Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ TAG · PIPL

Filed under pipl

Every brief tagged "pipl".

  • § 13 · CRIMINAL-LIABILITY

    When PIPL Violation Becomes a Crime — Hong Yanqing on China's Personal Information Criminal Threshold

    Hong Yanqing on the criminal-side analog to PIPL — when does mishandling personal information cross from administrative violation into the crime of 'infringing on citizens' personal information'? His critique: the two key elements ('relevant State provisions' and 'serious circumstances') are too loose, and courts have stretched them in ways that should worry compliance teams.

    criminal-liability · pipl · judicial-interpretation
  • § 14 · AI-GOVERNANCE

    Where China's Draft AI Anthropomorphic-Interaction Measures Need Work — A Scholar's Reform Map

    Li Wenlong (科技利维坦) walks through the directions in which he would amend China's draft Interim Measures for the Administration of AI Anthropomorphic Interaction Services (人工智能拟人化互动服务管理办法) — the country's first dedicated rule on 'companion'-style AI. His critique is structural, not cosmetic: the core definition of '拟人化 (anthropomorphisation)' is too broad because it anchors on human-like expression rather than the real harm (relational dependency); the invented concept of '交互数据 (interaction data)' should be deleted and folded back into PIPL rather than blanket-prohibited; Chapter 2 mixes three incompatible duty types and should be split; the '1M registered / 100k MAU' security-assessment trigger is borrowed from other regimes and does not track real risk; and the training-data duties are horizontal obligations misplaced in a vertical rule. For overseas counsel building companion-AI or emotional-AI products for the China market: this is a map of where the draft is likely to move, and which duties fall on deployers versus base-model providers.

    ai-governance · companion-ai · anthropomorphic-ai
  • § 15 · AI-GOVERNANCE

    AI Agents and the Limits of Consent — When 'Authorisation' Stops Being One Click

    Li Wenlong (科技利维坦) takes the Doubao phone assistant — an AI that 'reads your screen' and acts across apps — and asks whether the consent/authorisation mechanism that traditional data law leans on can survive the agent era. His four challenges: the app-bounded 'private' environment dissolves as data and permissions move across apps (with Nissenbaum's Contextual Integrity as the only real conceptual anchor, and far from operational); agents that *act* (not just retrieve) push informed consent past the point of failure already reached by personalised ads; purpose limitation collapses because an agent chooses its own path, means and decisions from a low-information instruction, edging into automated decision-making; and ultra vires agency shifts liability from user to platform, with China's 'hallucination case' and the Air Canada case as the only thin precedents. For overseas counsel building or advising on agentic AI in China: a map of why 'authorisation' is becoming a problem of agency, system control, liability allocation and autonomy — not a checkbox — and why transparency is now a prerequisite, not a feature.

    ai-governance · ai-agents · pipl
  • § 16 · PERSONAL-INFORMATION

    PIPO vs. DPO — How China's Personal Information Protection Officer Differs from the GDPR Data Protection Officer

    The Cyberspace Administration of China announced in July 2025 that personal-information processors handling data on 1 million or more individuals must submit Personal Information Protection Officer (PIPO) information to CAC. Compliance Talker's global legal policy research team contrasts China's PIPO regime under PIPL Article 52 with the GDPR's Data Protection Officer (DPO) framework under Articles 37–39. The most consequential difference: PIPO carries individual administrative liability — up to RMB 1 million in personal fines and industry bans — where DPO does not.

    personal-information · pipl · gdpr-comparison
  • § 17 · PERSONAL-INFORMATION

    Is There Such a Thing as 'Game Data Compliance' in China? — Li Wenlong's Field Notes

    Li Wenlong (科技利维坦) reports field observations on personal-data collection inside Chinese games, framed around three questions: is there an industry-specific 'game data compliance' mode; where is enforcement actually concentrated; and does the Chinese picture differ from abroad. His read: domestic game-data compliance is still at a 'wild-west stage' — the violations being caught are the blunt, clearly-unlawful kind (a game demanding photo-album permission), and the enforcement frontier is no different from any other app ecosystem. A principle-level framework was in place before 2023, but the yardstick stays crude, with no breakthrough on concrete evaluation standards — which caps how deep either enforcement or compliance can go. Overseas (GDPR and consumer law), games were under-scrutinised until the last year or two. The forward warning: games will be the main carrier of VR and will embed many models, so the compliance picture is about to get far more complex. For overseas counsel advising game studios on the China market: a reality check on what is — and isn't — being enforced.

    personal-information · pipl · app-compliance
§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →