每周数据法律资讯 Data Law Weekly（20250120-20250126）

1、全国网安标委发布《网络安全标准实践指南——人脸识别支付场景个人信息安全保护要求》

1月26日，全国网安标委发布了《网络安全标准实践指南——人脸识别支付场景个人信息安全保护要求》。指南给出了人脸识别支付场景数据收集、存储、传输、导出、删除等环节的安全要求，可为人脸识别支付服务提供方、人脸验证服务方、相关场所管理方、相关设备的运营方处理个人信息提供参考。

【全文链接：

https://mp.weixin.qq.com/s/ZluDhIN0qzH10mFJQom5vA】

1. TC260 issued “Cybersecurity Standard Practice Guidelines - Personal Information Security Protection Requirements for Face Recognition Payment Scenario” (《网络安全标准实践指南——人脸识别支付场景个人信息安全保护要求》)

On January 26, TC260 released “Cybersecurity Standard Practice Guidelines - Personal Information Security Protection Requirements for Face Recognition Payment Scenario” (《网络安全标准实践指南——人脸识别支付场景个人信息安全保护要求》). The Guidelines gives security requirements for data collection, storage, transmission, export and deletion in face recognition payment scenarios, which can provide reference for face recognition payment service providers, face verification service providers, management of relevant venues, and operators of relevant equipment in processing personal information.

[https://mp.weixin.qq.com/s/ZluDhIN0qzH10mFJQom5vA]

2、央行发布《中国人民银行业务领域网络安全事件报告管理办法（征求意见稿）》

1月24日，中国人民银行发布《中国人民银行业务领域网络安全事件报告管理办法（征求意见稿）》，面向社会公开征求意见。《办法》旨在加强网络安全事件分级管理，规范金融从业机构针对中国人民银行业务领域网络安全事件的定级行为，规范网络安全事件报告要求，明确网络安全事件报告责任主体、内容、流程、时效等具体要求。

【全文链接：

http://www.pbc.gov.cn/tiaofasi/144941/144979/3941920/5576137/2025012415492497420.pdf】

2. The People's Bank of China issued “the People's Bank of China business field cybersecurity incident report management methods (draft)” (《中国人民银行业务领域网络安全事件报告管理办法（征求意见稿）》)

On January 24, the People's Bank of China issued “the Pepople's Bank of China business field cybersecurity incident report management methods (draft) ” (《中国人民银行业务领域网络安全事件报告管理办法（征求意见稿）》), which is open to the public for comments. The Measures aim to strengthen the grading management of cybersecurity incidents, regulate the grading behavior of financial institutions with respect to cybersecurity incidents in the business area of the People's Bank of China, standardize the reporting requirements for cybersecurity incidents, and clarify the responsibility of the main body for reporting cybersecurity incidents, the content, process, timeliness and other specific requirements.

[http://www.pbc.gov.cn/tiaofasi/144941/144979/3941920/5576137/2025012415492497420.pdf]

3、市场监管总局发布《网络交易合规数据报送管理暂行办法（征求意见稿）》

1月24日，市场监管总局发布《网络交易合规数据报送管理暂行办法（征求意见稿）》，向社会公开征求意见。《暂行办法》旨在规范网络交易合规数据报送行为，提高网络交易监管效能。《暂行办法》规定，网络交易平台经营者应当按照有关规定的要求，向市场监管部门报送网络交易经营者身份信息、违法行为线索数据、行政执法协查数据、特定商品或服务交易数据等。

【全文链接：

https://www.samr.gov.cn/hd/zjdc/art/2025/art_a932cb0863ab4552a05d3728324ba061.html】

3. The State Administration of Market Regulation issued “Interim Measures for the Management of Compliance Data Submission for Network Transactions (Draft)” (《网络交易合规数据报送管理暂行办法（征求意见稿）》)

On January 24, the State Administration of Market Regulation issued the “Interim Measures for the Administration of Compliance Data Submission for Online Transactions (Draft)” (《网络交易合规数据报送管理暂行办法（征求意见稿）》) to solicit public comments. The Interim Measures aim to standardize the reporting of online transaction compliance data and improve the effectiveness of online transaction supervision. The Interim Measures stipulate that network trading platform operators shall, in accordance with the requirements of the relevant provisions, report to the market supervision department information on the identity of network trading operators, data on clues of illegal behavior, data on administrative law enforcement assistance, and data on transactions of specific goods or services.

