每周数据法律资讯 Data Law Weekly（20250210-20250216）

1、国家网信办公布《个人信息保护合规审计管理办法》

2月14日，国家网信办公布《个人信息保护合规审计管理办法》，自2025年5月1日起施行。根据《办法》规定，处理超过1000万人个人信息的个人信息处理者，应当每两年至少开展一次个人信息保护合规审计，其他个人信息处理者根据自身情况合理确定定期开展个人信息保护合规审计的频次。《办法》同时以附件形式提供了《个人信息保护合规审计指引》，企业开展个人信息保护合规审计，应当参照该指引列举的要点内容进行审计。

【全文链接：

https://mp.weixin.qq.com/s/7QoIfRI1ubP9M4TEv04iKQ?scene=25#wechat_redirect】

【点击以下链接可查阅《个人信息保护合规审计管理办法》解读：

https://mp.weixin.qq.com/s/kArPfTaSWmMb0dkbf2HyJg】

1. The CAC released the Administrative Measures for Personal Information Protection Compliance Audit（“《个人信息保护合规审计管理办法》”）

On February 14, the CAC released the Administrative Measures for Personal Information Protection Compliance Audit（“《个人信息保护合规审计管理办法》”）, which came into effect on May 1, 2025. According to the Measures, personal information processors processing personal information of more than 10 million people shall conduct personal information protection compliance audits at least once every two years, and other personal information processors shall reasonably determine the frequency of regular personal information protection compliance audits based on their own circumstances. The Measures also provide ‘Guidelines for Personal Information Protection Compliance Audit’ in the form of an annex. Enterprises conducting personal information protection compliance audits should refer to the key points listed in the guidelines.

[https://mp.weixin.qq.com/s/7QoIfRI1ubP9M4TEv04iKQ?scene=25#wechat_redirect]

Click the following link to view the full text analysis of the ‘Administrative Measures for Personal Information Protection Compliance Audit’:

https://mp.weixin.qq.com/s/kArPfTaSWmMb0dkbf2HyJg

2、《公共安全视频图像信息系统管理条例》公布

2月10日，《公共安全视频图像信息系统管理条例》公布，自2025年4月1日起施行。公共安全视频图像信息系统，是指通过在公共场所安装图像采集设备及相关设施，对涉及公共安全的区域进行视频图像信息收集、传输、显示、存储的系统。《条例》规定公共安全视频系统管理单位应当在系统投入使用之日起30日内，将单位基本情况、公共安全视频系统建设位置、图像采集设备数量及类型、视频图像信息存储期限等基本信息，向所在地县级人民政府公安机关备案。

【全文链接：

https://mp.weixin.qq.com/s/P50b74AarJRdk1A9Cr6gLQ】

2. Regulations on the Management of Public Security Video Image Information System（“《公共安全视频图像信息系统管理条例》”）published

On February 10, the Regulations on the Management of Public Security Video Image Information System（“《公共安全视频图像信息系统管理条例》”）were published and will come into force from April 1, 2025. Public safety video image information system, refers a system that collects, transmits, displays, and stores video image information in areas related to public safety by installing image acquisition equipment and related facilities in public places.  The Regulation stipulates that the management unit of the public safety video system shall, within 30 days from the date of system deployment, file basic information such as the unit's basic information, the location of the public safety video system construction, the number and type of image acquisition equipment, and the storage period of video image information with the local county-level public security organs.

[https://mp.weixin.qq.com/s/P50b74AarJRdk1A9Cr6gLQ]

1、EDPB通过关于年龄验证的声明，保护儿童个人数据

2月12日，欧洲数据保护委员会（EDPB）宣布通过了一项关于年龄验证的声明。在声明中，EDPB列出了在确定个人的年龄或年龄范围时合规处理个人数据的十项原则。该声明旨在确保欧洲对年龄验证采取一致的方法，在遵守数据保护原则的同时保护未成年人。EDPB指出年龄验证对于确保儿童不会访问不适合他们年龄的内容至关重要。EDPB提出的原则将帮助行业以符合数据保护原则的方式评估个人的年龄，同时保护儿童的权益。

【点击查阅声明全文：

https://www.edpb.europa.eu/system/files/2025-02/edpb_statement_20250211ageassurance_en.pdf】

1. EDPB adopted statement on age assurance, protect children’s personal data

On February 12, the EDPB announced the adoption of a statement on age assurance. In the statement, the EDPB lists ten principles for the compliant processing of personal data when determining the age or age range of an individual. The statement aims to ensure a consistent European approach to age assurance, to protect minors while complying with data protection principles. EDPB notes that age assurance is essential to ensure that children do not access content that is not appropriate for their age. The principles put forward by the EDPB will help the industry to assess an individual’s age in a way that is compliant with data protection principles, while protecting children’s wellbeing.

