Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ TAG · PRIVACY

Filed under privacy

Every brief tagged "privacy".

  • § 01 · MINORS-PROTECTION

    The School Is Not a Bystander: Three Model Cases on Schools' Duties in Minors' Online Protection

    Minors' online protection is usually framed as a job for parents and platforms. Three model cases — a Guangzhou Internet Court judgment on defamation in a parent–school WeChat group, a Supreme People's Procuratorate case where procuratorial recommendations pushed a school to build bullying-control systems after a privacy video spread, and a Zhejiang case where a predator used an unauthorized school-named 'confession wall' account to reach students — show Chinese courts and procuratorates deliberately pulling schools into the frame. JunHe's education team distills the school's three statutory functions: internet-literacy education (Minors Protection Law Arts. 64 and 70, Online Protection Regulations Art. 16), cyberbullying prevention and response (Minors Protection Law Art. 39; School Protection Provisions Art. 21), and internet-addiction intervention (Minors Protection Law Art. 71; Regulations Art. 40). The liability stack for schools that do nothing: administrative correction orders and sanctions under Regulations Art. 51, plus civil supplementary liability under Civil Code Art. 1201. Four recommendations follow: documented literacy and AI-content-discrimination education, a staffed-up 'rule-of-law vice principal' mechanism, a full discover–stop–report–handle bullying protocol, and compliance with device-management and anti-addiction requirements. With 196 million minor netizens at 97.3% penetration, the authors argue schools are the 'main battlefield' whether they like it or not.

    minors-protection · cyberbullying · privacy
  • § 02 · DATA-ECONOMY

    Tang Linyao — Data-Broker Derivative Harms and the 'Data Integration Analysis Framework'

    Tang Linyao (Chinese Academy of Social Sciences) maps the regulatory gap for data-broker derivative harms — the harms that arise not from direct PI leakage but from the integration and aggregation activity that data brokers themselves perform. The analytical core: a vertical / horizontal data-relations framework that explains why existing PIPL-style protection (vertical-relationship-focused) systematically fails to address horizontal-relationship harms; and the 'abstract risk substantialization' doctrine borrowed from US precedent and EU GDPR to bring data-broker risk into ex-ante regulatory scope. Operationally, Tang proposes a 'Data Integration Analysis Framework' with concrete tiering (三高 / 双高 / 单高 / 三低) that translates academic doctrine into compliance-program-grade controls. Applied to a real Shenzhen Data Exchange listing as worked example.

    data-economy · data-broker · data-exchange
  • § 03 · AI-GOVERNANCE

    AI Agents and the Limits of Consent — When 'Authorisation' Stops Being One Click

    Li Wenlong (科技利维坦) takes the Doubao phone assistant — an AI that 'reads your screen' and acts across apps — and asks whether the consent/authorisation mechanism that traditional data law leans on can survive the agent era. His four challenges: the app-bounded 'private' environment dissolves as data and permissions move across apps (with Nissenbaum's Contextual Integrity as the only real conceptual anchor, and far from operational); agents that *act* (not just retrieve) push informed consent past the point of failure already reached by personalised ads; purpose limitation collapses because an agent chooses its own path, means and decisions from a low-information instruction, edging into automated decision-making; and ultra vires agency shifts liability from user to platform, with China's 'hallucination case' and the Air Canada case as the only thin precedents. For overseas counsel building or advising on agentic AI in China: a map of why 'authorisation' is becoming a problem of agency, system control, liability allocation and autonomy — not a checkbox — and why transparency is now a prerequisite, not a feature.

    ai-governance · ai-agents · pipl
§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →