每周数据法律资讯 DataLaw Weekly（20250414-20250420）

1、国家数据局征求数据流通交易合同示范文本的意见

4月18日，国家数据局发布数据流通交易合同示范文本，向社会公开征求意见。该等示范文本包含数据提供合同、数据委托处理合同、数据融合开发合同和数据中介合同。

【点击查阅示范文本：

https://mp.weixin.qq.com/s/pPN5i_bcV1x4Vlilin5bRA】

1. The National Data Administration Seeks Public Comments on Model Contracts for Data Circulation and Transactions

On April 18, the National Data Administration released model contracts for data circulation and transactions and solicited public comments. The model contracts include contracts for data provision, data processing, data integration and development, and data intermediary services.

[Click to view the model contracts:

https://mp.weixin.qq.com/s/pPN5i_bcV1x4Vlilin5bRA]

2、AI文生图不构成作品、不侵权第一案判决生效

4月17日，张家港市人民法院作出的（2024）苏0582民初9015号民事判决书生效，该案中，法院认为对于主要由人工智能绘图软件自动生成的内容，不应当认定构成作品，判定文生图是否属于独创性智力成果，可通过对创作过程形成的原始记录对使用者有无进行审美选择和个性化判断进行认定。此外，提示词输入相对于生成式人工智能产生的内容只是思想，并非受著作权法保护的表达。简单的提示词本身不是作品，参考提示词的行为并不构成侵权。

【点击查阅完整判决书：

https://mp.weixin.qq.com/s/CwFl3luPKqDbpO3iT8ScWw】

2. First Case Ruling on AI-Generated Images Not Constituting Works and Not Infringing Copyright Takes Effect

On April 17, the Civil Judgment“（2024）苏0582民初9015号” issued by the Zhangjiagang City People's Court took effect. In this case, the court ruled that content primarily generated by AI image-generation software should not be recognized as works. To determine whether text-to-image generation constitutes original intellectual property, one should assess whether the user made aesthetic selections or personalized judgments during the creation process by reviewing the original records of the creative process. Additionally, prompt words input into generative AI systems are merely ideas and not expressions protected by copyright law. Simple prompt words themselves are not works, and referencing prompt words does not constitute infringement.

[Click to view the full judgment:

https://mp.weixin.qq.com/s/CwFl3luPKqDbpO3iT8ScWw]

3、国家计算机病毒应急处理中心监测发现13款违规移动应用

国家计算机病毒应急处理中心近期通过互联网监测发现13款移动应用存在隐私不合规行为，该等移动应用所涉合规问题主要包括个人信息处理者向境外提供个人信息的，未向个人告知境外接收方的名称或者姓名、联系方式、处理目的、处理方式、个人信息的种类以及个人向境外接收方行使本法规定权利的方式和程序等事项，并取得个人的单独同意等。

【原文链接：

https://www.cverc.org.cn/zxdt/report20250417.htm】

3. The CVERC identified 13 non-compliant mobile applications

The CVERC recently identified 13 mobile applications through internet monitoring that violate privacy regulations. The compliance issues primarily include but are not limited to personal information processors transferring personal information overseas without informing individuals of the name or contact information of the overseas recipient, the purpose and method of processing, the types of personal information being transferred, and the procedures for individuals to exercise their rights under this law, and without obtaining the individual's separate consent.

[Original link:

https://www.cverc.org.cn/zxdt/report20250417.htm]

4、中国人民银行等六部门联合印发《促进和规范金融业数据跨境流动合规指南》

4月17日，中国人民银行、金融监管总局、中国证监会、国家外汇局、国家网信办、国家数据局近期联合印发《促进和规范金融业数据跨境流动合规指南》。《指南》旨在促进中外资金融机构金融业数据跨境流动更加高效、规范，进一步明确数据出境的具体情形以及可跨境流动的数据项清单，便利数据跨境流动。《指南》要求金融机构采取必要的数据安全保护管理和技术措施切实保障数据安全。

