Click above|Follow us
Recently, in the field of AI governance, the "Administrative Measures for the Identification of Artificially Generated and Synthesized Content (Draft for Comments)" and related AIGC identification mandatory national standards were released, proposing specific implementation requirements for AIGC identification; the National Cybersecurity Standardization Technical Committee released the "Artificial Intelligence Security Governance Framework" Version 1.0, sorting out AI application risks and response measures from a macro perspective, providing safety guidance for different entities; the California State Assembly passed several AI-related bills, accelerating the legislative process in terms of AI transparency and training data. In terms of data protection, the National Cybersecurity Standardization Technical Committee officially released the "Guidelines for the Identification of Sensitive Personal Information" and issued a draft national standard for the application access specification of network identity authentication public services; the Saudi Arabian data protection authority intensively introduced several guidelines such as SCC, accelerating the implementation of data protection rules. In terms of key industry supervision, the Financial Regulatory Authority strengthened the management of mobile Internet applications in the banking and insurance industries, proposing annual mobile application risk assessments and regular audits.
HOTSPOT
HOTSPOT
Cyberspace Administration of China Releases "Administrative Measures for the Identification of Artificially Generated and Synthesized Content (Draft for Comments)"
On September 14, 2024, the Cyberspace Administration of China released the "Administrative Measures for the Identification of Artificially Generated and Synthesized Content (Draft for Comments)" (hereinafter referred to as the "Measures") and publicly solicited opinions, with the deadline for feedback being October 14, 2024.
The Measures are used to regulate the identification activities carried out by service providers of artificially generated and synthesized content, and the scope of application includes: network information service providers carrying out identification activities in accordance with the "Regulations on the Management of Algorithmic Recommendation Services on the Internet," "Regulations on the Management of Deep Synthesis Services on the Internet," and "Interim Measures for the Management of Generative AI Services." Industry organizations, enterprises, educational and scientific research institutions, public cultural institutions, and relevant professional institutions that develop and apply artificially generated and synthesized technologies without providing services to the domestic public do not apply to the provisions of the Measures.
Source:Cyberspace Administration of China
For more information, please click here.
National Cybersecurity Standardization Technical Committee Releases "Artificial Intelligence Security Governance Framework" Version 1.0
In September 2024, the National Cybersecurity Standardization Technical Committee released the "Artificial Intelligence Security Governance Framework" (hereinafter referred to as the "Framework") Version 1.0. The Framework aims to promote consensus and coordination among governments, international organizations, enterprises, research institutions, non-governmental organizations, and the public on the security governance of artificial intelligence, and to effectively prevent and resolve security risks associated with artificial intelligence.
Source: National Cybersecurity Standardization Technical Committee
For more information, please click here.
National Cybersecurity Standardization Technical Committee Releases "Cybersecurity Standard Practice Guide - Guide for the Identification of Sensitive Personal Information"
On September 18, 2024, the National Cybersecurity Standardization Technical Committee released the "Cybersecurity Standard Practice Guide - Guide for the Identification of Sensitive Personal Information" (hereinafter referred to as the "Guide for the Identification of Sensitive Personal Information"). According to the Guide for the Identification of Sensitive Personal Information, personal information that meets any of the following conditions should be identified as sensitive personal information:
(1) if it is leaked or used illegally, it is likely to cause harm to the personal dignity of the individual;
(2) if it is leaked or used illegally, it is likely to endanger the personal safety of the individual;
(3) if it is leaked or used illegally, it is likely to endanger the property safety of the individual.
The Guide for the Identification of Sensitive Personal Information also provides common categories and examples of sensitive personal information, but also clarifies that if there are sufficient reasons and evidence to show that the processed personal information does not meet the identification standards specified in the definition of sensitive personal information, it may not be identified as sensitive personal information.
Source: National Cybersecurity Standardization Technical Committee
For more information, please click here.