[https://www.samr.gov.cn/hd/zjdc/art/2025/art_a932cb0863ab4552a05d3728324ba061.html]

4、国家数据局向社会公开征求《数据领域常用名词解释（第二批）》的意见

1月23日，国家数据局发布《数据领域常用名词解释（第二批）》，向社会公开征求意见。该批内容包括了对数据产权、数据持有权、数据使用权、数据经营权、衍生数据、等名词的解释。

【全文链接：

https://mp.weixin.qq.com/s/na_B9paXVot6PpiCzkEhdg】

4. The National Data Administration is soliciting opinions from the public on the “Interpretation of Commonly Used Terms in the Data Field (Second Batch)”（《数据领域常用名词解释（第二批）》）

On January 23, the National Data Administration released the “Interpretation of Commonly Used Terms in the Data Field (Second Batch) ” (《数据领域常用名词解释（第二批）》) and solicited public opinions. This batch includes explanations of terms such as data property rights, data holding rights, data usage rights, data management rights, derivative data, etc.

[https://mp.weixin.qq.com/s/na_B9paXVot6PpiCzkEhdg]

5、全国网安标委发布《网络安全标准实践指南——摇一摇广告个人权益规范指引（征求意见稿）》

1月23日，全国网安标委发布《网络安全标准实践指南——摇一摇广告个人权益规范指引（征求意见稿）》，向社会公征求意见。《指引》给出了摇一摇广告个人权益保障的基本原则和行为优化提升要求，适用于规范App和第三方SDK展示和触发摇一摇开屏广告的行为、保障用户个人权益。

【全文链接：

5. TC260 Released “Cybersecurity Standard Practice Guidelines - Guidelines for Regulating Personal Rights and Interests in Shake Advertisements (Draft)” (《网络安全标准实践指南——摇一摇广告个人权益规范指引（征求意见稿）》)

On January 23, TC260 released the “Cybersecurity Standard Practice Guidelines - Guidelines for the Regulation of Individual Rights and Interests in Shake Advertisements (Draft for Public Comments)” (《网络安全标准实践指南——摇一摇广告个人权益规范指引（征求意见稿）》) to solicit public comments from the society. The Guidelines give the basic principles and behavioral optimization and enhancement requirements for the protection of personal rights and interests in shake ads, which are applicable to regulating the behavior of displaying and triggering the open screen ads of shake ads by apps and third-party SDK, and protecting the personal rights and interests of users.

[https://mp.weixin.qq.com/s/LLBlUDm1agnK9c0A3VpwnQ]

6、全国网安标委发布《网络安全标准实践指南——人工智能生成合成内容标识 服务提供者编码规则（征求意见稿）》

1月23日，全国网安标委发布《网络安全标准实践指南——人工智能生成合成内容标识 服务提供者编码规则（征求意见稿）》，向社会公开征求意见。《规则》给出了服务提供者，包括生成合成服务提供者和内容传播服务提供者的编码结构和赋码规则，适用于指导生成合成服务提供者和内容传播服务提供者，开展人工智能生成合成内容的文件元数据隐式标识活动。

【全文链接：

https://mp.weixin.qq.com/s/aZtcnBLABuR1EkYMXPUrvA】

6. TC260 issued “Cybersecurity Standard Practice Guidelines - Artificial Intelligence Generation of Synthetic Content Identifiers Service Provider Coding Rules (Draft)” (《网络安全标准实践指南——人工智能生成合成内容标识 服务提供者编码规则（征求意见稿）》)

On January 23, TC260 issued the “Cybersecurity Standard Practice Guidelines - Artificial Intelligence Generation of Synthetic Content Identification Service Provider Coding Rules (Draft)” (《网络安全标准实践指南——人工智能生成合成内容标识 服务提供者编码规则（征求意见稿）》) for public consultation. The Rules give the encoding structure and assignment rules for service providers, including generation and synthesis service providers and content dissemination service providers, and are applicable to guide generation and synthesis service providers and content dissemination service providers to carry out implicit identification activities of file metadata for AI-generated synthetic content.

