每周数据法律资讯 Data Law Weekly（20250811-20250817）

1. 全国网安标委对《数据安全国家标准体系（2025版）》与《个人信息保护国家标准体系（2025版）》公开征求意见

8月15日，全国网安标委发布《数据安全国家标准体系（2025版）》（征求意见稿）与《个人信息保护国家标准体系（2025版）》（征求意见稿）。前者对数据安全相关的国家标准体系进行了分类，具体分为：基础共性标准、数据安全技术和产品标准、数据安全管理标准、数据安全测评和认证标准、产品和服务数据安全标准与行业与应用数据安全标准。后者对个人信息保护相关的国家标准进行了分类，具体分为：基础共性标准、个人信息保护技术标准、个人信息保护管理与权益保障标准、个人信息保护测评和认证标准、产品和服务个人信息保护标准、行业与应用个人信息保护标准。

【参见：

https://www.tc260.org.cn/front/postDetail.html?id=20250731172556】

The TC260 solicited public comments on the “National Standard System for Data Security (2025 Edition)”（《数据安全国家标准体系（2025版）》） and the “National Standard System for Personal Information Protection (2025 Edition)”（《个人信息保护国家标准体系（2025版）》）

On August 15, the TC260 released the “National Standard System for Data Security (2025 Edition)” (draft for public comment) （《数据安全国家标准体系（2025版）》）and the “National Standard System for Personal Information Protection (2025 Edition)” (draft for public comment)（《个人信息保护国家标准体系（2025版）》）. The former classifies the national standard system related to data security into the following categories: basic common standards, data security technology and product standards, data security management standards, data security evaluation and certification standards, product and service data security standards, and industry and application data security standards. The latter categorizes national standards related to personal information protection, specifically divided into: foundational common standards, personal information protection technical standards, personal information protection management and rights protection standards, personal information protection evaluation and certification standards, product and service personal information protection standards, and industry and application personal information protection standards. 

[Reference: 

https://www.tc260.org.cn/front/postDetail.html?id=20250731172556]

2. 最高人民法院发布入库案例：网络“开盒”构成侵犯公民个人信息罪

8月14日，最高人民法院发布入库参考案例：吴某慧、陈某强等侵犯公民个人信息案——为实施诽谤而非法获取公民个人信息行为的定性（入库编号2025-18-1-207-001）。本案中，法院对网络“开盒”行为的性质进行了分析，形成了如下裁判要旨：1.对于通过网络“开盒”等方式公开曝光他人个人信息，符合刑法第二百五十三条之一规定的，以侵犯公民个人信息罪定罪处罚。2.对于《最高人民法院、最高人民检察院关于办理侵犯公民个人信息刑事案件适用法律若干问题的解释》（法释〔2017〕10号）第五条第一款第十项规定的“其他情节严重的情形”，可以结合行为人非法获取、提供公民个人信息的主观动机、获取方式、具体用途、造成的危害等情节予以考量，综合判断其社会危害性。对于所涉行为的社会危害程度与其他列明的情形相当的，可以认定为“情节严重”。

【参见：

https://www.court.gov.cn/zixun/xiangqing/473491.html】

The Supreme People’s Court issued a reference case: online “unboxing” constitutes the crime of infringing upon citizens’ personal information

On August 14, the Supreme People’s Court issued a reference case: The Case of Wu and Chen, et al. for Infringing Upon Citizens’ Personal Information — Characterization of the Act of Illegally Obtaining Citizens’ Personal Information for the Purpose of Defamation (Case Number 2025-18-1-207-001). In this case, the court analyzed the nature of the online “unboxing” behavior and established the following judicial principles: 1. For acts of publicly exposing others’ personal information through online “unboxing” or similar means, if they meet the criteria specified in Article 253-1 of the PRC Criminal Law, they shall be convicted and punished for the crime of infringing upon citizens’ personal information. 2. Regarding the “other circumstances of serious nature” specified in Item 10 of Paragraph 1 of Article 5 of the “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Law in the Handling of Criminal Cases Involving the Infringement of Citizens’ Personal Information” (Judicial Interpretation [2017] No. 10), the subjective motive, method of obtaining, specific purpose, and harm caused by the illegal acquisition or provision of citizens’ personal information by the perpetrator may be considered in conjunction with other circumstances to comprehensively assess its social harmfulness. Where the social harm caused by the relevant conduct is equivalent to that of other specified circumstances, it may be deemed as “circumstances of serious nature.” 

