注册    登录
创作新主题
社区所有版块导航
Python
python开源   Django   Python   DjangoApp   pycharm  
DATA
docker   Elasticsearch  
分享
问与答   闲聊   招聘   翻译   创业   分享发现   分享创造   求职   区块链   支付之战  
aigc
aigc   chatgpt  
WEB开发
linux   MongoDB   Redis   DATABASE   NGINX   其他Web框架   web工具   zookeeper   tornado   NoSql   Bootstrap   js   peewee   Git   bottle   IE   MQ   Jquery  
机器学习
机器学习算法  
Python88.com
反馈   公告   社区推广  
产品
短视频  
印度
印度  
关注
Py学习  »  Git

Digital Economy and Data Protection Newsletter(25.03)

TMT法律论坛 • 1 月前 • 58 次点击  

Click above|Follow us


Recently, in terms of personal information protection, the CAC has officially released measures and guidelines for compliance audits on personal information protection. The obligation for compliance audits is about to be formally implemented. The State Council has issued regulations on the management of public security surveillance systems, emphasizing the protection of public surveillance video image information. The National Information Security Standardization Technical Committee has also released practice guidelines on personal information security protection for facial recognition payment scenarios. In terms of cross-border data transfer, the Shanghai Free Trade Zone has introduced a negative list management method and the first batch of negative lists, covering reinsurance, international shipping, and trade sectors. Regarding AI governance, the European Commission has published guidelines on prohibited AI practices under the AI Act, further clarifying the application conditions and definitions of prohibited AI systems.


HOTSPOT

HOTSPOT



The CAC issued the "Measures for the Administration of Personal Information Protection Compliance Audits"


On February 14, 2025, the Cyberspace Administration of China (CAC) released the "Measures for the Administration of Personal Information Protection Compliance Audits" (hereinafter referred to as the "Measures"). The Measures provide detailed regulations on the conduct of personal information protection compliance audits under Articles 54 and 64 of the Personal Information Protection Law and Article 27 of the Network Data Security Management Regulations. These regulations cover the frequency of compliance audits, the selection of compliance audit institutions, the obligations of personal information handlers and professional institutions in compliance audits, and provide a "Guidance on Personal Information Protection Compliance Audits" in the annex, which will be implemented from May 1, 2025.

According to the Measures, personal information handlers that process personal information of more than 10 million individuals are required to conduct a personal information protection compliance audit at least once every two years.


Source: CAC




The State Council issued the "Regulations on the Management of Public Security Video and Image Information Systems"


On February 10, 2025, the State Council released the "Regulations on the Management of Public Security Video and Image Information Systems" (hereinafter referred to as the "Regulations"), which will be implemented from April 1, 2025. The Regulations primarily regulate public security video and image information systems, namely systems that install image capture devices and related facilities in public places to collect, transmit, display, and store video and image information related to public security (hereinafter referred to as "public security video systems").

The Regulations explicitly prohibit the installation of image capture devices and related facilities in certain areas and locations. In public places with gatherings of people, only the management units of public security video systems are permitted to install such devices. In other public places, only units or individuals with security responsibilities for the premises may install image capture devices and related facilities if it is necessary for maintaining public security.

In addition, the Regulations clarify the retention period for public surveillance video and image information, as well as requirements for access and dissemination.


Source: State Council

https://www.gov.cn/zhengce/content/202502/content_7003024.htm





Shanghai Free Trade Zone Data Export Negative List Management Measures and Negative List (2024 Edition) is released


On February 8, 2025, the Shanghai Cyberspace Administration, the Shanghai Data Bureau, the Shanghai Development and Reform Commission, the China (Shanghai) Pilot Free Trade Zone Administration, and the Lingang New Area Administration of the China (Shanghai) Pilot Free Trade Zone jointly released the "Management Measures for the Negative List of Data Export in the China (Shanghai) Pilot Free Trade Zone and Lingang New Area (Trial)" (hereinafter referred to as the "Management Measures") and the "Negative List of Data Export in the China (Shanghai) Pilot Free Trade Zone and Lingang New Area (2024 Edition)" (hereinafter referred to as the "Negative List"), along with the "Implementation Guide for the Negative List of Data Export (Trial)".

The first batch of the Negative List covers three key sectors: finance (reinsurance), shipping (international shipping), and trade (retail and catering, accommodation industry). It includes two types of data—important data and personal information—across six specific scenarios and 84 data items.

For data handlers registered in the China (Shanghai) Pilot Free Trade Zone and Lingang New Area, those in the industries and fields listed in the Negative List can export data outside the Negative List without the need to apply for a data export security assessment, conclude a standard contract for personal information export, or obtain personal information protection certification.


For more information, please click here.

Source: Shanghai Cyberspace Administration





The European Commission approved the "Guidelines on Prohibited Artificial Intelligence Practices"


On February 4, 2025, local time, the European Commission approved the guidelines on prohibited artificial intelligence (AI) practices (hereinafter referred to as the "Guidelines" ) under the EU AI Act (Regulation (EU) 2024/1689). These Guidelines explain the application conditions and definitions of prohibited AI systems under Article 5 of the AI Act and provide specific examples. They also clarify the relationship between the AI Act and other EU regulations, the relationship between Article 5 and other provisions of the AI Act, as well as related enforcement, supervision, and penalties.


For more information, please click here.

Source: European Commission

https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-prohibited-artificial-intelligence-ai-practices-defined-ai-act






NEWSLETTER

NEWSLETTER


(Click on the source or copy the corresponding link to view the details)




LEGISLATION

  1. The State Council issued the "Regulations on the Management of Public Security Video and Image Information Systems"

    Source: The State Council

    https://www.gov.cn/zhengce/content/202502/content_7003024.htm


  2. The CAC issued the "Administrative Measures for Compliance Audits of Personal Information Protection"

    Source: CAC 


  3. The CAC and other departments issued the "Administrative Measures for the Dissemination of Internet Military Information"

    Source: CAC


  4. The National Development and Reform Commission and the National Data Bureau issued the "Interim Implementation Specifications for the Authorized Operation of Public Data Resources"

    Source: The National Development and Reform Commission


  5. The National Development and Reform Commission and the National Data Bureau issued the "Notice on the Establishment of a Price - Formation Mechanism for the Authorized Operation of Public Data Resources"

    Source: The National Development and Reform Commission


  6. The National Data Bureau publicly solicited opinions on the "Second Batch of Common Glossary Explanations in the Data Field"

    Source: The National Data Bureau


  7. The People's Bank of China publicly solicited opinions on the "Draft for Comment on the Administrative Measures for Reporting Cybersecurity Incidents in the Business Areas of the People's Bank of China"

    Source: The People's Bank of China

    http://www.pbc.gov.cn/tiaofasi/144941/144979/3941920/5576137/index.html


  8. The People's Bank of China and other departments issued the "Opinions on Promoting Institutional Opening - up by Piloting the Alignment with High - Standard International Norms in Conditional Pilot Free Trade Zones (Ports) in the Financial Sector", exploring the establishment of a "whitelist" system for cross - border financial data flows

    Source: The State Administration of Foreign Exchange

    https://www.safe.gov.cn/safe/2025/0123/25702.html


  9. The Ministry of Civil Affairs and other departments issued the "Administrative Measures for the Protection of Personal Information of Children in Need"

    Source: The Chinese Government Network

    https://www.gov.cn/zhengce/zhengceku/202501/content_7000927.htm


  10. The State Administration for Market Regulation publicly solicited opinions on the "Draft for Comment on the Interim Administrative Measures for the Submission of Network Transaction Compliance Data"

    Source: The State Administration for Market Regulation

    https://www.samr.gov.cn/hd/zjdc/art/2025/art_a932cb0863ab4552a05d3728324ba061.html


  11. Shanghai CAC and four other departments issued the "Interim Measures for the Management of Negative Lists for Data Exports from the China (Shanghai) Pilot Free Trade Zone and the Lingang New Area" and the "Negative List (2024 Edition)"

    Source: Shanghai CAC


  12. TC260 issued the "Practice Guidelines for Cybersecurity Standards - Personal Information Security Protection Requirements in Face Recognition Payment Scenarios"

    Source: TC260


  13. TC260 publicly solicited opinions on the "Artificial Intelligence Security Standard System (V1.0) (Draft for Comment)"

    Source: TC260


  14. TC260 publicly solicited opinions on the "Practice Guidelines for Cybersecurity Standards - Coding Rules for Service Providers of Artificial Intelligence - Generated and Synthetic Content Identification (Draft for Comment)"

    Source: TC260


  15. TC260 publicly solicited opinions on the "Practice Guidelines for Cybersecurity Standards - Guidelines for Protecting the Rights and Interests of Individuals Regarding 'Shake - to - Advertise' (Draft for Comment)"

    Source: TC260


  16. The National Data Standardization Technical Committee released the first batch of national standard requirements in the data field in 2025

    Source: The National Data Standardization Technical Committee

    https://www.tc609.org.cn/portal/article/2/656b25d3d0614974beec8c629cb68620


  17. Beijing publicly solicited opinions on the "Draft for Comment on the Implementation Opinions on Accelerating the Development and Utilization of Public Data Resources in Beijing"

    Source: The Beijing Municipal People's Government

    https://www.beijing.gov.cn/hudong/gfxwjzj/zjxx/202502/t20250205_4003064.html


  18. Guangzhou issued the "Guangzhou Data Regulations"

    Source: The Guangzhou People's Congress


  19. Guangzhou issued the "Guangzhou Intelligent Connected Vehicle Innovation and Development Regulations"

    Source: The Guangzhou People's Congress

    https://www.rd.gz.cn/xwdt/content/post_257533.html


  20. Jiangsu issued the "Jiangsu Data Regulations"

    Source: Jiangsu People's Congress


  21. Fujian publicly solicited opinions on the "Draft for Comment on the Interim Measures for the Registration and Management of Public Data Resources in Fujian Province"

    Source: The Fujian Provincial Development and Reform Commission

    https://fgw.fujian.gov.cn/ztzl/szfjzt/tzgg/202501/t20250117_6704168.htm


  22. Guizhou issued the "Interim Measures for the Authorized Operation Management of Public Data in Guizhou Province"

    Source: The Guizhou Provincial People's Government

    https://www.guizhou.gov.cn/zwgk/zcfg/szfwj/qfbh/202501/t20250116_86634266.html


  23. Gansu issued the "Opinions on Accelerating the Improvement of the Data Property Rights System"

    Source: The Gansu Provincial People's Government

    https://www.gansu.gov.cn/gsszf/c100055/202501/174064778.shtml  



INDUSTRY TRENDS

  1. Google was investigated for suspected antitrust violations

    Source: The State Administration for Market Regulation


  2. MIIT: In 2024, more than 5,200 apps were ordered to be rectified and removed from the shelves

    Source: The State Council Information Office

    http://www.scio.gov.cn/live/2025/35422/tw/


  3. The Supreme People's Procuratorate: In 2024, procuratorial organs across the country prosecuted nearly 1,000 cases of crimes against enterprise data security

    Source: The Supreme People's Procuratorate

    https://www.spp.gov.cn/spp/zdgz/202501/t20250125_680960.shtml


  4. The CAC strengthened the management of Internet news information service licenses

    Source: CAC


  5. Nandu reported a case where Sina Weibo was sued for publicly disclosing visitors' records for a fee

    Source: Privacy Guards 


  6. The fourth batch of generative artificial intelligence (large - language models) in Hunan passed the filing review

    Source: Hunan CAC


  7. Shanghai released the "Announcement on the Registration Information of Generative Artificial Intelligence Services in Shanghai (January 25, 2025)"

    Source: Shanghai CAC


  8. The Shanghai Communications Administration issued the first batch of notifications on apps that violated users' rights and interests in 2025

    Source: The Shanghai Communications Administration


  9. A securities firm was subject to regulatory measures by the Shanghai Stock Exchange for failing to report a cybersecurity incident

    Source: The Shanghai Stock Exchange

    https://file.finance.sina.com.cn/211.154.219.97:9494/MRGG/BOND/2025/2025-1/2025-01-27/21907046.PDF  



OVERSEAS

  1. DeepSeek Faces Regulatory Challenges Abroad:

    1. Italy: The Italian data protection authority, Garante, sent an inquiry to DeepSeek on January 28 regarding user data processing and requested on January 30 that DeepSeek shall limit the processing of personal data of Italian citizens

      Source: Garante

      https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/10096856

      https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/10097450


    2. Ireland: The Irish Data Protection Commission (DPA) requested information from DeepSeek regarding user data processing

