每周数据法律资讯 DataLaw Weekly（20250331-20250406）

1、国家发改委发布《中华人民共和国卫星导航条例（公开征求意见稿）》

4月3日，国家发改委发布了《中华人民共和国卫星导航条例（公开征求意见稿）》，向社会公开征求意见。卫星导航活动，是指卫星导航系统、卫星导航增强系统的建设运行、运营服务、应用推广，以及与其相关的活动。《条例》规定建设北斗卫星导航系统、增强系统，应当符合建设规划和政策，并依法履行项目审批、核准或者备案程序，应当符合无线电管理、航天活动管理、网络安全和数据安全有关法律和行政法规的规定。

【点击查阅《条例》全文：

https://yyglxxbsgw.ndrc.gov.cn/htmls/article/article.html?articleId=2c97d16b-93251263-0195-fb016e17-002a#iframeHeight=810】

1. The National Development and Reform Commission issued the “Regulations of the People's Republic of China on Satellite Navigation (Draft)”（《中华人民共和国卫星导航条例（公开征求意见稿）》）

On April 3, the National Development and Reform Commission released the Regulations of the People's Republic of China on Satellite Navigation (Draft) for public comment. Satellite navigation activities refer to the construction and operation of satellite navigation systems and satellite navigation enhancement systems, operational services, application promotion, and related activities. The Regulations stipulate that the construction of the Beidou(“北斗”) satellite navigation system and enhancement system shall comply with construction plans and policies, and shall go through project approval, verification, or filing procedures in accordance with the law. It shall comply with the provisions of relevant laws and administrative regulations on radio management, aerospace activity management, cybersecurity, and data security.

[Click to view the full text of the Regulations:

https://yyglxxbsgw.ndrc.gov.cn/htmls/article/article.html?articleId=2c97d16b-93251263-0195-fb016e17-002a#iframeHeight=810]

2、全国网安标委发布《网络安全标准实践指南——移动互联网未成年人模式技术要求》

4月3日，全国网安标委发布了《网络安全标准实践指南——移动互联网未成年人模式技术要求》。指南规定了移动互联网未成年人模式的技术要求，包括移动智能终端、移动互联网应用程序、移动互联网应用程序分发平台未成年人模式技术要求以及模式联动技术要求。

【点击查阅指南全文：

https://mp.weixin.qq.com/s/paVBInnxTQaYUnePwKlNrw】

2. TC260 released the “Cybersecurity Standard Practice Guide – Technical Requirements for the Mobile Internet Minor Mode”(《网络安全标准实践指南——移动互联网未成年人模式技术要求》)

On April 3, TC260 released the “Cybersecurity Standard Practice Guide – Technical Requirements for the Mobile Internet Minor Mode”. The Guide stipulates the technical requirements for the mobile internet minor mode, including the technical requirements for the minor mode of mobile intelligent terminals, mobile internet applications, and mobile internet application distribution platforms, as well as the technical requirements for mode linkage.

[Click to view the full text of the guide:

https://mp.weixin.qq.com/s/paVBInnxTQaYUnePwKlNrw]

3、国家数据局举办新闻发布会，提出引导中央企业积极推进数据资产入表

4月2日，国家数据局举办“数据价值化 我们在行动”系列新闻发布会（第二场），发布会上提出激发企业“供数”动力和“用数”活力，鼓励企业在不违反法律法规、不危害国家安全和公共利益、不侵犯他人合法权益的前提下，充分开发和利用其在生产经营过程中形成或合法获取、持有的数据。此外，要发挥中央企业的带头作用，引导中央企业在数据价值挖掘的基础上，积极推进数据资产入表。

【点击查阅发布会文字记录：

https://www.nda.gov.cn/sjj/swdt/wszb/sjjzwmdxd2/list/index_pc.html】

3. The National Data Administration held a press conference, proposing to guide central enterprises to actively promote the inclusion of data assets in their balance sheets

On April 2, the National Data Administration held the second in a series of press conferences on “Data Value Realization: We Are in Action”（“数据价值化 我们在行动”）. The conference proposed stimulating the motivation of enterprises to “provide data” and the vitality of “using data”, and encouraging enterprises to fully develop and utilize data that is formed or legally obtained and held in the course of production and operation, provided that they do not violate laws and regulations, endanger national security or the public interest, or infringe upon the legitimate rights and interests of others. In addition, it is necessary to give full play to the leading role of central enterprises and guide them to actively promote the inclusion of data assets in the balance sheet based on data value mining.

[Click to view the transcript of the press conference:

https://www.nda.gov.cn/sjj/swdt/wszb/sjjzwmdxd2/list/index_pc.html]

4、市场监管总局发布《网络交易合规数据报送管理暂行办法》

4月2日，国家市场监督管理总局发布了《网络交易合规数据报送管理暂行办法》，《办法》适用于网络交易平台经营者向市场监管部门报送网络交易合规数据。网络交易合规数据是指网络交易平台经营者向市场监管部门提供的网络交易经营者身份信息、违法行为线索数据、行政执法协查数据、特定商品或者服务交易数据等网络交易监管相关数据。通过自建网站、其他网络服务销售商品或者提供服务的网络交易经营者参照《办法》执行。

【点击查阅《办法》全文：

https://www.samr.gov.cn/zw/zfxxgk/fdzdgknr/wjs/art/2025/art_3bb875e8456040d08eddc8d1169c66c4.html】

4. The State Administration for Market Regulation issued the “Interim Measures for the Administration of Online Transaction Compliance Data Reporting”(《网络交易合规数据报送管理暂行办法》)

On April 2, the State Administration for Market Regulation issued the Interim Measures for the Administration of Online Transaction Compliance Data Reporting. The Measures apply to online transaction platform operators reporting online transaction compliance data to market supervision departments. Online transaction compliance data refers to online transaction supervision-related data provided by online transaction platform operators to market supervision departments, such as identity information of online transaction operators, data on clues to illegal acts, data on administrative law enforcement investigations, and data on transactions of specific goods or services. Online transaction operators selling goods or providing services through self-built websites or other online services shall refer to the Measures for implementation.

[Click to view the full text of the Measures:

https://www.samr.gov.cn/zw/zfxxgk/fdzdgknr/wjs/art/2025/art_3bb875e8456040d08eddc8d1169c66c4.html]

5、国家标准《个人信息安全规范》拟修订

4月1日，全国网安标委发布了2025年度第一批网络安全国家标准需求的通知，其中包括国家标准《数据安全技术 个人信息安全规范》。该标准拟修订GB/T 35273-2020《信息安全技术 个人信息安全规范》，根据《个人信息保护法》等法律法规最新要求，吸纳主管监管部门开展个人信息保护工作的相关经验，与现行法律法规配套衔接。

【全文链接：

https://mp.weixin.qq.com/s/PNXoC2aSARxmdY0lysmZZg】

5. National standard “Personal Information Security Specification” to be revised

On April 1, TC260 issued a notice on the first batch of national cybersecurity standard requirements for 2025, including the national standard “Data Security Technology Personal Information Security Specification”（《数据安全技术 个人信息安全规范》）. The standard proposes to revise GB/T 35273-2020 “Information Security Technology Personal Information Security Specification”（《信息安全技术 个人信息安全规范》） to meet the latest requirements of laws and regulations such as the “Personal Information Protection Law”（《个人信息保护法》）, incorporate the relevant experience of competent regulatory authorities in carrying out personal information protection work, and dovetail with existing laws and regulations.

[Full text link:

https://mp.weixin.qq.com/s/PNXoC2aSARxmdY0lysmZZg]

6、上海市数据局发布《上海市公共数据资源授权运营管理办法（征求意见稿）》

3月31日，上海市数据局发布了《上海市公共数据资源授权运营管理办法（征求意见稿）》，向社会公众征求意见。《办法》适用于在上海市行政区域内开展的公共数据资源授权运营及其相关管理活动。根据《办法》规定，上海市公共数据资源授权运营采用整体授权模式，确有需要的区，可在全市统筹领导下，报请市数据发展管理工作领导小组同意后，依据《办法》开展公共数据资源授权运营工作。

【点击查阅《办法》全文：

https://www.shanghai.gov.cn/nw12344/20250331/2f6913790d92484dacd3f1cf1a82cefd.html】

6. Shanghai Data Administration released the “Measures for the Authorization and Operation of Public Data Resources in Shanghai (Draft for Comment)”（《上海市公共数据资源授权运营管理办法（征求意见稿）》）

On March 31, the Shanghai Data Administration released the “Measures for the Administration of Authorized Operation of Public Data Resources in Shanghai (Draft for Comment)” for public comment. The Measures apply to the authorized operation of public data resources and related management activities carried out within the administrative boundaries of Shanghai. According to the Measures, the authorized operation of public data resources in Shanghai adopts a holistic authorization model. Districts with a genuine need may, under the overall leadership of the city, report to the Data Development and Management Work Leading Group for consent, and then carry out the authorized operation of public data resources in accordance with the Measures.

[Click to view the full text of the Measures:

https://www.shanghai.gov.cn/nw12344/20250331/2f6913790d92484dacd3f1cf1a82cefd.html]

7、中共中央办公厅、国务院办公厅发布《关于健全社会信用体系的意见》

3月31日，中共中央办公厅、国务院办公厅发布《关于健全社会信用体系的意见》，《意见》指出要有序推进自然人信用建设，依法依规建立健全自然人信用记录，有条件的地方和部门可以开展自然人信用评价，用作为守信主体提供激励政策的参考，严禁将非信用信息和个人私密信息纳入信用评价。

【点击查阅《意见》全文：

https://www.gov.cn/zhengce/202503/content_7016537.htm】

7. The General Office of the Communist Party of China Central Committee and the General Office of the State Council issued the “Opinions on Improving the Social Credit System”（《关于健全社会信用体系的意见》）

On March 31, the General Office of the Communist Party of China Central Committee and the General Office of the State Council issued the “Opinions on Improving the Social Credit System”. The Opinions point out that the construction of natural person credit should be promoted in an orderly manner, and a natural person credit record should be established in accordance with the law. Localities and departments with the conditions may carry out natural person credit evaluations, which can be used as a reference for providing incentive policies for trustworthy entities. It is strictly forbidden to include non-credit information and personal private information in credit evaluations.

[Click to view the full text of the “Opinions”:

https://www.gov.cn/zhengce/202503/content_7016537.htm]

8、香港个人资料私隐专员公署发布《雇员使用生成式AI的指引清单》

3月31日，香港个人资料私隐专员公署发布《雇员使用生成式AI的指引清单》，《指引》旨在协助机构及其雇员安全地使用生成式AI、保障个人资料私隐，并促进AI在各领域的安全应用及加速培育新质生产力。《指引》建议，机构在制定其雇员使用生成式AI的内部政策或指引时，涵盖获准使用生成式AI的范围、保障个人资料私隐、合法及合乎道德的使用及预防偏见、数据安全以及违反政策或指引的后果等重点内容。

【点击查阅《指引》全文：

https://www.pcpd.org.hk/tc_chi/resources_centre/publications/files/guidelines_ai_employees.pdf】

8. The Office of the Privacy Commissioner for Personal Data, Hong Kong, released the “Checklist on Guidelines for the Use of Generative AI by Employees”（《雇员使用生成式AI的指引清单》）

On March 31, the Office of the Privacy Commissioner for Personal Data, Hong Kong, released the “Checklist on Guidelines for the Use of Generative AI by Employees”. The Guidelines aim to assist organizations and their employees in using generative AI safely, protect personal data privacy, promote the safe application of AI in various fields, and accelerate the cultivation of new productive forces. The Guidelines recommend that organizations cover key areas such as the scope of permitted use of generative AI, protection of personal data privacy, lawful and ethical use and prevention of bias, data security, and consequences of violating policies or guidelines when formulating their internal policies or guidelines for employees to use generative AI.

[Click to view the full text of the Guidelines:

1、TikTok因向中国传输欧盟数据可能面临超过5亿欧元的罚款

4月3日，根据媒体消息，爱尔兰数据保护委员将于本月底前对TikTok进行处罚，理由是TikTok非法将欧洲用户的数据传输到中国，为此，TikTok可能面临超过5亿欧元的罚款。违法具体情形可能是因为TikToK将有关数据发送到中国供工程师访问时违反了欧盟《通用数据保护条例》的规定。

【点击查阅媒体报道原文：

https://www.cnbctv18.com/technology/tiktok-faces-fine-by-irish-watchdog-for-eu-data-sent-to-china-19583930.htm】

1. TikTok may face a fine of more than 500 million euros for transferring EU data to China

On April 3, according to media reports, the Irish Data Protection Commissioner will impose a penalty on TikTok by the end of this month for illegally transferring the data of European users to China. TikTok may face a fine of more than 500 million euros for this reason. The specific circumstances of the violation may be that TikTok violated the EU General Data Protection Regulation when it sent the data to China for access by engineers.

[Click to view the original media report:

https://www.cnbctv18.com/technology/tiktok-faces-fine-by-irish-watchdog-for-eu-data-sent-to-china-19583930.htm]

2、犹他州州长签署了涉及未成年人同意的应用商店责任法案

3月26日，犹他州州长签署了关于应用商店责任法案的参议院第142号法案。该法案规定了应用商店供应商在用户创建账户时必须满足的要求。其中包括要求用户提供年龄信息，并使用合理设计的商业方法验证用户的年龄类别，以确保准确性。如果年龄验证方法或流程确定个人为未成年人，则必须要求该账户与父母账户关联；在允许未成年人下载应用程序、购买应用程序或进行应用内购买之前，必须获得关联父母账户持有人的可验证的父母同意。

【点击查阅法案全文：

https://le.utah.gov/~2025/bills/static/SB0142.html】

2. Utah governor signed App Store accountability Act regarding minor consent

On March 26, Senate Bill 142 for the App Store Accountability Act was signed by the Governor of Utah. The Act provides requirements for app store providers at the time of account creation with the app store provider. This includes requesting age information from the individual, and verifying the individual's age category using a commercially available method that is reasonably designed to ensure accuracy. Where the age verification method or process determines the individual is a minor, they must require the account to be affiliated with a parent account; and obtain verifiable parental consent from the holder of the affiliated parent account before allowing the minor to download an app; purchase an app; or make an in-app purchase.

[Click to view the full text of the Act:

https://le.utah.gov/~2025/bills/static/SB0142.html]

3、英国ICO发布数据匿名化指南

3月28日，英国信息专员办公室（ICO）发布了关于匿名化的指南。该指南明确指出，匿名化是将个人数据转化为匿名信息的过程，使个人不再可识别。根据该指南，匿名化应将一个人被识别或可识别的可能性降低到足够远的水平。为确保匿名化的有效性，该指南建议组织应：评估可识别性，考虑到合理可能用于识别的手段；考虑数据本身以及谁可能访问或试图重新识别个人；在公开披露数据时比与已知接收者共享数据时采取更严格的保障措施；使用“有动机的入侵者”测试来评估重新识别是否合理；定期审查匿名化风险评估和决策。

【点击查阅指南全文：

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-sharing/anonymisation/about-this-guidance/#whatisthisguidanceabout】

3. UK ICO issued guidance on anonymization

On March 28, the UK Information Commissioner's Office (ICO) released its guidance on anonymization. The guidance clarifies that anonymization is the process of turning personal data into anonymous information so that a person is no longer identifiable. According to the guidance, anonymization should reduce the likelihood of a person being identified or identifiable to a sufficiently remote level. To ensure that anonymization is effective, the guidance recommends that organizations should: assess identifiability, taking into account the means reasonably likely to be used to enable identification; consider both the data itself and who might access or attempt to re-identify individuals; apply stricter safeguards when disclosing data publicly than when sharing with known recipients; use the 'motivated intruder' test to assess whether re-identification is plausible; and review anonymisation risk assessments and decisions regularly.

[Click to view the full guide:

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-sharing/anonymisation/about-this-guidance/#whatisthisguidanceabout]