Financial Regulatory Authority Issues "Notice on Strengthening the Management of Mobile Internet Applications in the Banking and Insurance Industries"
On September 14, 2024, the Financial Regulatory Authority issued the "Notice on Strengthening the Management of Mobile Internet Applications in the Banking and Insurance Industries" (hereinafter referred to as the "Notice"). The Notice proposes 18 work requirements from four aspects. First, strengthen overall management, requiring financial institutions to clarify the leading department for mobile application management, establish a mobile application inventory, improve the entry and exit mechanism, and control the number of mobile applications; second, strengthen the full life cycle management, requiring financial institutions to standardize the demand analysis, design and development, testing and verification, shelf release, and monitoring operation of mobile applications, and strengthen the compatibility and adaptability management of mobile applications and operating environments; third, implement risk management responsibilities, requiring financial institutions to implement regulatory requirements for mobile application filing, network security, data security, outsourcing management, business continuity, and personal information protection; fourth, strengthen supervision and management, requiring financial regulatory authorities at all levels to strengthen the supervision of mobile applications.
Source: Financial Regulatory Authority
NEWSLETTER
NEWSLETTER
(Click on the source or copy the corresponding link to view the details)
LEGISLATION
Cyberspace Administration of China Releases "Administrative Measures for the Identification of Artificially Generated and Synthesized Content (Draft for Comments)"
Source: Cyberspace Administration of China
Cyberspace Administration of China Releases "Cybersecurity Technology - Artificial Intelligence Generated and Synthesized Content Identification Method" Mandatory National Standard (Draft for Comments)
Source: Cyberspace Administration of China
https://www.cac.gov.cn/2024-09/14/c_1728000680671017.htm
Cyberspace Administration of China Releases "Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Macao) Personal Information Cross-Border Flow Standard Contract Implementation Guide"
Source: Cyberspace Administration of China
National Cybersecurity Standardization Technical Committee Releases "Artificial Intelligence Security Governance Framework" Version 1.0
Source: National Cybersecurity Standardization Technical Committee
https://www.tc260.org.cn/front/postDetail.html?id=20240909102807
National Cybersecurity Standardization Technical Committee Releases "Cybersecurity Standard Practice Guide - Guide for the Identification of Sensitive Personal Information"
Source: National Cybersecurity Standardization Technical Committee
National Cybersecurity Standardization Technical Committee Releases "Cybersecurity Technology - Network Identity Authentication Public Service Application Access Specification" (Draft for Comments)
Source: National Cybersecurity Standardization Technical Committee
National Cybersecurity Standardization Technical Committee Releases "Data Security Technology - Second-hand Electronic Product Information Erasure Technical Requirements" (Draft for Comments), etc.
Source: National Cybersecurity Standardization Technical Committee
Market Supervision Administration Releases "Guiding Opinions on Promoting Network Trading Platform Enterprises to Implement Compliance Management Main Responsibility" (Draft for Comments)
Source: Market Supervision Administration
https://www.samr.gov.cn/hd/zjdc/art/2024/art_a8cb59be893745c18e0e18d90971f8aa.html
Ministry of Industry and Information Technology Releases "Electronic Certification Service Management Measures" (Draft for Comments)
Source: Ministry of Industry and Information Technology
https://wap.miit.gov.cn/gzcy/yjzj/art/2024/art_582b3b38ed3a4b7789ef182b274fe5df.html
National Cryptography Administration Releases "Electronic Government Electronic Certification Service Management Measures"
Source: National Cryptography Administration
https://sca.gov.cn/sca/xxgk/2024-09/10/content_1061204.shtml
Financial Regulatory Authority Releases "Notice on Strengthening the Management of Mobile Internet Applications in the Banking and Insurance Industries"
Source: Financial Regulatory Authority
Ministry of Civil Affairs, Cyberspace Administration of China, and other five departments release "Management Measures for Personal Assistance Network Service Platforms"
Source: Ministry of Civil Affairs
https://xxgk.mca.gov.cn:8445/gdnps/pc/gzk/content.jsp?id=1662004999980001328
Ministry of Natural Resources Releases "Notice on Strengthening the Management of Geological Materials" (Draft for Comments)
Source: Ministry of Natural Resources
https://gi.mnr.gov.cn/202409/t20240920_2859219.html
Ministry of Industry and Information Technology Releases Three Mandatory National Standards for Intelligent Connected Vehicles with Illustrations
Source: Ministry of Industry and Information Technology
Ministry of Industry and Information Technology Seeks Public Comments on "Internet Data Center Data Security Protection Requirements" and other 370 Industry Standards, 7 Industry Standard Foreign Language Versions, and 2 Recommended National Standard Plan Items
Source: Ministry of Industry and Information Technology
https://wap.miit.gov.cn/g
"Telecommunications Network and Internet Security Level Protection Implementation Guide" and other 19 communication industry standards for public review before approval
Source: Ministry of Industry and Information Technology
https://wap.miit.gov.cn/zwgk/wjgs/art/2024/art_515db74608e849ea95eaa5b5a5d188c0.html
The Market Supervision Administration releases the "IoT Standard System Construction Guide (2024 Edition)"
Source: Market Supervision Administration
Fujian Pingtan releases the "China (Fujian) Free Trade Pilot Zone Pingtan Area General Data List for Cross-border Data Flow (Trial)"
Source: Pingtan Comprehensive Experimental Zone
https://www.pingtan.gov.cn/zwgk/zfxxgk/dfbmptlj/ptzhsyqbm/ptzhsyqgwh/fdzdgknr/qtyzdgkdzf/202409/t20240903_93344.htm
INDUSTRY TRENDS
MIIT Issues Notice on Promoting the Development of "Smart Connection of All Things" in Mobile Internet of Things
Source: MIIT
https://www.miit.gov.cn/zwgk/zcwj/wjfb/tz/art/2024/art_f610e694cb59408784f35f3b67b830c2.html
MIIT and 11 Other Departments Jointly Promote the Coordinated Development of New Type Information Infrastructure
Source: MIIT
National Data Bureau Releases Typical Cases of Urban Full-Domain Digital Transformation
Source: National Data Bureau
Ministry of Public Security Announces 8 Typical Cases of Combating Cybercrimes Related to Advertising and Promotion
Source: Ministry of Public Security Cybersecurity Bureau
State Administration for Market Regulation Releases 2024 "Guarding Consumption" Special Law Enforcement Action and Typical Cases of Infringement of Consumer Rights (First Batch), Including a Case of Infringement of Consumer Personal Information
Source: State Administration for Market Regulation
China Cyberspace Security Association Announces a List of Apps That Have Completed Compliance Rectification of Personal Information Collection and Use
Source: China Cyberspace Security Association
Guangzhou Internet Court Releases Typical Cases of Cross-Border Data Disputes
Source: Guangzhou Internet Court (First and Second Issues)
Guangdong Cyberspace Affairs Office Issues Notice on Implementing the "Guidance on the Implementation of Standard Contracts for Cross-Border Data Flow in the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland and Macao)"
Source: Guangdong Cyberspace Affairs Office
Guangdong Initiates the Establishment of an Association for Network Data Security and Personal Information Protection