[Reference: 

https://www.court.gov.cn/zixun/xiangqing/473491.html]

3. 国家数据局宣布今年将推出数据产权等10余项制度

8月14日，国务院新闻办公室举行“高质量完成’十四五’规划”系列主题新闻发布会。国家数据局相关负责人表示，我国数据基础制度不断完善，数据市场加快培育。其中，国家数据局去年推出了公共数据资源开发利用等21项政策，今年还将推出数据产权等10多项制度，一批围绕数据汇聚共享、开发利用的数据企业正在孕育兴起，标准、规范不断推出，数据交易日趋活跃，全国一体化数据市场正在加快构建。此外，国家层面深入实施“数据要素×”行动，开展公共数据“跑起来”示范场景建设，以场景牵引带动数据要素价值充分释放。

【参见：

https://news.cnr.cn/native/gd/20250814/t20250814_527317897.shtml】

The National Data Administration announced that it will introduce more than 10 new systems this year, including data property rights

On August 14, the State Council Information Office held a series of press conferences on the theme of “High-quality completion of the 14th Five-Year Plan.” A representative from the National Data Administration stated that China’s data governance framework is continuously improving, and the data market is developing rapidly. Last year, the National Data Administration introduced 21 policies, including measures for the development and utilization of public data resources. This year, it will roll out over 10 new systems, including data property rights. A number of data companies focused on data aggregation, sharing, and utilization are emerging, with standards and regulations being established, and data transactions becoming increasingly active. The national integrated data market is being accelerated. Additionally, at the national level, the “Data Element ×” initiative is being deeply implemented, with pilot projects for public data “running smoothly” being launched to drive the full release of data element value through practical applications. 

[Reference: 

https://news.cnr.cn/native/gd/20250814/t20250814_527317897.shtml]

4. 国家网络安全通报中心通报70款违法违规收集使用个人信息的移动应用

8月13日，国家网络安全通报中心对70款存在违法违规收集使用个人信息情况的移动应用进行了通报。这些移动应用存在的问题包括，在App首次运行时未通过弹窗等明显方式提示用户阅读隐私政策等收集使用规则；隐私政策未逐一列出App（包括委托的第三方或嵌入的第三方代码、插件）收集使用个人信息的目的、方式、范围等；个人信息处理者向其他个人信息处理者提供其处理的个人信息的，未向个人告知接收方的名称或者姓名、联系方式、处理目的、处理方式和个人信息的种类，并取得个人的单独同意；未在征得用户同意后才开始收集个人信息或打开可收集个人信息的权限；收集个人信息的频度等超出业务功能实际需要；未采取相应的加密、去标识化等安全技术措施；没有关闭标志或者计时结束才能关闭广告；无隐私政策等。

【参见：

https://mp.weixin.qq.com/s/PctK3jWfFpH9Pe9pUUEW5A】

The National Cybersecurity Reporting Centre reported 70 mobile apps for illegal collection and use of personal information

On August 13, the National Cybersecurity Reporting Centre reported 70 mobile apps for illegal collection and use of personal information. The issues identified in these apps include: failure to prompt users to read privacy policies and other rules regarding the collection and use of personal information through pop-up windows or other obvious means when the app is first launched; failing to list in detail in the privacy policy the purposes, methods, and scope of personal information collection and use by the app (including third parties commissioned by the app or third-party code and plug-ins embedded in the app); when personal information processors provide personal information they have processed to other personal information processors, failing to inform individuals of the name or contact information, processing purposes, processing methods, and types of personal information of the recipient, and failing to obtain the individual’s separate consent; personal information is collected or permissions to collect personal information are enabled without obtaining the user’s consent; the frequency of personal information collection exceeds the actual needs of the business functions; appropriate security measures such as encryption or de-identification are not implemented; advertisements cannot be closed without a close button or after a time limit; there is no privacy policy, etc.

[Reference: 

https://mp.weixin.qq.com/s/PctK3jWfFpH9Pe9pUUEW5A]

5. 江苏发布自贸区数据出境负面清单

8月13日，江苏发布《中国(江苏)自由贸易试验区数据出境负面清单管理办法(试行)》《中国(江苏)自由贸易试验区数据出境管理清单(负面清单)(2025版)》。本次负面清单仅包括医药行业，列明了医药行业需要通过数据出境安全评估的数据清单，以及需要通过个人信息出境标准合同备案、个人信息保护认证出境的数据清单。

【点击查阅负面清单：

https://www.jswx.gov.cn/fwhd/tzgg/202508/t20250813_3568905.shtml】

Jiangsu Province issued Negative List for data outbound from Free Trade Zones

On August 13, Jiangsu released the “Administrative Measures for the Management of the Negative List for Data Outbound from the China (Jiangsu) Free Trade Pilot Zone (Trial)” and the “Management List for Data Outbound from the China (Jiangsu) Free Trade Pilot Zone (Negative List) (2025 Edition).” This negative list only covers the pharmaceutical industry, specifying the list of data that requires data outbound security assessments, as well as the list of data that requires personal information outbound standard contract filing or personal information protection certification for outbound transmission.

