Introduction
In the digital era, the boundaries of privacy are being eroded at an astonishing pace. As our lives become increasingly digital, issues surrounding privacy and digital rights are more relevant than ever. From sharing daily updates on social media to the pervasive use of algorithmic recommendations, our personal information has long been the “oil” of the data economy. However, when these data are illegally acquired, traded and used for cyber violence, the loss of privacy is no longer just a technical issue, but a crisis of human dignity and social trust. Not only that, in this highly interconnected world, privacy and digital rights have long since ceased to be abstract legal terms and have a real impact on our daily interactions, identities and even personal reputations.
The conflict culminated in March 2025 when Baidu Vice President Xie Guangjun’s 13-year-old daughter was suspected of using doxxing to expose the privacy of others and provoke online violence. Meanwhile, this incident not only exposes how rampant the black industry of data is, but also reveals the multiple failures of corporate responsibility, family education and legal regulation. This article will use this case as an entry point to explore the contemporary dilemma of privacy and digital rights. It will ask a deeper question: when privacy is no longer a right, but a commodity to be traded and exploited, who has the right to define its boundaries?
Understanding Privacy and Digital Rights
In order to deeply understand the structural problems exposed in the doxxing incident, we need to first clarify the complex evolutionary trajectory of privacy and rights in the digital era.
Firstly, Helen Nissenbaum’s (2018) theory of “contextual integrity” provides a foundational setting for understanding the concept of privacy [1]. Privacy is not simply the same as hidden or controlled personal information, but rather refers to the appropriate circulation of information within a given context. This means that once information is taken out of its original context and put into an unknown field, its social significance and harmful effects are completely changed. In similar doxxing behaviors, personal information that originally appeared in a specific communication context is deliberately extracted, spliced and exposed, and its invasiveness comes precisely from the misplacement and destruction of the context. From this, it can be seen that the essence of privacy infringement is in fact the reconstruction and manipulation of the structure of information relations.
Secondly, Marwick & boyd (2018) in their studies on “privacy for marginalized groups” point out that privacy is never an equally distributed right in reality [2]. In digital spaces, vulnerable groups such as women, youth, ethnic minorities or those of lower economic status are often more likely to be exposed, stigmatized and victimized and lack access to effective counter-mechanisms and complaint avenues. In contrast, those of higher social position tend to have more institutionalized shelters. This unequal distribution of digital rights is particularly evident in this incident: an ordinary user is defenselessly under attack in the Internet, while the perpetrator is partially exempted from the platform and public opinion because of her family background and age [3]. Moreover, the victim’s status as a pregnant woman put her in a relatively vulnerable position, and many of the perpetrators also victimized the victim through attacks targeting her status as a pregnant woman.
Building on this, Karppinen (2017) further integrates ‘privacy’ into the broader framework of “digital rights” [4]. In the digital era, the right to privacy is only one of the rights to which users are entitled, while digital rights also include freedom of expression, access to information, control of data, and platform accountability. This expanded perspective in this case helps us to understand that the victims are not only having their privacy violated but are also being denied their rights to expression and participation. It is the multidimensional collapse of their rights, the suppression of their voice on social media and the denial of their digital identities, that constitutes the real crisis of rights.
In summary, to understand privacy invasion and the crisis of digital rights in the digital era, it is important to move beyond technologically neutral imagery to critical analyses of power, institutions and structures. We need to move from the liberal imagination of “privacy as personal control” to a structural understanding of “privacy as a guarantee of rights”.
Case Study: A Privacy Disaster Caused by Celebrity Chasing
In March 2025, a pregnant woman was besieged by extremist fans for making neutral comments on social media about the schedule of Korean idol Won Young. A user who called herself “YanMou” (later confirmed to be Xie Guangjun’s daughter) used doxxing technology to publicize the pregnant woman’s name, identity card number, address and workplace, and even sent abusive messages to her husband, which led to the pregnant woman being forced to delete her social media account and relocate in real life [5].
Doxxing, as a digital rights violation, involves the deliberate publication of sensitive personal data without consent, often resulting in psychological harm and public shaming. Most of the information used in doxxing originates from illegal social worker databases, which circulate on the black market at low prices by crawling through leaked citizen information from around the world. In this particular incident, despite Baidu’s later statement that the data did not come from within the company due to its anonymization technology and access control, the public still questioned whether the family members of executives enjoyed “privileged access” [6]. As the incident unfolded, Xie Guangjun apologized on another private social media platform, saying that his daughter had “lost control of her emotions and reposted information from overseas”, but this response has been criticized for being evasive and failing to face up to his educational failings and the illegality of cyber-violence.
In this incident, the girl involved exposed a systematic vulnerability in the illegal trade and misuse of personal information by obtaining the victim’s private information overseas. It also reflects the fact that social platforms appear to be neutral, but are in fact highly commercialized data marketplaces [7]. The minor girl was accused of using multiple accounts to post the personal details of others anonymously, and the structural connivance of the social media platforms used by the girl made it difficult to hold her accountable for this behavior, which spread rapidly. While users engage in seemingly private exchanges, their information becomes a form of capital — easily extracted, repurposed, and, as in this case, weaponized (Laidlaw, 2022). All of the above reveals a paradox in the era of platforms: technology fuels harm, but avoids responsibility.
Flew (2018) points out not only that the power of platforms is growing much faster than the responsiveness of traditional regulatory instruments. In many countries, platforms self- regulation only as a formality, while government regulation is limited by technology, law, or political will [8]. In China’s social context, despite strong overall digital governance capacity, there is still a lack of a set of open, fair and accountable mechanisms for dealing with cases of cyberviolence involving minors and people from power backgrounds.
Challenges in Digital Governance
From this incident, it is not difficult to observe the current institutional dilemma of facing the vacuum of platform governance and digital rights. Although the power of platforms in terms of users’ daily lives is becoming more and more centralized, the institutional response to digital governance is showing a serious lag and fragmentation. Traditional regulatory mechanisms are often difficult to match the evolutionary speed of platform technology, while the platform’s own so-called community rules and user agreements serve more corporate interests than rights protection.
In his research analyzing the global crisis of platform legitimacy, Flew (2018) notes that the level of public trust in digital platforms is steadily declining as the platform-led communication ecology gradually replaces traditional media and public institutions. Platforms both control discourse and evade public responsibility, and their public-space-like nature has not been accompanied by the establishment of public governance-like mechanisms. This is particularly evident in the doxxing incident. After the incident, social media platforms failed to intervene in a timely manner to stop it, and lacked transparent investigations and public explanations of the accounts and content distribution paths involved. Although the incident triggered a great deal of social attention and moral condemnation, technically, procedurally and institutionally, the platform did not provide a complaint path or recovery mechanism that victims could rely on. Not only that, the fact that the victims‘ personal information, photos, historical statements, and other data in this incident could be quickly spliced and proliferated is essentially the result of the platforms’ longstanding lack of regulation in data opening and contextual mismatch. In such a governance system, victims are unable to demand clear protection obligations from the platforms, nor are they able to track or withdraw misused information, resulting in rights protection being reduced to empty talk.
The failure of governance is also reflected in the absence of laws and uneven enforcement. Does the behavior of the 13-year-old minor involved in the incident constitute a violation of the law? Does the platform have an obligation to assist the victim in seeking legal protection? How to define the boundaries of responsibility for minors? These questions have not been systematically addressed under the current system.
The challenge of digital governance is therefore not just a question of whether it is regulated enough, but an institutional issue about who makes the rules, who is accountable, and who has the right to complain and be compensated.
If the digital platform does not assume the responsibility of public governance, and if the national system fails to establish clear boundaries of rights and responsibilities and paths of relief, the protection of digital rights will always remain at the level of principle, and will not be able to be truly realized as the basic rights and dignity of users.
Policy Recommendations Inspired by the Case
- Technology governance must be embedded in ethical design
- Companies should not stop at declarations of compliance, but adopt cutting-edge technologies such as Privacy Computing to make data available but not visible. For example, Baidu can learn from Apple’s differential privacy scheme, which automatically blurs sensitive information in the analysis of user behavior to reduce the risk of leakage from the source.
- Strengthening the effectiveness of law enforcement and cross-border cooperation
- With reference to the ‘long-arm jurisdiction’ principle of the EU’s General Data Protection Regulation (GDPR), we can promote the establishment of a joint mechanism for transnational data crimes, and require platforms to cooperate in blocking illegal data interfaces outside the country. At the same time, relevant provisions on the protection of minors should be amended to clarify the joint and several liability of guardians for their children’s cyber violence and to avoid age privilege.
- Digital Literacy Education Urgently Needs to be Included in Public Policies
- The indifference of the minors involved to the dangers of doxxing reflects the lack of both family and school education. The experience of Finland, where a course on digital ethics has been integrated into the K-12 system and students are led to reflect on the consequences of their behavior through simulated scenarios of cyberviolence, is worth learning from.
Conclusion
Baidu executives’ daughter ‘doxxing’ incident is not an isolated case of cyber violence, but a microcosm of the structural imbalance of contemporary digital society. In a technological architecture dominated by the commercial logic of platforms, privacy is being transformed from a fundamental right into a resource that can be manipulated, and the boundaries of digital rights are receding. In response to this crisis, it is necessary for platforms to take real responsibility, for countries to improve their governance mechanisms, and for the public to raise their awareness of their rights. It is worth mentioning that the core of privacy protection is never not to hide oneself, but to have the right to choose. In the digital era, defending privacy is defending our dignity as citizens.
Reference List:
[1] Nissenbaum, H. (2018). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics, 24(3), 831–852. https://doi.org/10.1007/s11948-015-9674-9
[2] Marwick, A. E., & boyd, d. (2018). Understanding privacy at the margins. International Journal of Communication, 12, 1157–1165. http://ijoc.org/index.php/ijoc/article/view/8186
[3] Tone, S. (2025, March). Baidu Exec Tries to Diffuse Doxxing Controversy. #SixthTone. https://www.sixthtone.com/news/1016839
[4] Karppinen, K. (2017). Human rights and the digital. In M. Graham & W. H. Dutton (Eds.), Society and the internet (2nd ed., pp. 95–120). Oxford University Press.
[5] Jing, S. (2025, March 20). Baidu exec’s teen daughter linked to doxing scandal using overseas data in online dispute. TechNode. https://technode.com/2025/03/20/baidu-execs-teen-daughter-linked-to-doxing-scandal-using-overseas-data-in-online-dispute/
[6] Reuters Staff. (2025, March 20). China’s Baidu denies data breach after executive’s daughter leaks personal info. Reuters. https://www.reuters.com/technology/cybersecurity/chinas-baidu-denies-data-breach-after-executives-daughter-leaks-personal-info-2025-03-20/
[7] Laidlaw, E. B. (2022). Lawless: The secret rules that govern our digital lives. Cambridge University Press.
[8] Flew, T. (2018). Platforms on trial: The political and regulatory crisis of trust in digital platforms. InterMedia, 46(2), 24–27.
Be the first to comment