每周数据法律资讯 Data Law Weekly（20250217-20250223）

1、中央网信办发布2025年“清朗”系列专项行动整治重点

2月21日，中央网信办发布2025年“清朗”系列专项行动八大重点整治任务，一是整治春节网络环境；二是整治“自媒体”发布不实信息；三是整治短视频领域恶意营销；四是整治AI技术滥用乱象；五是整治涉企网络“黑嘴”；六是整治暑期未成年人网络环境；七是整治网络直播打赏乱象；八是整治恶意挑动负面情绪。

【全文链接：

https://mp.weixin.qq.com/s/DfCrrgatzVqK9MzBhIyEjw】

1. The CAC released the key points of the 2025 ‘Qinglang’ series of special action plans

On February 21, the CAC announced eight key tasks for the 2025 ‘Qinglang’ series of special actions: first, improving the online environment during the Spring Festival; second, tackling the publication of false information by ‘self-media’; third, tackling malicious marketing in the short video sector; fourth, tackling the abuse of AI technology; fifth, tackling corporate ‘black mouthers’ online; sixth, tackling the online environment for minors during the summer holiday; seventh, tackling the chaos of online rewards for live streaming; and eighth, tackling the malicious incitement of negative emotions.

[https://mp.weixin.qq.com/s/DfCrrgatzVqK9MzBhIyEjw]

2、上海发布《生成式人工智能个人信息保护基本要求》等3项地方标准征求意见稿

2月20日，上海市信息安全标准化技术委员会发布《公共区域电子屏及相关播控系统安全管理要求》《多模态大模型安全评估指南》《生成式人工智能个人信息保护基本要求》3项地方标准征求意见稿。其中《多模态大模型安全评估指南》提供了多模态大模型在生成内容安全方面的评估指导，给出了安全风险分类、评估要点及评估实践。《生成式人工智能个人信息保护基本要求》规定了生成式人工智能个人信息保护的全生命周期基本要求。

【全文链接：

https://mp.weixin.qq.com/s/qKx2xOy_wc10CiNPg0PERg】

2. Shanghai released three draft local standards for public comment, including ‘Basic Requirements for the Protection of Personal Information by Generative Artificial Intelligence’（《生成式人工智能个人信息保护基本要求》）

On February 20, the Shanghai Information Security Standardisation Technical Committee released three draft local standards for public comment: ‘Safety Management Requirements for Public Area Electronic Screens and Related Broadcast Control Systems’（《公共区域电子屏及相关播控系统安全管理要求》）, ‘Guidelines for the Safety Assessment of Large Multimodal Models’ （《多模态大模型安全评估指南》）and ‘Basic Requirements for the Protection of Personal Information by Generative Artificial Intelligence’（《生成式人工智能个人信息保护基本要求》）. The ‘Guidelines for the Safety Assessment of Large Multimodal Models’ provide assessment guidance for the security of generated content in multimodal large models, giving security risk classification, assessment points, and assessment practices. The ‘Basic Requirements for the Protection of Personal Information by Generative Artificial Intelligence’ stipulate the basic requirements for the entire life cycle of generative artificial intelligence personal information protection.

[https://mp.weixin.qq.com/s/qKx2xOy_wc10CiNPg0PERg]

3、海南发布《海南自由贸易港数据出境管理清单（负面清单）（2024年版）》

2月20日，海南发布了《海南自由贸易港数据出境管理清单（负面清单）（2024 版）》。海南负面清单包括了深海、航天、种业、旅游、免税商业零售业务五大业务领域，负面清单对前述五大业务领域内需要通过数据出境安全评估的数据清单、需要通过个人信息出境标准合同备案、个人信息保护认证出境的数据清单进行了描述。

【全文链接：

https://mp.weixin.qq.com/s/Rsf_UctjP2rnZpLyQDPHCw】

3. Hainan released the ‘Hainan Free Trade Port Data Outbound Management List (Negative List) (2024 Edition)’（ 《海南自由贸易港数据出境管理清单（负面清单）（2024年版）》）

On February 20, Hainan released the ‘Hainan Free Trade Port Data Outbound Management List (Negative List) (2024 Edition).’ The Hainan negative list includes five major business areas: deep-sea, aerospace, seed industry, tourism, and duty-free commercial retail business. The negative list of Hainan includes five major business areas: deep-sea, aerospace, seed industry, tourism, and duty-free commercial retail business. The negative list includes a list of data that need to undergo data export security assessment and the data list that needs to be recorded through the personal information export standard contract and authenticated for personal information protection for export in the aforementioned five business areas.

[https://mp.weixin.qq.com/s/Rsf_UctjP2rnZpLyQDPHCw]

4、国家网信办依法集中查处一批侵害个人信息权益的违法违规App

近期，国家网信办依据依法查处了“开个密室馆”等82款违法违规App（含小程序）。其中4款App存在未公开收集使用规则问题，违反《个人信息保护法》等法律法规，依法依规予以下架处置；78款App存在未按法律规定提供删除或更正个人信息功能问题，违反《个人信息保护法》等法律法规，依法依规责令限期1个月完成整改，逾期未完成整改的，国家网信办将依法依规予以下架处置。

【全文链接：

https://mp.weixin.qq.com/s/RKYd_HlBlAjgeA4qXpqNGg】

4. The CAC investigated and dealt with a number of illegal and irregular apps that infringe on personal information rights in accordance with the law

Recently, the CAC investigated and dealt with 82 illegal and irregular apps (including mini-programs) in accordance with the law, including the app ‘Kai Ge Mi Shi Guan’（“开个密室馆”）. Four of these apps did not disclose their collection and use rules, violating the Personal Information Protection Law and other laws and regulations, and were removed in accordance with the law. 78 of these apps did not provide the function to delete or correct personal information as required by law, violating the Personal Information Protection Law and other laws and regulations. They were ordered to complete rectification within one month in accordance with the law, and if they failed to do so, the CAC would remove them in accordance with the law.

[https://mp.weixin.qq.com/s/RKYd_HlBlAjgeA4qXpqNGg]

5、国家计算机病毒应急处理中心通报14款违规移动应用

2月17日，国家计算机病毒应急处理中心通报了14款存在隐私不合规行为移动应用，该等应用所涉主要问题包括未向用户提供撤回同意收集个人信息的途径、方式；未提供有效的注销用户账号功能；未逐一列出App（包括委托的第三方或嵌入的第三方代码、插件）收集使用个人信息的目的、方式、范围等问题。

【全文链接：

https://www.cverc.org.cn/zxdt/report20250217.htm】

5. The National Computer Virus Emergency Response Center announced 14 mobile apps with privacy violations

On February 17, the National Computer Virus Emergency Response Center announced 14 mobile apps with privacy violations. The main problems with the apps include not providing users with a way to withdraw consent to the collection of personal information, not providing an effective way to log out of the user account, and not listing the purposes, methods, and scope of personal information collection and use by the app (including commissioned third parties or embedded third-party code and plug-ins).

[https://www.cverc.org.cn/zxdt/report20250217.htm]

6、自然资源部发布强制性国家标准《导航电子地图安全处理技术基本要求（征求意见稿）》

近日，自然资源部公布了《导航电子地图安全处理技术基本要求（征求意见稿）》强制性国家标准，公开征求意见。该标准规定了公开出版、销售、传播、展示和使用的导航电子地图在数据采集、制作和表示过程中，空间位置技术处理、传输安全技术处理、服务安全技术处理的要求，以及不应采集和表示的内容。

【全文链接：

https://gi.mnr.gov.cn/202502/t20250213_2880926.html】

6. The Ministry of Natural Resources released the mandatory national standard ‘Basic Requirements for the Safe Processing of Navigation Electronic Maps (Draft for Comment)’（ 《导航电子地图安全处理技术基本要求（征求意见稿）》）

Recently, the Ministry of Natural Resources released the mandatory national standard ‘Basic Requirements for the Safe Processing of Navigation Electronic Maps (Draft for Comment)’. The standard stipulates the requirements for the safe processing of spatial location technology, transmission security technology, and service security technology during the data collection, production, and display processes for navigation electronic maps that are publicly published, sold, disseminated, displayed, and used, as well as the content that should not be collected and displayed.

