--- title: "Is There Such a Thing as 'Game Data Compliance' in China? — Li Wenlong's Field Notes" author: "DCC Editorial" published: 2025-12-09T03:00:00.000Z url: https://datacompliancechina.com/posts/in-game-personal-data-collection-china/ description: "Li Wenlong (科技利维坦) reports field observations on personal-data collection inside Chinese games, framed around three questions: is there an industry-specific 'game data compliance' mode; where is enforcement actually concentrated; and does the Chinese picture differ from abroad. His read: domestic game-data compliance is still at a 'wild-west stage' — the violations being caught are the blunt, clearly-unlawful kind (a game demanding photo-album permission), and the enforcement frontier is no different from any other app ecosystem. A principle-level framework was in place before 2023, but the yardstick stays crude, with no breakthrough on concrete evaluation standards — which caps how deep either enforcement or compliance can go. Overseas (GDPR and consumer law), games were under-scrutinised until the last year or two. The forward warning: games will be the main carrier of VR and will embed many models, so the compliance picture is about to get far more complex. For overseas counsel advising game studios on the China market: a reality check on what is — and isn't — being enforced." tags: ["personal-information", "pipl", "app-compliance", "gaming", "enforcement", "academic-commentary"] laws_cited: ["pipl", "network-data-security-regulations"] domains: ["personal-information", "app-compliance"] account: "keji-leviathan" original_title: "游戏内个人数据收集的界限和合法性基础" original_author: "李汶龙 (Li Wenlong)" original_publication: "科技利维坦 WeChat Official Account" original_url: "https://mp.weixin.qq.com/s/EF7L9R6wMlo_Cz8OZXsZnA" source_language: "zh" --- > *Editor's Note — DCC.* > > This brief summarises the framing observations Li Wenlong (李汶龙) > published on the 科技利维坦 channel to accompany a talk — > 《游戏内个人数据收集的界限和合法性基础》— given to game-industry > practitioners at the invitation of Kaiying Network (恺英网络). The > substance of the talk lived in a slide deck that was not part of the > public post, so this brief reports Li's **stated observations and the > three questions that framed them**, not the slide-by-slide detail. We > run it because the headline finding — that there is, as yet, no > industry-specific "game data compliance" in China, only generic app > enforcement — is exactly the kind of ground-truth a counsel advising a > game studio on the China market needs, and is rarely stated this > plainly. ## The three questions Games are a business form Li says he had touched little, so he used the invitation to probe the domestic compliance ecosystem and enforcement frontier around three questions: 1. Is there an industry-specific compliance mode that could be called **"game data compliance"** — i.e., game-scenario-specific rules and standards, rather than generic app rules applied to games? 2. Where is game-data-compliance **enforcement** actually concentrated? 3. Does the domestic picture **differ from abroad**? ## What he found **Still a "wild-west stage" (草莽阶段).** Almost everything being caught is a serious, clearly-unlawful violation — his example is a game **demanding access to the user's photo album** (索取相册权限) with no legitimate basis. The discussion has not yet reached the industry-specific scenarios that would make "game data compliance" a distinct discipline; the enforcement frontier for games is, in practice, **no different from any other app ecosystem**. **A framework without a fine yardstick.** At the level of *principle*, a full system was in place before 2023 — the familiar PIPL-and-app-rules stack on notice, consent, minimisation and lawful basis. But the yardstick stays crude: there has been no breakthrough on the *concrete evaluation standards* that would let a regulator (or a compliance team) judge a borderline collection practice inside a game. That gap directly caps how deep enforcement and compliance can go — you cannot adjudicate fine questions with blunt instruments. **Abroad was late too.** Looking at GDPR and overseas consumer law, Li notes that games were comparatively under-scrutinised for years; only in the last year or two have game-specific complaints and litigation begun to appear. So China is not uniquely behind here — the whole field is early. **The complexity is coming.** His forward note: games will be the main carrier of **virtual reality**, and will increasingly **embed models**. Once that happens, the compliance picture — today dominated by blunt permission-overreach cases — becomes far more complex, layering AI and immersive-environment data issues on top of ordinary app collection. ## Why overseas counsel should care - **Don't over-engineer for rules that don't exist yet.** There is no game-specific Chinese data regime to map to; the operative framework is [PIPL](/laws/pipl/) and the general app/network-data rules, including the [Network Data Security Management Regulations](/laws/network-data-security-regulations/). Compliance effort is better spent on the basics that are actually enforced — permission minimisation, lawful basis, honest notice. - **The blunt stuff is what gets caught.** Photo-album, contacts, location and similar over-collection — not subtle, game-specific processing — is the live enforcement risk today. - **Build for the next phase now.** Studios moving into VR or embedding models should anticipate that the standards will tighten and the scenario-specific scrutiny that is absent today will arrive. For the same author on where AI-specific rules *are* hardening, see DCC's note on [system prompts as a regulatory instrument](/posts/system-prompts-as-regulatory-instrument/). ## DCC sources - Original: 李汶龙 (Li Wenlong), 《游戏内个人数据收集的界限和合法性 基础》(talk framing notes), 科技利维坦 WeChat Official Account ([source](https://mp.weixin.qq.com/s/EF7L9R6wMlo_Cz8OZXsZnA)). The detailed slides referenced in the post were not part of the public text. - Operative Chinese framework: the [Personal Information Protection Law](/laws/pipl/) and the [Network Data Security Management Regulations](/laws/network-data-security-regulations/). > This is an editorial summary of Li Wenlong's published observations, > not a translation, and not based on the slide deck (which was not > public). Any simplification or error of emphasis is DCC's. **Not legal > advice.**