      Source: Reuters

      https://www.reuters.com/technology/irish-data-regulator-requests-information-deepseek-data-processing-2025-01-29/


    3. Belgium: The Belgian Data Protection Authority (GBA) launched investigation into DeepSeek following a complaint

      Source: The Brussels Times

      https://www.brusselstimes.com/1419622/investigation-opened-into-possible-privacy-violations-by-deepseek


    4. Netherlands: The Dutch Data Protection Authority (DPA) initiated an investigation into data protection issues related to DeepSeek

      Source: Reuters

      https://www.reuters.com/technology/artificial-intelligence/dutch-privacy-watchdog-launch-investigation-into-chinas-deepseek-ai-2025-01-31/


    5. South Korea: The Personal Information Protection Commission (PIPC) announced an investigation into DeepSeek

      Source: PIPC

      https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=10989


  2. International:

    1. At the Paris AI Action Summit, 60 countries jointly signed the "Statement on Inclusive and Sustainable Artificial Intelligence"

      Source: The official website of the French President

      https://www.elysee.fr/en/emmanuel-macron/2025/02/11/statement-on-inclusive-and-sustainable-artificial-intelligence-for-people-and-the-planet


    2. The OECD issued policy recommendations on enhancing data access and sharing in the AI era

      Source: The OECD

      https://www.oecd.org/en/publications/enhancing-access-to-and-sharing-of-data-in-the-age-of-artificial-intelligence_23a70dca-en.html


  3. European Union:

    1. The European Commission approved the "Guidelines on Prohibited Artificial Intelligence Practices"

      Source: The European Commission

      https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-prohibited-artificial-intelligence-ai-practices-defined-ai-act


    2. The European Commission released guidelines on the definition of artificial intelligence systems under the "Artificial Intelligence Act"

      Source: The European Commission

      https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-ai-system-definition-facilitate-first-ai-acts-rules-application


    3. EDPB issued the 01/2025 guidelines on pseudonymization

      Source: EDPB

      https://www.edpb.europa.eu/system/files/2025-01/edpb_guidelines_202501_pseudonymisation_en.pdf


    4. The EDPB adopted a statement on age verification

      Source: EDPB

      https://www.edpb.europa.eu/our-work-tools/our-documents/other-guidance/statement-12025-age-assurance_en


    5. The Court of Justice of the European Union issued an opinion on pseudonymization

      Source: The Court of Justice of the European Union

      https://curia.europa.eu/juris/documents.jsf?nat=or&mat=or&pcs=Oor&jur=C,T,F&num=T-557%2F20&for=&jge=&dates=&language=en&pro=&cit=none%2CC%2CCJ%2CR%2C2008E%2C%2C%2C%2C%2C%2C%2C%2C%2C%2Ctrue%2Cfalse%2Cfalse&oqp=&td=;ALL&avg=&lgrec=en&page=1&lg=&cid=29356203


    6. The Court of Justice of the European Union issued an opinion on the liability of online market operators under the GDPR

      Source: The Court of Justice of the European Union

      https://curia.europa.eu/juris/liste.jsf?num=C-203/22


    7. The European Commission requested Shein to provide information on its recommendation system

      Source: The European Commission

      https://digital-strategy.ec.europa.eu/en/news/commission-requests-information-shein-illegal-products-and-its-recommender-system


  4. United States:

    1. FTC finalized an amendment to the Children's Online Privacy Protection Rule (COPPA)

      Source: FTC

      https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-finalizes-changes-childrens-privacy-rule-limiting-companies-ability-monetize-kids-data


    2. Genshin Impact Game Developer Will be Banned from Selling Lootboxes to Teens Under 16 without Parental Consent, Pay a $20 Million Fine to Settle FTC Charges

      Source: FTC

      https://www.ftc.gov/news-events/news/press-releases/2025/01/genshin-impact-game-developer-will-be-banned-selling-lootboxes-teens-under-16-without-parental


    3. The "Kids Off Social Media Act" was submitted to the Senate

      Source: The United States Congress

      https://www.congress.gov/bill/119th-congress/senate-bill/278/text/is


  5. United Kingdom:

    1. ICO issued guidelines on processing employment records

      Source: ICO

      https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/employment/


    2. ICO launched a direct - marketing advice generator

      Source: ICO

      https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/02/direct-marketing-advice-generator-makes-it-easy-for-organisations-to-comply-with-the-law/


