflicts with the value of efficiency. Regarding these two points, existing research has accurately pointed out that people's demands for personal data rights are basically reflected in the development from privacy interests to property interests.

The key to deciphering this binary opposition is to identify the value of "connectivity" between them. The fair distribution of personal data benefits (as a value of the data law system and its regulations) is an important dimension of the interaction between data subjects, data processors, and even social managers that scholars pay less attention to. The fair distribution of benefits is beneficial for maintaining the personal information security and autonomy of data subjects, and of course, it can also provide institutional support for further stimulating the economic benefits of data. Of course, there may be conflicts between the value of personal data security and the value of fair distribution. For data controllers who have already taken advantage of the data, it is not easy to demand that they provide a fair share of the benefits to the data subject. In addition, the current fair distribution mechanism of data benefits in China is not yet sound, and the "barbaric growth" of the overall wealth of the data economy cannot be denied. So, although fair distribution is related to conflicting safety and benefits, it is both adversarial and indirect, and its linking function is not satisfactory.

Speaking of which, it is inevitable to be pessimistic: can we still adhere to a normative personal data value theory in the increasingly complex digital society? Can the modern rule of law concept with equal rights protection as its core address disputes that are essentially value conflicts in the use of personal data? The author firmly believes that the answer is yes, and we can provide a concept of "reciprocal utilization of personal data" as the answer. This concept uses "reciprocal trust" as the moral basis for the rational use of personal data between data subjects (natural persons) and data controllers (enterprises and governments), and the three sets of adversarial values are effectively mitigated and even integrated through this moral tendency. It does not judge success or failure based on results, but instead focuses on the process of the communicative subject providing convincing reasons to others - as public reasons in the legal system of reciprocal data. At the same time, this concept provides an appropriate method for people to understand and explain the public reasons they collectively appeal to, namely personal data trusts, where people find the possibility of integrating various reasons into each other in mutual trust.

3. Reciprocal Trust and Data Law Value Structure in Personal Data Utilization

Reciprocal trust is a key factor in achieving reciprocal utilization of personal data between data subjects and controllers. As a data utilization concept with ethical significance, the connotation of reciprocal utilization of personal data is not easily fully explained. In the author's opinion, in order to provide a relatively convincing intuitive impression here, at least the following theoretical difficulties need to be addressed in sequence: first, what does "reciprocity" refer to? What are the drawbacks of the well-known logic of mutual benefit and property rights allocation? To what extent is reciprocity different from them? Next, we need to analyze at what level the concept of reciprocal utilization of personal data can be established, that is, the value integration structure of data methods and the trust conditions of their normative power. What is the fundamental significance of reciprocity and its value integration logic in the utilization of personal data? Finally, we also need to explore the interpretability of the concept of reciprocal personal data utilization at the practical level.

3.1 The logic of mutual benefit and property rights allocation is not advisable

Reciprocity is a normative and practical attitude towards the current dilemma of personal data utilization in China. Rawls believed that it lies between the two human behavioral motivations of "mutual benefit" and "justice". Compared to the essentially altruistic justice, reciprocity believes that rational communication subjects do not stand on a universal "non personal standpoint", but seek to achieve cooperation and consensus on the premise of respecting the interests of each person and pursuing differences. More importantly, reciprocity should be distinguished from "mutual advantages", which are often equated and used in conjunction - mutual benefit. Mutual benefit is the reason used by the subject to prove the legitimacy and acceptability of their intention or behavior. There is a significant commonality with self-interest tendencies, which also focuses on the interests of the subject rather than others, but further emphasizes the exchange and equivalence of interests between different subjects.

It is not difficult to see that anyone who adopts a consequentialist or balance of interests perspective will accept the moral motivation of mutual benefit. They weigh the value (unit utility) reflected by various interests in maintaining a mutually beneficial relationship, and prioritize the protection or realization of important values in order from large to small and from many to few, while striving to balance secondary values. Of course, evaluation and balancing are carried out in specific practical situations. When smaller loss of benefits (such as infringement of individual rights) shatters a promising prospect with widespread impact (such as industry restrictions or a decline in total social wealth), then the former should naturally be replaced by the latter. In other words, in the process of using law - political intention or judicial policy - for social governance, a mutually beneficial "cost-benefit" comparison and value balance strategy will inevitably undermine the rule of law and infringe upon the institutional character of the latter in equally safeguarding civil rights. In the author's opinion, the approach to protecting personal information rights mentioned earlier fundamentally points to mutual benefit, because granting data subjects the right to process personal information, although prioritizing human dignity, self-determination, and equality, is unable to correct the fact that economic interests have actually been occupied by data processors because it follows the logic of property rights allocation. That is to say, the protection model of personal information rights promotes the exchange and mutual benefit between data subjects and controllers in terms of personal dignity, self-determination (normative level), and economic benefits (factual level). It acknowledges the unequal advantages of data processors over data subjects in terms of institutional allocation of rights and protection of legal interests. The protection model of personal information rights has fallen into the "mutual benefit trap" of property rights allocation logic, and the "bait" is actually the subject dignity and self-determination it intends to defend.

