Click above|Follow us
Recently, in the field of data security, the Ministry of Industry and Information Technology (MIIT) has issued the "Emergency Plan for Data Security Incidents in the Industrial and Information Technology Sector (Trial)", which clearly classifies data security incidents into four levels: particularly serious, major, significant, and minor, and stipulates that significant and above data security incidents should be immediately reported to local industry regulatory authorities. In the value-added telecommunications, multiple regulatory authorities have clarified that businesses operating independently through platforms such as mini-programs do not need to obtain a value-added telecommunications permit. In the field of personal information protection, an employee of a technology company was sentenced to punishment by the court for the crime of infringing on citizens' personal information by illegally obtaining more than 100 million pieces of personal information through the open internet.
HOTSPOT
HOTSPOT
MIIT issued the "Emergency Plan for Data Security Incidents in the Field of Industry and Information Technology (Trial)"
On October 29, 2024, the Ministry of Industry and Information Technology (MIIT) issued the "Emergency Plan for Data Security Incidents in the Field of Industry and Information Technology (Trial)" (hereinafter referred to as the "Emergency Plan"), which will be implemented from November 1, 2024. The Emergency Plan clearly classifies data security incidents into four levels: particularly serious, serious, significant, and general. Among them, more serious personal information security incidents involving personal information of 1 million (inclusive) to 10 million people or sensitive personal information of 100,000 (inclusive) to 1 million people are classified as significant level. Data processors are required to immediately report to local industry supervision and management departments if they believe a significant or higher level data security incident may occur; after the emergency work for serious or higher level data security incidents is completed, data processors should form a summary report within 5 working days after the end of the emergency work and report it to the local industry supervision and management departments.
Information source: MIIT
https://www.miit.gov.cn/jgsj/waj/wjfb/art/2024/art_b051a6efc2ac4f3c94123c5bb8cb9b22.html
Multiple regulatory authorities have clarified: No need to obtain a value-added telecommunications permit for businesses operating solely through independent platforms such as mini-programs.
On November 4, 2024, the Guangdong Communications Administration issued the "Announcement on Issues Related to Telecommunications and Internet-Related Administrative Approvals" (hereinafter referred to as the "Announcement"), clarifying that in order to continue promoting the "decentralization, regulation, and service" reform, the following scenarios do not require the acquisition of a "Value-Added Telecommunications Business Operating License":
a. Enterprises that use their own websites or APPs to directly sell their own or other enterprises' goods or services in an independent operation mode, without any other units or individuals selling under their own name on the website or APP, do not belong to value-added telecommunications services;
b. Enterprises that use their own websites or APPs to publish information on their own, and do not provide platform services for other units or individual users to publish information, do not provide information publishing platforms and delivery services;
c. Enterprises operating businesses through mini-programs, public accounts, video accounts, H5 websites, online stores, and other forms on internet platforms such as WeChat and Alipay, and without any other independent operating platforms.
Information source: Guangdong Information and Communications Industry
A technology company employee sentenced for illegally obtaining over 100 million pieces of citizens' personal information through the external network.
On October 28th, the People's Procuratorate of Yangpu District, Shanghai (hereinafter referred to as "Yangpu District Procuratorate"), held a press conference to report on the handling of cases involving the infringement of citizens' personal information privacy since 2020 and to release related case examples.
In a typical case reported by the Yangpu District Procuratorate, the defendant, Mr. Wu, an employee of a certain security technology company, used a circumvention software in February 2024 to illegally access the overseas Telegram platform. He downloaded files containing citizens' personal information from the "ling" group's "resource sharing" section within the software and stored them on a portable hard drive he possessed, while also providing the download channel to others. Upon appraisal, it was determined that Mr. Wu illegally obtained over 100 million pieces of citizens' personal information. Recently, following the public prosecution initiated by the Yangpu District Procuratorate, the court sentenced Wu to one year and six months of fixed-term imprisonment, suspended for one year and six months, and a fine of 2,000 RMB for the crime of infringing on citizens' personal information.
The Yangpu District Procuratorate stated that one of the controversy points in this case was whether downloading citizens' personal information through overseas network platforms constitutes "illegal acquisition." Upon review, it was determined that in the crime of infringing on citizens' personal information, the determination of "illegality" can be judged based on whether national regulations are violated. According to Article 6, Paragraph 2 of the "Interim Regulations on the Management of International Networking of Computer Information Networks of the People's Republic of China," no unit or individual may establish or use other channels for international networking. As a cybersecurity professional, Wu had no legal authorization to collect, store, or use personal information, nor did he obtain permission from the relevant parties. His actions in violating national regulations to access the international internet were considered "illegal acquisition."
