每周数据法律资讯 Data Law Weekly（20250127-20250209）

1、国家网信办等部门联合印发《互联网军事信息传播管理办法》

2月8日，国家网信办等部门联合印发《互联网军事信息传播管理办法》。在中国境内从事互联网军事信息传播活动，开办互联网军事网站平台、网站平台军事栏目、军事账号等，以及对互联网军事信息传播实施监督管理，适用本办法。互联网军事信息，是指互联网信息服务提供者和用户制作、复制、发布、传播的涉及国防和军队的文字、图片、音视频等信息。

【全文链接：

https://mp.weixin.qq.com/s/vWNqrCJrwoGk5vOj-A3EOA】

1. The CAC and other departments jointly issued the “Administrative Measures for the Dissemination of Military Information on the Internet”（“《互联网军事信息传播管理办法》”）

On February 8, the CAC and other departments jointly issued the “Administrative Measures for the Dissemination of Military Information on the Internet” （“《互联网军事信息传播管理办法》”）. The measures apply within China to the dissemination of military information on the internet, the operation of internet military websites and platforms, military columns on websites and platforms, military accounts, and the supervision and management of the dissemination of military information on the internet. Military information on the internet refers to text, images, audio, video and other information related to national defense and the military that is produced, copied, published and disseminated by internet information service providers and users.

[https://mp.weixin.qq.com/s/vWNqrCJrwoGk5vOj-A3EOA]

2、上海市网信办等五部门印发自由贸易试验区数据出境负面清单管理办法、负面清单（2024版）

2月8日，上海市网信办、上海市数据局等五部门联合印发了上海自贸区及临港片区数据出境负面清单管理办法、负面清单（2024版）。本次负面清单（2024版）涉及再保险、国际航运、商贸（零售与餐饮业、住宿业）三大领域。在上海自由贸易试验区及临港新片区注册的数据处理者，属于已公布负面清单的行业、领域，向境外提供负面清单外的数据可以免予申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。

【全文链接：

https://mp.weixin.qq.com/s/HuPCdCcfPZpE0CFEgFZUQg】

2. Shanghai Cyberspace Administration and other five departments issued the measures for the administration of the negative list for data cross-border transfer from the Pilot Free Trade Zone and the Negative List (2024 Edition)

On February 8, the Shanghai Cyberspace Administration, Shanghai Data Administration and other five departments jointly issued the measures for the administration of the negative list for data cross-border transfer from the Shanghai Pilot Free Trade Zone and Lingang Special Area and the Negative List (2024 Edition). The 2024 version of the negative list covers three major areas: reinsurance, international shipping, and commerce and trade (retail and catering, accommodation). Data processors registered in the Shanghai Pilot Free Trade Zone and the Lin-gang Special Area that fall within the industries and fields listed in the Negative List are exempt from reporting data export security assessments, entering into standard contracts for the export of personal information, and passing personal information protection certification for data exported outside the country.

[https://mp.weixin.qq.com/s/HuPCdCcfPZpE0CFEgFZUQg]

3、上海市通信管理局发布关于侵害用户权益行为APP的通报（2025年第一批）

2月8日，上海市通信管理局发布了关于侵害用户权益行为APP的通报（2025年第一批）。通管局组织第三方检测机构对移动互联网应用程序进行抽查，共发现31款APP及小程序存在侵害用户权益行为。所涉主要问题包括：违规收集个人信息；超范围收集个人信息；未明示个人信息处理规则；APP强制、频繁、过度索取权限；未见明示SDK；自启动和关联启动行为。

【全文链接：

3. Shanghai Communications Administration issued a notice on apps that infringe on user rights (first batch of 2025)

On February 8, the Shanghai Communications Administration issued a notice on apps that infringe on user rights (the first batch of 2025). The Communications Administration organized a third-party testing agency to conduct a random inspection of mobile internet apps, and found that 31 apps and mini-programs infringed on user rights. The main issues involved included: illegal collection of personal information; collection of personal information beyond the scope; failure to clearly indicate personal information processing rules; apps that force, frequently, and excessively request permissions; failure to clearly indicate SDK; and self-starting and related starting behavior.

[https://mp.weixin.qq.com/s/n0x0VfwY59--PUSqbz6L5A]

4、武汉法院审结一起“AI生成图被侵权”案

近日，武汉东湖新技术开发区人民法院审结一起“AI生成图被侵权”的著作权纠纷案。本案中，原告使用AIGC软件生成被诉图片，后被告将其用于自身发布的广告中。法院在审理中认为，从被诉图片的呈现与原告创作过程的关联性来看，原告使用的关键词与画面的元素及效果对应，生成的图片和原告创作活动之间具有一定的“映射性”。原告对生成作品具有一定程度的“控制和预见”，创作过程反映了原告的构思、创作技法、审美选择，体现了原告的个性化表达。故被诉图片凝结了原告的智力劳动成果，应予保护。被告的行为侵害了原告就被诉图片享有的信息网络传播权

【全文链接：

https://mp.weixin.qq.com/s/DKhOaTYmzRP5YlTVxek7Aw】

4. A Wuhan court has concluded a case of “infringement of AI-generated images”

Recently, the Wuhan Donghu New Technology Development Zone People's Court concluded a copyright dispute case of “infringement of AI-generated images”. In this case, the plaintiff used the AIGC software to generate the accused image, which was later used by the defendant in an advertisement it published. During the trial, the court held that, from the perspective of the relevance of the presentation of the accused image to the plaintiff's creative process, the keywords used by the plaintiff corresponded to the elements and effects of the image, and there was a certain “mappability” between the generated image and the plaintiff's creative activity. The plaintiff had a certain degree of “control and foresight” over the resulting work, and the creative process reflected the plaintiff's ideas, creative techniques, and aesthetic choices, embodying the plaintiff's personalized expression. Therefore, the picture in question condenses the results of the plaintiff's intellectual labor and should be protected. The defendant's actions infringed on plaintiff's right to disseminate information online in relation to the picture in question.

[https://mp.weixin.qq.com/s/DKhOaTYmzRP5YlTVxek7Aw]

1、欧盟发布人工智能系统定义指南

2月6日，欧盟委员会发布了人工智能系统定义指南，该指南旨在协助提供商和其他相关人员确定软件系统是否构成AI系统，是否适用欧盟《人工智能法案》。自2025年2月2日起，欧盟《人工智能法案》的首批规则已开始实施，其中包括人工智能系统定义、人工智能素养以及在欧盟造成不可接受风险的极少数被禁止的人工智能用例。

【点击查阅指南全文：

https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-ai-system-definition-facilitate-first-ai-acts-rules-application】

1. The EU published guidelines on AI system definition

On February 6, the European Commission published guidelines on AI system definition. By issuing guidelines on the AI system definition, the Commission aims to assist providers and other relevant persons in determining whether a software system constitutes an AI system and whether the EU's AI Act applies. Since February 2, 2025, the first rules of the EU's Artificial Intelligence Act have started to apply. These include the AI system definition, AI literacy, and a very limited number of prohibited AI use cases that pose unacceptable risks in the EU, as outlined in the AI Act.

[Click to view the full guideline:

https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-ai-system-definition-facilitate-first-ai-acts-rules-application]

2、欧盟发布禁止的人工智能实践指南

2月4日，欧盟委员会发布了欧盟《人工智能法案》中定义的禁止的人工智能实践指南，该指南详细解释了欧盟《人工智能法案》中关于禁止特定人工智能实践的规定，包括背景、目标、适用范围、责任主体、与其他法律的关系以及执法机制等。欧盟《人工智能法案》将人工智能系统分为不同的风险类别，包括不可接受风险、高风险、受透明度义务约束的风险、最小或无风险，并禁止构成不可接受风险的人工智能行为。

【点击查阅指南全文：

https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-prohibited-artificial-intelligence-ai-practices-defined-ai-act】

2. The EU published guidelines on prohibited artificial intelligence practices

On February 4, the European Commission published guidelines on prohibited artificial intelligence practices as defined in the EU's Artificial Intelligence Act. The guidelines explains in detail the provisions of the EU's Artificial Intelligence Act that prohibit specific artificial intelligence practices, including the background, objectives, scope of application, responsible entities, relationship with other laws, and enforcement mechanisms. The EU Artificial Intelligence Act classifies artificial intelligence systems into different risk categories, including unacceptable risk, high risk, risk subject to transparency obligations, minimal or no risk, and prohibits artificial intelligence practices that pose unacceptable risks.

