21世纪经济报道·2025-09-29 10:27Core Viewpoint - The article discusses the newly released "Shenzhen Plan" which includes 15 clear guidelines aimed at enhancing personal information protection, reflecting a shift towards stricter compliance for companies handling personal data [1][4]. Summary by Sections Privacy Policy Standards - The guidelines require application distribution platforms and apps to provide easily accessible and long-term effective privacy policies, which must include rules for personal information processing, user rights, and complaint channels. Special rules must be established for handling minors' personal information [1][2]. User Consent Management - Operators must inform users about personal information processing in a prominent manner, prohibiting default selections or bundled authorizations. Sensitive personal information requires "separate consent," and users must have effective means to withdraw consent [2][4]. Data Processing Compliance - Operators are mandated to adhere to the principles of "minimum and necessary" data processing, prohibiting blanket authorizations and frequent pop-up requests. Personalized recommendations must offer non-targeted options or easy refusal methods. Generative AI services are restricted from indiscriminately collecting or retaining personal information, and any training data involving personal information must comply with legal standards [2][4]. User Rights Protection - Operators are required to inform users of their rights to access, copy, correct, delete, and restrict processing of their personal information. User requests must be processed within 15 working days without artificial barriers [2][4]. Multi-Party Governance Framework - The initiative aims to establish a multi-party governance framework for personal information protection, involving government regulation, corporate autonomy, industry self-discipline, and social oversight. Key application software distribution platforms have signed a compliance commitment to enhance personal information protection [4][5]. Ongoing Efforts and Future Directions - Shenzhen's efforts include exploring a "law enforcement + service" model, transitioning from punitive measures to proactive legal education and rectification. The city plans to continuously improve long-term mechanisms for personal information protection and enhance collaborative enforcement capabilities [5].