Information source: The Paper News
https://m.thepaper.cn/newsDetail_forward_29169381
NEWSLETTER
NEWSLETTER
(Click on the source or copy the corresponding link to view the details)
LEGISLATION
The State Council announces the "Regulations of the People's Republic of China on the Export Control of Dual-Use Items"
Information source: State Council
https://www.gov.cn/zhengce/content/202410/content_6981399.htm
MIIT releases the "Emergency Plan for Data Security Incidents in the Field of Industry and Information Technology (Trial)"
Information source: MIIT
https://www.miit.gov.cn/jgsj/waj/wjfb/art/2024/art_b051a6efc2ac4f3c94123c5bb8cb9b22.html
The National Data Bureau issues a public announcement seeking opinions on the "Glossary of Terms in the Data Field"
Information source: National Data Bureau
TC260 releases three national cybersecurity standards, including "General Security Technology Specifications for Terminal Computers"
Information source: TC260
TC260 releases two institutional documents, including the "Administrative Measures for the Document Management of Cybersecurity Standard Practice Guidelines" and the "Administrative Measures for the Participation Units of Standards"
Information source:TC260
The revised draft of the "Anti-Money Laundering Law" includes multiple provisions to protect data security and citizens' personal information
Information source: Chinanews
https://m.chinanews.com/wap/detail/zw/gn/2024/11-01/10311776.shtml
The National Data Standardization Technical Committee releases the "List of Key Standard Items Planned for Revision in 2024-2025"
Information source: National Data Bureau
Hubei seeks public comments on the "Hubei Province Data Property Registration Management Measures (Trial) (Draft for Comments)"
Information source: Hubei Data Bureau
https://sjj.hubei.gov.cn/hdjl/dczj/202410/t20241031_5395376.shtml
Jiangsu releases the "Interim Measures for the Authorized Operation and Management of Public Data in Jiangsu Province"
Information source: National Data Bureau
Beijing releases several policies to promote the high-quality development of the intelligent connected vehicle industry in the Beijing Economic-Technological Development Area
Information source: Beijing Economic-Technological Development Area
https://kfqgw.beijing.gov.cn/zwgkkfq/2024zcwj/202411/t20241101_3932515.html
Hangzhou seeks public comments on the "Hangzhou Functional Autonomous Vehicle Management and Operation Guide (1.0 Edition) (Draft for Comments)"
Information source: Hangzhou Intelligent Connected Vehicle Innovation Application Working Office
https://minyi.zjzwfw.gov.cn/dczjnewls/dczj/idea/topic_18754.html
Guangdong releases the "Guangdong Internet Platform Operator Competition Compliance Guidelines (Anti-Monopoly)"
Information source: Guangdong Market Supervision Bureau
The "Interim Measures for the Authorized Operation and Management of Public Data in Jiangsu Province" are released
Information source: Jiangsu Provincial Government
https://www.jiangsu.gov.cn/art/2024/10/30/art_46144_11406884.html
The Ministry of Science and Technology responds to proposals from the National People's Congress and the Chinese People's Political Consultative Conference: promoting the application and legislative work of the artificial intelligence industry
Information source: Ministry of Science and Technology
https://www.most.gov.cn/xxgk/xinxifenlei/fdzdgknr/jyta/202410/t20241021_192178.html
INDUSTRY TRENDS
MIIT officially launches a pilot program to expand the opening up of value-added telecommunications services to foreign investors
Information source: MIIT
Multiple Local Cybersecurity Administration Centers (CACs) have started the annual car data reporting work for 2024
Information source: Shanghai CAC、Tianjin CAC、Zhejiang CAC、Hunan CAC
The National Data Standardization Technical Committee is established
Information source: Market Supervision Bureau
National Data Bureau convenes a working deployment meeting on the development and utilization of public data resources
Information source: National Data Bureau
The National Cybersecurity and Information Security Information Disclosure Center warns to focus on guarding against malicious overseas websites and IPs
Information source: National Cybersecurity Disclosure Center
The Beijing Internet Court reports on the trial of cases involving personal information and data
Information source: Beijing Internet Court
The Guangdong Communications Administration releases an announcement on "issues related to telecommunications and internet-related administrative approvals"
Information source: Guangdong Communications Administration
The convenience measures of the "Guangdong-Hong Kong-Macao Greater Bay Area (Mainland and Hong Kong) Standard Contract for Cross-Border Data Flow of Personal Information" are extended to all industries in Hong Kong
Information source: Hong Kong Digital Policy Offic
https://www.pcpd.org.hk/tc_chi/news_events/media_statements/press_20241101.html
The National CAC releases the eighth batch of algorithm filing information for deep synthesis services
Information source: CAC
https://www.cac.gov.cn/2024-11/01/c_1732152604917193.htm
Beijing CAC announces the filing information of generative AI services (October 21)
Information source: Beijing CAC
Shanghai announces the filing information of generative AI services (October 31)
Information source: Shanghai CAC
Zhejiang announces the filing information of generative AI services
Information source: Zhejiang CAC
Hunan CAC and others summon the heads of 17 app operating companies for discussions
Information source: Hunan CAC
Jiangsu Communications Administration reports on apps that infringe on user rights
Information source:Jiangsu Communications Administration
Guangdong Communications Administration reports on 3 apps that have not completed rectification as required and delists one app
Information source: Guangdong Communications Administration
Zhejiang Communications Administration reports on 4 apps that infringe on user rights (9th and 10th batches of 2024)
Information source: Zhejiang Communications Administration
Hunan CAC summons the heads of 10 apps that illegally collect and use personal information
Information source: Hunan CAC
Two companies in Zhengzhou are penalized by Zhengzhou CAC for violating the "Data Security Law"
Information source: Zhengzhou CAC
Beijing CAC organizes a compliance training session on the collection and use of personal information by vending machines
Information source: Beijing CAC
Public notice of penalty documents does not desensitize ID numbers, residences and other information; Shanghai Yangpu Prosecution issues prosecutorial suggestions to multiple administrative organs
Information source: Shanghai Observer
https://news.qq.com/rain/a/20241029A04Z3B00
Shanghai reports on cases involving the infringement of citizens' personal information privacy and releases relevant cases
Information source: Yangpu Prosecution
Guangzhou Internet Court releases a case: the legality review of cross-border personal information processing
Information source: Guangzhou Internet Court
China Consumer Association expresses its views on unknown link redirects
Information source: China Consumer Association
An employee of a technology company is sentenced for illegally obtaining over 100 million pieces of citizens' personal information through the external network
Information source: The Paper
https://m.thepaper.cn/newsDetail_forward_29169381
NATIONAL INTERNET FINANCE ASSOCIATION OF CHINA releases the "Financial Data Security Governance Implementation Guidelines" and four other standards
Information source: Privacy Guardian Team
Shanghai Communications Administration convenes a policy publicity and deployment meeting to expand the pilot work of value-added telecommunications services to foreign investors
Information source: Shanghai Communications Administration
OVERSEAS
European Union:
EDPB adopts its first report under the EU-U.S. Data Privacy Framework and a statement on the recommendations on access to data for law enforcement
Information source: EDPB
https://www.edpb.europa.eu/news/news/2024/edpb-adopts-its-first-report-under-eu-us-data-privacy-framework-and-statement_en
ENISA asking for feedback on the technical guidance for the cybersecurity measures of the NIS2 implementing act
Information source: ENISA
https://www.enisa.europa.eu/news/asking-for-your-feedback-enisa-technical-guidance-for-the-cybersecurity-measures-of-the-nis2-implementing-act
Commission launches public consultation on the rules for researchers to access online platform data under the Digital Services Act
Information source: Commission
https://digital-strategy.ec.europa.eu/en/news/commission-launches-public-consultation-rules-researchers-access-online-platform-data-under-digital
Commission harmonises transparency reporting rules under the Digital Services Act
Information source: Commission
https://digital-strategy.ec.europa.eu/en/news/commission-harmonises-transparency-reporting-rules-under-digital-services-act
Commission opens formal proceedings against Temu under the Digital Services Act
Information source: Commission
https://ec.europa.eu/commission/presscorner/detail/en/ip_24_5622
USA:
Justice Department issues comprehensive proposed rule addressing national security risks posed to U.S. sensitive data
Information source: Justice Department
https://www.justice.gov/opa/pr/justice-department-issues-comprehensive-proposed-rule-addressing-national-security-risks
Whitehouse issues memorandum on Advancing the United States’ Leadership in Artificial Intelligence
Information source: Whitehouse
https://www.whitehouse.gov/briefing-room/presidential-actions/2024/10/24/memorandum-on-advancing-the-united-states-leadership-in-artificial-intelligence-harnessing-artificial-intelligence-to-fulfill-national-security-objectives-and-fostering-the-safety-security/
CFPB Finalizes Personal Financial Data Rights Rule to Boost Competition, Protect Privacy, and Give Families More Choice in Financial Services
Information source: CFPB
