社区所有版块导航
Python
python开源   Django   Python   DjangoApp   pycharm  
DATA
docker   Elasticsearch  
aigc
aigc   chatgpt  
WEB开发
linux   MongoDB   Redis   DATABASE   NGINX   其他Web框架   web工具   zookeeper   tornado   NoSql   Bootstrap   js   peewee   Git   bottle   IE   MQ   Jquery  
机器学习
机器学习算法  
Python88.com
反馈   公告   社区推广  
产品
短视频  
印度
印度  
Py学习  »  Git

Digital Economy and Data Protection Newsletter(25.14)

TMT法律论坛 • 11 月前 • 268 次点击  

Click above|Follow us


Recently, within China, the Supreme People’s Court, Supreme People’s Procuratorate and Ministry of Public Security jointly issued the Opinions on Handling Criminal Cases Involving the Crime of Aiding Information-Network Crimes, while the State Administration for Market Regulation promulgated the Guidelines for Advertisement Enforcement; the TC 260 released in rapid succession national standards and normative documents including the Personal Information Protection Requirements for Minors’ Products and Services and technical specifications regulating “shake-to-ad” implementations; the CAC summoned leading semiconductor enterprises for regulatory talks. Extra-territorially, the China-EU Summit addressed data-transfer concerns; the United States and India concluded a trade agreement containing provisions on cross-border data flows; the European Commission published the GPAI Training Template and is advancing the “AI Continent Action Plan”; the U.S. federal government released the AI Action Plan and a series of executive orders while state legislatures remain highly active—e.g., California amended the CCPA privacy rules and Louisiana’s Genomic Data Privacy and Security Act entered into force.


HOTSPOT

HOTSPOT



TC260 issued the draft recommended national standard Data Security Technology—Personal Information Protection Requirements for Products and Services for Minors (Exposure Draft)


On 29 July 2025, the National Technical Committee 260 on Cybersecurity (TC260) issued the draft recommended national standard Data Security Technology—Personal Information Protection Requirements for Products and Services for Minors (Exposure Draft) (hereinafter the “Requirements”) for public comment, with the consultation period closing on 27 September 2025. The Requirements are intended to apply to developers, vendors and operators of network products and services targeting minors—including but not limited to online-protection software, smart-terminal devices, mobile Internet applications (Apps) and websites that are either specifically designed for minors or foreseeably used by them—whose design and operation must align with the physical and mental developmental characteristics of minors. The Requirements prescribe principles for the protection of minors’ personal information, methods for identifying minor users, rules governing the processing of personal information, security-protection obligations and special-protection provisions covering emerging hardware, biometric technologies, automated decision-making, generative artificial intelligence and the application of proactive-protection technologies. To provide tiered implementation guidance, the Requirements stratify protection obligations into three ascending levels—“Basic Protection”, “Interaction-Enhanced” and “Age-Appropriate Optimisation”—with the “Age-Appropriate Development Optimisation Requirements” set out in a normative annex; informative annexes further supply methodological guidance on drafting minors’ personal-information-processing rules, conducting personal-rights-impact assessments and performing network-protection impact evaluations. 


Source: TC260    






Hong Kong and Macao SAR jointly release Introductory Guide to Personal Data Anonymisation


On 31 July 2025, the Office of the Privacy Commissioner for Personal Data, Hong Kong, China (PCPD) and the Office for Personal Data Protection, Macao SAR (GPDP), in concert with the privacy/data-protection authorities of Australia (State of Victoria), Canada (federal level and the Province of British Columbia), Japan (Personal Information Protection Commission), the Republic of Korea (Personal Information Protection Commission), New Zealand (Office of the Privacy Commissioner) and Singapore (Personal Data Protection Commission), formally issued the Chinese-language edition of the Introductory Guide to Personal Data Anonymisation (hereinafter the “Guide”). Intended as a standardised workflow for controllers and processors, the Guide prescribes a five-step anonymisation methodology: (1) data-element classification—distinguishing direct identifiers (e.g., full name, national ID number) from indirect identifiers (e.g., date of birth, gender); (2) removal of direct identifiers; (3)  application of anonymisation techniques (e.g., generalisation, data masking) to indirect identifiers; (4) re-identification risk assessment—quantifying residual risk through metrics such as k-anonymity; and (5) implementation of residual-risk mitigation measures, including access-control restrictions and binding confidentiality undertakings. Source: Government of the Macao Special Administrative Region.


