每周数据法律资讯 DataLaw Weekly（20250317-20250323）

1、国家网信办、公安部联合公布《人脸识别技术应用安全管理办法》

3月21日，国家网信办、公安部联合公布《人脸识别技术应用安全管理办法》，自2025年6月1日起施行。《办法》规定了应用人脸识别技术处理人脸信息的基本要求和处理规则，明确人脸识别技术应用安全规范。此外，《办法》要求个人信息处理者应当在应用人脸识别技术处理的人脸信息存储数量达到10万人之日起30个工作日内向所在地省级以上网信部门履行备案手续。

【点击查阅《办法》全文：

https://mp.weixin.qq.com/s/pk7wmsPu_947QYCcKWq9qQ】

1. The CAC and the Ministry of Public Security jointly announced the "Measures for the Security Management of Facial Recognition Technology Applications"（《人脸识别技术应用安全管理办法》）

On March 21, the CAC and the Ministry of Public Security jointly announced the Measures for the Security Management of Facial Recognition Technology Applications（《人脸识别技术应用安全管理办法》）, which will come into force on June 1, 2025. The Measures stipulate the basic requirements and processing rules for using facial recognition technology to process facial information, and clarify the security standards for the application of facial recognition technology. In addition, the Measures require personal information processors to complete the filing procedures with the provincial or higher level cyberspace administration department within 30 working days from the date when the number of stored facial information processed by facial recognition technology reaches 100000 people.

[Click to view the full text of the Measures:

https://mp.weixin.qq.com/s/pk7wmsPu_947QYCcKWq9qQ]

2、全国网安标委发布《网络安全技术　信息安全管理体系审核和认证机构要求》等3项国家标准征求意见稿

3月20日，全国网安标委发布了《网络安全技术　信息安全管理体系审核和认证机构要求》、《网络安全技术 网络安全事件管理 第1部分 原理和过程》以及《网络安全技术　网络安全事件管理　第2部分：事件响应规划和准备指南》等3项国家标准的征求意见稿，面向社会征求意见。

【点击查阅3项国家标准征求意见稿全文：

https://www.tc260.org.cn/front/bzzqyjList.html?start=0&length=10&sessionid=-1103071830】

2. The TC260 released draft opinions on three national standards, including "Cybersecurity Technology Information Security Management System Audit and Certification Body Requirements"（《网络安全技术　信息安全管理体系审核和认证机构要求》）

On March 20, the TC260 released draft opinions for three national standards, including "Cybersecurity Technology Information Security Management System Audit and Certification Body Requirements"（《网络安全技术　信息安全管理体系审核和认证机构要求》）, "Cybersecurity Technology Cybersecurity Incident Management Part 1 Principles and Processes"(《网络安全技术 网络安全事件管理 第1部分 原理和过程》), and "Cybersecurity Technology Cybersecurity Incident Management Part 2: Incident Response Planning and Preparedness Guidelines"（《网络安全技术　网络安全事件管理　第2部分：事件响应规划和准备指南》）, for public consultation.

[Click to view the full texts of the three national standards for soliciting opinions:

https://www.tc260.org.cn/front/bzzqyjList.html?start=0&length=10&sessionid=-1103071830]

3、国家数据局今年拟修订41项数据领域国家标准

3月19日，全国数据标准化技术委员会2025年第一次“标准周”全体会议在成都举行。我国今年拟制修订41项数据领域国家标准，涵盖高质量数据集、数据基础设施建设、城市全域数字化转型等领域，关系到人工智能、数据流通利用、智慧城市等产业行业的发展。全国数据标准化技术委员会提出，要积极支持民营企业参与数据领域国家标准制定。

【全文链接：

https://mp.weixin.qq.com/s/YpM9GXlubt-Pro3ThowCAw】

3. The National Data Administration plans to revise 41 national standards in the field of data this year

On March 19 the first "Standard Week" plenary meeting of the TC609 in 2025 was held in Chengdu. The National Data Administration plans to revise 41 national standards in the field of data this year, covering areas such as high-quality datasets, data infrastructure construction, and urban digital transformation, which are related to the development of industries such as artificial intelligence, data circulation and utilization, and smart cities. The TC609 proposed to actively support private enterprises to participate in the formulation of national standards in the field of data.

[Full text link:

https://mp.weixin.qq.com/s/YpM9GXlubt-Pro3ThowCAw]

4、公安部公布10起侵犯公民个人信息犯罪典型案例

3月18日，公安部公布依法打击侵犯公民个人信息犯罪10起典型案例。2024年，按照公安部统一部署，全国公安机关深入推进“净网”专项行动，始终保持对侵犯公民个人信息犯罪的高压严打态势，紧盯信息获取、信息倒卖、信息使用等关键环节，全年共侦破相关案件7000余起。

【点击查阅10起典型案例相关信息：

https://mp.weixin.qq.com/s/_-CTIDp8-bFe18EwUtDdMQ】

4. The Ministry of Public Security announced 10 typical cases of crimes that infringe on citizens' personal information

On March 18, the Ministry of Public Security announced 10 typical cases of cracking down on crimes that infringe on citizens' personal information in accordance with the law. In 2024, in accordance with the unified deployment of the Ministry of Public Security, public security organs across the country pushed forward the "Clean Net" special action（“净网”专项行动）, always maintaining a high-pressure and strict crackdown on crimes that infringe on citizens' personal information, focusing on key links such as information acquisition, information reselling, and information use. Throughout the year, more than 7000 related cases were investigated and solved.

[Click to view information on 10 typical cases:

https://mp.weixin.qq.com/s/_-CTIDp8-bFe18EwUtDdMQ]

5、2项网络安全国家标准获批发布

3月17日，全国网安标委宣布2项网络安全国家标准正式发布，包括《网络安全技术 公钥基础设施 在线证书状态协议》（GB/T 19173-2025）以及《网络安全技术 网络攻击和网络攻击事件判定准则》（GB/T 37027-2025）

【全文链接：

https://www.tc260.org.cn/front/postDetail.html?id=20250317163050&sessionid=-109530314】

5. Two national standards for cybersecurity have been approved and released

On March 17, the TC260 announced the official release of two national standards for cybersecurity, including "Cybersecurity Technology Public Key Infrastructure Online Certificate Status Protocol"（《网络安全技术 公钥基础设施 在线证书状态协议》）(GB/T 19173-2025) and "Cybersecurity Technology Guidelines for Determination of Cyber Attacks and Cyber Attack Events "（《网络安全技术 网络攻击和网络攻击事件判定准则》）(GB/T 37027-2025)

[Full text link:

https://www.tc260.org.cn/front/postDetail.html?id=20250317163050&sessionid=-109530314]

1、瑞士宣布关于X平台默认使用数据训练AI的初步调查结论

3月20日，瑞士联邦数据保护委员会（FDPIC）宣布结束了其对X平台使用个人数据训练人工智能 (AI) Grok的初步调查，初步调查结论认为，X平台的用户可以反对将其公开帖子用于训练AI，用户可在数据保护设置中拒绝默认使用他们的数据来训练和微调Grok，FDPIC认为这种退出选项的设置符合瑞士联邦数据保护法（FADP）的要求。

【点击查阅官方新闻稿：

https://www.edoeb.admin.ch/en/conclusion-investigation-x-grok】

1. Switzerland announced preliminary investigation conclusion on platform X's default use of data to train AI

On March 20, the Swiss Federal Data Protection Commission (FDPIC) announced the conclusion of its preliminary investigation into Platform X's use of personal data to train Artificial Intelligence (AI) Grok. The preliminary findings concluded that users of Platform X can object to the use of their public posts for AI training, and that users can opt out of the default use of their data for training and fine-tuning of Grok in their data protection settings, and the FDPIC concluded that this opt-out option setting complies with the requirements of the Swiss Federal Data Protection Act (FADP).

[Click to view the official press release:

https://www.edoeb.admin.ch/en/conclusion-investigation-x-grok]

2、韩国国会通过《个人信息保护法》修正案

3 月 13 日，韩国国会通过了《个人信息保护法》（PIPA）修正案。该修正案要求处理个人信息的外国企业经营者在韩国设立和运营韩国国内公司时，应当指定当地代表，并由海外总部管理和监督当地代表。同时，还要求国内公司监督其当地代表职责的履行，该修正案正在等待签署并在官方公报上公布，以成为法律。

【点击查阅法案内容：

https://likms.assembly.go.kr/bill/billDetail.do?billId=RC_M2S5U0Z2U2F4Y1L4O3K8I1K3I0T3F5】

2. Korean National Assembly passed Amendments to Personal Information Protection Act

On 13 March, the Korean National Assembly passed an amendment to the Personal Information Protection Act (PIPA). The amendment requires foreign business operators processing personal information to designate a local representative when establishing and operating a Korean domestic company in Korea, and for the overseas headquarters to manage and supervise the local representative. It also requires domestic companies to supervise the fulfilment of their local representatives' duties. The amendment is awaiting signature and publication in the official gazette to become law.

[Click to view the content of the bill:

https://likms.assembly.go.kr/bill/billDetail.do?billId=RC_M2S5U0Z2U2F4Y1L4O3K8I1K3I0T3F5]