每周数据法律资讯 Data Law Weekly（20250714-20250720）

1. 国家网信办发布《关于开展个人信息保护负责人信息报送工作的公告》

7月18日，国家网信办发布《关于开展个人信息保护负责人信息报送工作的公告》。公告显示，根据《个人信息保护法》第五十二条、《个人信息保护合规审计管理办法》第十二条规定，处理100万人以上个人信息的个人信息处理者，应当向所在地设区的市级网信部门履行个人信息保护负责人信息报送手续。自该公告发布之日起，个人信息处理者处理个人信息达到100万人的，应当自数量达到之日起30个工作日内完成信息报送。该公告发布前，个人信息处理者处理个人信息数量已经达到100万人的，应当在2025年8月29日前完成信息报送。

【参见：

https://mp.weixin.qq.com/s/DTM9QMXH6u11CnH9LYG-lA】

The CAC issued the “Notice on the Reporting of Personal Information Protection Officers”

On July 18, the Cyberspace Administration of China (CAC) issued the “Notice on the Reporting of Personal Information Protection Officers.” The notice states that in accordance with Article 52 of the Personal Information Protection Law and Article 12 of the Measures for the Administration of Personal Information Protection Compliance Audits, personal information processors processing personal information of 1 million or more individuals shall report the information of their personal information protection officers to the municipal-level cyberspace administration department where they are located. From the date of the announcement, personal information processors that process personal information of 1 million or more individuals shall complete the information reporting within 30 working days from the date the number reaches 1 million. For personal information processors that had already processed personal information of 1 million or more individuals prior to the announcement, they shall complete the information reporting by 29 August 2025.

[Reference:

https://mp.weixin.qq.com/s/DTM9QMXH6u11CnH9LYG-lA]

2. 中欧数据跨境流动交流机制第二次会议在布鲁塞尔举行

当地时间7月17日，中欧数据跨境流动交流机制第二次会议在布鲁塞尔举行。双方就中欧数据跨境流动相关议题进行了深入、务实、富有建设性的交流，并结合双方企业诉求，就坚持双向对等原则进一步发挥机制作用，推动规则联通等达成广泛共识。双方同意设立工作组，就中欧汽车领域数据跨境流动开展合作。

【参见：

https://mp.weixin.qq.com/s/o1ZIT6-QP0DXeNpJGK4mXA】

The Second Meeting of the China-EU Cross-Border Data Flow Exchange Mechanism was held in Brussels

On July 17 local time, the Second Meeting of the China-EU Cross-Border Data Flow Exchange Mechanism was held in Brussels. The two sides engaged in in-depth, pragmatic, and constructive exchanges on issues related to cross-border data flow between China and the EU. Taking into account the demands of enterprises from both sides, they reached broad consensus on further leveraging the mechanism's role in adhering to the principle of mutual reciprocity and promoting rule connectivity. Both sides agreed to establish a working group to cooperate on cross-border data flow in the automotive sector between China and the EU.

[Reference:

https://mp.weixin.qq.com/s/o1ZIT6-QP0DXeNpJGK4mXA]

3. 最高人民法院发布一则关于已公开个人信息合理使用认定的入库案例

7月17日，最高人民法院发布入库参考案例“麦某波诉北京法某科技有限公司、北京律某信息技术有限公司网络侵权责任纠纷案——已公开个人信息合理使用的认定”（入库编号： 2025-07-2-369-003）。该案中，法院认为，根据《个人信息保护法》第十三条第一款第六项的规定，个人信息处理者可以在合理的范围内处理已经合法公开的个人信息。对于范围合理与否的评价，应以处理目的和处理方式作为评价依据。本案中，北京法某公司的处理行为因对麦某波个人权益造成明显影响、对麦某波的个人信息生成用户画像但未能未客观反映麦某波的律师执业能力、未履行个人信息处理的告知义务，因此构成对麦某波个人信息权益的侵害。该案形成裁判要旨：个人信息处理者处理已公开个人信息超出合理范围的，不属于《个人信息保护法》第十三条第一款第六项规定的不需取得个人同意处理个人信息的情形，个人信息主体据此主张个人信息处理者侵犯个人信息权益的，人民法院依法应予支持。

【参见：

https://www.court.gov.cn/zixun/xiangqing/471161.html】

The Supreme People’s Court issued a reference case involving the reasonable use of publicly disclosed personal information