3.2 The Mutual Integration and Stability of Personal Data Value

The reciprocity we are discussing here is precisely to challenge the "orthodox" status of mutual benefit. Reciprocity is the moral character that requires oneself to replace and serve as a public norm and establishment, only when one sees the undesirable legal instrumentalism of mutual benefit. Reciprocity does not only focus on the equivalence and exchange of various interests, but also emphasizes that people, as equal subjects of communication, respect each other's core interests, and accept and trust each other through appealing to public norms as reasoning intermediaries.

Firstly, reciprocity promotes the rule of law from a legal standpoint. Although the important function of law is to distinguish and stop disputes, its fundamental value lies in the "equal care" emphasized by Dworkin, which means that different value demands do not have public trade-offs and trade-offs on the level of equal rights. This legal purpose runs through the entire process of distribution, protection, and relief of rights. Secondly, reciprocity is a reasonable integration of various value reasons in the establishment of public law. The public nature of data law is reflected in the integrated relationship of political values such as personal data security, data benefit development, and fair distribution of data benefits: based on mutual security value as the core, benefit value as the purpose, and fair distribution value as the condition. The utilization of personal data should start from promoting data security, in order to obtain legitimacy. The sharing and value of personal data is the main purpose of personal data utilization at present, but the realization of this purpose requires the fair distribution of data benefits on a reciprocal basis. Data law, as a "public reason", is a necessary condition for various subjective reasons to communicate and accept each other. People care about the core data interests and demands of others in their positions as equally important interlocutors. In order to further clarify the important characteristics and connotations of reciprocity and its value integration logic, it is particularly noteworthy that the descriptive dimensions include five aspects of logical progression. In these five aspects, a comparison between reciprocity and value integration logic, as well as reciprocity and property allocation logic, can be found in Table 1.

By summarizing and comparing the above five points, we can reach a different understanding of the essence of data law: the legal regulatory system for reciprocal data should be a stable "overlapping consensus" rather than an unstable "temporary agreement". Reciprocity is a conditional commitment made by people to just norms. This is of course conditional, that is, it only holds true when other legal subjects also recognize the rationality of the constraint and consciously abide by it. The practical attitude of data subjects and controllers towards the legal value system of reciprocal data depends on the "sense of justice" of citizens in political society, as stated by Rawls - that communication subjects consciously maintain a just system and urge others to practice it. So, how do we imagine that data subjects and data controllers can maintain reciprocal personal data utilization relationships out of a sense of justice? This structure is substantially accepted as a common good due to its equal care for the data core interests of both parties, and is a public reason that they resort to each other and cannot be reasonably rejected by others. In this way, the legal system of reciprocal data has gained the "focus" of subject trust due to its public nature and effectiveness, and it is an important normative carrier of public trust. It has universal persuasiveness in terms of stability, coordination, and regulating the reasonable expectations of all parties. As a result, data subjects and data controllers can develop a sense of trust in each other's compliance with data laws and recognition of reciprocal value integration structures. And this sense of trust, in turn, maintains the effectiveness of data legal establishment.

4. The Legal Interpretation Method of Reciprocal Trust Concept: Personal Data Trust

4.1 Reference Resources: Data Trust Theory

The concept of reciprocal use of personal data relies on a moral legal interpretation method, which I refer to as "personal data trust". Its proposal benefits from the increasingly popular "data trust" in recent years, which is a data management approach that solves the contradiction between privacy protection and data utilization. Of course, there is a significant difference between the personal data trust envisioned by the author and the data trust here. However, before starting the discussion, it is necessary for us to briefly examine the data trust theory as a reference resource.

The basic concept of data trust theory was first proposed by American constitutional scientist Jack M. Balkin, who emphasized that the data controller is the "information trustee". There are currently two representative views on the specific discussion of data trusts. One is to emphasize building trust. The Open Data Institute (ODI) in the UK is attempting to propose an independent and entrusted data management structure that runs through the stages of data collection, analysis, and circulation. This concept achieves the trust of data subjects in the data controller's use of their personal data by clarifying the fiduciary obligations and responsibilities of the trustee. The second is to emphasize third-party data control rights. British scholars Sylvie Delacroix and Neil Lawrence proposed a legal relationship for data trusts with data control rights as trust property. They pointed out that through bottom-up data trusts, data trust institutions can replace data subjects and data controllers in a technology-based and even capital based confrontation, changing the unequal relationship between the latter two.