[https://mp.weixin.qq.com/s/aZtcnBLABuR1EkYMXPUrvA]

7、中国人民银行等部门印发《关于金融领域在有条件的自由贸易试验区（港）试点对接国际高标准推进制度型开放的意见》，探索建立金融数据跨境流通“白名单”制度

1月22日，中国人民银行、商务部、金融监管总局、中国证监会、国家外汇局联合印发《关于金融领域在有条件的自由贸易试验区（港）试点对接国际高标准推进制度型开放的意见》。《意见》指出完善金融数据跨境流动安排，便利与规范试点地区金融机构数据跨境流动，在国家数据跨境传输安全管理制度框架下，探索形成统一的金融数据跨境流动合规口径，明晰金融数据跨境流动规则，允许试点地区金融机构依法向境外传输日常经营所需的数据，探索建立金融数据跨境流通“白名单”制度。

【全文链接：

https://www.gov.cn/lianbo/bumen/202501/content_7000522.htm】

7. The People's Bank of China and other departments issued “the Opinions on Piloting the Matching of High International Standards and Promoting Systematic Liberalization in the Financial Sector in Conditional Pilot Free Trade Zones (Pilot Ports)” (《关于金融领域在有条件的自由贸易试验区（港）试点对接国际高标准推进制度型开放的意见》), exploring the establishment of a "white list" system for cross-border financial data circulation

On January 22, the People's Bank of China, the Ministry of Commerce, the National Financial Regulatory Administration, the China Securities Regulatory Commission and the State Administration of Foreign Exchange jointly issued “the Opinions on Piloting the Matching of High International Standards and Promoting Systematic Liberalization in the Financial Sector in Conditional Pilot Free Trade Zones (Pilot Ports)” (《关于金融领域在有条件的自由贸易试验区（港）试点对接国际高标准推进制度型开放的意见》). The Opinion points out to improve the arrangements for cross-border flow of financial data, facilitate and regulate the cross-border flow of financial institution data in pilot areas, explore the formation of a unified compliance caliber for cross-border flow of financial data under the framework of the national data cross-border transmission security management system, clarify the rules for cross-border flow of financial data, allow financial institutions in pilot areas to legally transmit data necessary for daily operations overseas, and explore the establishment of a "whitelist" system for cross-border flow of financial data.

[https://www.gov.cn/lianbo/bumen/202501/content_7000522.htm]

8、国家发展改革委、国家数据局发布关于公共数据资源开发利用的三份政策文件

1月20日，国家发展改革委、国家数据局公布了《公共数据资源登记管理暂行办法》、《公共数据资源授权运营实施规范（试行）》，以及《关于建立公共数据资源授权运营价格形成机制的通知》三份政策文件。其中，《暂行办法》明确了公共数据资源登记的基本要求，形成全国一体化的公共数据资源登记体系。《实施规范》明确授权运营应把握的主要原则和实施路径，为规范化开展公共数据资源授权运营提供指引。《通知》旨在通过建立符合公共数据要素特性的价格形成机制，更好促进公共数据资源运营机构健康规范发展。至此，公共数据资源开发利用“1+3”政策体系初步构建完成。

【《公共数据资源登记管理暂行办法》：

https://mp.weixin.qq.com/s/HmCFNubgjrPvj-khAAGwTQ

《公共数据资源授权运营实施规范（试行）》：

https://mp.weixin.qq.com/s/KestVBpZq7A7a4hujNGp6w

《关于建立公共数据资源授权运营价格形成机制的通知》：

https://mp.weixin.qq.com/s/aBWF9V3WfjJAdfjLVKJaUQ】

8. The National Development and Reform Commission and the National Data Administration issued three policy documents on the development and utilization of public data resources

On January 20, the National Development and Reform Commission and the National Data Administration released three policy documents, namely, “the Interim Measures for the Registration and Management of Public Data Resources” (《公共数据资源登记管理暂行办法》), “the Implementation Specification for the Authorized Operation of Public Data Resources (for Trial Implementation)” (公共数据资源授权运营实施规范（试行）), and “the Circular on the Establishment of a Price Formation Mechanism for the Authorized Operation of Public Data Resources” (《关于建立公共数据资源授权运营价格形成机制的通知》). Among them, the Interim Measures clarify the basic requirements for the registration of public data resources and form a national integrated public data resources registration system. The Implementation Specification clarifies the main principles and implementation paths that should be grasped in the authorization of operation, providing guidelines for the standardization of the authorization of operation of public data resources. The Circular aims to better promote the healthy and standardized development of public data resource operators by establishing a price formation mechanism in line with the characteristics of public data elements. So far, the initial construction of the“1+3”policy system for the development and utilization of public data resources has been completed.

[the Interim Measures for the Registration and Management of Public Data Resources:

https://mp.weixin.qq.com/s/HmCFNubgjrPvj-khAAGwTQ

the Implementation Specification for the Authorized Operation of Public Data Resources (for Trial Implementation):

https://mp.weixin.qq.com/s/KestVBpZq7A7a4hujNGp6w

the Circular on the Establishment of a Price Formation Mechanism for the Authorized Operation of Public Data Resources:

https://mp.weixin.qq.com/s/aBWF9V3WfjJAdfjLVKJaUQ]

9、民政部等部门联合印发《困境儿童个人信息保护工作办法》

近日，民政部等部门联合印发《困境儿童个人信息保护工作办法》。困境儿童，是指依据国务院关于加强困境儿童保障工作的有关政策界定的儿童。《办法》规定任何组织和个人发布通讯、新闻等涉及困境儿童特定身份的，应当事先告知必要性以及对个人权益的影响，依法征得困境儿童及其父母或者其他监护人同意后方可发布，同时做好技术处理。

【全文链接：

https://www.gov.cn/zhengce/zhengceku/202501/content_7000927.htm】

9. The Ministry of Civil Affairs and other departments jointly issued “the Measures for the Protection of Personal Information of Children in Difficult Circumstances” (《困境儿童个人信息保护工作办法》)

Recently, the Ministry of Civil Affairs and other departments jointly issued “the Measures for the Protection of Personal Information of Children in Difficult Circumstances” (《困境儿童个人信息保护工作办法》). Children in difficult circumstances are defined according to the State Council's policy on strengthening the protection of children in difficult circumstances. The Measures stipulate that any organization or individual publishing newsletters, news, etc., involving the specific identity of children in difficult circumstances should be informed in advance of the necessity and impact on the rights and interests of the individual, and that the consent of the children in difficult circumstances and their parents or other guardians should be obtained in accordance with the law before publishing, and that the technical processing should be carried out properly at the same time.

[https://www.gov.cn/zhengce/zhengceku/202501/content_7000927.htm]

10、上海市人民政府办公厅印发《上海市推动数字贸易和服务贸易高质量发展的实施方案》，促进和规范数据跨境流动，支持企业便利访问国际互联网

近日，上海市人民政府办公厅发布了《上海市推动数字贸易和服务贸易高质量发展的实施方案》。《实施方案》提出先行先试增值电信扩大开放。发挥临港新片区以及浦东新区数字基础设施优势，推动外资全资互联网数据中心、内容分发网络及应用商店落地。吸引外资开展互联网接入服务、在线数据处理与交易处理、信息保护和处理服务。促进和规范数据跨境流动。制定中国（上海）自由贸易试验区（含临港新片区）数据跨境流动负面清单及操作指引。支持企业便利访问国际互联网。

【全文链接：

https://www.shanghai.gov.cn/nw12344/20250116/7fad5bb1443d4c2bb92d081d8727ce9e.html】

10. The General Office of the Shanghai Municipal People's Government issued “Shanghai Municipality to promote the high-quality development of digital trade and trade in services implementation plan” (《上海市推动数字贸易和服务贸易高质量发展的实施方案》), to promote and standardize the cross-border flow of data, support enterprises to facilitate access to the Internet

Recently, the General Office of the Shanghai Municipal People's Government issued the “Shanghai Municipality to promote the high-quality development of digital trade and trade in services implementation program” (《上海市推动数字贸易和服务贸易高质量发展的实施方案》). The Implementation Plan proposes early and pilot implementation of value-added telecommunication expansion and opening up. Give full play to the advantages of the new Lingang Area as well as the digital infrastructure of Pudong New Area, and promote the landing of wholly foreign-funded Internet data centers, content distribution networks and application stores. Attract foreign investment in internet access services, online data processing and transaction processing, information protection and processing services. Promote and regulate cross-border flow of data. Formulate a negative list and operational guidelines for cross-border flow of data in the China (Shanghai) Pilot Free Trade Zone (including Lingang New Area). Support enterprises to facilitate access to the international internet.

1、美国总统特朗普发布新的人工智能行政命令

1月23日，美国总统特朗普签发《消除美国在人工智能领域领导地位的障碍》的行政命令。行政命令指出美国的政策是维持和加强美国在全球人工智能领域的主导地位，以促进人类繁荣、经济竞争力和国家安全。行政命令要求在其发布后180天内，相关人员应当制定并向总统提交行动计划以实现前述政策。同时，行政命令要求审查根据14110号行政命令（《安全、可靠和值得信赖地开发和使用人工智能》）采取的所有政策、指令、法规、命令和其他行动。

【全文链接：

https://www.whitehouse.gov/presidential-actions/2025/01/removing-barriers-to-american-leadership-in-artificial-intelligence/】

1. US President Trump issued new executive order on artificial intelligence

On January 23, US President Trump issued an executive order titled “REMOVING BARRIERS TO AMERICAN LEADERSHIP IN ARTIFICIAL INTELLIGENCE”. The executive order states that it is the policy of the United States to sustain and enhance America’s global AI dominance in order to promote human flourishing, economic competitiveness, and national security. The executive order requires relevant personnel to develop and submit an action plan to the President within 180 days after its issuance to achieve the aforementioned policies. At the same time, the executive order requires a review of all policies, directives, regulations, orders, and other actions taken in accordance with Executive Order 14110 ((Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence).

[https://www.whitehouse.gov/presidential-actions/2025/01/removing-barriers-to-american-leadership-in-artificial-intelligence/]

2、ICO审查英国网站的cookie合规性，并发布“同意或付款”指南

1月23日，英国信息专员办公室（ICO）宣布已启动对英国前1,000家网站的cookie合规性审查。并指出它已经评估了英国前200家网站的合规性，并向其中134个网站传达了担忧，提出了监管期望，即组织必须遵守法律，让人们选择如何在线使用其个人信息。此外，ICO宣布发布关于“同意或付款”模式的新指南，该指南阐明了组织如何部署“同意或付费”模型，以赋予用户有意义的控制权。

【全文链接：

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/01/ico-takes-action-to-tackle-cookie-compliance-across-the-uk-s-top-1-000-websites/】

2. ICO reviewed UK websites’ cookie compliance and issued ‘consent or pay’ guidance

On January 23, the Information Commissioner's Office (ICO) announced that it had launched a review of cookie compliance for the top 1,000 websites in the UK. It noted that it had assessed the compliance of the top 200 websites in the UK and communicated concerns to 134 of them, setting out the regulatory expectation that organizations must comply with the law and allow people to choose how their personal information is used online. In addition, the ICO announced the publication of new guidance on the 'consent or pay' model, which sets out how organizations can deploy the ‘consent or pay’ model to give users meaningful control.

[https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/01/ico-takes-action-to-tackle-cookie-compliance-across-the-uk-s-top-1-000-websites/]