On July 17, the Supreme People’s Court issued a reference case titled “Ma Moubo v. Beijing Fa Mou Technology Co., Ltd. and Beijing Lv Mou Information Technology Co., Ltd. Network Infringement Liability Dispute Case — Determination of the Reasonable Use of Publicly Disclosed Personal Information” (Reference No: 2025-07-2-369-003). In this case, the court held that pursuant to Article 13(1)(6) of the Personal Information Protection Law, personal information processors may process personal information that has been lawfully disclosed within a reasonable scope. The evaluation of whether the scope is reasonable should be based on the purpose and manner of processing. In this case, Beijing Fa Mou Company’s processing activities caused significant adverse effects on Mai Mou Bo’s personal rights, generated a user profile of Mai Mou Bo’s personal information without objectively reflecting his professional capabilities as a lawyer, and failed to fulfil the obligation to notify the individual of the processing of personal information. Therefore, such actions constituted an infringement of Mai Mou Bo’s personal information rights. The case established the following judicial principle: When a personal information processor processes publicly disclosed personal information beyond a reasonable scope, it does not fall under the circumstances specified in Article 13(1)(6) of the Personal Information Protection Law where consent from the individual is not required for processing personal information. If the data subject asserts that the personal information processor has infringed upon their personal information rights, the people’s court shall support such claims in accordance with the law.

[Reference:

https://www.court.gov.cn/zixun/xiangqing/471161.html]

4. 中央网信办部署开展“清朗·2025年暑期未成年人网络环境整治”专项行动，关注AI功能在未成年人领域不当应用及诱导沉迷问题

7月15日，中央网信办宣布在全国范围内部署开展为期2个月的“清朗·2025年暑期未成年人网络环境整治”专项行动。本次专项行动将聚焦各类新情况新表现，做好四方面问题整治。一是实施网络侵害行为。二是隐蔽传播违法不良信息。三是诱导参与线下危险活动。四是利用未成年人形象牟利。在开展专项整治的同时，网信部门将重点关注三个方面情况。一是未成年人模式的使用情况以及内容建设存在的问题。二是儿童智能设备的内容安全以及功能规范。三是AI功能在未成年人领域不当应用以及诱导沉迷问题。

【参见：

https://mp.weixin.qq.com/s/jH7pOr0sn5IEKaDK2xmTLA】

The CAC launched a special campaign to clean up the online environment for minors during the 2025 summer vacation, focusing on the inappropriate use of AI functions in the field of minors and the problem of inducing addiction

On July 15, the CAC announced the launch of a two-month special campaign to clean up the online environment for minors during the 2025 summer vacation. The campaign will focus on various new situations and manifestations and address four key issues. First, addressing online harm. Second, covertly spreading illegal and harmful information. Third, inducing participation in dangerous offline activities. Fourth, exploiting minors' images for profit. While conducting the special campaign, cyberspace authorities will prioritize three areas of concern. First, the use of “minor mode” and issues in content development. Second, content safety and functional standards for children's smart devices. Third, the improper use of AI features in the minor sector and issues related to inducing addiction.

[Reference:

https://mp.weixin.qq.com/s/jH7pOr0sn5IEKaDK2xmTLA]

5. 上海发布新一批生成式人工智能服务信息登记公告

7月15日，上海网信办发布《上海市生成式人工智能服务信息登记公告（7月15日）》。公告显示，截至7月14日，上海市新增5款已完成登记的生成式人工智能服务，累计已完成100款生成式人工智能服务登记。已上线的生成式人工智能应用或功能，应在显著位置或产品详情页面标明所取得的上线编号。

【参见：

https://mp.weixin.qq.com/s/hQZTU3kZ-SmlSQYyMQKi_Q】

Shanghai released new batch of generative AI service information registration announcements

On July 15, the Shanghai Cyberspace Administration released the “Announcement on the Registration of Generative AI Services in Shanghai (15 July).” The announcement shows that as of 14 July, Shanghai has added five new generative AI services that have completed registration, bringing the total number of generative AI services that have completed registration to 100. Generative AI applications or features that have been launched must clearly display the registration number obtained upon launch in a prominent location or on the product details page.

[Reference:

https://mp.weixin.qq.com/s/hQZTU3kZ-SmlSQYyMQKi_Q]

6. 国家网信办发布第十二批深度合成服务算法备案信息公告

7月14日，国家网信办公开发布第十二批境内深度合成服务算法备案信息。具体信息可通过互联网信息服务算法备案系统（https://beian.cac.gov.cn）进行查询。《互联网信息服务深度合成管理规定》第十九条明确规定，具有舆论属性或者社会动员能力的深度合成服务提供者，应当按照《互联网信息服务算法推荐管理规定》履行备案和变更、注销备案手续。深度合成服务技术支持者应当参照履行备案和变更、注销备案手续。

【参见：

https://www.cac.gov.cn/2025-07/14/c_1754207718303963.htm】

The CAC released the 12th batch of filing information for deep synthesis service algorithms

On July 14, the CAC publicly released the 12th batch of filing information for deep synthesis service algorithms within China. Specific information can be queried through the Internet Information Service Algorithm filing System (https://beian.cac.gov.cn). Article 19 of the Provisions on the Administration of Deep Synthesis Services for Internet Information Services （《互联网信息服务深度合成管理规定》）explicitly stipulates that providers of deep synthesis services with public opinion attributes or social mobilisation capabilities shall comply with the filing, amendment, and cancellation procedures as stipulated in the Provisions on the Administration of Algorithm Recommendation for Internet Information Services（《互联网信息服务算法推荐管理规定》）. Technical support providers for deep synthesis services shall refer to these provisions for filing, amendment, and cancellation procedures.