The data trust theory proposed by ODI follows the traditional logic of British and American property law, viewing data as a valuable thing, and by setting up the identity of data trustees and their fiduciary obligations, making personal data the subject of trust from data subjects to data processors. This seems to have predetermined mutual trust and cooperation between data subjects and controllers regarding the privacy protection and value development of personal data. The bottom-up data trust theory is relatively pessimistic: since the fact that there is a huge disparity in strength between countless independent natural persons and massive data enterprises is established, and the business motivation of maximizing profits is inevitable, it is necessary to seek third-party institutions as public trustees to counter the natural advantages of enterprises. The core strategy here is not to seek cooperation but to balance power, so supporters do not envision personal data itself as a trust, but rather focus more on the continuous gathering of control over public data and the struggles it represents.

4.2 Using data benefits as the "trust property" in the explanatory logic

The author believes that each of the different considerations regarding the subject matter of trust has its own rationality, as they can provide a logically consistent theoretical explanation for the legal governance of personal data. However, compared to the personal data trusts advocated in this article, they are more like policy recommendations and institutional analysis at a specific level, as their respective focus is on building a legal system for personal data management. And personal data trust is by no means a realistic planning scheme, it is a legal interpretation method that adapts to the legal value system of reciprocal personal data. Since the value ontology focuses on the core data interests of all parties involved in the utilization of personal data, the interpretation method of personal data trust advocates that the normative basis for reciprocal trust is the current data law norms and corresponding systems, including personal information processing rights, data property rights, and the "informed consent" system; The reality is based on the interconnected data interests of all parties. The purpose of explanation is to inject and demonstrate reciprocal trust into the norms of data law and the "informed consent" system, so the "subject matter" it concerns is naturally related to legal interests in reality, while the ultimate goal or moral root is the three core interests of personal data: safety, efficiency, and fair distribution. In short, its adjustment and protection of various legal interests and personal information rights involved in data law norms are based on equal rights and ends.

Personal data is not the subject of a data trust. Some scholars have criticized the rationality of introducing the doctrine of fiduciary duty into data law theory from the perspective of the principle of independence of trust property. On the one hand, the act of data subjects entrusting their personal data to data controllers does not have significant economic significance. The economic value (analysis and prediction functions) of individual personal information is actually negligible, and it is difficult to imagine that data controllers, due to their possession of facts and utilization behavior, have to fulfill fiduciary obligations far stronger than legal obligations for the relevant data subjects - as seen by the trustee in traditional trust legal relationships. On the other hand, if identifiable personal data held by the data controller is jointly owned by both parties, personal data does not have independence. The author also agrees with this. After all, personal data has the characteristics of replicability and difficulty in property rights confirmation, and cannot become independent property in traditional trust law theory, whether in its own attributes or legal attributes.

Treating personal information rights as the subject matter of data trusts is also unacceptable. Some readers may ask, since the Personal Information Protection Law of the People's Republic of China (hereinafter referred to as the "Personal Information Protection Law") clarifies the rights of individuals in personal information processing activities in a special chapter, why do we not accept the perspective of bottom-up data trusts? In the author's opinion, the right to personal information includes two aspects: the right to choose independently as a negative freedom free from interference by data controllers, and the right to obtain a fair share of personal data benefits as a positive freedom. This can prove the right to personal information as a new type of personality right, as the current situation of personal data utilization in society satisfies the so-called "domain proposition". Therefore, the right to independent choice and the right to fair distribution are moral conditions derived from the basic rights of citizens to the right to personal information. Since the right to personal information is a concrete manifestation of a citizen's basic right, it is also easy to understand the reason why this new type of personality right cannot become the subject of trust: we should not entrust the dignity and equal rights (including specific ways of behavior) of citizens to other citizens. We can only find ways to make the collection, use, and transfer of personal data demonstrate the recognition and maintenance of each other's dignity and equal status by the data subject and data controller, which inevitably requires mutual trust. Using personal information rights as the subject matter may be a little useless.