https://www.consumerfinance.gov/about-us/newsroom/cfpb-finalizes-personal-financial-data-rights-rule-to-boost-competition-protect-privacy-and-give-families-more-choice-in-financial-services/?mkt_tok=MTM4LUVaTS0wNDIAAAGWVu3KUuHLj2BkY5OFdIE9swljBthCOG_ZzIsZMrAQQz6yYHuBh8CEuFHfmodxZSWOl2kTSHCx2RZTsC7mc0OtaNDbSMsmpoc21kHjkMzdGS-Jow
FTC Announces Final “Click-to-Cancel” Rule Making It Easier for Consumers to End Recurring Subscriptions and Memberships
Information source: FTC
https://www.ftc.gov/news-events/news/press-releases/2024/10/federal-trade-commission-announces-final-click-cancel-rule-making-it-easier-consumers-end-recurring
California: The CPPA will review compliance of data brokers with the DELETE Act
Information source: CPPA
https://cppa.ca.gov/announcements/2024/20241030.html
UK:
ICO's statement on the Data Use and Access Bill
Information source: ICO
https://ico.org.uk/about-the-ico/the-data-use-and-access-dua-bill/information-commissioner-s-response-to-the-data-use-and-access-bill/
ICO publishes key data protection considerations for using AI to assist recruitment
Information source: ICO
https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/11/thinking-of-using-ai-to-assist-recruitment-our-key-data-protection-considerations/
Norway: Plans to raise the age of consent for social media data processing to 15 years old
Information source: Office of the Prime Minister of Norway
https://www.regjeringen.no/no/aktuelt/regjeringa-vil-ha-aldersgrense-pa-15-ar-for-a-dele-personopplysningar/id3064231/
Netherlands: AP seeks input on the ban of emotion recognition artificial intelligence systems
Information source: AP
https://www.autoriteitpersoonsgegevens.nl/documenten/oproep-tot-input-verbod-op-emotieherkenning-op-de-werkplek-of-in-het-onderwijs
Italy: AGCM expands investigation into Apple for alleged abuse of dominant position
Information source: AGCM
https://agcm.it/pubblicazioni/bollettino-settimanale/2024/42/Bollettino-42-2024
Turkey: KVKK launches online notification module for international data transfers
Information source: KVKK
https://kvkk.gov.tr/Icerik/8043/Standart-Sozlesme-Bildirim-Modulu-Hakkinda-Kamuoyu-Duyurusu
Canada: Government orders the closure of Tiktok's Canadian subsidiary
Information source: Upstream News
Brazil:
ANPD signs a memorandum of understanding on data protection with the Office of the Privacy Commissioner of Canada
Information source: ANPD
https://www.gov.br/anpd/pt-br/assuntos/noticias/anpd-e-o-comissariado-canadense-para-a-protecao-da-privacidade-firmam-memorando-de-entendimento
High Court (STJ) introduces case law on the General Data Protection Law (LGPD)
Information source: STJ
https://www.stj.jus.br/sites/portalp/Paginas/Comunicacao/Noticias/2024/27102024-Os-precedentes-do-STJ-nos-primeiros-quatro-anos-de-vigencia-da-Lei-Geral-de-Protecao-de-Dados-Pessoais.aspx
ANPD takes measures against TikTok and initiates sanctioning proceedings
Information source: ANPD
https://www.gov.br/anpd/pt-br/assuntos/noticias/anpd-abre-processo-sancionador-e-emite-determinacoes-ao-tiktok
South Korea:
Meta faces 216 billion won fine for illegal collection of personal information on Facebook
Information source: IT Home
https://www.ithome.com/0/807/977.htm
PIPC releases draft administrative notice on "Notice on the Transmission and Transmission Request of Information in the Health and Medical Fields" (draft)
Information source: PIPC
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS061&mCode=C010010000&nttId=10709
PIPC announces the launch of an equivalence recognition system for cross-border data transfers of personal information
Information source: PIPC
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=10717
Australia:
The Privacy and Other Legislation Amendment Bill 2024 passes third reading Information
Information source: Parliament of Australia
https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r7249
The Office of the Australian Information Commissioner (OAIC) releases guidance on privacy and the use of commercially available AI products
Information source: OAIC
https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-the-use-of-commercially-available-ai-products
The Office of the Australian Information Commissioner (OAIC) releases guidance on privacy and the development and training of generative AI models
Information source: OAIC
https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-developing-and-training-generative-ai-models
Latvia: DVI releases a guide to common mistakes in cookie banners
Information source: DVI
https://www.dvi.gov.lv/lv/jaunums/dviskaidro-kadas-kludas-visbiezak-tiek-pielautas-sikdatnu-baneros
Lithuania:
VDAI releases training materials for DPOs
Information source: VDAI
https://vdai.lrv.lt/lt/naujienos/duomenu-apsaugos-pareigunu-mokymu-medziaga/
VDAI releases information on the processing of important photos of organizations
Information source: VDAI
https://vdai.lrv.lt/lt/naujienos/aktuali-informacija-del-organizacijos-nuotrauku-tvarkymo/
Note
本文由AIGC翻译,仅供参考。
Translated by AIGC service. For reference only.
本期编辑:陈瑊 陈煜烺 马辰 林婉琪 陈瑞庭 张丽