[Reference:

https://www.cac.gov.cn/2025-07/14/c_1754207718303963.htm]

7. 中央网信办发布《数据安全技术电子产品信息清除技术要求》强制性国家标准（征求意见稿）

7月14日，中央网信办发布《数据安全技术电子产品信息清除技术要求》强制性国家标准（征求意见稿），并向社会公开征求意见。意见稿对电子产品的信息清除技术与清除功能作出了规定。意见稿要求，电子产品厂商应在电子产品操作系统或其他关联软件、系统中为用户提供一键清除所有用户数据的信息清除功能；同时，电子产品回收经营者应在电子产品回收时进行信息清除。此外，电子产品提供的信息清除功能和信息清除工具所使用的信息清除技术的效果应进行验证；电子产品回收经营者回收的电子产品应进行清除效果验证。

【参见：

https://www.cac.gov.cn/2025-07/14/c_1753948488354406.htm】

The CAC issued the draft mandatory national standard “Data Security Technology - Technical Requirements for Information Clearing of Electronic Products”（《数据安全技术电子产品信息清除技术要求》） for public comment

On July 14, the CAC issued the draft mandatory national standard “Data Security Technology - Technical Requirements for Information Clearing of Electronic Products” for public comment. The draft standard specifies technical requirements and clearing functions for information clearing in electronic products. The draft standard requires electronic product manufacturers to provide users with a one-click information clearing function to delete all user data within the electronic product's operating system or other associated software and systems. Additionally, electronic product recyclers must perform information clearing during the recycling process. Furthermore, the effectiveness of the information clearing technology used in the information clearing functions and tools provided by electronic products must be verified, and electronic products recycled by recyclers must undergo verification of the effectiveness of the clearing process.

[Reference:

https://www.cac.gov.cn/2025-07/14/c_1753948488354406.htm]

1. 欧盟发布《通用目的人工智能模型提供商指南》

7月18日，欧盟委员会发布了《通用目的人工智能模型提供商指南》（Guidelines for providers of general-purpose AI models），明确通用目的人工智能模型提供商在欧盟《人工智能法》下的义务范围。这些义务将于2025年8月2日生效。指南引入了直观的技术标准，例如何时应当将人工智能模型视为“通用目的”的人工智能模型，这有助于开发者判断是否需要遵守《人工智能法》规定的义务。

【参见：

https://digital-strategy.ec.europa.eu/en/library/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act】

EU published Guidelines for providers of general-purpose AI models

On July 18, the European Commission published theGuidelines for providers of general-purpose AI models, clarifying the scope of the obligations for providers of general-purpose AI models under the AI Act. These obligations enter into application on 2 August 2025. The guidelines introduce straightforward technical criteria, for instance for when an AI model is considered "general-purpose." This helps developers understand if they need to comply with the obligations under the AI Act.

[Reference:

https://digital-strategy.ec.europa.eu/en/library/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act]

2. 奥地利隐私权倡导组织noyb在其官网宣布对TikTok、AliExpress、WeChat发起GDPR投诉

7月17日，奥地利隐私权倡导组织noyb在其官网宣布向希腊数据保护局、法国数据保护局和荷兰数据保护局对TikTok、AliExpress、WeChat发起GDPR投诉。Noyb称，三家科技公司均未遵守《通用数据保护条例》（GDPR）第15条规定的数据访问请求。这使得欧洲用户无法行使隐私权，无法了解其个人数据的处理方式——也无法确认这些公司是否遵守GDPR的其他规定，例如关于数据传输的规定；而根据欧盟法律，用户有权获取其个人数据的完整副本。

【参见：

https://noyb.eu/en/how-tiktok-aliexpress-wechat-ignore-your-gdpr-rights】

Austrian privacy advocacy group noyb announced on its official website that it has filed GDPR complaints against TikTok, AliExpress, and WeChat

On 17 July, Austrian privacy advocacy group noyb announced on its official website that it has filed GDPR complaints against TikTok, AliExpress, and WeChat with the Greek Data Protection Authority, the French Data Protection Authority, and the Dutch Data Protection Authority. Noyb claims that all three tech companies have failed to comply with access requests under Article 15 GDPR. This makes it impossible for European users to exercise their fundamental right to privacy, to find out how their personal data is being processed – and if the companies actually comply with other GDPR provisions, for example regarding data transfers. EU law usually allows users to get a full copy of their data.

[Reference:

https://noyb.eu/en/how-tiktok-aliexpress-wechat-ignore-your-gdpr-rights]