[Click here to view the negative list:

https://www.jswx.gov.cn/fwhd/tzgg/202508/t20250813_3568905.shtml]

6. 《车联网平台重要数据识别指南》等通信行业标准报批公示

近期，工信部发布了《车联网平台重要数据识别指南》等通信行业标准的报批稿。《车联网平台重要数据识别指南》规定了车联网平台数据分类和重要数据识别的规则、流程、方法等，适用于车联网平台数据处理者开展车联网平台重要数据识别工作。

【参见：

https://miit.ccsa.org.cn/pclistDetail?id=83】

Draft communications industry standards for the identification of important data on vehicle-to-everything (V2X) platforms published for public comment

Recently, the Ministry of Industry and Information Technology (MIIT) released draft some communications industry standards, including“Guidelines for the Identification of Important Data on Vehicle-to-Everything (V2X) Platforms”(《车联网平台重要数据识别指南》). The “Guidelines for the Identification of Important Data on Vehicle-to-Everything (V2X) Platforms” specify the rules, processes, and methods for classifying data and identifying important data on V2X platforms. These guidelines apply to data processors on V2X platforms conducting work related to the identification of important data on such platforms.

[Reference:

https://miit.ccsa.org.cn/pclistDetail?id=83]

7. 广西发布自贸区数据出境负面清单

近日，广西发布《中国（广西）自由贸易试验区数据出境负面清单管理办法（试行）》及《中国（广西）自由贸易试验区数据出境管理清单（负面清单）（2025版）》。本次《负面清单》包括4个领域，分别是地理信息与气象数据服务、企业信用信息服务、直播跨境电商、海外音视频制作与传播。根据国家网信办关于负面清单“一地印发、多地适用”的原则，天津、北京、上海、海南、浙江的负面清单也可以在广西自贸试验区适用。

【参见：

https://mp.weixin.qq.com/s/Nb3hvesjOijX3SFRkgaFYQ】

Guangxi released Negative List for data outbound from Free Trade Zone

Recently, Guangxi released the “Administrative Measures for the Management of the Negative List for Data Outbound from the China (Guangxi) Free Trade Pilot Zone (Trial)” and the “Management List for Data Outbound from the China (Guangxi) Free Trade Pilot Zone (Negative List) (2025 Edition).”The “Negative List” covers four areas: geographic information and meteorological data services, enterprise credit information services, cross-border live streaming e-commerce, and overseas audio-visual production and dissemination. In accordance with the principle of “one list issued, applicable in multiple regions” established by the Cyberspace Administration of China, the negative lists of Tianjin, Beijing, Shanghai, Hainan, and Zhejiang are also applicable in the Guangxi Free Trade Zone.

[Reference:

https://mp.weixin.qq.com/s/Nb3hvesjOijX3SFRkgaFYQ]

1. 美国秘密在人工智能相关芯片中设置追踪器，以发现“芯片被转运至中国的情况”

近期，中国国家网信办就美国英伟达算力芯片漏洞后门安全风险约谈该公司受到关注。8月13日，根据媒体报道，美国政府已秘密在他们认为有可能被转运至中国的先进芯片目标货物中植入位置追踪装置。知情人士称，这些措施“仅适用于部分受调查的货件”。追踪器可为美方搜集个人或机构违反出口管制的信息。另外五名人工智能服务器供应链相关人士表示，他们知道戴尔和超微 (Super Micro）的服务器货物中使用了这些追踪器，这些服务器中包含英伟达和AMD公司的芯片。

【参见：

https://news.cctv.com/2025/08/14/ARTIqtDT9A4VYp6WRh6iQazU250814.shtml】

The US secretly installed trackers in AI-related chips to detect “cases of chips being transferred to China”

Recently, the Cyberspace Administration of China (CAC) has drawn attention for summoning NVIDIA to discuss security risks related to backdoors in its computing chips. On August 13, according to media reports, the US government has secretly implanted location tracking devices in advanced chips that it believes may be transferred to China. Informed sources stated that these measures “apply only to certain shipments under investigation.” The tracking devices can collect information for the U.S. government on individuals or entities violating export controls. Additionally, five individuals involved in the AI server supply chain reported that they are aware of tracking devices being used in server shipments from Dell and Super Micro, which contain chips from NVIDIA and AMD.

[Reference:

https://news.cctv.com/2025/08/14/ARTIqtDT9A4VYp6WRh6iQazU250814.shtml]