每周数据法律资讯 Data Law Weekly（20250609-20250615）

1. 上海市通管局发布《关于开展2025年上海市电信和互联网行业网络和数据安全检查的通知》

6月14日，上海市通信管理局发布《关于开展2025年上海市电信和互联网行业网络和数据安全检查的通知》。本次安全检查的检查对象为提供公共互联网网络信息服务的基础电信企业、互联网企业（含云平台服务提供商、APP和小程序运营企业、车联网企业、工业互联网平台和标识解析节点企业等）、域名注册服务机构等。重点检查相关网络运行单位的重要网络单元及承载重要数据的信息系统，包括但不限于关键信息基础设施、通信网络基础设施、公共云服务平台、域名服务系统、工业互联网平台、标识解析系统、车联网平台及应用等。检查内容包括：网络和数据安全保障体系建设落实情况、通信网络安全防护工作落实情况、工业互联网企业网络安全防护情况、车联网网络安全防务定级备案管理情况、数据安全保护落实情况、个人信息和用户权益保护工作情况等。

【参见：

https://mp.weixin.qq.com/s/8s4K4eZlcC8nQ149zXClnw】

1. The Shanghai Communications Administration issued the “Notice on Conducting the 2025 Shanghai Telecommunications and Internet Industry Network and Data Security Inspection”（《关于开展2025年上海市电信和互联网行业网络和数据安全检查的通知》）

On June 14, the Shanghai Communications Administration issued the “Notice on Conducting the 2025 Shanghai Telecommunications and Internet Industry Network and Data Security Inspection”（《关于开展2025年上海市电信和互联网行业网络和数据安全检查的通知》）. The inspection targets of this security inspection include basic telecommunications enterprises providing public internet network information services, internet enterprises (including cloud platform service providers, APP and mini-program operators, vehicle-to-everything (V2X) enterprises, industrial internet platforms, and identifier resolution node enterprises), domain name registration service providers, and other relevant entities. The inspection will focus on important network units and information systems carrying important data of relevant network operation units, including but not limited to critical information infrastructure, telecommunications network infrastructure, public cloud service platforms, domain name service systems, industrial Internet platforms, identification and resolution systems, V2X platforms, and applications. Inspection contents include: implementation of network and data security protection systems, implementation of communication cybersecurity protection measures, cybersecurity protection status of industrial internet companies, classification and filing management of V2X cybersecurity defense, implementation of data security protection measures, and protection of personal information and user rights.

[Reference:

https://mp.weixin.qq.com/s/8s4K4eZlcC8nQ149zXClnw]

2. 工信部、中央网信办等八部门公开征求对《汽车数据出境安全指引（2025版）》的意见

6月13日，工业和信息化部、国家互联网信息办公室、国家发展和改革委员会国家、数据局、公安部、自然资源部、交通运输部、国家市场监督管理总局发布《汽车数据出境安全指引（2025版）（征求意见稿）》，面向社会公开征求意见。《指引》旨在引导规范汽车数据处理者高效便利安全开展汽车数据出境活动，提升汽车数据出境流动便利化水平。《指引》进一步明确了数据出境路径及申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证等义务的豁免情形。其次，《指引》划分了重要数据出境的场景范围，包括研发设计场景、生产制造场景、驾驶自动化场景、软件升级服务场景、联网运行场景和其他情形。最后，《指引》还规定了数据出境实施流程与安全保护要求。

【参见：

https://www.miit.gov.cn/jgsj/waj/wjfb/art/2025/art_181a52f57d14451ba4c8517b79c05177.html】

2. The MIIT, the CAC, and six other departments jointly issued “Guidelines for the Security of Cross-border Transfer of Vehicle Data (2025 Edition)”（《汽车数据出境安全指引（2025版）》）for public comment