4.3 As a legal interpretation scheme adapted to different personal data utilization scenarios

As early as 2016, data trust products with data assets as the trust object, jointly issued by AVIC Trust Company and Datang Company, appeared in China. Since the publication of Balgin's paper, it is not difficult to find that the institutionalization of data trusts is the mainstream opinion through theoretical exploration abroad and the formulation and mechanism exploration of some countries. The specific concepts of existing data trusts can be broadly divided into two types: a two party trust relationship where the data subject can be either the principal or the beneficiary (trust between the data subject and the data controller can provide more thorough and efficient personal privacy protection), a tripartite trust relationship consisting of the data subject (as the beneficiary), the data user (enterprise, as the trustee), and a third-party public or private legal person (as the principal). This design not only effectively safeguards personal privacy, but also further reduces the high transaction costs caused by information and status asymmetry between individuals and enterprises, promoting the circulation value and economic benefits of personal data. If the third party is represented by a public legal entity or a specific social organization, it can also play a beneficial role in promoting social supervision, maintaining transaction order, and protecting fair returns for data subjects.

These studies focus on the practical level of data protection. However, due to their different problem awareness and relatively one-sided nature, they are unable to provide a comprehensive data trust solution. The interpretation method of personal data trust aims to provide theoretical reflection on various existing data trust governance models and attempt to carry out fundamental theoretical reconstruction. When theoretical assignments are detached from the constraints of real-life scenarios, we can expect to achieve a complete and integrated perspective. As a legal interpretation method, it does not insist on analyzing and exploring universal data governance mechanisms. Moreover, defining the style of reciprocal trust relationships is far less important than defending reciprocal trust in relationships. So, we can describe the specific ethical forms of personal data utilization legal relationships in a targeted manner according to the needs of real-life scenarios: reciprocal personal data utilization relationships and their trust conditions may depend on two or three parties in different scenarios.

As mentioned earlier, the interpretation method for reciprocal personal data trusts considers that the trust subject matter is the legal and core interests above personal data. The former is embedded in the latter, and the latter is morally recognized through equal protection of the former by law. Because the interpretation method of personal data trust adopts an abstract and interest restoration analysis perspective, it is completely different from various data trust theories: it is used to explain the reciprocal trust between data subjects and controllers in the obligation provisions of data law. After fully elaborating on the moral attributes and specific connotations of personal data fiduciary obligations, conflicts between personal data security, data economic benefits, and fair distribution of data benefits can be integrated into existing data law obligations.

4.4 Personal data fiduciary obligations

After explaining the general connotation of the interpretation method for personal data trusts, we can proceed to the explanation of its core content: the fiduciary duty of personal data. The substantive importance of personal data fiduciary duty lies in its intuitive display of the moral attributes of data legal obligations, forming a moral bond of mutual trust between data subjects and data controllers. The theoretical discussion on the fiduciary duty of existing data trustees mostly draws on the content of the fiduciary duty in the theory of trust law, including the duty of loyalty, prudence, protection, confidentiality, and the obligation to pay trust benefits, etc. The concept of reciprocal personal data utilization suggests that when conceptualizing the fiduciary duty of personal data, it should critically absorb the discussion results of trust theory on fiduciary duty, and develop it after considering the practical characteristics of personal data utilization relationships. Only in this way can we be qualified to say that the explanatory framework of personal data trusts is a reasonable method designed to solve the practical difficulties of personal data utilization, rather than a theoretical or even imaginative approach. Starting from the three values mentioned earlier in Rongguan (safety, efficiency, and fair distribution), the personal data fiduciary duty of the personal data trust interpretation method includes the duty of loyalty, the duty of prudence, and the duty of fair distribution of benefits.

4.4.1 Obligation of Loyalty

The data controller's data processing behavior that meets the moral requirements of the duty of loyalty is a sufficient condition for maintaining reciprocal trust, and the duty of loyalty is the essential content of the duty of faith. "Loyalty" in the theory of trust law usually refers to the trustee using the trust property to seek trust benefits for the beneficiaries within the statutory or contractual scope according to the trust purpose of the principal. This obligation specifically includes five aspects, namely complying with entrusted instructions, providing faithful services in good faith, prohibiting delegation, reporting and disclosing relevant information, and treating each principal fairly. The determination of the maximum boundary for the trustee's handling and use of trust property in the above-mentioned manner depends on the moral tendency of treating the interests of others equally with their own interests.

Firstly, personal data trusts view this tendency as the root of the reciprocal data utilization responsibility of data controllers towards data subjects. The key here is to connect the obligation of loyalty with reciprocal trust. As mentioned earlier, rather than providing a normative reality that stabilizes individual expectations for all parties, the data law system is a reciprocal guarantee for the reasonable expectations of data subjects and controllers. So when personal interests are integrated with the interests of others in the data legal system, viewing the interests of others is based on one's own interests. Undoubtedly, the general provisions of the Data Law constitute an important basis for the reciprocal use of personal data. In addition, user agreements and privacy policies are important basis for the contractual relationship between both parties regarding personal data. In the explanatory logic of personal data trusts, there is a subordinate relationship in terms of effectiveness between these two normative reasons for achieving reciprocal trust, that is, the content and form agreed upon by both parties regarding the use of personal data must meet the mandatory provisions of data law in order to be effective.

