每周数据法律资讯 Data Law Weekly（20250505-20250511）

1. 中国人民银行发布《中国人民银行业务领域数据安全管理办法》

5月9日，中国人民银行发布《中国人民银行业务领域数据安全管理办法》，自2025年6月30日起施行。《办法》适用于金融机构以及经中国人民银行批准设立或者认定的其他机构在中国境内开展的中国人民银行业务领域数据相关处理活动。其中，中国人民银行业务领域是指由中国人民银行承担监督和管理职责的货币信贷、宏观审慎、跨境人民币、银行间市场、金融业综合统计、支付清算、人民币发行流通、经理国库、征信和信用评级、反洗钱等业务领域。

【点击查看《办法》全文：

http://www.pbc.gov.cn/tiaofasi/144941/144957/5702602/index.html?sessionid=-1101910494】

1. The People’s Bank of China issued the “Measures for the Administration of Data Security in the Business Field of the People's Bank of China” (《中国人民银行业务领域数据安全管理办法》)

On May 9, the People’s Bank of China issued the “Measures for the Administration of Data Security in the Business Field of the People's Bank of China” (《中国人民银行业务领域数据安全管理办法》), which will come into effect on 30 June 2025. The Measures apply to financial institutions and other institutions approved or recognized by the People's Bank of China to conduct data-related processing activities within the business fields of the People's Bank of China within the territory of China. The business areas of the People's Bank of China refer to the following business areas where the People's Bank of China assumes supervisory and management responsibilities: monetary credit, macroprudential regulation, cross-border renminbi, interbank market, comprehensive financial statistics, payment and settlement, issuance and circulation of the renminbi, management of the state treasury, credit reporting and credit rating, and anti-money laundering.

[Click to view the full article of the Measures : 

http://www.pbc.gov.cn/tiaofasi/144941/144957/5702602/index.html?sessionid=-1101910494]

2. 李强总理主持召开国务院常务会议，审议通过《政务数据共享条例（草案）》

5月9日，国务院总理李强主持召开国务院常务会议。会议中，审议通过了《政务数据共享条例（草案）》。会议指出，要在确保数据安全基础上打通数据壁垒，推动公共服务更加普惠便捷。要构建全国一体化政务大数据体系，推动数据资源融合应用，更好赋能社会治理和繁荣产业生态，增强经济发展新动能。

【参见：

https://www.gov.cn/yaowen/liebiao/202505/content_7023155.htm】

2. Premier Li Qiang presided over a State Council executive meeting, which approved “The Regulation on the Sharing of Government Data（the draft）”《政务数据共享条例（草案）》）

On May 9, Premier Li Qiang presided over a regular meeting of the State Council. The meeting reviewed and approved the “Regulations on the Sharing of Government Data(the draft)” （《政务数据共享条例（草案）》）. The meeting emphasized that efforts should be made to break down data barriers while ensuring data security, to promote more inclusive and convenient public services. A national integrated government big data system should be established to facilitate the integration and application of data resources, better empower social governance and industrial ecosystem development, and enhance new momentum for economic growth.

[Reference:

https://www.gov.cn/yaowen/liebiao/202505/content_7023155.htm]

3. 最高人民法院明确个人不能通过直接起诉的方式行使个人信息权利

5月8日，最高人民法院发布法答网精选答问（第十九批）。其中，就个人是否可以通过直接起诉的方式行使查阅、复制、更正、删除个人信息等权利的问题，答疑意见认为个人因行使个人信息查阅、复制等权利而向法院起诉的，应当根据个人信息保护法第五十条第二款的规定，提供个人信息处理者拒绝个人行使权利请求的初步证明材料，证明其诉讼请求具有一定的事实依据。

【参见：

https://mp.weixin.qq.com/s/Bm_1bW1hwF8rzxKXP-ukCg】

3. The Supreme People's Court clarifies that individuals cannot exercise their personal information rights through direct litigation

On May 8, the Supreme People's Court released the 19th batch of selected answers from the Legal Q&A Network. Regarding the question of whether individuals can exercise their rights to access, copy, correct, or delete personal information through direct litigation, the response stated that when individuals file a lawsuit with the court to exercise their rights to access or copy personal information, they must provide preliminary evidence demonstrating that the personal information processor has refused their request to exercise such rights, in accordance with Article 50, Paragraph 2 of the Personal Information Protection Law, to establish that their litigation claims have a factual basis.

[Reference:

https://mp.weixin.qq.com/s/Bm_1bW1hwF8rzxKXP-ukCg]

4. 上海市通信管理局发布关于侵害用户权益行为APP的通报（2025年第三批）

5月8日，上海市通信管理局发布关于侵害用户权益行为APP的通报（2025年第三批），上海市通信管理局组织第三方检测机构对上海市移动互联网应用程序进行抽查，共发现15款APP及小程序存在侵害用户权益行为，该等App（小程序）所涉问题包括自启动和关联启动行为、违规收集个人信息。

【点击查阅存在问题的APP（小程序）名单：

https://mp.weixin.qq.com/s/G618XIh1FXmGs8PHlmFtBg】

4. Shanghai Communications Administration issued Notice on Apps Violating User Rights (Third Batch of 2025)

On May 8, the Shanghai Communications Administration issued a notice on apps violating user rights (2025, third batch). The Shanghai Communications Administration organized third-party testing institutions to conduct random inspections of mobile internet applications in Shanghai, identifying 15 apps and mini-programs that violated user rights. The issues identified in these apps (mini-programs) include unauthorized self-startup and associated startup behaviors, as well as illegal collection of personal information.

[Click to view the list of apps (mini-programs) with issues:

https://mp.weixin.qq.com/s/G618XIh1FXmGs8PHlmFtBg]

5. 自然资源部印发《地理信息数据分类分级指南（试行）》

5月7日，自然资源部近日印发了《地理信息数据分类分级指南（试行）》。《指南》主要用于省级自然资源主管部门指导本地区测绘资质单位按照《指南》要求开展地理信息数据分类分级工作。《指南》将地理信息数据分为基础地理信息数据、遥感影像数据和专题地理信息数据三大类，大类下再细分若干中类。《指南》确定了识别地理信息数据分级因素、开展数据影响分析和综合评估定级的分级规则，同时给出了重要数据、核心数据识别的判定指标。

【参见：

https://mp.weixin.qq.com/s/1fp7LZuUrhUIiH-A5ypMCg】

5. Ministry of Natural Resources issued “Guidelines for the Classification and Grading of Geographic Information Data(Trial)”（《地理信息数据分类分级指南（试行）》）

On May 7, the Ministry of Natural Resources recently issued the “Guidelines for the Classification and Grading of Geographic Information Data (Trial)”（《地理信息数据分类分级指南（试行）》）. The Guidelines are primarily intended for provincial-level natural resources authorities to guide surveying and mapping qualification units in their regions to conduct geographic information data classification and grading work in accordance with the Guidelines. The Guidelines classify geographic information data into three major categories: basic geographic information data, remote sensing image data, and specialized geographic information data, with each major category further subdivided into several subcategories. The Guidelines establish classification rules for identifying factors influencing the grading of geographic information data, conducting data impact analysis, and comprehensive assessment and grading, while also providing criteria for identifying important data and core data.

[Reference：

https://mp.weixin.qq.com/s/1fp7LZuUrhUIiH-A5ypMCg]

6. 中央网信办通报15款APP和16款SDK的个人信息收集使用问题

5月6日， 中央网信办秘书局发布了《关于15款App和16款SDK个人信息收集使用问题的通报》。通报显示，墨迹天气tv版、医家等15款App存在未逐一列出收集使用个人信息的SDK，未准确列出SDK收集使用个人信息的目的、方式、范围等问题；CTP穿透采集、金仕达穿透采集等16款SDK收集使用个人信息，存在未提供个人信息收集使用规则，未说明自行或协助App响应用户个人信息权利请求的措施，未及时响应用户个人信息投诉举报等权利请求等问题。

【参见：

https://mp.weixin.qq.com/s/Ql226GQZbiwmue08ws46Rw】

6. The CAC issued a notice regarding personal information collection and usage issues involving 15 apps and 16 SDKs

On May 6, the CAC released the “Notice on Issues Related to the Collection and Use of Personal Information by 15 Apps and 16 SDKs.” The notice revealed that Moji Weather TV Edition, Yijia, and 13 other apps failed to list all SDKs that collect and use personal information, did not accurately specify the purposes, methods, and scope of personal information collection and use by SDKs, and had other issues; CTP Penetration Collection, Kingstar Penetration Collection, and 14 other SDKs collected and used personal information without providing rules for personal information collection and use, failing to explain measures for responding to users’ requests regarding their personal information rights, and failing to promptly address users’ complaints and reports regarding personal information rights.

[Reference:

https://mp.weixin.qq.com/s/Ql226GQZbiwmue08ws46Rw]

7. 公安部印发《关于对网络安全等级保护有关工作事项进一步说明的函》

近期，公安部印发了《关于对网络安全等级保护有关工作事项进一步说明的函》，对网络安全等级保护有关工作的问题进行了解答。关于备案证明的有效期问题，解答中指出《网络安全等级保护备案证明》有效期为三年。2025年1月1日前备案的，有效期自2025年1月1日起算。完成等级测评后有效期自动延长一年。

【点击查阅全文：

https://mp.weixin.qq.com/s/-G-f3v-ljidkOoMBcdAgww】

7. The Ministry of Public Security issued the “Letter on Further Clarification of Certain Matters Related to Cybersecurity Level Protection”《关于对网络安全等级保护有关工作事项进一步说明的函》

Recently, the Ministry of Public Security issued the “Letter on Further Clarification of Certain Matters Related to Cybersecurity Level Protection”, addressing issues related to cybersecurity level protection. Regarding the validity period of the registration certificate, the clarification states that the validity period of the “Cybersecurity Level Protection Registration Certificate” is three years. For registrations completed before January 1, 2025, the validity period shall commence on January 1, 2025. The validity period shall be automatically extended by one year upon completion of the level assessment.

[Click to view the full text:

https://mp.weixin.qq.com/s/-G-f3v-ljidkOoMBcdAgww]

1. 特朗普政府将撤销拜登时代的人工智能芯片出口限制

5月7日，根据媒体报道，美国商务部发言人表示，美国总统唐纳德·特朗普政府计划撤销拜登时代对先进人工智能芯片出口的限制。这项名为《人工智能扩散框架》的规定由美国商务部于今年1月发布，原定企业将从5月15日起遵守该框架的限制规定。这位发言人表示：“拜登的人工智能规则过于复杂，官僚主义严重，会阻碍美国的创新。我们将用一项更简单的规则取而代之，以释放美国的创新潜力，并确保美国在人工智能领域的主导地位”。

1. The Trump administration will rescind Biden-era restrictions on AI chip exports 

On May 7, according to media reports, a spokesperson for the U.S. Department of Commerce said that the Trump administration plans to rescind restrictions on the export of advanced AI chips imposed during the Biden administration. The regulation, called the “The Framework for Artificial Intelligence Diffusion” was issued by the U.S. Department of Commerce in January this year, and companies were expected to comply with its restrictions starting on May 15. The spokesperson stated “The Biden AI rule is overly complex, overly bureaucratic, and would stymie American innovation. We will be replacing it with a much simpler rule that unleashes American innovation and ensures American AI dominance.”

2.美国德州总检察长对阿里巴巴、CapCut 和 TP-Link 发出隐私违规警告

5 月 6 日，德克萨斯州总检察长（AG）Ken Paxton称 TP-Link、阿里巴巴、字节跳动旗下CapCut 等多家中国公司正在侵犯德州人民的隐私，并对上述公司发出了整改通知，要求上述公司立即满足德州强化的隐私保护条款。根据《德克萨斯州数据隐私和安全法》（“TDPSA”），总检察长给予相关公司三十天的时间遵守德克萨斯州加强的隐私保护措施。该法律要求相关公司披露其是否处理消费者数据，允许消费者选择退出数据收集，并使消费者能够完全删除其个人数据。如果这些公司未能遵守TDPSA，将采取进一步的法律行动。

【参见：

https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-takes-legal-action-against-chinese-companies-violating-texans-privacy】

2. Texas Attorney General issued Privacy Violation Warnings to Alibaba, CapCut, and TP-Link

On May 6, Texas Attorney General Ken Paxton stated that TP-Link, Alibaba, CapCut, and other Chinese companies are violating the privacy of Texas residents. The Attorney General issued orders to the aforementioned companies, requiring them to immediately comply with Texas’ enhanced privacy protection provisions. Under the Texas Data Privacy and Security Act (TDPSA), the AG has given the companies 30 days to comply with Texas’ strengthened privacy protection measures. The law requires those companies to disclose whether they process consumer data, allow consumers to opt out of data collection, and enable consumers to fully delete their personal data. If these companies fail to comply with the TDPSA, further legal action will be taken.

[Reference:

https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-takes-legal-action-against-chinese-companies-violating-texans-privacy]