Source: Macao SAR

https://www.gov.mo/zh-hans/news/840969/








NEWSLETTER

NEWSLETTER


(Click on the source or copy the corresponding link to view the details)




LEGISLATION

  1. The Supreme People’s Court, the Supreme People’s Procuratorate and the Ministry of Public Security jointly issued the Opinions on Handling Criminal Cases Involving Aiding Information-Network Crimes and Other Related Issues

    Source: The Supreme People’s Court

    https://www.spp.gov.cn/xwfbh/wsfbt/202507/t20250728_702365.shtml?sessionid=1506080803#1


  2. The State Administration for Market Regulation promulgated the Enforcement Guidelines on the Application of the Advertising Law of the People’s Republic of China (II)

    Source: The State Administration for Market Regulation


  3. The National Technical Committee 260 on Cybersecurity (TC260) released for public comment five draft national standards, including the Cybersecurity Technology—Industrial Control System Cybersecurity Protection Capability Maturity Model

    Source: TC260


  4. TC260 issued the Cybersecurity Standard Practice Guide—Security Requirements for Shake-to-Advertisement Triggering Behaviours

    Source: TC260


  5. TC260 published for public consultation the Cybersecurity Standard Practice Guide—Personal Information Protection Requirements for QR-Code Ordering

    Source: TC260


  6. TC260 opened for public comment the technical document Security Specification for Government Big-Model Applications

    Source: TC260


  7. The Artificial Intelligence Standardisation Technical Committee of the Ministry of Industry and Information Technology released the Guidelines for the Construction of the AI Security Governance Standard System in the Industrial and Information Technology Sector (2025 Edition)

    Source: CAICT



INDUSTRY TRENDS

  1. CAC summons NVIDIA over security risks tied to alleged backdoors and vulnerabilities in H20 AI accelerators

    Source: CAC


  2. Beijing releases the Global AI Governance Action Plan at WAIC 2025

    Source: Government website of China

    https://www.gov.cn/yaowen/liebiao/202507/content_7033929.htm?sessionid=1335405926


  3. MSS warns that foreign intelligence services are exfiltrating data via compromised shared power-banks

    Source: MSS


  4. CAC launches “Qinglang: Rectifying Disinformation Spread by Self-Media” campaign

    Source: CAC


  5. NDA reports 524 curated datasets delivered by seven national data-labelling bases, serving 163 frontier models

    Source: NDA


  6. MIIT Q2 2025 telecom-service bulletin: 1 449 non-compliant apps ordered to rectify

    Source: MIIT


  7. MPS issues public advisory on risks associated with automotive “smart-driving” systems

    Source: Government website of China


  8. SAMR issues guidance supporting e-commerce platforms’ credit-repair services

    Source: SAMR


  9. CNCERT attributes sustained cyber-espionage campaigns against Chinese defence–industrial targets to U.S. intelligence agencies

    Source: CNCERT


  10. Beijing Cyberspace Administration deepens specified enforcement action on illegal personal-data collection and use

    Source: Beijing Cyberspace Administration


  11. Shandong multi-agency task force launches special action on personal-information protection

    Source: Shandong Cyberspace Administration


  12. Hunan MIIT-sector 2025 classified network- and data-security management programme kicks off

    Source: Hunan Communications Administration

    http://www.yuelu.gov.cn/yl_xxgk/tzgg/202507/P020250718507714169833.pdf


  13. Kunming five-agency joint operation cracks down on unlawful citizen personal-data trading

    Source: Yunnan Cyberspace Administration


  14. Shanghai Communications Administration removes 23 apps for user-rights infringements

    Source: Shanghai Communications Administration


  15. Zhejiang Communications Administration issues 2025-6th-batch notice on non-compliant apps/mini-programs

    Source: Zhejiang Communications Administration


  16. MPS Information-System Security Product Quality Supervision & Testing Center flags 33 mobile apps for illegal personal-data practices