【原文链接：

https://mp.weixin.qq.com/s/4knEGzLuwT0ogzvd3LhSAg】

4. The People's Bank of China and five other departments jointly issued the “Guidelines for Promoting and Regulating the Cross-border Flow of Financial Data”(《促进和规范金融业数据跨境流动合规指南》)

On April 17, the People's Bank of China, the National Financial Regulatory Administration, the China Securities Regulatory Commission, the State Administration of Foreign Exchange, the Cyberspace Administration of China, and the National Data Administration jointly issued the “Guidelines for Promoting and Regulating the Cross-border Flow of Financial Data”. The Guidelines aim to promote more efficient and standardized cross-border flow of financial data between domestic and foreign financial institutions, further clarify specific scenarios for data outbound transfers and the list of data items eligible for cross-border flow, and facilitate cross-border data flow. The Guidelines require financial institutions to implement necessary data security protection management and technical measures to ensure data security.

[Original link:

https://mp.weixin.qq.com/s/4knEGzLuwT0ogzvd3LhSAg]

5、网信办开展“清朗·整治短视频领域恶意营销乱象”专项行动

中央网信办自4月15日起，开展为期3个月的“清朗·整治短视频领域恶意营销乱象”专项行动。重点聚焦以下4类问题：1.恶意虚假摆拍问题；2.散布虚假信息问题；3.违背公序良俗问题；4.违规引流营销问题。

【全文链接：

https://mp.weixin.qq.com/s/L6ivsHzn7doDEMMyEvEiSA】

5. The CAC launched a special campaign to clean up malicious marketing practices in the short video sector

The CAC launched a three-month special campaign on April 15 to clean up malicious marketing practices in the short video sector. The campaign will focus on the following four key issues: 1. Malicious false posing issues; 2. Spreading false information; 3. Violating public order and good customs; 4. Illegal traffic diversion and marketing.

[Full text link:

https://mp.weixin.qq.com/s/L6ivsHzn7doDEMMyEvEiSA]

6、全国首例涉AI模型结构和参数案宣判

近日，北京知识产权法院就“抖音公司诉亿睿科公司侵害著作权及不正当竞争案”作出二审判决。本案中，法院认可通过数据训练获得的模型结构和参数构成受到《反不正当竞争法》保护的竞争利益，并明确未经许可直接使用他人通过数据训练获得的模型结构和参数的行为违反了人工智能模型领域公认的商业道德。同时，该行为还扰乱市场竞争秩序并损害消费者长远利益，具有不正当性。法院认定未经许可直接使用他人通过数据训练获得的模型结构和参数的行为违反《反不正当竞争法》的规定。

【点击查阅完整判决书：

https://mp.weixin.qq.com/s/0ryGs8-97p0sObhjwpl-jg】

6. First-ever case involving AI model structure and parameters ruled on

Recently, the Beijing Intellectual Property Court issued its second-instance judgment in the case of “Douyin Company v. Yirui Ke Company for Copyright Infringement and Unfair Competition.” In this case, the court recognized that the model structure and parameters obtained through data training constitute competitive interests protected under the Anti-Unfair Competition Law, and explicitly stated that the unauthorized direct use of another party's model structure and parameters obtained through data training constitutes a violation of the generally recognized business ethics in the field of artificial intelligence models. Additionally, such behavior disrupts market competition order and harms consumers' long-term interests, thereby being deemed unfair. The court ruled that the unauthorized direct use of another party's model structure and parameters obtained through data training violates the provisions of the Anti-Unfair Competition Law.

[Click to view the full judgment:

https://mp.weixin.qq.com/s/0ryGs8-97p0sObhjwpl-jg]

7、国家标准《数据安全技术基于个人信息的自动化决策安全要求》全文公布

近日，国家标准《数据安全技术基于个人信息的自动化决策安全要求》全文正式公布。该标准提出了基于个人信息的自动化决策的基本安全原则，规定了通用安全要求、算法安全要求、特征生成安全要求、决策安全要求和自动化决策典型场景特别安全要求。

【点击查阅全文：

https://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=AAF1CD9403AC05FC861DFE522A9D5C7C&refer=outter】

7. The national standard “Data Security Technology Security Requirements for Automated Decision-Making Based on Personal Information”（《数据安全技术基于个人信息的自动化决策安全要求》） published in full

Recently, the national standard “Data Security Technology Security Requirements for Automated Decision-Making Based on Personal Information” was officially published in full. The standard proposes basic security principles for automated decision-making based on personal information and specifies general security requirements, algorithm security requirements, feature generation security requirements, decision-making security requirements, and special security requirements for typical scenarios of automated decision-making.