On June 13, the Ministry of Industry and Information Technology(MIIT), the Cyberspace Administration of China(CAC), the National Development and Reform Commission, the National Data Bureau, the Ministry of Public Security, the Ministry of Natural Resources, the Ministry of Transport, and the State Administration for Market Regulation jointly issued the “Guidelines for the Secure Cross-border Transfer of Vehicle Data (2025 Edition) (Draft for Public Comment)” （《汽车数据出境安全指引（2025版）（征求意见稿）》）for public comment. The Guidelines aim to guide and standardize the efficient, convenient, and secure conduct of cross-border data transfers by vehicle data processors, thereby enhancing the convenience of cross-border data flows. The Guidelines further clarify the exemption scenarios for obligations such as declaring data outbound security assessments, entering into standard contracts for the outbound transfer of personal information, and obtaining personal information protection certification. Additionally, the Guidelines delineate the scope of scenarios involving the outbound transfer of important data, including research and development design scenarios, production and manufacturing scenarios, driving automation scenarios, software upgrade service scenarios, connected operation scenarios, and other scenarios. Furthermore, the Guidelines stipulate the implementation process and security protection requirements for data outbound transfers.

[Reference:

https://www.miit.gov.cn/jgsj/waj/wjfb/art/2025/art_181a52f57d14451ba4c8517b79c05177.html]

3. 最高人民法院发布利用网络、信息技术侵害人格权典型案例

6月12日，最高人民法院发布六个利用网络、信息技术侵害人格权典型案例。案例具有以下特点：一是严格落实民法典关于人格权保护等规定，加强人格利益司法保障。二是聚焦网络、信息技术侵权新形态，引导和规范新兴技术正确运用。三是统筹人格权保护和网络侵权惩治，拓展技术蓬勃发展清朗空间。四是依法追究严重侵犯个人信息行为的刑事责任，加大惩治力度。案例要旨包括：未经许可AI化使用他人声音，应承担人格权侵权责任；擅用他人肖像供用户‘换脸’，应承担肖像权侵权责任；非法买卖人脸信息情节严重的，构成侵犯公民个人信息罪；非法获取他人家庭监控摄像头控制权，情节严重的，构成非法控制计算机信息系统罪等。

【参见：

https://www.court.gov.cn/zixun/xiangqing/467631.html】

3. The Supreme People's Court released typical cases of infringement of personality rights through the use of the internet and information technology

On June 12, the Supreme People's Court released six typical cases of infringement of personality rights through the use of the internet and information technology. The cases have the following characteristics: First, they strictly implement the provisions of the Civil Code on the protection of personality rights and strengthen judicial safeguards for personality interests. Second, they focus on new forms of infringement involving the internet and information technology, guiding and regulating the proper use of emerging technologies. Third, they coordinate the protection of personality rights with the punishment of online infringement, expanding the clear and healthy space for the vigorous development of technology. Fourth, they legally pursue criminal liability for serious violations of personal information and increase the severity of punishment. The key points of the cases include: unauthorized use of another person's voice through AI constitutes an infringement of personality rights; unauthorized use of another person's portrait for “face-swapping” purposes constitutes an infringement of portrait rights; illegal trading of facial information under serious circumstances constitutes the crime of infringing upon citizens' personal information; and illegal acquisition of control over another person's home surveillance camera under serious circumstances constitutes the crime of illegally controlling a computer information system, among others.

[Reference:

https://www.court.gov.cn/zixun/xiangqing/467631.html]

4. 上海网信办公布“清朗·整治AI技术滥用”专项行动第一阶段工作成果

6月12日，上海网信办向社会公布“清朗·整治AI技术滥用”专项行动第一阶段工作成果。其中，重点成果包括：（1）上海市委网信办指导小红书、哔哩哔哩、拼多多等15家重点网站平台，集中清理“一键脱衣”、未经授权的人脸或人声克隆编辑、未备案等违规AI产品、商品及相关营销、炒作、推广、教程信息。（2）对3款未履行备案或登记程序提供服务且存在风险的应用，依法约谈并给予行政处罚。（3）组织专业机构对8家企业14款AI类应用开展了巡查测试，对部分重点平台开展现场检查和上门指导，发现并督导整改优化内容审核、意图识别等安全措施的薄弱环节。（4）对33款已完成备案、登记提供医疗健康、金融、教育、情感陪伴服务的AI应用开展督导检查，要求完善行业领域安全审核和控制机制，加强专业知识库和检索增强能力建设，提升输出准确性，防范虚假、误导、诱导沉迷对患者、投资者、未成年人带来的不良影响等。