    Source: National Cybersecurity Notification Center


  17. Yunnan approves first batch of four enterprises for facial-recognition technology filing

    Source: Yunnan Cyberspace Administration


  18. Hunan approves second batch of four enterprises for facial-recognition technology filing

    Source: Hunan Communications Administration


  19. Shanghai Communications Administration launches “Shield-Mould City 2025” AI-security empowerment special action

    Source: Shanghai Communications Administration


  20. Guangdong Cyberspace Administration takes down one AI app for content-management violations

    Source: Guangdong Cyberspace Administration


  21. Beijing Cyberspace Administration publishes updated filing list of generative-AI services (23 July)

    Source: Beijing Cyberspace Administration


  22. Tianjin Cyberspace Administration releases municipal generative-AI service filing notice (25 July)

    Source: Tianjin Cyberspace Administration


  23. Jiangsu Cyberspace Administration issues provincial generative-AI service filing (registration) notice (25 July)

    Source: Jiangsu Cyberspace Administration



OVERSEAS

  1. International: 

    1. 25th EU-China Summit: The EU expresses concern over data transfers and cybersecurity vis-à-vis China

      Source: European Council

      https://www.consilium.europa.eu/en/press/press-releases/2025/07/24/25th-eu-china-summit-eu-press-release/


    2. U.S.–Indonesia Reciprocal Trade Agreement: Indonesia grants the U.S. an adequacy finding, enabling unrestricted cross-border data flows under Indonesian law

      Source: The White House

      https://www.whitehouse.gov/fact-sheets/2025/07/fact-sheet-the-united-states-and-indonesia-reach-historic-trade-deal/


  2. EU:

    1. EU Commission releases template for General-Purpose AI (GPAI) model providers to summarise training-data content, aligning with the AI Act

      Source: European Commission

      https://digital-strategy.ec.europa.eu/en/news/commission-presents-template-general-purpose-ai-model-providers-summarise-data-used-train-their


    2. EU Commission preliminarily finds Temu in breach of the Digital Services Act (DSA) for failure to assess and mitigate risks of illegal product listings

      Source: European Commission

      https://digital-strategy.ec.europa.eu/en/news/commission-preliminarily-finds-temu-breach-digital-services-act-relation-illegal-products-its


    3. EDPS announces that the European Commission has brought its use of Microsoft 365 into full compliance with Regulation (EU) 2018/1725 following corrective measures

      Source: EDPS

      https://www.edps.europa.eu/press-publications/press-news/press-releases/2025/european-commission-brings-use-microsoft-365-compliance-data-protection-rules-eu-institutions-and-bodies_en


    4. European Parliament publishes research report on AI and civil liability 

      Source: European Parliament

      https://www.edps.europa.eu/press-publications/press-news/press-releases/2025/european-commission-brings-use-microsoft-365-compliance-data-protection-rules-eu-institutions-and-bodies_en


  3. UK:

    1. Data (Use and Access) Act 2025 (DUAA) officially published

      Source: legislation.gov.uk

      https://www.legislation.gov.uk/uksi/2025/904/made


    2. ICO issues new guidance on secure public disclosure of documents to prevent inadvertent personal-data breaches

      Source: Information Commissioner’s Office

      https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/07/new-guidance-on-disclosing-documents-to-the-public/


    3. ICO updates guidance on profiling tools for online safety

      Source: ICO

      https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/online-safety-and-data-protection/profiling-tools-for-online-safety/


    4. ICO fines Scottish charity Birthlink £18,000 for irretrievably destroying 4,800 personal records

      Source: ICO

      https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/07/charity-fined-following-destruction-of-irreplaceable-personal-records/


  4. US:

    1. White House unveils the America AI Action Plan

      Source: The White House

      https://www.whitehouse.gov/articles/2025/07/white-house-unveils-americas-ai-action-plan/


    2. White House issues three AI-focused Executive Orders: (i) accelerating federal permitting for data-center infrastructure, (ii) promoting U.S. AI-technology-stack exports, and (iii) prohibiting federal use of AI systems exhibiting specified ideological bias

      Source: The White House

      https://www.whitehouse.gov/presidential-actions/2025/07/accelerating-federal-permitting-of-data-center-infrastructure/

      https://www.whitehouse.gov/presidential-actions/2025/07/promoting-the-export-of-the-american-ai-technology-stack/

      https://www.whitehouse.gov/presidential-actions/2025/07/preventing-woke-ai-in-the-federal-government/


    3. Kentucky: Temu responds to AG Coleman’s lawsuit alleging unlawful personal-data processing

      Source: Kentucky Today

      https://www.kentuckytoday.com/news/based-on-misinformation-temu-responds-to-ag-colemans-lawsuit/article_917954c2-2263-4298-9b99-6c8918863ff2.html


    4. California: CPPA issues draft regulations on the DROP system, mandating data-broker updates and deletions every 45 days