[Click to view the full guideline:

https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-prohibited-artificial-intelligence-ai-practices-defined-ai-act]

3、法国CNIL发布《数据传输影响评估指南》

1月31日，法国国家信息与自由委员会（CNIL）发布了《数据传输影响评估（TIA）指南》最终版本，就如何进行TIA提供指导。基于GDPR第46条的规定将数据传输至欧洲经济区以外的国家之前，需进行TIA，以评估数据接收方是否能够遵守相关义务以及目的地国家的数据保护立法和实践情况，必要时还应评估额外的保障措施是否能够确保解决数据保护差距，确保达到欧盟立法要求的数据保护水平。

【点击查阅指南全文：

https://www.cnil.fr/en/transfer-impact-assessment-tia-cnil-publishes-final-version-its-guide】

3. The CNIL published its guide on Transfer Impact Assessments

On January 31, the Commission Nationale de l'Informatique et des Libertés (CNIL) published the final version of its guide on Transfer Impact Assessments (TIA) to provide guidance on how to conduct a TIA. A TIA is required before transferring data to a country outside the EEA where that transfer is based on a tool in Article 46 of the GDPR. The objective of a TIA is to assess whether the importer will be able to comply with its obligations under the chosen tool taking into account the legislation and practices of the third country of destination. Where necessary, the TIA should also assess whether supplementary measures would address the identified data protection gaps and ensure the level required by the EU legislation.  

[Click to view the full guide:

https://www.cnil.fr/en/transfer-impact-assessment-tia-cnil-publishes-final-version-its-guide]

4、美国版权局发布和人工智能相关法律和政策问题报告的第二部分

1月29日，美国版权局发布了其版权和人工智能相关法律和政策问题报告的第二部分。报告的这一部分涉及使用生成式人工智能创建的输出的可版权性问题。它的结论是，只有当人类作者确定了足够的表达元素时，生成式人工智能的输出才能受到版权的保护。这可能包括在人工智能输出中可以感知到人类创作的作品，或者人类对输出进行创造性安排或修改，而不仅仅是提供提示的情况。其确认使用人工智能协助创作过程或将人工智能生成的材料纳入更大的人工生成作品并不妨碍版权的实现。

【点击查阅报告内容：

https://www.copyright.gov/ai/】

4. The U.S. Copyright Office Released Part 2 of Artificial Intelligence Report

On January 29, the U.S. Copyright Office released Part 2 of its Report on the legal and policy issues related to copyright and artificial intelligence (AI). This Part of the Report addresses the copyrightability of outputs created using generative AI. It concludes that the outputs of generative AI can be protected by copyright only where a human author has determined sufficient expressive elements. This can include situations where a human-authored work is perceptible in an AI output, or a human makes creative arrangements or modifications of the output, but not the mere provision of prompts. The Office confirms that the use of AI to assist in the process of creation or the inclusion of AI-generated material in a larger human-generated work does not bar copyrightability.

[Click to view the content of the report:

https://www.copyright.gov/ai/]

5、DeepSeek因数据保护等问题遭多国限制

近期，DeepSeek火爆全球。同时，多国出于数据保护等问题对DeepSeek采取了一系列监管措施。包括但不限于：意大利数据保护机构（Garante）要求DeepSeek提供其所收集的个人数据内容等信息，此后，Garante又下令要求DeepSeek停止处理意大利用户的个人数据。美国多名官员表示正在对DeepSeek的影响开展国家安全调查，根据媒体报道，美国拟立法禁止在政府设备中使用DeepSeek。爱尔兰数据保护委员会（DPC）要求DeepSeek提供如何处理爱尔兰用户个人数据的详细信息。法国国家信息与自由委员会（CNIL）表示将对DeepSeek进行问询，评估可能存在的隐私保护风险。澳大利亚政府以“安全风险”为由宣布禁止在所有政府设备中使用DeepSeek。韩国个人信息保护委员会表示已向DeepSeek发送质询函以确认其个人信息收集项目和流程等内容。日本数字大臣表示如果在处理个人信息等方面存在担忧，希望各省厅人员谨慎使用DeepSeek。

5. DeepSeek has been restricted in many countries due to data protection issues and other problems

Recently, DeepSeek has become popular worldwide. At the same time, many countries have taken a series of regulatory measures against DeepSeek due to data protection issues and other problems. These include, but are not limited to: the Italian data protection agency (Garante) required DeepSeek to provide information such as the content of the personal data it collected. After that, Garante ordered DeepSeek to stop processing the personal data of Italian users. Several US officials said they were investigating the impact of DeepSeek on national security, and according to media reports, the US intends to legislate to ban the use of DeepSeek on government equipment. The Irish Data Protection Commission (DPC) requested DeepSeek to provide detailed information on how it process the personal data of Irish users. The French Commission Nationale de l'Informatique et des Libertés (CNIL) said it would question DeepSeek to assess possible privacy risks. The Australian government announced that it would ban DeepSeek from all government devices due to “security risks”. The Korean Personal Information Protection Commission said it had sent a letter of inquiry to DeepSeek to confirm its personal information collection items and processes. The Japanese Minister of Digital Affairs said that if there are concerns about the processing of personal information, etc., he hopes that personnel from various ministries and agencies will use DeepSeek with caution.