【参见：

https://mp.weixin.qq.com/s/qmfe8tiUlXJDnt525ucA-Q】

4. The Cyberspace Administration of Shanghai announced the first phase results of special campaign of Qing Lang · Regulate the Misuse of AI Technology

On June 12, the Cyberspace Administration of Shanghai announces the first phase results of special campaign of Qing Lang · Regulate the Misuse of AI Technology. Key achievements include: (1) The Shanghai Cyberspace Administration guided 15 key websites and platforms, including Rednote, Bilibili, and Pinduoduo, to conduct a concentrated cleanup of AI products, goods, and related marketing, hype, promotion, and tutorial information that violated regulations, such as “one-click undressing,” unauthorized face or voice cloning and editing, and failure to register or file reports.(2) Three applications that provided services without completing the filing or registration procedures and posed risks were legally summoned for talks and given administrative penalties. (3) Professional institutions were organized to conduct patrol tests on 14 AI applications from eight companies, and on-site inspections and on-site guidance were carried out on some key platforms to identify and supervise the rectification and optimization of weak links in content review, intent recognition, and other security measures.(4) Conducted supervisory inspections on 33 AI applications that have completed registration or filing and provide services in the fields of healthcare, finance, education, and emotional companionship. These applications were required to improve safety review and control mechanisms in their respective industries, strengthen the construction of professional knowledge bases and search enhancement capabilities, enhance output accuracy, and prevent the adverse effects of false, misleading, or addictive information on patients, investors, and minors.

[Reference:

https://mp.weixin.qq.com/s/qmfe8tiUlXJDnt525ucA-Q]

5. 北京网信办宣布“清朗•整治AI技术滥用”专项行动取得初步成效

6月11日，北京网信办宣布“清朗•整治AI技术滥用”专项行动取得初步成效。资讯称，经过第一阶段集中攻坚，全市AI技术滥用治理取得阶段性成效，网络生态持续净化。其中，在工作组织方面，一是制定《北京市“清朗·整治AI技术滥用”专项行动实施方案》，明确整治重点，提出整治任务，细化工作具体安排。二是组织属地重点互联网企业开展自查自纠，覆盖大模型备案、数据训练、内容审核、产品功能等全环节。三是组织技术支撑团队，重点核查API接口接入、医疗金融问答、未成年人保护等高风险领域。在政治成效方面，一是违规产品与内容全力遏制。二是训练数据治理初见成效。三是重点领域风险有效防控。在健全长效治理机制方面，一是持续督促指导平台落实标识要求，建设标识能力。二是强化企业培训。三是构建多元共治格局。

【参见：

https://mp.weixin.qq.com/s/RlCGD1c_p06PfpyA1HdcFQ】

5. The Cyberspace Administration of Beijing announced initial results of special campaign of Qing Lang · Regulate the Misuse of AI Technology

On June 11, the Beijing Cyberspace Administration announced initial results of special campaign of Qing Lang · Regulate the Misuse of AI Technology. According to reports, after a concentrated effort in the first phase, the city has achieved initial results in governing the abuse of AI technology, and the online environment continues to improve. In terms of work organization, first, the “Implementation Plans of Beijing for Special Campaign of Qing Lang · Regulate the Misuse of AI Technology” （《北京市“清朗·整治AI技术滥用”专项行动实施方案》）was formulated, clarifying the focus of the campaign, proposing tasks, and detailing specific arrangements. Second, local key internet companies were organized to conduct self-inspections and corrections, covering all aspects of the process, including large model registration, data training, content review, and product functionality. Third, a technical support team was organized to focus on high-risk areas such as API interface access, medical and financial question-answering, and protection of minors. In terms of political achievements, first, the spread of non-compliant products and content has been effectively curbed. Second, initial results have been achieved in the governance of training data. Third, risks in key areas have been effectively controlled. In terms of improving long-term governance mechanisms, first, efforts have been sustained to urge and guide platforms to implement labeling requirements and build labeling capabilities. Second, enterprise training has been strengthened. Third, a multi-stakeholder governance framework has been established.

[Reference:

https://mp.weixin.qq.com/s/RlCGD1c_p06PfpyA1HdcFQ]

6. 上海市新增11款已完成备案的生成式人工智能服务

6月9日，上海网信办发布《上海市生成式人工智能服务已备案信息公告（6月9日）》。公告称，截至6月9日，上海市新增11款已完成备案的生成式人工智能服务，累计已完成82款生成式人工智能服务备案。已上线的生成式人工智能应用或功能，应在显著位置或产品详情页面公示所使用已备案生成式人工智能服务情况，注明模型名称及备案号。

【参见：

https://mp.weixin.qq.com/s/CXkO_ETEFlsVKggDMQyFpw】

6. Shanghai added 11 new generative AI services that have completed registration

On June 9, the Cyberspace Administration of Shanghai released the “Announcement on Generative AI Services That Have Completed Registration in Shanghai (June 9)”（《上海市生成式人工智能服务已备案信息公告（6月9日）》）.The announcement states that as of June 9, Shanghai has added 11 new generative AI services that have completed registration, bringing the total number of registered generative AI services to 82. Generative AI applications or features that have been launched must prominently display the details of the registered generative AI services they use, including the model name and registration number, on their main interface or product information page.

[Reference:

https://mp.weixin.qq.com/s/CXkO_ETEFlsVKggDMQyFpw]

1. 英国议会通过《数据（使用与访问）法案》[Data (Use and Access) Bill]

6 月 11 日，《数据（使用与访问）法案》[Data (Use and Access) Bill] 于英国议会通过，现正等待最后的御准阶段，随后将成为名为Data (Use and Access) Act的正式法律。该法案旨在支持经济发展，改善公共服务，使日常生活和商业合规更加便捷的同时，不会破坏英国《通用数据保护条例》（GDPR）的核心原则。法案将赋予政府通过二级立法实现客户数据与商业数据共享的权力，进而创建新的数据访问和使用框架。法案对英国当下的数据保护框架（即英国GDPR与2018年数据保护法）在自动化决策规则、跨境数据传输、数据主体访问请求和投诉等方面进行了多项改革。

【参见：

https://bills.parliament.uk/bills/3825】

1. The UK Parliament has passed the Data (Use and Access) Bill

On June 11, the Data (Use and Access) Bill was passed by the UK Parliament and is now awaiting final Royal Assent, after which it will become law as the Data (Use and Access) Act. The bill aims to support economic growth, improve public services, and make daily life and business compliance more convenient without undermining the core principles of the UK GDPR. The bill will grant the government the authority to enable the sharing of customer data and business data through secondary legislation, thereby establishing a new framework for data access and use. The bill introduces several reforms to the UK’s current data protection framework (i.e., the UK GDPR and the 2018 Data Protection Act) in areas such as automated decision-making rules, cross-border data transfers, data subject access requests, and complaints.

[Reference:

https://bills.parliament.uk/bills/3825]

2. 欧洲议会发布人工智能法案实施时间线

6月10日，欧洲议会发布了《人工智能法实施时间线》（AI Act Implementation Timeline），该文件称《人工智能法》于2024年发布，其总体生效日期为2026 年 8 月 2 日，包括第 9 章的执行规则。然而，其中的若干章节和条款有独立的生效日期。因此，就其目前的状态而言，人工智能法预计到 2027 年才能全面生效。为了便于其实施，在实施过程中预计将发布若干文件。例如，第 96 条要求欧盟委员会制定关于该法案实际实施的指南。第 95 条涉及人工智能系统的行为准则，而第 56 条涉及通用目的人工智能行为准则。

【参见：

https://www.europarl.europa.eu/RegData/etudes/ATAG/2025/772906/EPRS_ATA(2025)772906_EN.pdf】

2. European Parliament published AI Act Implementation Timeline

On June 10, the European Parliament published the “AI Act Implementation Timeline”, which states that the Act entered into force in 2024, with a general date of application of 2 August 2026, which includes the enforcement rules (Chapter 9). However, several chapters, sections and articles have other dates of application. As a result, and in its current state, the AI Act should be fully effective by 2027. To facilitate its implementation, several publications are expected during the implementation process. For instance, Article 96 requests the European Commission to develop guidelines on the practical implementation of the act. Article 95 relates to codes of conduct for AI systems, while Article 56 refers to the GPAI code of practice.

[Reference:

https://www.europarl.europa.eu/RegData/etudes/ATAG/2025/772906/EPRS_ATA(2025)772906_EN.pdf]