At this point, we cannot ignore a related criticism. This opinion holds that, as in traditional trust relationships, it is meaningless to imagine platform enterprises having a faithful obligation to the core interests of the subject, as platform enterprises often have both seller and buyer users, and it is impossible for them not to engage in business activities that are explicitly prohibited by trust law as "conflict of obligations". The author believes that this questioning opinion has considerable enlightening significance, as it forces us to carefully consider the feasibility of borrowing data trust theory in platform data governance. However, what we can confirm is that the act of processing personal data between buyers and sellers belongs to the platform economy as a third party in transactions. Its purpose is twofold: firstly, to accurately push sellers to find the most likely transaction partners; secondly, to provide buyers with real and reliable business information to understand the seller's reputation and product quality, in order to promote buyers to make purchases with confidence. It seems that here we cannot see the platform as a personal data trustee "selling" the personal data interests and trading interests of both buyers and sellers, because the platform's data utilization behavior is independent of the interest game between the buyers and sellers. And more importantly, these transaction assistance behaviors of the platform are assumed to comply with the data processing obligations listed in the reciprocity data legal system. Moreover, under the interpretation method of personal data trust, we mainly examine whether its specific operations meet the personal data utilization expectations of both buyers and sellers as data subjects. As mentioned earlier, these expectations are public reasons that data subjects cannot reasonably refuse. Therefore, the author believes that the interpretation methods of personal data trusts and their effectiveness in platform data governance will not be refuted by the prohibition of "conflict of obligations" principle in trust law.

Secondly, the personal data utilization purpose of the data controller should be the same as its trust purpose as the trustee. It is not difficult to find from current practice that the purpose of data companies collecting personal data is usually nothing more than to obtain trading opportunities or profits, including but not limited to analyzing, integrating and predicting potential consumer markets, promoting service upgrading and optimization to expand user base, charging exclusive service fees to stable customers (such as members, anchors or big Vs), packaging and optimizing user datasets for resale and profit, obtaining advertising expenses, increasing business volume and achieving social financing expansion, and so on. These business objectives are entirely self owned, although they require a certain amount of free services to be provided to users in exchange. However, serving users does not necessarily constitute their business objectives. However, this is in conflict with, for example, the provisions of the "Scope of Necessary Personal Information for Common Types of Mobile Internet Applications" (GXBBZ [2021] No. 14), which prohibits the collection of unnecessary personal information other than basic services. This seems to be a discrepancy between the expectations of the data controller and the public expectations, but in fact, it is a conflict between the expectations of the data subject and the expectations of the data controller.

Where is the reciprocal boundary for enterprises to pursue personal data benefits? Scholars have pointed out that from the perspective of company law, the concept of a data trustee is quite reluctant. Because business operators have both trustee obligations to shareholders (based on commission contracts) and trustee obligations to data subjects (based on reciprocal trust), it is difficult to reconcile promoting maximum profits and protecting the privacy, dignity, and freedom of choice of data subjects. So this "split information obligation" seems to be able to persuade business operators to make decisions that prioritize protecting user interests over shareholder interests from the perspective of protecting user interests and promoting the long-term development of the company. That is to say, the loyalty obligation of the operator here is unstable. The author believes that the following response can be made: firstly, the reciprocal use of personal data is a legal relationship issue at the level of personal data, which is very different from the issue of internal and external coordination in corporate governance; Secondly, the obligations of the operator stem from the provisions of the employment contract, and the loyalty obligation of the enterprise to the data subject stems from the reciprocity of data law. When there is a conflict between the two, the latter has priority as a compulsory law; Thirdly, personal data contains the personal rights and interests of the data subject. If the data controller's utilization behavior cannot meet the requirements of reciprocal trust and treats others as tools for their own interests, it violates the basic rights of citizens (dignity, independence, and equality).

