No. Doxxing violates China’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law (PIPL), exposing violators to fines up to 50 million yuan or 5% of annual revenue. Criminal liability may follow under Article 253-1 of the Criminal Law for “illegally selling or providing personal information.” Local cybersecurity bureaus and the Cyberspace Administration of China (CAC) enforce these rules, with heightened scrutiny since 2026’s PIPL amendments.
Key Regulations for Doxxing in China
- Cybersecurity Law (2017): Prohibits unauthorized collection, disclosure, or misuse of personal data, mandating network operators to protect user information under Articles 40–44.
- Personal Information Protection Law (PIPL, 2021; amended 2026): Criminalizes doxxing under Article 69, imposing administrative penalties (e.g., rectification orders) and criminal charges for severe breaches.
- Criminal Law (Article 253-1): Targets “illegal trade in personal information,” with penalties ranging from 3–7 years imprisonment for large-scale or malicious doxxing cases.
Enforcement agencies, including the CAC and provincial public security bureaus, collaborate to monitor online platforms, leveraging real-name registration requirements and mandatory data localization. Foreign entities operating in China face additional scrutiny under the 2026 PIPL revisions, which expand extraterritorial reach for data protection violations.