Source: Guangdong Cyberspace Affairs Office
https://cagd.gov.cn/v/2024/09/5728.html
Shanghai Cyberspace Affairs Office Announces Registration Information of Generative AI Services (August 30)
Source: Shanghai Cyberspace Affairs Office
Beijing Communications Administration Launches 2024 Network and Data Security Inspection in the Telecommunications and Internet Industry
Source: Beijing Communications Administration
Chongqing Liangping District Cyberspace Affairs Office Announces a Penalty for Inadequate Personal Information Protection
Source: Chongqing Liangping District Cyberspace Affairs Office
Shanxi Communications Administration Announces "Notice on the Removal of 17 Apps for Infringing User Rights (Second Batch of 2024)"
Source: Shanxi Communications Administration
https://sxca.miit.gov.cn/zwgk/tzgg/art/2024/art_1f50f57faa774eb3b210402b5408f277.html
Qinghai Cyberspace Affairs Office Announces Typical Cases of Rectification in the "Qinglang" Series of Special Actions
Source: Qinghai Cyberspace Affairs Office
OVERSEAS
International: Swiss-U.S. Data Privacy Framework (DPF) Takes Effect
Source: U.S. Department of Commerce
https://www.commerce.gov/news/press-releases/2024/09/secretary-raimondo-statement-swiss-us-data-privacy-framework
United States:
California CCPA Issues Implementation Opinion Emphasizing the Importance of Avoiding "Dark Patterns" in User Interfaces
Source: California CCPA
https://cppa.ca.gov/announcements/2024/20240904.html
California Legislature Passes Bill on Publicly Available Personal Information
Source: California Legislature
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202320240AB1008
California Legislature Passes CCPA Amendment on the Definition of Sensitive Personal Information
Source: California Legislature
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202320240SB1223
California Legislature Passes Bill on Personal Information Collection of Consumers Under 18 Years Old
Source: California Legislature
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202320240AB1949
California Legislature Passes Bill on AI Definition
Source: California Legislature
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202320240AB2885
California Legislature Passes AI Transparency Bill
Source: California Legislature
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202320240SB942
California Legislature Passes Bill on Transparency of Generative AI Training Data
Source: California Legislature
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202320240AB2013
California Legislature Passes Bill on Safe and Reliable Frontier AI Model Innovation
Source: California Legislature
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202320240SB1047
European Union:
EPRS Releases Directive Proposal on AI Liability
Source: European Parliament
https://www.europarl.europa.eu/thinktank/en/document/EPRS_STU(2024)762861
EU Consumer Organizations Release Position Paper on Obligations of Meta, Apple, and Other Companies under DMA
Source: EU Consumer Organizations
https://www.beuc.eu/position-papers/implementation-meta-apple-google-amazon-bytedance-and-microsoft-their-obligations
United Kingdom:
DSIT Releases Report on the Impact of Cookie Settings Options on Privacy Decisions
Source: DSIT
https://www.gov.uk/government/publications/evaluating-browser-based-cookie-setting-options
UK Data Centers Classified as Critical National Infrastructure
Source: UK Government
https://www.gov.uk/government/news/data-centres-to-be-given-massive-boost-and-protections-from-cyber-criminals-and-it-blackouts
ICO Releases Research Report on Data Controllers
Source: ICO
https://ico.org.uk/media/about-the-ico/documents/4030897/data-controller-study_technical-report.pdf
Germany: DSK Releases Resolution on Transfer of Personal Data to Company Acquirers
Source: DSK
https://www.datenschutzkonferenz-online.de/media/dskb/2024-09-11_Beschluss%20DSK_%20Asset_Deals.pdf