Finally, once a data control enterprise forms reciprocal trust with the data subject, it cannot simply exacerbate the risk of information leakage borne by the data subject through paid sharing of personal data. Under the "informed consent" system, the mode of legitimate acquisition of personal data by enterprises has been confirmed as the "triple authorization" mode by Article 23 of the Personal Information Protection Law and relevant judicial judgments. Some commentators have raised a question about this model based on the theories of law, economics, and property rights allocation: the triple authorization, which grants data subjects the right to exercise consent for the secondary circulation of their personal data, overlooks the high cognitive costs that data subjects actually bear and the risk of autonomous decision-making in uncertain situations. Therefore, it should be adjusted to the "dual authorization" mode, which means that only when the data control enterprise explicitly refuses to share or transfer, the data requester needs to seek consent from the data subject. In order to promote the sharing of personal data, open platform interfaces (APIs) provided by social platforms usually provide free access services to third-party organizations or individuals certified as "developers". But as the number of access interfaces increases (increasingly linked to important personal information), the original free gradually becomes paid. It can be seen that the transfer of personal data between personal data controllers is actually completed through transaction contracts - data circulation takes priority over personal data security. The author believes that data controllers with open platforms should promote data sharing based on mutual trust and personal data fiduciary obligations, that is, they should guide the protection of user personal information in open platforms with the "triple authorization principle", especially requiring third parties to obtain the user's informed and consent to obtain sensitive information, in order to avoid the infringement of transaction thinking on the user's private life stability and privacy freedom.

4.4.2 Duty of prudence

The duty of prudence is a manifestation of the reasonable performance of the duty of loyalty. If the duty of loyalty is the content of the duty of faith, then the duty of prudence is the way of fulfilling the duty of faith. Article 6 (Minimum), Article 7 (Transparency), Article 8 (Quality Assurance), Article 9 (Maintenance of Security), and Article 10 (No Illegal Collection and Processing) stipulated in the General Provisions of the Personal Information Protection Law are fundamental provisions that personal data users as trustees should abide by. They are necessary conditions for data subjects to develop reciprocal trust in data controllers. The specific obligations in Chapter 2 "Personal Information Processing Rules" are the specific requirements of the duty of prudence in various situations.

Firstly, reciprocal trust stems from respecting the fundamental interests of others, and maintaining security (Article 9) is an overall requirement of the obligation to handle personal data with caution. Of course, this requirement does not necessarily mean that security value takes precedence over efficiency value in processing activities, with a higher rank or as a prerequisite, but rather indicates that in reciprocal personal data utilization relationships, data controllers should actively demonstrate a fundamental recognition of the information security of data subjects. This is a benevolent response to the reciprocal trust of data subjects. This feedback indicates that the data controller's exploration and release of the economic value of personal data will not be based on sacrificing the personal interests of the data subject.

Secondly, data processors should adopt processing methods within the necessary limits based on clear and necessary processing objectives. Article 13 of the Personal Information Protection Law clearly stipulates six statutory purposes for processing personal data. In the interpretation of personal data trusts, the statutory purpose is an exception where the subject agrees to the purpose, that is, it can legally resist the personal will of the data subject who does not agree to process. The contradiction between legal purposes and individual will does not mean that the personal interests of data subjects (such as dignity independence and equal rights) are negated by legal coercion, after all, the equal self-determination of data subjects is equally important as the development of economic interests and fair distribution requirements. So even if it is a legal purpose and interest, it cannot infringe on personal interests, and the latter can only be restricted due to its own reasons. After such logical clarification, the relevant activities and behaviors under the purpose of legal personal information processing should also meet the principles and connotations covered by the duty of prudence - reflecting the sense of justice of the data controller, and maximizing the achievement of legal purposes under these standards of reciprocal trust.

Once again, the provision in Article 21 of the Personal Information Protection Law regarding entrusted processing of personal data is not a direct reflection of personal data trusts. Because the identity of the entrusted processor is obtained from the entrusted relationship that complies with the legal provisions of the entrusted contract, and personal data trust is an interpretation method of reciprocal trust in the utilization of personal data. Of course, it should be noted that the trustee in the entrustment relationship has an obligation to pay attention to the entrusted personal data and specific processing purposes, methods, and time limits according to the provisions of the entrustment contract. They also need to fulfill the duty of prudence that the data subject, as the beneficiary of the personal data trust, should fulfill. The duty of prudence here is prioritized and strictly superior to the duty of care. In the interpretation logic of personal data trusts, the rationality and legality of the trustee's performance of entrusted behavior in accordance with the commission contract should be specifically judged based on the requirements of the Personal Information Protection Law for the duty of prudence of personal data trustees, and the rights obtained by the data processing principal based on the commission contract should be interpreted from the perspective of safeguarding the personal interests of the data subject.