[Click to view the full text:

https://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=AAF1CD9403AC05FC861DFE522A9D5C7C&refer=outter]

1、挪威数据保护机构就Meta重启使用用户社交数据进行AI训练发布公告

4月15日，挪威数据保护机构（Datatilsynet）发布公告，称Meta计划重启使用其EEA地区的Facebook和Instagram用户的照片及帖子进行AI训练，Meta确认仅会使用18岁以上用户发布的照片和帖子进行训练，且将包含历史及未来信息。Datatilsynet表示，其已与其他欧洲数据保护机构就该事宜向Meta提出了一系列问题。这些问题包括：Meta是否考虑过进行AI训练是否与用户个人数据收集的原始目的相兼容；以及在用户发布儿童照片的情况下，AI模型是否使用了用户发布的儿童照片进行训练。此外，Datatilsynet还进一步提示如果用户不希望其发布的帖子和照片被Meta用于训练AI，可以表示反对。

【点击查阅官方新网稿：

https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2025/meta-begynner-ki-trening-pa-brukernes-bilder-og-innlegg/】

1. Norwegian Data Protection Authority issued statement on Meta's resumption of using user social data for AI training

On April 15, the Norwegian Data Protection Authority (Datatilsynet) issued a statement stating that Meta plans to resume using photos and posts from Facebook and Instagram users in the EEA region for AI training. Meta confirmed that it will only use photos and posts published by users aged 18 and above for training, and that this will include both historical and future information. Datatilsynet stated that it has raised a series of questions to Meta regarding this matter in collaboration with other European data protection authorities. These questions include: whether Meta has considered whether AI training is compatible with the original purpose of collecting user personal data; and whether AI models have used photos of children posted by users for training when users post photos of children. Additionally, Datatilsynet further noted that users who do not wish for their posts and photos to be used by Meta for AI training can express their objection.

[Click here to view the official press release:

https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2025/meta-begynner-ki-trening-pa-brukernes-bilder-og-innlegg/]

2、土耳其个人数据保护局发布支付和电子货币领域个人数据保护指南

2025年4月11日，土耳其个人数据保护局（KVKK）发布了关于支付和电子货币领域个人数据保护的指南。该指南旨在确保个人在使用转账、POS服务、账单支付中介服务和移动支付服务等服务时个人数据得到保护。该指南适用于该领域内的数据控制者，包括电子货币机构、POS服务提供商、移动支付服务提供商、账单支付中介机构及资金转移中介机构。

【点击查阅指南：

https://kvkk.gov.tr/Icerik/8286/Odeme-ve-Elektronik-Para-Sektorunde-Kisisel-Verilerin-Korunmasina-Iliskin-Iyi-Uygulamalar-Rehberi】

2. Turkish Personal Data Protection Authority Issued Guidelines on Personal Data Protection in the Payment and Electronic Money Sector

On April 11, the Turkish Personal Data Protection Authority (KVKK) issued guidelines on personal data protection in the payment and electronic money sector. The guidelines aim to ensure that personal data is protected when individuals use services such as money transfers, POS services, bill payment intermediary services, and mobile payment services. The guidelines apply to data controllers in this sector, including electronic money institutions, POS service providers, mobile payment service providers, bill payment intermediaries, and funds transfer intermediaries.

[Click here to view the guidelines:

https://kvkk.gov.tr/Icerik/8286/Odeme-ve-Elektronik-Para-Sektorunde-Kisisel-Verilerin-Korunmasina-Iliskin-Iyi-Uygulamalar-Rehberi]