      Source: California Government

      https://cppa.ca.gov/meetings/materials/20250724_item6_pmt.pdf


    5. California: CPPA adopts final amendments to CCPA regulations covering automated decision-making, risk assessments, and cybersecurity audits

      Source: National Law Review

      https://natlawreview.com/article/california-privacy-regulator-moves-finalize-long-awaited-ccpa-regulations


    6. Louisiana: Genomic Security Act takes effect, barring foreign adversaries from processing genetic data

      Source: Citizen Portal

      https://citizenportal.ai/articles/2769575/Louisiana/ 


    7. Minnesota: AG releases consumer-data-privacy guidance and FAQs 

      Source: Minnesota AG

      https://www.ag.state.mn.us/Data-Privacy/Consumer/


    8. North Dakota: Governor signs Financial Institutions Data Security Program Act

      Source: LegiScan

      https://legiscan.com/ND/bill/HB1127/2025


    9. Montana: Governor signs omnibus privacy bill covering biometric, genetic and neural data

      Source: LegiScan

      https://legiscan.com/MT/text/SB163/2025


    10. Oregon: State requires automakers to comply with enacted OCPA provisions

      Source: Oregon Live

      https://gov.oregonlive.com/bill/2025/HB3875/


    11. Florida: Jury assigns Tesla 33 % liability for fatal Autopilot crash

      Source: Fortune

      https://fortune.com/2025/08/02/tesla-autopilot-crash-jury-trial-verdict-243-million-shock-waves-industry/


    12. Global women’s-health app Flo settles U.S. privacy class-action litigation

      Source: Bloomberg Law

      https://news.bloomberglaw.com/litigation/menstrual-tracking-app-flo-settles-privacy-case-during-trial


    13. OpenAI CEO Sam Altman clarifies that user conversations with ChatGPT are not legally privileged and must be disclosed in litigation

      Source: Interface News

      https://www.jiemian.com/article/13091133.html


  5. France: 

    1. CNIL opens public consultation on draft recommendation for web-filtering gateways

      Source: CNIL

      https://www.cnil.fr/fr/consultation-publique-projet-recommandation-passerelle-filtrage-web


    2. CNIL finalises GDPR-compliant recommendations for developing AI systems

      Source: CNIL

      https://www.cnil.fr/en/ai-cnil-finalises-its-recommendations-development-artificial-intelligence-systems#:~:text=The%20CNIL%20publishes%20its%20latest%20AI%20recommendations%2C%20clarifying,security%20requirements%2C%20and%20conditions%20for%20annotating%20training%20data


  6. Ireland:

    1. DPC launches safeguarding toolkit for protecting vulnerable adults’ data 

      Source: Irish DPC

      https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-launches-adult-safeguarding-toolkit-protect-vulnerable-adults-data#:~:text=The%20toolkit%20offers%20comprehensive%20guidance%20on%20how%20to,Regulation%20(GDPR)%20and%20the%20Data%20Protection%20Act%202018


    2. DPC publishes guidance on AI, large-language models and data protection

      Source: Irish DPC

      https://www.dataprotection.ie/en/dpc-guidance/blogs/AI-LLMs-and-Data-Protection


  7. Hong Kong and Macao jointly release the Introductory Guide to Personal Data Anonymisation

    Source: Macao SAR

    https://www.gov.mo/zh-hans/news/840969/


  8. Germany: BSI publishes white paper on bias in AI systems. Source: Federal Office for Information Security (BSI)

    Source: BSI

    https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/KI/Whitepaper_Bias_KI.html


  9. Australia: Department of Industry, Science and Resources releases report on risks of multi-agent AI systems

    Source: DISR

    https://www.industry.gov.au/news/new-report-highlights-emerging-risks-multi-agent-ai-systems


  10. Korea: PIPC issues draft Cross-border Personal Information Protection Rules Certification Standards

    Source: PIPC

    https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS061&mCode=C010010000&nttId=11390


  11. Monaco: APDP releases data-breach register template

    Source: APDP

    https://apdp.mc/professionnels/formulaires-courriers-pour-agir/registre-des-violations-de-donnees/modele-de-registre/


Note

本文由Gen AI翻译,仅供参考。

Translated by Gen AI service. For reference only.


本期编辑:吴佳蔚 陈煜烺 林婉琪 陈瑞庭 张丽

Python社区是高质量的Python/Django开发社区
本文地址:http://www.python88.com/topic/185208