Every brief.
The full run, most recent first.
- § 67 · PERSONAL-INFORMATION
PIPO vs. DPO — How China's Personal Information Protection Officer Differs from the GDPR Data Protection Officer
The Cyberspace Administration of China announced in July 2025 that personal-information processors handling data on 1 million or more individuals must submit Personal Information Protection Officer (PIPO) information to CAC. Compliance Talker's global legal policy research team contrasts China's PIPO regime under PIPL Article 52 with the GDPR's Data Protection Officer (DPO) framework under Articles 37–39. The most consequential difference: PIPO carries individual administrative liability — up to RMB 1 million in personal fines and industry bans — where DPO does not.
- § 68 · AI-GOVERNANCE
Reverse Interoperability: Li Wenlong's Frame for the Doubao On-Device Agent Fight
ByteDance's Doubao phone assistant — preinstalled at the device layer to operate other apps on a user's behalf — was met with pop-up blocks from WeChat and others citing security and risk-control. Li Wenlong (科技利维坦) argues the dispute is, at bottom, a question of how China's competition-law toolkit (反不正当竞争法 / 反垄断法) absorbs the idea of interoperability — and specifically what he calls 'reverse interoperability (反向互操作性)'. The classic interoperability problem is a platform refusing to open up, with antitrust used as a market remedy to force access. Doubao inverts it: interoperability is fully achieved at the device level, and the legal question becomes whether the law should restrict 'over-interoperation.' Li maps interoperability's journey from the Microsoft case through GDPR data portability and the DMA to the agent era, distinguishes the Doubao fight from the decade-old 3Q War, and predicts on-device-agent governance will look less like classic antitrust and more like the ex-ante, conditional-use compliance model emerging for AI training data. For overseas counsel: a structural read on the platform-access war that on-device AI agents are about to intensify.
- § 69 · PERSONAL-INFORMATION
Is There Such a Thing as 'Game Data Compliance' in China? — Li Wenlong's Field Notes
Li Wenlong (科技利维坦) reports field observations on personal-data collection inside Chinese games, framed around three questions: is there an industry-specific 'game data compliance' mode; where is enforcement actually concentrated; and does the Chinese picture differ from abroad. His read: domestic game-data compliance is still at a 'wild-west stage' — the violations being caught are the blunt, clearly-unlawful kind (a game demanding photo-album permission), and the enforcement frontier is no different from any other app ecosystem. A principle-level framework was in place before 2023, but the yardstick stays crude, with no breakthrough on concrete evaluation standards — which caps how deep either enforcement or compliance can go. Overseas (GDPR and consumer law), games were under-scrutinised until the last year or two. The forward warning: games will be the main carrier of VR and will embed many models, so the compliance picture is about to get far more complex. For overseas counsel advising game studios on the China market: a reality check on what is — and isn't — being enforced.
- § 70 · CROSS-BORDER
Mutual Trust Mechanisms for Cross-Border Data Flow — China's 'Trusted Data Space' Bet
Compliance Talker's global legal policy team analyzes three competing models for cross-border data mutual trust: the EU's 'rule trust' (adequacy + SCC), the US's 'market trust' (CLOUD Act + DPF), and China's 'technology trust' bet on Trusted Data Spaces (TDS). The NDA's November 2024 *TDS Development Action Plan 2024-2028* makes confidential computing, federated learning, and blockchain the technical layer through which China seeks to demonstrate cross-border data flow can be 'usable but invisible.' For overseas teams, this is the most concrete view of where Chinese cross-border data infrastructure is heading.
- § 71 · FACIAL-RECOGNITION
Reading the FRT Application Measures — What the 100k-Record Filing Threshold Actually Triggers
The Administrative Measures for the Application Security of Facial Recognition Technology took effect June 1, 2025. The May 2025 announcement on FRT filing implementation followed. Compliance Talker's global legal policy team walks through the seven specific compliance obligations the Measures impose — the non-exclusive-use rule, end-side storage default, 100k-individual filing threshold, separate-consent reinforcement, PIA mandate, and more — with practical implementation guidance on each. For overseas firms with any China-facing FRT deployment, this is the operational walkthrough.
- § 72 · IMPORTANT-DATA
How to Identify 'Important Data' — A Plain-Language Method from Wang Qinglan
Wang Qinglan, head of compliance at a Chinese data exchange, walks through China's unique 'important data' concept in plain language: where it came from, why no other major jurisdiction has anything quite like it, how the U.S., EU, Japan and Korea solve the same problem differently, and — most useful for compliance teams — three methods to identify whether a dataset is 'important' in practice. Her own 'unorthodox' shortcut: ask whether a hostile foreign actor could use this data to cause trouble. If yes, treat it as important data.