    3. The High Court ruled on the consent standards required for analysis and direct marketing

      Source: The High Court of the United Kingdom

      https://www.bailii.org/cgi-bin/format.cgi?doc=/ew/cases/EWHC/KB/2025/111.html


  6. France:

    1. CNIL issued TIA guidelines

      Source: CNIL

      https://www.cnil.fr/en/transfer-impact-assessment-tia-cnil-publishes-final-version-its-guide


    2. CNIL issued guidelines on how apps can integrate SDKs

      Source: CNIL

      https://www.cnil.fr/fr/applications-mobiles-comment-integrer-des-sdk-et-respecter-la-vie-privee-des-utilisateurs


    3. CNIL issued recommendations on AI and the GDPR

      Source: CNIL

      https://www.cnil.fr/fr/ia-et-rgpd-la-cnil-publie-ses-nouvelles-recommandations-pour-accompagner-une-innovation-responsable


  7. New Zealand:

    1. OPC released Vietnamese and Chinese - language privacy handbooks

      Source: OPC

      https://www.privacy.org.nz/publications/brochures-posters/printable-privacy-brochures-in-traditional-and-simplified-chinese/


    2. The Privacy Law Amendment Bill was submitted to Parliament

      Source: The New Zealand Parliament

      https://www.parliament.nz/en/pb/hansard-debates/rhr/combined/HansDeb_20250128_20250128_28/


  8. Switzerland:

    1. FDPIC issued Cookie guidelines

      Source: FDPIC

      https://www.edoeb.admin.ch/en/guidelines-on-data-processing-using-cookies


    2. FDPIC issued guidelines clarifying data breach notifications

      Source: FDPIC

      https://backend.edoeb.admin.ch/fileservice/sdweb-docs-prod-edoebch-files/files/2025/02/06/453ae1b5-8ccf-42c7-8c66-cb301589f844.pdf


  9. Sweden: SWEDMA issued ethical guidelines for AI in marketing

    Source: SWEDMA

    https://www.swedma.se/etiska-riktlinjer-for-ai-anvandning-i-marknadsforing/


  10. Spain: AEPDlaunched an advertising exclusion system

    Source: The Spanish Data Protection Agency (AEPD)

    https://www.aepd.es/areas-de-actuacion/publicidad-no-deseada


  11. Malta: IDPC issued frequently asked questions about Data Protection Officers (DPOs)

    Source: IDPC

    https://idpc.org.mt/idpc-publications/faqs-on-data-protection-officers-dpos/


  12. Monaco: APDP issued guidelines for the "Personal Data Protection Law"

    Source: APDP

    https://apdp.mc/la-loi-n-1-565-du-3-decembre-2024/


  13. Thailand:

    1. PDPC announced strict supervision of mobile devices and tablets

      Source: PDPC

      https://dgcbriefings.substack.com/p/thailand-strict-enforcement-against


    2. PDPC issued multiple guidelines to help Thai enterprises apply cross - border transfer mechanisms of ASEAN, APEC, GDPR, and UK DPA

      Source: PDPC

      ASEAN CBDF:https://www.pdpc.or.th/pdpc-book/aseanpublish/

      APEC CBPR:https://www.pdpc.or.th/pdpc-book/cbprpublish/

      GDPR and UK DPA:https://www.pdpc.or.th/pdpc-book/eu-gdpr-uk-dpa/


  14. South Korea:

    1. PIPC made a penalty decision on cross - border data sharing violations among KakaoPay, Apple Pay, and Alipay

      Source: PIPC

      http://koreabizwire.com/kakaopay-and-apple-pay-fined-5-8-million-over-privacy-violations-in-south-korea/304605


    2. KCC released a case study on dark patterns

      Source: KCC

      https://blog.naver.com/PostView.naver?blogId=kcc1335&logNo=223750968682



Note

本文由Gen AI翻译,仅供参考。

Translated by Gen AI service. For reference only.


本期编辑:吴佳蔚 陈煜烺 陈瑞庭 张丽

Python社区是高质量的Python/Django开发社区
本文地址:http://www.python88.com/topic/179187
Reply
 
58 次点击  
登录后回复
关于   移动版
Py学习 - 专注于Python技术发展的社区(原Django社区)
沪ICP备11025650号