每周数据法律资讯 Data Law Weekly（20250421-20250427）

1、习近平总书记在中共中央政治局第二十次集体学习时强调坚持自立自强、突出应用导向，推动人工智能健康有序发展

中共中央政治局4月25日下午就加强人工智能发展和监管进行第二十次集体学习。中共中央总书记习近平在主持学习时强调，面对新一代人工智能技术快速演进的新形势，要充分发挥新型举国体制优势，坚持自立自强，突出应用导向，推动我国人工智能朝着有益、安全、公平方向健康有序发展。习近平指出，要把握人工智能发展趋势和规律，加紧制定完善相关法律法规、政策制度、应用规范、伦理准则，构建技术监测、风险预警、应急响应体系，确保人工智能安全、可靠、可控。

【参见：

https://mp.weixin.qq.com/s/O8xNlbmd2qs_NCIsL2rphg】

1. President Xi Jinping emphasized the importance of self-reliance and a practical orientation during the 20th collective study session of the Central Political Bureau of the Communist Party of China, stressing the need to promote the healthy and orderly development of artificial intelligence

The Central Political Bureau of the Communist Party of China held its 20th collective study session on the afternoon of April 25 to discuss strengthening the development and regulation of artificial intelligence. Xi Jinping, General Secretary of the Central Committee of the Communist Party of China, presided over the study session and emphasized that in the face of the new situation brought about by the rapid evolution of new-generation artificial intelligence technologies, we must give full play to the advantages of the new national system, adhere to self-reliance and self-strengthening, emphasize application-oriented development, and promote the healthy and orderly development of artificial intelligence in China in a beneficial, safe, and fair direction. Xi Jinping pointed out that we must grasp the trends and laws of artificial intelligence development, expedite the formulation and improvement of relevant laws, regulations, policies, application standards, and ethical guidelines, and establish a system for technical monitoring, risk warning, and emergency response to ensure the safety, reliability, and controllability of artificial intelligence.

[Reference：

https://mp.weixin.qq.com/s/O8xNlbmd2qs_NCIsL2rphg]

2、上海通管局发布关于开展“铸盾车联”2025年车联网网络和数据安全专项行动的通知

4月23日，上海市通信管理局宣布开展“铸盾车联”2025年车联网网络和数据安全专项行动。专项行动主要任务包括落实网络和数据安全主体责任、车联网平台安全管理、智能网联汽车产品安全等。专项行动要求加强车联网重要数据识别及目录备案管理，车联网企业应开展重要数据识别工作，形成并定期更新本企业重要数据目录，在7月31日前向市通管局备案。

【点击查阅通知全文：

https://shca.miit.gov.cn/zwgk/zcwj/wjfb/art/2025/art_948a4eafae5e46d4bf2d483c4f049c0b.html?sessionid=1974072727】

2. Shanghai Communications Administration issued Notice on Launching the "Cast Shield Connected Vehicle" (铸盾车联) 2025 special action for vehicle networking and data security

On April 23, the Shanghai Communications Administration announced the launch of the "Cast Shield Connected Vehicle" (铸盾车联) 2025 special action for vehicle networking and data security. The main tasks of the special campaign include but are not limited to implementing cybersecurity and data security responsibilities, managing vehicle networking platform security, and ensuring the safety of intelligent connected vehicle products. The campaign requires strengthening the identification and directory registration management of important data in the Internet of Vehicles. Internet of Vehicles enterprises must conduct important data identification work, establish and regularly update their company's important data directory, and submit it to the Shanghai Communications Administration by July 31.

[Click here to view the full notice:

https://shca.miit.gov.cn/zwgk/zcwj/wjfb/art/2025/art_948a4eafae5e46d4bf2d483c4f049c0b.html?sessionid=1974072727]

3.工信部发布《关于侵害用户权益行为的APP（SDK）通报（2025年第1批，总第46批）》

4月21日，工业和信息化部信息通信管理局发布了《关于侵害用户权益行为的APP（SDK）通报（2025年第1批，总第46批）》。《通报》称，根据中央网信办、工业和信息化部、公安部、市场监管总局等四部门联合发布的《关于开展2025年个人信息保护系列专项行动的公告，工信部组织第三方检测机构进行抽查，共发现52款APP及SDK存在侵害用户权益行为。上述APP及SDK应按有关规定进行整改，整改落实不到位的，工信部将依法依规组织开展相关处置工作。

【点击查阅完整APP及SDK名单及其所涉问题：

https://www.miit.gov.cn/jgsj/xgj/fwjd/art/2025/art_218b45a64a454a05ac2d6b4fb6594645.html】

3. The MIIT issued the “Notice on App (SDK) Violating User Rights (2025, Batch 1, Total Batch 46)”

On April 21, the MIIT issued the “Notice on App (SDK) Violating User Rights (2025, Batch 1, Total Batch 46)”. The notice states that, in accordance with the joint announcement by the CAC, the MIIT, the Ministry of Public Security, and the State Administration for Market Regulation on the launch of a series of special campaigns on personal information protection in 2025, the MIIT organized third-party testing institutions to conduct random inspections, and a total of 52 app and SDK were found to have engaged in activities infringing upon user rights. The aforementioned app and SDK must rectify their violations in accordance with relevant regulations. Those that fail to implement rectifications effectively will be subject to further measures organized by the MIIT in accordance with applicable laws and regulations.

[Click to view the complete list of app and SDK and the issues they involve:

https://www.miit.gov.cn/jgsj/xgj/fwjd/art/2025/art_218b45a64a454a05ac2d6b4fb6594645.html]

4. 工信部推动电信领域有序扩大开放，取消互联网接入服务外资股比限制

4月21日，国务院新闻办公室就《关于加快推进服务业扩大开放综合试点工作方案》有关情况举行新闻发布会。工业和信息化部信息通信发展司司长谢存围绕推动电信领域有序扩大开放、支持服务业扩大开放综合试点建设等问题回答了记者提问。工信信部加大开放政策供给，提出取消互联网接入服务（仅限为用户提供互联网接入服务）、信息服务（仅限于应用商店，不含禁止外商投资领域）等业务的外商投资股比限制，并向外资开放了国内互联网虚拟专用网业务，外资股比不超过50%，进一步提升外资准入便利化水平。

【参见：

https://mp.weixin.qq.com/s/ZyXsBSNIzahB9QAObqDKww】

4. The MIIT promotes orderly expansion of opening up in the telecommunications sector and removes foreign equity restrictions on internet access services

On April 21,the Information Office of the State Council held a press conference on the “Work Plan for Accelerating the Comprehensive Pilot Program for Expanding the Opening Up of the Service Industry”. Xie Cun, Director of the Department of Information and Communications Development of the MIIT answered questions from journalists on issues include promoting the orderly expansion of opening-up in the telecommunications sector and supporting the construction of comprehensive pilot programs for the expansion of opening-up in the service industry. The MIIT has intensified policy measures to enhance openness, proposing to remove foreign equity ratio restrictions on internet access services (limited to providing internet access services to users) and information services (limited to app stores, excluding sectors prohibited to foreign investment), and opening up domestic internet virtual private network services to foreign investment with a foreign equity ratio not exceeding 50%, further improving the convenience of market access for foreign investors.

[Reference：

https://mp.weixin.qq.com/s/ZyXsBSNIzahB9QAObqDKww]

5. 国家计算机病毒应急处理中心检测发现67款违法违规收集使用个人信息的移动应用

国家计算机病毒应急处理中心近期通过互联网监测发现67款移动应用存在隐私不合规行为，该等移动应用所涉合规问题主要包括隐私政策未逐一列出App（包括委托的第三方或嵌入的第三方代码、插件）收集使用个人信息的目的、方式、范围等；个人信息处理者向其他个人信息处理者提供其处理的个人信息的，未向个人告知接收方的名称或者姓名、联系方式、处理目的、处理方式和个人信息的种类，并取得个人的单独同意；未向用户提供撤回同意收集个人信息的途径、方式；基于个人同意处理个人信息的，个人有权撤回其同意，个人信息处理者未提供便捷的撤回同意的方式等。

【点击查阅完整应用名单及其所涉问题：

https://www.cverc.org.cn/zxdt/report20250420.htm】

5.The CVERC identified 67 non-compliant mobile applications

The CVERC identified 67 mobile applications through internet monitoring that were found to have privacy non-compliance issues. The compliance issues primarily include but are not limited to: Failure to list in detail the purposes, methods, and scope of personal information collection and use by the app (including third parties commissioned by the app or third-party code/plugins embedded within the app); failure to inform individuals when personal information processors provide personal information they have processed to other personal information processors, including the name or contact information of the recipient, the purpose of processing, processing methods, and the types of personal information being provided, and failing to obtain the individual’s separate consent; failing to provide users with a means or method to withdraw their consent for the collection of personal information; and failing to provide a convenient method for individuals to withdraw their consent when processing personal information based on their consent.

[Click to view the complete list of apps and related issues:

https://www.cverc.org.cn/zxdt/report20250420.htm]

1、美国众议院向DeepSeek发出质询函

4月24日，美国众议院能源和商务委员会主席、众议员Brett Guthrie，商务、制造和贸易小组委员会主席、众议员Gus Bilirakis以及该小组委员会的10名成员向DeepSeek发送了一封信，内容涉及DeepSeek的数据实践情况等。委员会成员要求DeepSeek回答相关问题，包括但不限于：提供用于训练AI模型的数据类型和来源的详细描述，包括任何美国个人或专有信息；确认美国消费者或企业输入到DeepSeek的人工智能应用程序或聊天机器人中的信息是否被用于训练人工智能模型。如果是，确认这些信息的存储和访问位置，以及是否与中华人民共和国的任何国家实体或其他中国公司共享；确认公司是否收到中华人民共和国或其政治分支机构提出的数据获取请求，要求获取与公司AI产品相关的数据等。

【点击查阅官方新闻稿：

https://energycommerce.house.gov/posts/chairmen-guthrie-and-bilirakis-lead-e-and-c-republican-letter-to-deep-seek-over-relationship-with-chinese-communist-party?sessionid=1977040166】

1. U.S. House of Representatives issued Inquiry Letter to DeepSeek

On April 24, Congressman Brett Guthrie, Chairman of the House Committee on Energy and Commerce, and Congressman Gus Bilirakis, Chairman of the Subcommittee on Commerce, Manufacturing, and Trade, along with 10 members of the subcommittee, sent a letter to DeepSeek regarding their data practices. The Committee members requested answers to the following questionsamong others: Provide a detailed description of the types and sources of data used to train AI models, including any U.S. personal or proprietary information; Confirm whether information entered into AI applications or chatbots by American consumers or businesses is used to train AI models. If yes, identify where this information is stored and accessed from, and whether it is shared with any state entity of the People’s Republic of China or other Chinese companies; Confirm whether the company has received a request from the People’s Republic of China, or its political subdivisions, for data related to the company’s AI offerings.

[Click to view the official press release:

https://energycommerce.house.gov/posts/chairmen-guthrie-and-bilirakis-lead-e-and-c-republican-letter-to-deep-seek-over-relationship-with-chinese-communist-party?sessionid=1977040166]

2、苹果、Meta因违反《数字市场法》分别被欧盟罚款五亿欧元和两亿欧元

4月23日，欧盟委员会正式宣布，对苹果公司与Meta公司违反《数字市场法》（DMA）相关义务的行为处以罚款。其中，苹果（Apple）公司因“限制开发者‘跳出’App Store”被处以5亿欧元罚款；Meta因“‘付费或同意’广告模式不合规” 被处以2亿欧元罚款。这也是DMA自2024年3月正式生效以来，首次针对科技巨头作出的重大处罚决定。

【点击查阅官方新闻稿：

https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1085】

2. Apple and Meta Fined €500 Million and €200 Million by the EU for Violating the Digital Markets Act

On April 23, the European Commission officially announced that it had imposed fines against Apple and Meta for violating obligations under the Digital Markets Act (DMA). Apple was fined 500 million euros for “restricting developers from ‘jumping out’ of the App Store”, while Meta was fined 200 million euros for an “uncompliant ‘pay or agree’ advertising model”. This marks the first major penalty imposed on tech giants under the DMA since it came into effect in March 2024.

[Click here to view the official press release:

https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1085]

3、韩国PIPC公布《个人信息处理政策制定指南》修订版

4月21日，韩国个人信息保护委员会公布了《个人信息处理政策制定指南》修订版。根据韩国《个人信息保护法》第30条，个人信息处理者应以适当且透明的方式制定并公开个人信息处理政策。此次修订指南旨在为2025年处理政策评估实施做准备，支持个人信息处理者制定有效的个人信息处理政策。此次修订在实质性保障信息主体权利的同时，致力于减轻个人信息处理者的负担。此外，此次修订还采纳了2024年个人信息处理政策评估委员会提出的改进意见，对撰写项目体系进行了重新整理，明确区分法律法规的强制性要求与政策性建议，以减少规范对象的困惑。

【点击查阅修订版指南：

https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=11133#LINK】

3. South Korea’s PIPC released a revised version of the “Guidelines for the Establishment of Personal Information Processing Policies”

On April 21, the South Korea’s PIPC published the revised version of the Guidelines for the Establishment of Personal Information Processing Policies. According to Article 30 of the Information Protection Act of the South Korean, personal information processors shall establish and disclose personal information processing policies in an appropriate and transparent manner. The revised guidelines aim to prepare for the implementation of processing policy assessments in 2025 and support personal information processors in establishing effective processing policies. While substantively safeguarding the rights of data subjects, the revisions also seek to reduce the burden on personal information processors. Additionally, the revisions incorporate improvement suggestions proposed by the 2024 Personal Information Processing Policy Assessment Committee, reorganizing the structure of the guidelines to clearly distinguish between mandatory legal requirements and policy recommendations, thereby reducing confusion among those subject to the regulations.

[Click here to view the revised guidelines:

https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=11133#LINK]