本文以数据的概念为起点，以企业数据权利的立法建议作为终点，由企业数据权利的内容、案例分析、法律评析等内容构成。数据权利不仅包含人身权利，而且包含财产权利和知识产权；还包括企业、个人、其他主体等多个数据主体，这就决定数据权利不可能归属到一个权利下。企业数据权利是数据权利的分支，具有独立性，具有开拓法学研究方向的法学意义，提高经济效益的经济学意义，以及促进国家数据流通和开发等意义。 企业数据权利由三部分构成，即：作为数据生成者的所有权，主要指企业在自身的经营活动中积累的数据资源，企业享有占有、使用、收益等绝对的所有权；作为数据控制者的使用权是指，对于企业收集的个人数据，交易、协议共享得来的数据，企业对其享有一定的使用权；作为数据开发者的知识产权是指，企业对其开发、创造的数据产品享有知识产权。无论在行使方式的选择还是相关利益的限制，都围绕企业数据权利的保护和规制展开。及至实际案例的分析，一方面强调企业数据权利的保护，如微博诉脉脉案展示非法抓取数据的不正当竞争性；另一方面强调企业数据活动对个人数据权利的侵犯，如支付宝平台对知情同意规则的滥用等。 在寻找合适的立法方向及措施的过程中，本文主要参考了欧盟《一般数据条例》和俄罗斯“基本+特殊”的立法模式。《一般数据条例》是目前世界上较为完善的数据立法，其中数据控制者和处理者的数据行为较为全面，独立的专门数据监管机构专门执法的安排也值得借鉴。我国现阶段也有不少法律法规涉及到了企业数据权利，在消费者保护、电商平台规制以及网络安全方面有一定作为，同时，工信部等监管部门逐步制定相应的细则和操作方法。当然，现有的法律对于个人数据权利保护都难言全面，更不必提企业数据权利的立法缺失。 文章的结尾提出具体的立法建议，首先是确立衡平企业与个人利益的立法原则；其次是采用分散式立法模式，即在一部数据权利基础立法的前提下，配合企业数据交易法等特别法、个人数据权利保护法等构建体系；最后是设立专门的数据监管机构机构，接受投诉，全面审查，承担数据纠纷和行政处罚的责任。

This essay starts from the concept of data, and takes the legislative proposal of enterprise data rights as the end point, which consists of the content of enterprise data rights, case analysis, and legal evaluation. Data rights include not only personal rights, but also property rights and intellectual property rights; and also include multiple data subjects such as enterprises, individuals, and other subjects. This determines that data rights cannot be attributed to one right. Enterprise data rights are branches of data rights, have independence, have the legal significance to open up the direction of legal research, improve the economic significance of economic benefits, and promote the meaning of national data circulation and development. Enterprise data rights consist of three parts, namely: ownership as a data generator, mainly refers to the data resources accumulated by the enterprise in its own business activities, the enterprise enjoys absolute ownership such as possession, use, and income; as the right to use the data controller means that for personal data collected by enterprises, data shared by transactions and agreements, enterprises have certain right to use them; as intellectual property rights of data developers, enterprises enjoy intellectual property rights for data products they develop and create. Regardless of the choice of protection approach or the limitation of related interests, it is around the protection and regulation of enterprise data rights. And the analysis of actual cases, on the one hand, emphasizes the protection of enterprise data rights, such as Weibo v. veins to demonstrate the unfair competition of illegally grabbing data; on the other hand, it emphasizes the violation of personal data rights by corporate data activities, such as Alipay platform Abuse of informed consent rules, etc. In the process of finding suitable legislative directions and measures, this essay mainly refers to the EU's "General Data Regulations" and Russia's "basic + special" legislative model. The General Data Regulations are currently the most complete data legislation in the world. The data controllers and processors have more comprehensive data behaviors. The independent law enforcement agencies of specialized data regulators are also worth learning. At present, there are many legal provisions, regulations and norms in China that involve enterprise data rights. There are certain actions in consumer protection, e-commerce platform regulation and network security. At the same time, the Ministry of Industry and Information and other departments gradually develop corresponding rules. And method of operation. Of course, the existing laws are not comprehensive enough for the protection of personal data rights, not to mention the lack of legislation on corporate data rights. At the end of the essay, specific legislative proposals are proposed. The first is to establish the legislative principle of balancing the interests of enterprises and individuals. The second is to adopt a decentralized legislative model, that is, under the premise of a basic law on data rights, in conjunction with special laws such as the Enterprise Data Transaction Law. The personal data rights protection law and other construction systems. Finally, the establishment of a special data regulatory agency, accept complaints, comprehensive review, assume responsibility for data disputes and administrative penalties.