Digital Economy and Data Protection Newsletter（25.11）

Click above｜Follow us

Recently, in terms of legislation, the Automotive Data Cross-border Security Guidelines and Live-stream E-commerce Supervision and Administration Measures have been publicly solicited for comments, and industry governance has been promoted in depth; the Wuxi Data Regulations have been released, and Shaanxi, Shanxi and other places have solicited comments on the authorized operation of public data, and local data element legislation has been continuously improved. In terms of supervision, the Supreme People's Court and SAMR have released typical cases of infringement of personality rights, trade secrets and trademark rights, 64 non-compliant APPs have been notified, the National Radio and Television Administration has launched a special governance of automatic renewal, MIIT has promoted anti-fraud work, and the national and local cyberspace departments have continued to carry out special actions for AI governance. Abroad, the UK Data (Use and Access) Bill has officially come into effect, and Chinese enterprises going global such as AliExpress, Deepseek and Temu are facing supervision in the EU, South Korea, Greece and other places.

HOTSPOT

The Ministry of Industry and Information Technology (MIIT) and eight other departments publicly solicit opinions on the Automotive Data Cross-border Security Guidelines (2025 Edition) (Draft for Comment)

On June 13, 2025, MIIT, CAC and other departments jointly publicly solicited opinions on the Automotive Data Cross-border Security Guidelines (2025 Edition) (Draft for Comment) (hereinafter referred to as the Guidelines), and the period for soliciting opinions will end on July 13, 2025.

The Guidelines refine and clarify the scope of important data, which is adjusted compared with the existing norms such as the Several Provisions on the Administration of Automotive Data Security (for Trial Implementation) (hereinafter referred to as the Several Provisions). For example, Article 3 of the Several Provisions lists "vehicle external video and image data containing facial information, license plate information, etc." as important data. The Guidelines, combined with the industry characteristics of specific business scenarios, clarify that in the process of carrying out vehicle product simulation, site and actual road testing by automotive data processors, the collected and generated labeled scene data, simulated scene data and test scene data; and in the process of networked operation of vehicles and roadside equipment, the collected and generated vehicle external real-scene images, radar data, position trajectory data, inertial navigation data, autonomous driving map data and composition data that meet the requirements of "the minimum side length of the real face bounding box outside the vehicle is not less than 32 pixels" and "the minimum side length of the real vehicle license plate bounding box outside the vehicle is not less than 16 pixels" are important data.

In addition, the Guidelines clarify the connection with the filing work of important data, and automotive data processors may need to carry out relevant filing work first before carrying out cross-border declaration according to the Guidelines in the future.

For more information, please click here.

Source: Cyberspace Administration of China (CAC)

The Supreme People's Court releases typical cases of infringement of personality rights using the Internet and information technology

On June 12, 2025, the Supreme People's Court released typical cases of infringement of personality rights by using network and information technology, focusing on new forms of infringement such as AI technology infringement, network violence, and illegal trading of facial information, including 6 cases involving the right of reputation, the right of portrait, the right of voice, the right of personal information, and the right of privacy, such as the unauthorized AI-based use of others' voices, the unauthorized use of others' portraits for users to "change faces", and the illegal trading of facial information. The cases reflect the key points of strictly implementing the protection of personality rights in the Civil Code, standardizing the application of emerging technologies, punishing network infringement, and pursuing criminal responsibility, and are intended to strengthen the judicial protection of personality rights and guide the development of technology on the track of the rule of law.

Source: Supreme People's Court

NEWSLETTER

（Click on the source or copy the corresponding link to view the details）

LEGISLATION

The Ministry of Industry and Information Technology (MIIT) and eight other departments publicly solicit opinions on the Automotive Data Cross-border Security Guidelines (2025 Edition) (Draft for Comment)
Source: CAC
The CAC publicly solicits opinions on the Classification Measures for Online Information That May Affect the Physical and Mental Health of Minors (Draft for Comment)
Source: CAC
The State Administration for Market Regulation (SAMR) publicly solicits opinions on the Live-stream E-commerce Supervision and Administration Measures (Draft for Comment)
Source: SAMR
The National Cyberspace Security Standardization Technical Committee publicly solicits opinions on the Cybersecurity Standard Practice Guide — Requirements for Prevention and Disposal of New-type Corruption in Internet Platforms (Draft for Comment)
Source: National Cyberspace Security Standardization Technical Committee
Wuxi City issues the Wuxi Data Regulations
Source: Wuxi Data Bureau
The Shaanxi Data Bureau publicly solicits opinions on the Implementation Rules for Authorized Operation of Public Data Resources in Shaanxi Province (Trial) (Draft for Comment)
Source: Shaanxi Data Bureau
The Shanxi Data Bureau publicly solicits opinions on the Implementation Measures for Data Circulation Security Governance in Shanxi Province (Draft for Comment)
Source: Shanxi Data Bureau

INDUSTRY TRENDS

The Supreme People's Court releases typical cases of infringement of personality rights using the Internet and information technology
Source: Supreme People's Court
SAMR publicizes eight typical cases of trade secret infringement
Source: SAMR
SAMR publicizes seven typical cases of trademark administrative law enforcement
Source: SAMR
The CAC has deeply carried out the first-stage work of the "Qinglang • Rectifying the Abuse of AI Technology" special campaign, and publicized the governance achievements of various regions
Source: CAC
The National Cyberspace and Information Security Information Notification Center notifies 64 mobile applications that illegally collect and use personal information
Source: National Cyberspace Security Notification Center
The National Radio and Television Administration launches a special governance on automatic renewal of Internet TV subscriptions
Source: National Radio and Television Administration
MIIT convenes a meeting to promote the prevention and control of telecom network fraud in the information and communication industry
Source: MIIT
The Ministry of Public Security convenes a deployment meeting for the 2025 "Net Cleanup" and "Network Protection" special operations
Source: Ministry of Public Security
The Cyberspace Administration of China (CAC) releases Typical Cases of Rumor Refutation Using AI-generated Content
Source: Xinhua News Agency
The China Cyberspace Security Association issues a notice on matters related to the capacity training of personal information protection compliance auditors
Source: China Cyberspace Security Association
Beijing has launched a special rectification campaign for data security and personal information protection in the field of people's livelihood consumption
Source: Beijing Cyberspace Administration
The Beijing Cyberspace Administration issues a public notice on launching a special reporting campaign for the protection of minors online
Source: Beijing Cyberspace Administration
Beijing announces the registered information of generative AI services (June 13, 2025)
Source: Beijing Cyberspace Administration
Two companies in Beijing are fined 50,000 yuan for the theft of personal information by overseas IP addresses
Source: Beijing Cyberspace Administration
The Shanghai Communications Administration issues a notice on carrying out network and data security inspections for the telecom and Internet industries in Shanghai in 2025
Source: Shanghai Communications Administration
The Shanghai Cyberspace Administration legally interviews the developer of Zhumengdao APP for vulgar and borderline content in AI agent conversations
Source: Shanghai Cyberspace Administration
Guangdong Province deeply carries out the "Qinglang • Rectifying AI Technology Abuse" special campaign and achieves phased results
Source: Guangdong Cyberspace Administration
Guangdong Province announces the registered information of generative AI services (June 13)
Source: Guangdong Cyberspace Administration
The Guangdong Communications Administration issues a notice on standardizing the implementation of network security protection work for information and communication in 2025
Source: Guangdong Communications Administration
Tianjin completes the first filing for the application of facial recognition technology
Source: Tianjin Cyberspace Administration
Chongqing carries out network security and personal information protection inspections in multiple fields
Source: Chongqing Cyberspace Administration
The China Cyberspace Security Association releases the Industry Initiative for Promoting the Safe, Reliable, and Controllable Development of Artificial Intelligence
Source: China Cyberspace Security Association
The China Cyberspace Security Association releases the Compliance Initiative for the Application of Facial Recognition Technology
Source: China Cyberspace Security Association

OVERSEAS

United States:

The Federal Trade Commission (FTC) publishes FAQs on the GLBA Safeguards Rule (involving financial institutions and automobile dealers)
Source: FTC
https://www.ftc.gov/news-events/news/press-releases/2025/06/ftc-provides-guidance-updated-safeguards-rule
The Attorney General of Florida filed a lawsuit against Chinese medical device manufacturers, alleging data security vulnerabilities and privacy risks
Source: Attorney General of Florida
https://www.myfloridalegal.com/newsrelease/attorney-general-james-uthmeier-issues-subpoenas-companies-selling-medical-devices
The Governor of Vermont signs the Age-Appropriate Design Code Act
Source: State of Vermont
https://legiscan.com/VT/bill/S0069/2025

European Union:

The European Commission makes the commitments of AliExpress under the Digital Services Act (DSA) legally binding
Source: European Commission
https://digital-strategy.ec.europa.eu/en/news/commission-makes-aliexpress-commitments-under-digital-services-act-binding
The European Commission publishes a draft recommendation on artificial intelligence and algorithmic management in the workplace
Source: European Commission
https://www.europarl.europa.eu/doceo/document/EMPL-PR-774283_EN.pdf
The European Commission issues guidelines on making medical device software available on applications on online platforms
Source: European Commission
https://health.ec.europa.eu/latest-updates/mdcg-2025-4-guidance-safe-making-available-medical-device-software-mdsw-apps-online-platforms-june-2025-06-16_en
Advocate General of the Court of Justice of the European Union Supports the European Commission's Antitrust Ruling Against Google
Source: CJEU
https://curia.europa.eu/jcms/upload/docs/application/pdf/2025-06/cp250072en.pdf

United Kingdom:

The Data (Use and Access) Bill formally becomes law
Source: Information Commissioner's Office (ICO)
https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/06/uk-organisations-stand-to-benefit-from-new-data-protection-laws/
ICO publishes guidelines for smart home products
Source: ICO
https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/06/new-guidance-to-help-smart-product-manufacturers-get-data-protection-right/

France:

The Commission Nationale de l'Informatique et des Libertés (CNIL) issues recommendations on legitimate interests related to the development of artificial intelligence systems
Source: CNIL
https://www.cnil.fr/fr/recommandations-developpement-ia-interet-legitime
CNIL solicits public opinions on the draft recommendation on tracking pixels
Source: CNIL
https://www.cnil.fr/fr/consultation-publique-projet-recommandation-pixels-de-suivi
CNIL publishes guidelines on the compassion prescription framework
Source: CNIL
https://www.cnil.fr/fr/cadre-prescription-compassionnelle
CNIL releases Q&As on the use of AI systems in schools
Source: CNIL
https://www.cnil.fr/fr/deux-faq-utilisation-des-systemes-dia-lecole

Germany:

The German Data Protection Conference (DSK) publishes guidelines on AI, cloud computing, and penalty procedures
Source: DSK
https://datenschutzkonferenz-online.de/media/pm/20250617-DSK-PM-2_Zwischenkonferenz.pdf
German Court Rulings Support Meta's Use of User Data for AI Training
Source: Cologne Higher Regional Court
https://nrwe.justiz.nrw.de/olgs/koeln/j2025/15_UKl_2_25_Urteil_20250523.html
NOYB sues the German Data Protection Authority (DPA), accusing it of inaction on "Pay or OK" cases
Source: NOYB
https://noyb.eu/en/years-inactivity-pay-or-ok-cases-noyb-sues-german-dpas

Greece: The Hellenic Data Protection Authority (HDPA) issues a decision requiring DeepSeek to appoint an EU representative
Source: HDPA
https://gdprhub.eu/index.php?title=HDPA_(Greece)_-_18/2025
Belgium: The Belgian Data Protection Authority (DPA) publishes a Data Protection Officer (DPO) manual
Source: Belgian DPA
https://www.autoriteprotectiondonnees.be/professionnel/rgpd-/delegue-a-la-protection-des-donnees
Finland: Organizations are required to update the contact information of their Data Protection Officers (DPOs)
Source: Office of the Finnish Data Protection Ombudsman
https://tietosuoja.fi/en/-/organisations-asked-to-update-the-contact-details-of-their-data-protection-officers
Netherlands: Guidelines on social media use are published
Source: DutchNews
https://www.dutchnews.nl/2025/06/no-social-media-for-under-15s-dutch-government-tells-parents/
Spain: The Spanish Data Protection Agency (AEPD) issues a statement on the processing of personal data in accommodation services
Source: AEPD
https://www.aepd.es/prensa-y-comunicacion/notas-de-prensa/aepd-informa-de-que-no-esta-permitido-solicitar-copia-dni-o-pasaporte-en-hospedajes
South Korea:

The Personal Information Protection Commission (PIPC) publishes guidelines on the use of CCTV
Source: PIPC
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS213&mCode=C040050000&nttId=11283
Temu is fined 357 million South Korean won by the Korea Fair Trade Commission (KFTC) for fraudulent promotional activities
Source: KFTC
https://www.ftc.go.kr/www/selectBbsNttView.do?pageUnit=10&pageIndex=1&searchCnd=all&key=12&bordCd=3&searchCtgry=01,02&nttSn=46167

Vietnam: The National Assembly passes the Digital Technology Law to strengthen AI regulation
Source: Vietnamese Government
https://nhandan.vn/quoc-hoi-thong-qua-luat-cong-nghiep-cong-nghe-so-dong-luc-moi-cho-kinh-te-so-viet-nam-post886908.html

Note

本文由Gen AI翻译，仅供参考。

Translated by Gen AI service. For reference only.

本期编辑：吴佳蔚陈煜烺林婉琪张丽