Filed under pipl
Every brief tagged "pipl".
- § 13 · CRIMINAL-LIABILITY
When PIPL Violation Becomes a Crime — Hong Yanqing on China's Personal Information Criminal Threshold
Hong Yanqing on the criminal-side analog to PIPL — when does mishandling personal information cross from administrative violation into the crime of 'infringing on citizens' personal information'? His critique: the two key elements ('relevant State provisions' and 'serious circumstances') are too loose, and courts have stretched them in ways that should worry compliance teams.
- § 14 · AI-GOVERNANCE
Where China's Draft AI Anthropomorphic-Interaction Measures Need Work — A Scholar's Reform Map
Li Wenlong (科技利维坦) walks through the directions in which he would amend China's draft Interim Measures for the Administration of AI Anthropomorphic Interaction Services (人工智能拟人化互动服务管理办法) — the country's first dedicated rule on 'companion'-style AI. His critique is structural, not cosmetic: the core definition of '拟人化 (anthropomorphisation)' is too broad because it anchors on human-like expression rather than the real harm (relational dependency); the invented concept of '交互数据 (interaction data)' should be deleted and folded back into PIPL rather than blanket-prohibited; Chapter 2 mixes three incompatible duty types and should be split; the '1M registered / 100k MAU' security-assessment trigger is borrowed from other regimes and does not track real risk; and the training-data duties are horizontal obligations misplaced in a vertical rule. For overseas counsel building companion-AI or emotional-AI products for the China market: this is a map of where the draft is likely to move, and which duties fall on deployers versus base-model providers.
- § 15 · AI-GOVERNANCE
AI Agents and the Limits of Consent — When 'Authorisation' Stops Being One Click
Li Wenlong (科技利维坦) takes the Doubao phone assistant — an AI that 'reads your screen' and acts across apps — and asks whether the consent/authorisation mechanism that traditional data law leans on can survive the agent era. His four challenges: the app-bounded 'private' environment dissolves as data and permissions move across apps (with Nissenbaum's Contextual Integrity as the only real conceptual anchor, and far from operational); agents that *act* (not just retrieve) push informed consent past the point of failure already reached by personalised ads; purpose limitation collapses because an agent chooses its own path, means and decisions from a low-information instruction, edging into automated decision-making; and ultra vires agency shifts liability from user to platform, with China's 'hallucination case' and the Air Canada case as the only thin precedents. For overseas counsel building or advising on agentic AI in China: a map of why 'authorisation' is becoming a problem of agency, system control, liability allocation and autonomy — not a checkbox — and why transparency is now a prerequisite, not a feature.
- § 16 · PERSONAL-INFORMATION
PIPO vs. DPO — How China's Personal Information Protection Officer Differs from the GDPR Data Protection Officer
The Cyberspace Administration of China announced in July 2025 that personal-information processors handling data on 1 million or more individuals must submit Personal Information Protection Officer (PIPO) information to CAC. Compliance Talker's global legal policy research team contrasts China's PIPO regime under PIPL Article 52 with the GDPR's Data Protection Officer (DPO) framework under Articles 37–39. The most consequential difference: PIPO carries individual administrative liability — up to RMB 1 million in personal fines and industry bans — where DPO does not.
- § 17 · PERSONAL-INFORMATION
Is There Such a Thing as 'Game Data Compliance' in China? — Li Wenlong's Field Notes
Li Wenlong (科技利维坦) reports field observations on personal-data collection inside Chinese games, framed around three questions: is there an industry-specific 'game data compliance' mode; where is enforcement actually concentrated; and does the Chinese picture differ from abroad. His read: domestic game-data compliance is still at a 'wild-west stage' — the violations being caught are the blunt, clearly-unlawful kind (a game demanding photo-album permission), and the enforcement frontier is no different from any other app ecosystem. A principle-level framework was in place before 2023, but the yardstick stays crude, with no breakthrough on concrete evaluation standards — which caps how deep either enforcement or compliance can go. Overseas (GDPR and consumer law), games were under-scrutinised until the last year or two. The forward warning: games will be the main carrier of VR and will embed many models, so the compliance picture is about to get far more complex. For overseas counsel advising game studios on the China market: a reality check on what is — and isn't — being enforced.