每周数据法律资讯 DataLaw Weekly（20250310-20250316）

1、3·15晚会聚焦个人信息保护问题

3·15晚会曝光了“大数据获客软件”窃取消费者隐私信息的行业乱象，该等获客软件使用爬虫技术，嵌入到各大知名互联网平台上，偷取消费者个人信息。部分获客公司还能够使用电信运营商的数据进行获客。此外，3·15晚会还曝光了智能机器人拨打营销骚扰电话、 虚拟运营商实名制要求落实不到位等问题。问题曝光后，工信部连夜组织对涉嫌违法违规主体进行调查处置，责令基础电信运营商立即关停涉事线路、对涉个人数据信息有关情况进行核查，督促互联网平台企业全面清理违法智能外呼软件销售推广信息。

1. The 3·15 Gala focused on the issue of personal information protection

The 3·15 Gala exposed the industry chaos of "big data customer acquisition software" stealing consumers' privacy information. Such customer acquisition software uses crawler technology and is embedded in major well-known Internet platforms to steal consumers' personal information. Some customer acquisition companies can also use data from telecommunications operators for customer acquisition. In addition, the Gala also exposed problems such as intelligent robots making marketing harassment calls and virtual operators not fully implementing real-name registration requirements. After the problems were exposed, the Ministry of Industry and Information Technology immediately organized investigations and handling of the suspected illegal and non-compliant entities, ordered basic telecommunications operators to immediately shut down the involved lines, and verify the relevant situations regarding personal data information. It also urged Internet platform enterprises to comprehensively clean up the sales and promotion information of illegal intelligent outbound calling software.

2、人工智能生成合成内容标识规定正式发布

3月14日，国家网信办、工信部、公安部、国家广电总局联合发布《人工智能生成合成内容标识办法》，自2025年9月1日起施行。配套《标识办法》，强制性国家标准《网络安全技术 人工智能生成合成内容标识方法》（GB 45438-2025）、实践指南《网络安全标准实践指南——人工智能生成合成内容标识 服务提供者编码规则》（TC260-PG-20252A）也于同日公布。其中标准规定了标识具体实施方式和操作方法，其将于2025年9月1日与《标识办法》同步实施。 

【点击查阅上述相关规定全文：

https://www.cac.gov.cn/2025-03/14/c_1743654685899683.htm?sessionid=-1646434773】

【关于我们就AI生成合成内容标识实操中可能遇到的问题和建议，可点击以下链接查阅：

https://mp.weixin.qq.com/s/OwbIqnfrxK-QJtqxT4vT7Q】

2. Artificial intelligence generated synthetic content labelling regulations officially released

On March 14, the CAC, the MIIT, the Ministry of Public Security, the National Radio and Television Administration jointly issued the ‘Measures for the Identification of AI-Generated and Synthetic Content’(《人工智能生成合成内容标识办法》), which will come into effect on September 1, 2025. Accompanying the "Identification Measures", the mandatory national standard "Cybersecurity Technology - Method for Identifying AI-Generated and Synthetic Content" (GB 45438-2025) and the practice guideline "Cybersecurity Standard Practice Guide - Coding Rules for Service Providers of AI-Generated and Synthetic Content Identification" (TC260-PG-20252A) were also released on the same day. The standard specifies the specific implementation methods and operational procedures for identification, and it will be implemented simultaneously with the "Identification Measures" on September 1, 2025.

[Click to view the full text of the above regulations:

https://www.cac.gov.cn/2025-03/14/c_1743654685899683.htm?sessionid=-1646434773]

[For information on the potential issues and suggestions regarding the practical implementation of AI-generated and synthesized content identification, please click the following link to view:

https://mp.weixin.qq.com/s/OwbIqnfrxK-QJtqxT4vT7Q]

3、工信部等部门发布关于促进中小企业提升合规意识加强合规管理的指导意见

3月13日，工信部等15部门联合发布关于促进中小企业提升合规意识加强合规管理的指导意见。意见指出要引导中小企业遵守网络安全、数据安全等方面法律法规，加强信息系统、网络、数据的安全防护和安全意识教育；制定实施数据安全合规管理制度，加强对数据的分类分级和权限管理，加强人员管理和技术控制，履行重要数据识别备案、分级防护、风险评估等责任义务，防范并及时应对和处理数据泄露、篡改、丢失事件；重点梳理向第三方输出、共享、委托、提供数据，从第三方接受数据，处理个人信息及跨境传输数据等活动中的合规要求和风险，落实特定类型信息收集与使用合规义务，保护企业数据及个人信息安全。

【点击查阅意见全文：

https://wap.miit.gov.cn/zwgk/zcwj/wjfb/yj/art/2025/art_ab58112ddea44edeb2f45dd2afb7e583.html】

3. The MIIT and other departments issued guidance on promoting compliance awareness and strengthening compliance management for small and medium-sized enterprises

On March 13, the MIIT and 15 other departments jointly issued guidance on promoting compliance awareness and strengthening compliance management among small and medium-sized enterprises. The guidance points out that small and medium-sized enterprises should be guided to comply with laws and regulations on cybersecurity, data security, etc., and strengthen the security protection and security awareness education of information systems, networks, and data; Develop and implement a data security compliance management system, strengthen the classification, grading, and permission management of data, enhance personnel management and technical control, fulfill responsibilities and obligations for identifying and filing important data, grading protection, risk assessment, etc., prevent and promptly respond to and handle data leakage, tampering, and loss events; Focus on sorting out the compliance requirements and risks in activities such as exporting, sharing, entrusting, and providing data to third parties, receiving data from third parties, processing personal information, and cross-border data transmission, implementing compliance obligations for specific types of information collection and use, and protecting the security of enterprise data and personal information.

[Click to view the full text of the opinion:

https://wap.miit.gov.cn/zwgk/zcwj/wjfb/yj/art/2025/art_ab58112ddea44edeb2f45dd2afb7e583.html]

4、全国人大常委会工作报告提出修改网络安全法

3月14日，全国人民代表大会常务委员会委员长受全国人大常委会委托，报告工作。全国人大常委会工作报告提出2025年要高质量推进立法工作，提出修改网络安全法等法律，围绕人工智能、数字经济、大数据、自动驾驶、低空经济、航天等新兴领域加强立法研究。

【2022年9月12日，网信办曾发布关于修改《中华人民共和国网络安全法》的决定（征求意见稿），拟对《网络安全法》进行修改，相关决定征求意见稿可点击以下链接查阅：

https://www.gov.cn/xinwen/2022-09/14/content_5709805.htm】

4. The work report of the Standing Committee of the National People's Congress proposes to amend the Cyber Security Law

On March 14, the Chairman of the Standing Committee of the National People's Congress was entrusted by the Standing Committee of the National People's Congress to report on the work of the Standing Committee of the National People's Congress. The work report of the Standing Committee of the National People's Congress proposed that in 2025, they would promote legislative work in a high-quality manner, propose to amend laws such as the Cyber Security Law(《网络安全法》), and strengthen legislative research around emerging fields such as artificial intelligence, digital economy, big data, autonomous driving, low altitude economy, and aerospace.

[On September 12, 2022, the CAC issued a draft decision on amending the Cybersecurity Law of the People's Republic of China for soliciting opinions. The draft decision for soliciting opinions can be viewed by clicking on the following link:

https://www.gov.cn/xinwen/2022-09/14/content_5709805.htm]

5、工信部发布《卫星网络国内协调管理办法（暂行）》

3月12日，工信部发布了《卫星网络国内协调管理办法（暂行）》，卫星网络国内协调是指在国际电联《无线电规则》框架下，我国卫星网络之间、卫星网络与地面无线电台（站）之间的频率协调。该办法规定适用于我国境内卫星操作单位开展的国内协调工作。

【点击查阅管理办法全文：

https://www.miit.gov.cn/zwgk/zcwj/wjfb/tz/art/2025/art_01e8245a456448f1b0897f548487c3c2.html】

5. The MIIT issued the "Interim Measures for the Administration of Domestic Coordination of Satellite Networks"(《卫星网络国内协调管理办法（暂行）》)

On March 12, the MIIT issued the "Interim Measures for the Administration of Domestic Coordination of Satellite Networks". Domestic coordination of satellite networks refers to frequency coordination between satellite networks in China and between satellite networks and terrestrial radio stations under the framework of the ITU Radio Regulations. The measures are applicable to the domestic coordination work carried out by satellite operators within the territory of China.

[Click to view the full text of the management measures:

https://www.miit.gov.cn/zwgk/zcwj/wjfb/tz/art/2025/art_01e8245a456448f1b0897f548487c3c2.html]

6、网信办发布第十批深度合成服务算法备案信息

3月12日，网信办发布了第十批深度合成服务算法备案信息，本批次共计395个算法通过备案。根据《互联网信息服务深度合成管理规定》第十九条规定，具有舆论属性或者社会动员能力的深度合成服务提供者，应当按照《互联网信息服务算法推荐管理规定》履行备案和变更、注销备案手续。深度合成服务技术支持者应当参照履行备案和变更、注销备案手续。

【点击查阅完整备案名单：

https://www.cac.gov.cn/2025-03/12/c_1743480314931271.htm?sessionid=-1645752955】

6. The CAC released the record information of the tenth batch of deep synthesis service algorithms

On March 12, the CAC released the 10th batch of deep synthetic service algorithm filing information, with a total of 395 algorithms passing the filing. According to Article 19 of the Regulations on the Administration of Deep Synthesis of Internet Information Services (《互联网信息服务深度合成管理规定》), deep synthesis service providers with public opinion attributes or social mobilization capabilities shall fulfill the procedures for filing, changing, and canceling the filing in accordance with the Regulations on the Administration of Algorithm Recommendation of Internet Information Services (《互联网信息服务算法推荐管理规定》). The technical support provider of the deep synthesis service should refer to the procedures for filing, changing, and canceling the filing.

[Click to view the complete list of registered names:

https://www.cac.gov.cn/2025-03/12/c_1743480314931271.htm?sessionid=-1645752955]

7、国家计算机病毒应急处理中心监测发现15款违规移动应用

国家计算机病毒应急处理中心近期监测发现15款移动应用存在隐私不合规行为。主要问题包括：未以显著方式、清晰易懂的语言真实、准确、完整地向个人告知个人信息处理者的名称或者姓名、联系方式、个人信息的保存期限等；隐私政策未逐一列出App（包括委托的第三方或嵌入的第三方代码、插件）收集使用个人信息的目的、方式、范围等；未提供有效的更正、删除个人信息及注销用户账号功能；未向用户提供撤回同意收集个人信息的途径、方式等。

【点击查阅违规应用及所涉隐私问题：

https://www.cverc.org.cn/zxdt/report20250307.htm】

7. The CVERC discovered 15 illegal mobile applications through monitoring

The CVERC recently discovered that 15 mobile applications have privacy violations. The main issues include: failure to truthfully, accurately, and completely inform individuals of the name or contact information of the personal information processor, the retention period of personal information, etc. in a prominent and clear language; The privacy policy does not list the purpose, method, scope, etc. of the collection and use of personal information by the app (including third-party agents or embedded third-party code, plugins) one by one; Failure to provide effective functions for correcting, deleting personal information, and canceling user accounts; Not providing users with a way or method to withdraw their consent to the collection of personal information.

[Click to view the illegal applications and privacy issues involved:

https://www.cverc.org.cn/zxdt/report20250307.htm]

1、本田汽车因违反《加州消费者隐私法》被罚63.25万美元 

3月12日，加州隐私保护局(CPPA)裁定，美国本田汽车公司(American Honda Motor Co., Inc.)因违反《加州消费者隐私法》(CCPA)，需支付63.25万美元罚款。该处罚源自CPPA执法部门对网联汽车制造商的数据隐私合规性调查。调查发现，本田涉及的隐私问题包括要求加州居民进行身份验证并提供过多的个人信息以行使某些隐私权；使用的在线隐私管理工具未能以对称或平等的方式为加州居民提供隐私选择；使得加州居民难以授权其他个人或组织来行使其的隐私权；以及在与广告技术公司共享个人信息时，未能出具包含隐私保护必要条款的合同。

【点击查阅官方新闻稿：

https://cppa.ca.gov/announcements/2025/20250312.html】

1. Honda fined $632,500 for violating California Consumer Privacy Act

On March 12, the California Privacy Protection Agency (CPPA) ruled that American Honda Motor Co., Inc. is required to pay a $632,500 penalty for violating the California Consumer Privacy Act (CCPA).The penalty stems from a data privacy compliance investigation by the CPPA's Enforcement Division into the maker of internet-connected vehicles.The investigation found that Honda was involved in privacy issues that included: requiring Californians to verify themselves and provide excessive personal information to exercise certain privacy rights; using an online privacy management tool that failed to offer Californians their privacy choices in a symmetrical or equal way; making it difficult for Californians to authorize other individuals or organizations (known as “authorized agents”) to exercise their privacy rights; and sharing consumers’ personal information with ad tech companies without producing contracts that contain the necessary terms to protect privacy.

[Click for official press release:

https://cppa.ca.gov/announcements/2025/20250312.html]

2、西班牙政府批准人工智能法草案

3月11日，西班牙政府宣布已批准人工智能治理法草案。人工智能治理法草案旨在通过以下方式规范西班牙人工智能的开发和部署：使西班牙立法与欧盟人工智能法案保持一致，确保遵守欧盟范围内的人工智能治理框架；禁止有害的人工智能做法，例如潜意识操纵、生物特征分析和预测性犯罪风险评估；监管高风险AI系统，包括用于教育、金融、医疗保健、移民和司法等关键部门的AI；建立监管框架以监控和惩罚不合规的AI提供商；和创建受控的AI测试环境，以帮助开发人员在部署AI系统之前确保法律合规性。

【点击查阅官方新闻稿：

https://digital.gob.es/portalmtdfp/comunicacion/sala-de-prensa/comunicacion_ministro/2025/03/2025-03-11.html】

2、Spanish Government approved draft AI law

On March 11, the Spanish Government announced that it had approved a draft law on artificial intelligence (AI) governance. the draft AI law seeks to regulate the development and deployment of AI in Spain by: aligning Spanish legislation with the EU Artificial Intelligence Act (the EU AI Act), ensuring compliance with EU-wide AI governance frameworks; prohibiting harmful AI practices, such as subliminal manipulation, biometric profiling, and predictive crime risk assessments; regulating high-risk AI systems, including AI used in critical sectors like education, finance, healthcare, migration, and justice; establishing a regulatory framework for monitoring and penalizing non-compliant AI providers; and creating a controlled AI testing environment to help developers ensure legal compliance before deploying AI systems.

[Click for official press release:

https://digital.gob.es/portalmtdfp/comunicacion/sala-de-prensa/comunicacion_ministro/2025/03/2025-03-11.html]

3、欧盟委员会宣布发布通用AI行为准则第三稿

3月11日，欧盟委员会宣布，通用AI行为准则的主席和副主席提交了由独立专家编写的准则第三稿内容。准则草案的前两部分详细说明了所有通用AI模型提供商的透明度和版权义务，并根据《人工智能法案》对某些开源模型的提供商的透明度义务进行了显著豁免。第三部分仅与少数可能构成系统性风险的最先进通用AI模型的提供商相关。最终准则将在5月准备就绪，作为通用AI模型提供商证明遵守欧盟人工智能法案的工具。

【点击查阅行为准则第三稿内容：

https://digital-strategy.ec.europa.eu/en/library/third-draft-general-purpose-ai-code-practice-published-written-independent-experts】

3. The European Commission announced publication of third draft of general-purpose AI code of practice

On March 11, the European Commission announced that the Chairs and the Vice-Chairs of the General-Purpose AI Code of Practice presented the third draft of the code of practice, written by independent experts. The first two sections of the draft Code detail transparency and copyright obligations for all providers of general-purpose AI models, with notable exemptions from the transparency obligations for providers of certain open-source models in line with the AI Act. The third section of the Code is only relevant for a small number of providers of most advanced general-purpose AI models that could pose systemic risks. The final Code should be ready in May, as a tool for general-purpose AI model providers to demonstrate compliance with the AI Act.

[Click to view the content of the third draft of the Code:

https://digital-strategy.ec.europa.eu/en/library/third-draft-general-purpose-ai-code-practice-published-written-independent-experts]