Spain: APDCAT Issues Opinion on Images Obtained from Video Surveillance Systems
Source: APDCAT
https://apdcat.gencat.cat/ca/documentacio/resolucions-dictamens-i-informes/cercadorOn/cercador-detall/CNS-19-2024-00001
Netherlands:
NCSC Releases Supply Chain Cyber Risk Guide
Source: NCSC
https://english.ncsc.nl/latest/news/2024/september/16/cybercheck-beware-of-supply-chain-risks
Dutch Data Protection Authority Imposes Fine on Clearview for Illegal Collection of Facial Information
Source: Dutch Data Protection Authority
https://autoriteitpersoonsgegevens.nl/en/current/dutch-dpa-imposes-a-fine-on-clearview-because-of-illegal-data-collection-for-facial-recognition
ACM Releases DSA Guidelines for Online Service Providers
Source: ACM
https://www.gov.uk/government/publications/evaluating-browser-based-cookie-setting-options
Argentina: AAIP Releases Guidelines on AI Transparency and Personal Data Protection
Source: AAIP
https://www.argentina.gob.ar/sites/default/files/aaip-argentina-guia_para_usar_la_ia_de_manera_responsable.pdf
Saudi Arabia: SDAIA Releases Multiple Rules/Guidelines
Privacy Policy Guidelines
https://sdaia.gov.sa/Documents/PrivacyPolicyGuideline.pdf
Guidelines on Determining Minimum Personal Data
https://sdaia.gov.sa/Documents/MinmumPDGuideline.pdf
Rules on the Registration of Data Controllers
https://sdaia.gov.sa/Documents/TheRulesGoverningTheNationalRegisterOfControllersWithinTheKingdomPublicEN.pdf
Guidelines on Personal Data Disclosure Cases
https://sdaia.gov.sa/Documents/PersonalDataDisclosureCasesGuideline.pdf
Guidelines on Personal Data Processing Activity Records https://sdaia.gov.sa/Documents/PersonalDataProcessingActivitiesRecordsGuideline.pdf
Personal Data Destruction, Anonymization, and Pseudonymization Guideline
https://sdaia.gov.sa/Documents/PersonalDataDestructionAnonymizationAndEncryptionGuideline.pdf
Deepfake Related Guidelines Open for Public Consultation
https://istitlaa.ncc.gov.sa/en/transportation/ndmo/deepfakesguidelines/Documents/SDAIA_Deepfakes%20Guidelines.pdf
BCR (Binding Corporate Rules) Related Guideline
https://sdaia.gov.sa/Documents/CommonRulesBCRForPersonalDataTransferEN.pdf
Standard Contractual Clauses for Personal Data Transfer
https://sdaia.gov.sa/Documents/StandardContractualClausesForPersonalDataTransferEN.pdf
South Korea: PIPC Releases Guidelines for the Practice of Necessity of Personal Information Consent
Source: PIPC
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=10566
Sri Lanka: The Cybersecurity Act Comes into Effect
Source: Government of Sri Lanka
https://www.parliament.lk/uploads/acts/gbills/english/6311.pdf
Thailand: The Personal Data Protection Committee Imposes Penalties on a Company for Not Appointing a DPO and Data Breach Issues
Source: Personal Data Protection Committee of Thailand
https://www.mdes.go.th/news/detail/8539-%E0%B8%94%E0%B8%B5%E0%B8%AD%E0%B8%B5---%E0%B8%AA%E0%B8%84%E0%B8%AA--%E0%B8%84%E0%B8%B8%E0%B8%A1%E0%B9%80%E0%B8%82%E0%B9%89%E0%B8%A1%E0%B8%AA%E0%B8%B1%E0%B9%88%E0%B8%87%E0%B8%9B%E0%B8%A3%E0%B8%B1%E0%B8%9A%E0%B8%82%E0%B9%89%E0%B8%AD%E0%B8%A1%E0%B8%B9%E0%B8%A5%E0%B8%A3%E0%B8%B1%E0%B9%88%E0%B8%A7%E0%B9%84%E0%B8%AB%E0%B8%A5%E0%B8%A0%E0%B8%B2%E0%B8%84%E0%B9%80%E0%B8%AD%E0%B8%81%E0%B8%8A%E0%B8%99-%E0%B8%88%E0%B8%B3%E0%B8%99%E0%B8%A7%E0%B8%99-7-%E0%B8%A5%E0%B9%89%E0%B8%B2%E0%B8%99%E0%B8%9A%E0%B8%B2%E0%B8%97
Australia: New South Wales IPC Releases Guidelines for AI PIA and Seeks Public Opinion
Source: New South Wales IPC
https://www.ipc.nsw.gov.au/news/open-consultation-guide-undertaking-privacy-impact-assessments-ai-systems-and-projects
New Zealand: OPC Releases Recommendations on Data Anonymisation
Source: OPC
https://privacy.org.nz/publications/statements-media-releases/care-is-needed-with-data-anonymisation/
Source:Saudi SDAIA
Note
本文由AIGC翻译,仅供参考。
Translated by AIGC service. For reference only.
本期编辑:陈瑊 陈煜烺 马辰 林婉琪 陈瑞庭 张丽