[https://www.edpb.europa.eu/system/files/2025-02/edpb_statement_20250211ageassurance_en.pdf]

2、马来西亚《2025年通信和多媒体（修订）法案》生效

2月11日，马来西亚《2025年通信和多媒体（修订）法案》正式生效，但马来西亚通信部长在官方公报上公布的第92条和第112条除外。《修订法案》对1988年《通信和多媒体法案》中的一些定义进行了更改，澄清了“通信数据”的定义，《修订法案》还增加了对什么应被视为淫秽内容、不雅内容和虚假内容等的解释。《修订法案》还禁止发送未经请求的商业电子信息。

【点击查阅法案全文

https://lom.agc.gov.my/ilims/upload/portal/akta/outputaktap/2669326_BI/A1743%20BI-%20COMMUNICATIONS%20AND%20MULTIMEDIA%20(AMENDMENT)%20ACT%202025.pdf】

2. Malaysia’s Communications and Multimedia (Amendment) Act 2025 entered into effect

On February 11, the Communications and Multimedia (Amendment) Act 2025 entered into effect, except for sections 92 and 112, as appointed by the Minister of Communications of Malaysia published in the Official Gazette. The Amendment Act introduces changes to some definitions under the Communications and Multimedia Act 1988. It clarifies the definition of ‘communication data’. The Amendment Act also adds explanations regarding what should be considered obscene content, indecent content, and false content. The Amendment Act also introduces a prohibition against sending unsolicited commercial electronic messages.

[https://lom.agc.gov.my/ilims/upload/portal/akta/outputaktap/2669326_BI/A1743%20BI-%20COMMUNICATIONS%20AND%20MULTIMEDIA%20(AMENDMENT)%20ACT%202025.pdf]

3、巴黎AI行动峰会通过《关于包容和可持续人工智能的声明》

2月11日，出席巴AI行动峰会的全球代表通过了《关于包容和可持续人工智能的声明》，该声明倡导以基于人权的方式发展人工智能。声明概述了优先事项，例如提高人工智能的可及性、促进开放和合乎道德的人工智能、激励创新、塑造未来的工作、确保人工智能的可持续性以及加强国际合作。启动了人工智能公共利益平台（Public Interest AI Platform）以鼓励合作，消除数字鸿沟，同时讨论了人工智能对环境和就业市场的影响，呼吁开展包容性治理对话。

【点击查阅声明全文：

https://www.elysee.fr/en/emmanuel-macron/2025/02/11/statement-on-inclusive-and-sustainable-artificial-intelligence-for-people-and-the-planet】

3. The Paris AI Action Summit adopted the Statement on Inclusive and Sustainable Artificial Intelligence

On February 11, global representatives at the AI Action Summit in Paris adopted the Statement on Inclusive and Sustainable Artificial Intelligence, which promotes a human rights-based approach to AI development. The statement outlines priorities such as enhancing AI accessibility, fostering open and ethical AI, stimulating innovation, shaping the future of work, ensuring AI sustainability, and strengthening international cooperation. A Public Interest AI Platform was launched to encourage collaboration and tackle digital divides, while environmental impacts and job market effects were also discussed, with a call for inclusive governance dialogues.

[https://www.elysee.fr/en/emmanuel-macron/2025/02/11/statement-on-inclusive-and-sustainable-artificial-intelligence-for-people-and-the-planet]

4、法国发布两项新的AI合规建议

近日，法国国家信息与自由委员会（CNIL）发布两项新的AI合规建议，旨在促进人工智能的负责任使用，同时确保遵守个人数据保护规定。一项系关于通知个人的建议，当个人数据用于训练AI模型并可能被AI模型记住时，必须通知相关个人，通知的方式可以根据个人风险和运营限制进行调整。另一项系关于个人权利的建议，欧洲的法规授予了个人访问、纠正、反对和删除其个人数据的权利，然而，在AI模型的背景下行使这些权利可能特别具有挑战性，CNIL敦促AI开发人员从设计阶段就纳入隐私保护，并通过以下方式特别注意训练数据集中的个人数据：（1）在不损害模型预期目的的情况下努力匿名化数据；（2）开发创新解决方案，以防AI模型泄露机密个人数据。

【点击查阅两项AI合规建议：

https://www.cnil.fr/fr/ia-informer-les-personnes-concernees；

https://www.cnil.fr/fr/ia-respecter-lexercice-des-droits-des-personnes】

4. France issueed two new AI compliance recommendations

Recently, the CNIL issued two new AI compliance recommendations to promote the responsible use of AI while ensuring compliance with personal data protection regulations. One is a recommendation on imforming individuals. When personal data is used to train AI models and may potentially be memorised by it, the individuals concerned must beinformed. The way this information is provided can be adapted based on the risks to individuals and operational constraints. Another recommendation concerns individuals’ rights. European regulations grant individuals the right to access, rectify, object, and delete their personal data. However, exercising these rights in the context of AI models can be particularly challenging. The CNIL urges AI developers to incorporate privacy protection from the design stage and pay special attention to personal data in training datasets by: (1)striving to anonymise models whenever it does not compromise their intended purpose; and (2) developing innovative solutions to prevent the disclosure of confidential personal data by AI models.

[https://www.cnil.fr/fr/ia-informer-les-personnes-concernees；

https://www.cnil.fr/fr/ia-respecter-lexercice-des-droits-des-personnes]