[https://gi.mnr.gov.cn/202502/t20250213_2880926.html]

7、上海发布最新一批生成式人工智能服务备案信息和登记信息

上海市网信办发布了最新一批生成式人工智能服务备案信息和登记信息，截至2月22日，上海市新增6款已完成备案的生成式人工智能服务，累计已完成66款生成式人工智能服务备案。截至2月19日，上海市新增6款已完成登记的生成式人工智能服务，累计已完成74款生成式人工智能服务登记。

【全文链接：

https://mp.weixin.qq.com/s/yRwMGQ-mCGslM6bvuZKSvQ；

https://mp.weixin.qq.com/s/cGe1FuJgsmc6qA5vyDpb4A】

7. Shanghai released the latest batch of filing and registration information for generative AI services

The Shanghai Cyberspace Administration released the latest batch of filing and registration information for generative AI services. As of February 22, Shanghai has added 6 new generative AI services that have completed the filing process, bringing the total to 66. As of February 19, Shanghai has added 6 new generative AI services that have completed the registration process, bringing the total to 74.

[https://mp.weixin.qq.com/s/yRwMGQ-mCGslM6bvuZKSvQ；

https://mp.weixin.qq.com/s/cGe1FuJgsmc6qA5vyDpb4A]

1、美国发布“美国第一”投资政策备忘录，进一步限制与中国的双向投资

2月21日，美国总统特朗普签署了一份“美国第一”投资政策备忘录，该备忘录指出美国欢迎盟友和伙伴的外国投资，以支持美国就业、创新和经济增长，认为某些外国对手（如中国）通过投资获取美国的尖端技术、知识产权和战略产业优势，这对美国构成威胁，要求对涉及关键技术、基础设施、个人数据等敏感领域的外国投资进行限制，特别是来自中国等对手的投资，包括使用美国外国投资委员会（CFIUS）等工具，限制中国等对手在关键技术领域的投资。此外，还将审查外国对手公司在美国交易所的上市结构，确保投资者权益得到保护。备忘录还指出考虑对投资于中国军事工业的美国个人或实体实施制裁。

【全文链接：

https://www.whitehouse.gov/presidential-actions/2025/02/america-first-investment-policy/】

【点击查阅中国商务部新闻发言人就美发布“美国第一”投资政策备忘录答记者问：

https://mp.weixin.qq.com/s/PH8bYkSHe-j7Rp5xzemkWw】

1. The United States released the ‘America First’ investment policy memorandum, further restricting two-way investment with China

On February 21, US President Trump signed an ‘America First’ investment policy memorandum, which states that the United States welcomes foreign investment from allies and partners to support US jobs, innovation and economic growth. It believes that certain foreign adversaries (such as China) pose a threat to the United States by investing to gain access to cutting-edge US technologies, intellectual property and advantages in strategic industries. It calls for restrictions on foreign investment in sensitive areas such as key technologies, infrastructure and personal data, especially from adversaries such as China, including the use of tools such as the Committee on Foreign Investment in the United States (CFIUS) to restrict investment in critical technology sectors by adversaries such as China. In addition, the listing structure of foreign adversary companies on US exchanges will be reviewed to ensure that investor rights are protected. The memorandum also states that consideration will be given to imposing sanctions on US individuals or entities that invest in China's military industry.

[https://www.whitehouse.gov/presidential-actions/2025/02/america-first-investment-policy/]

[Click to view the answers to questions from reporters by the spokesperson for the Chinese Ministry of Commerce regarding the US's release of the ‘America First’ investment policy memorandum:

https://mp.weixin.qq.com/s/PH8bYkSHe-j7Rp5xzemkWw]

2、德国多州调查DeepSeek是否指定欧盟境内代表

近日，德国多个州数据保护监管机构对DeepSeek启动调查程序，调查的主要内容为DeepSeek是否在欧盟境内指定代表。根据GDPR第27（1）条，向欧盟数据主体提供服务但设立在欧盟境外的数据控制者必须在欧盟内指定一名代表，代表应获得数据控制者的授权，与数据控制者一起或代替数据控制者，就数据处理的事宜与监管机构和数据主体联系。

【全文链接：

https://www.baden-wuerttemberg.datenschutz.de/pruefverfahren-gegen-deepseek-eingeleitet/】

2. German states investigated whether DeepSeek has appointed a representative in the EU

Recently, data protection supervisory authorities in several German states initiated an investigation of DeepSeek, focusing on whether DeepSeek has appointed a representative in the EU. According to Article 27(1) of the GDPR, a data controller who is established outside the EU and provides services to data subjects in the EU must designate a representative within the EU who is authorized by the data controller to communicate with regulatory authorities and data subjects on matters related to data processing, either together or on behalf of the data controller.

[https://www.baden-wuerttemberg.datenschutz.de/pruefverfahren-gegen-deepseek-eingeleitet/]