Finally, related to the content of the "triple authorization principle", according to Article 23 of the Personal Information Protection Law, personal data recipients should still fulfill their duty of prudence towards the data subject, as there exists a reciprocal trust relationship based on the data subject's repeated consent. As shown above, re authorization carries significant transaction risks for data subjects, so rational and prudent data subjects are highly likely to limit the purpose, scope, time limit, and method of processing behavior in order to maintain personal information security. Therefore, based on the duty of prudence, the new data trustee should promptly adjust the consent obtained from the original data processor and inform the data subject of the changes they have made. In this way, the two data trustees jointly assume the obligation of reciprocal prudence towards the data subject.

4.4.3 Obligation to fairly distribute benefits

The trustee is faithful to the purpose of the trust and prudently uses the trust property for specialized business and investment activities, resulting in giving the trust benefits to the beneficiaries. This is the fundamental significance of the legal logic of trust. According to the principle of independence of trust property, the trustee only fulfills the obligation to pay benefits to the beneficiaries within the scope of the trust property, and is liable to third parties for external debts and damages arising from trust activities. In the author's opinion, the obligation to pay and the principle of independence in this trust law should be fully absorbed by personal data trusts and used to explain the economic conditions for establishing reciprocal trust between data subjects and data controllers. The fiduciary duty of personal data inevitably requires the establishment of a fair distribution obligation as an economic condition, which is based on the obligation to pay limited trust benefits.

Why should we interpret the economic rewards provided by data processors to data subjects as a fairly distributed share of data benefits? For example, some scholars have pointed out that viewing data property according to the logic of dividing personal interests and property interests, allocating property interests to data subjects is not necessary (with low value), but may also lead to social wealth inequality and high governance costs. The author believes that a reasonable response to this issue needs to appeal to the connotation of reciprocal trust. As mentioned earlier, the exchange of personal data and specific services may seem like a fulfilling and mutually beneficial transaction, but in reality, it is far from fair: the metadata of platform users and the continuous accumulation of rich usage data create economic benefits that are far more valuable than specific services. Therefore, some scholars in the field of modern communication emphasize that countless data subjects have become digital laborers who are constantly being exploited and exploited by data enterprises. They upload, click, browse, and evaluate platform products in the frontline production of data economy, and the "surplus value" generated during their labor time is completely stolen by the platform. Although the argument of using Marxist exploitation theory to analyze the uneven distribution of value in personal data use is too "utilitarian" and its stance is more extreme, it has played a deafening role in the concept of reciprocal personal data trust and the obligation of fair distribution of personal data economic benefits. Starting from the perspective of reciprocal trust, if data users as trustees cannot fully guarantee the share of trust benefits that data subjects as beneficiaries should receive, and their profits actually conflict with this share, how can we imagine that they are mutually beneficial, and how can we believe that there is mutual trust between them? Since the platform economy has obtained the important production factors they need, they should prioritize protecting the safety and interests of users based on the principle of fair trade. On this basis, personal data trusts further emphasize that respecting the fair returns of users is to some extent a manifestation of protecting the fundamental interests of data subjects, as they have the right to obtain fair economic shares to defend their personal rights - the independence and equality of dignity.

The data of different individuals has different development and utilization values, and the same personal data also has different development and utilization values in different usage scenarios. The determination of the connotation of fairness inevitably requires reasonable explanations based on the different data subjects and data utilization scenarios, but this does not mean adopting a scenario based approach to balancing interests. The use and transfer of different personal data have varying degrees of economic value, inevitably due to the risks or uncertainties faced by data processors in their processing activities. The greater the risk loss, the greater the return; The greater the infringement of uncertainty, the larger the audience, and the greater the irreversible infringement on personal and property interests.

In various data utilization scenarios in economic life, data subjects automatically bear the risk of personal property value damage, privacy disclosure, and even personal safety loss caused by (sensitive) information leakage due to their consent to process data. For example, the main personal financial risks faced by the utilization of personal financial data related to savings, investment, and insurance are the possibility of being targeted for fraud and induced investment. That is to say, financial data risk mainly causes damage to the property value of the data subject. For another type of appointment and itinerary data generated from ride hailing services, the risk losses caused by their leakage or illegal transactions are more related to personal privacy and even personal safety. It is obvious that the utilization of these two types of personal economic data requires different levels of information security protection.

Therefore, when exploring the interpretation method of personal data trust, we can take promoting data efficiency, developing reciprocal trust between investors and financial institutions, ride hailing users, and ride hailing platforms as the starting point for explaining rationality, and fix the realization of the values of data security protection and fair distribution of benefits in the two parties' data trust. Financial institutions use their own commercial reputation as collateral to promote reasonable transactions of financial data for customers and promote the continuous development of digital financial services and online investment transaction volume. The ride hailing platform, with its tracking and positioning technology, and the public security department's corporate identity and investigation technology as guarantees, promotes the continuous improvement of safe and convenient travel services, and expands transaction volume. The fair share of data revenue obtained by data subjects should also be based on respecting the rational choices and economic efficiency of enterprises. Introduce the logic of the insurance market in detail. We can consider financial institutions, ride hailing platforms, and all other economic service enterprises and organizations as "policyholders", and their different personal datasets as "insurance premiums" with different values. The fair share of benefits paid to all data subjects as customers is the "total premium". The higher the insurance premium, the higher the corresponding premium. So we can provide enterprises with insurance products with different levels of protection through "insurance actuarial" for them to choose from. So, enterprises in different industries and of different sizes in the same industry will rationally accept the overall fair share of benefits from different levels of data subjects, and then the fair share of benefits for a single data subject can be obtained by dividing it equally among each data subject.

The data utilization activities in the fields of health and cultural services are quite different from those in the economic and living sectors mentioned above. The attributes of such personal data are more public than private property. Personal data in these fields is often collected by public authorities, public institutions, or social service organizations in accordance with legal provisions, for the purpose of analyzing, processing, and transferring specific social public welfare services. Specifically, personal medical data usually exists in the form of medical records, constantly enriching personal illness and medical information. It should be clarified that, on the one hand, once these medical and medical histories, which serve as personal privacy, are made public in various forms, it will inevitably lead to a reduction in the moral character of patients due to the widespread unreasonable discrimination in society. On the other hand, educational data, especially that of minors, is also highly private personal information. Although the legitimate and reasonable use of this data can greatly improve the general education level of learners within a certain range, and even the education level of target individuals, illegal leakage and commercialization will inevitably infringe on the integrity and independence of the data subject's personal dignity (such as minors being used as profit-making tools), leading to their exclusion and even abandonment by society (such as records of punishment such as truancy and campus bullying).Therefore, in response to the enormous uncertainty infringement that personal life data with high privacy may face, data processors should prioritize protecting the information security and privacy integrity of data subjects, with promoting circulation value and unleashing public value as secondary goals. In this regard, "independent, neutral, and trustworthy" third-party data controllers can be introduced - medical information service institutions at all levels established by the National Health Commission in the medical system, education regulatory departments at all levels of government, and grassroots autonomous organizations - as data trustees to supervise and ensure the reasonable and legal processing of medical and educational data by data controllers, with patients, learners, and all members of society as universal beneficiaries of data benefits, and various hospitals, schools, and training institutions as data trustees. Its rationality lies in: firstly, the intervention of third-party data regulators can effectively avoid the de facto unequal status between data subjects and data users; Secondly, public legal entities and grassroots autonomous organizations can effectively regulate the data processing behavior of data controllers through public reputation and power, making the legal protection of rights faster and more targeted; Thirdly, in the legal circulation of medical data committed to theoretical and technological innovation, as well as in the production and sales of medical products, patients and society should be rewarded. This reward can be achieved by directly providing subsidies and remuneration to clinical subjects, or by accelerating the entry into the scope of medical insurance reimbursement and providing medical opportunities and economic security for potential patients.

5. Conclusion

The concept of reciprocal trust in the utilization of personal data and the legal interpretation method of personal data trust are committed to providing a moral ideal of "distributive justice" for the equal treatment of various types of personal data rights. This theory is at the same analytical level as the logic of property rights allocation for data rights. Compared to the latter, it can provide a more reasonable and integrated explanation for the full connection between personal information rights and data property rights at the current stage, promoting information security and privacy protection of data subjects, fully stimulating data benefits, and fairly distributing data benefits through the "informed consent" system. In the view of the concept of reciprocal trust, equal care for the core data interests of data subjects and controllers is a specific requirement of data rule of law for equal protection of rights. The efficiency oriented and default reality power comparison relationship property rights allocation logic has undeniable limitations.

The concept of reciprocal trust and its legal interpretation method for personal data trust provide a new perspective for clarifying various personal data utilization relationships in China. However, it should be pointed out that the concept of fair distribution of data benefits in this article is still very rough. The author believes that this is related to the fact that they have not fully elevated themselves to the level of a theory of personal data distribution justice. However, the preliminary exploration of the distinction between risk and uncertainty, the logic of the insurance market, regulatory measures, and the combination of reciprocal trust that has been achieved so far has further research value. We hope that further in-depth research on the fair distribution of personal data benefits can contribute to the ideal of common prosperity in China's data industrialization process.

The original text was published in Law and Economy, 2024, Issue 2, and transferred from WeChat official account "Law and Economy".