Core Viewpoint - The "Shenzhen Plan" introduces 15 clear guidelines for personal information protection, emphasizing privacy policy standardization, user consent management, data processing compliance, and user rights protection [2][3][4] Group 1: Privacy Policy Standardization - Application distribution platforms and apps must provide easily accessible and long-term effective privacy policies, including personal information processing rules, user rights, and complaint channels [2] - Specific rules must be outlined for the handling of minors' personal information [2] Group 2: User Consent Management - Operators must inform users of personal information processing in a prominent manner, prohibiting default selections or bundled authorizations [3] - Sensitive personal information requires "separate consent," and users must have effective means to withdraw consent [3] Group 3: Data Processing Compliance - Operators must adhere to the principles of "minimum and necessary" data processing, avoiding blanket authorizations and frequent pop-up requests [3] - Personalized recommendations must offer non-targeted options or easy refusal methods, and generative AI services must not misuse personal information [3] Group 4: User Rights Protection - Operators are required to inform users of their rights to access, copy, correct, delete, and restrict processing of their personal information, with a commitment to respond to user requests within 15 working days [3] - Barriers to exercising these rights must not be artificially created [3] Group 5: Industry Commitment and Regulatory Framework - Six major application software distribution platform representatives signed a compliance operation commitment to strengthen personal information protection [4] - Since 2021, significant laws such as the Data Security Law and Personal Information Protection Law have been enacted, establishing a solid legal foundation for data security and personal information protection [4] - The Shenzhen Municipal Cyberspace Administration has been actively promoting a multi-governance model involving government regulation, corporate autonomy, industry self-discipline, and social oversight [4][5]

Core Viewpoint - The frequent disputes over password code sharing reflect a competition for user relationship data among platforms, highlighting the importance of data protection and utilization in the digital economy [1] Group 1: Password Code Sharing and User Relationship Data - Password codes serve as temporary, one-time strings used for identity verification and access, and can facilitate the transfer of user relationship data between platforms [2][3] - Platforms can induce users to share password codes, which contain special identification information, allowing them to map relationships between users and expand their user networks [3] Group 2: Definition of Personal Information - Personal information is defined as data that can identify a specific individual, including names, contact details, and relationship data [4] - User relationship chains, as a reflection of personal contacts, qualify as personal information under legal definitions [4] Group 3: User Consent and Data Sharing - User sharing of password codes does not equate to informed consent for personal data processing, especially when users are incentivized without clear disclosure of data collection practices [5][6] - The practice of "induced sharing" obscures the true nature of data sharing, leading users to believe they are only sharing activity information rather than personal relationship data [6] Group 4: Competitive Interests in User Relationship Data - Platforms invest significant resources in developing and maintaining user relationship data, which should be recognized as a competitive asset [7] - Induced sharing practices can undermine the economic interests of platforms by allowing competitors to access valuable user relationship data without consent [7] Group 5: Importance of User Relationship Data for New Apps - The necessity for new apps to rely on user relationship data from established platforms raises questions about competitive fairness and the obligation to share such data [8] - User relationship data is a competitive resource that platforms are not obligated to share without user consent [8] Group 6: Industry Practices and Business Ethics - Industry norms do not equate to established business ethics, particularly in emerging sectors where practices are still evolving [9] - The prevalence of password code sharing among platforms may reflect a chaotic phase rather than an accepted ethical standard [9] Group 7: Legal Boundaries of Data Acquisition - The legal framework for data acquisition emphasizes the need for compliance with ethical standards and the protection of proprietary data [10][11] - Unauthorized data scraping can constitute unfair competition, necessitating regulatory oversight to protect data rights [11] Group 8: Tolerance Obligations Among Platforms - While platforms may have a tolerance obligation for link-sharing, this does not permit unrestricted access to user relationship data [12] - Unauthorized sharing of user relationship data through incentivized password code sharing harms both the data-holding platform and user privacy, warranting regulatory intervention [12]

Group 1 - Jiangsu Provincial Communication Administration recently released a notice regarding APPs that infringe on user rights, indicating that seven APPs have not completed the required rectifications and must do so by September 29 [1] - The notice includes a list of APPs with issues related to the illegal collection and use of personal information, highlighting the need for compliance with regulations [2] - Among the listed APPs, Donghai Tong, operated by Donghai Securities Co., Ltd., is specifically noted for violating personal information collection regulations [2] Group 2 - Donghai Securities Co., Ltd. was established in 1993 and is a member of the Changzhou Investment Group, primarily engaged in capital market services [3] - The company has a registered capital of approximately 1.86 billion RMB and a paid-in capital of 1.59 billion RMB, indicating a solid financial foundation [3] - Donghai Securities is recognized as one of the earliest comprehensive securities firms in China and has expanded its operations to include 19 branches and over 60 business offices, serving more than one million clients [4]

Core Viewpoint - The case highlights the legal implications of personal information leakage through marketing calls, emphasizing the responsibility of information processors to protect user data and privacy rights [1][4]. Group 1: Case Background - The plaintiff, a broadband user, received a marketing call from someone claiming to be a company employee, which was later found to be from a contractor using a personal phone number [2]. - The plaintiff alleged that the caller had access to sensitive information, such as their phone number and service details, which should only be held by the communication company [2]. Group 2: Court Ruling - The court determined that the communication company failed to implement adequate encryption measures, allowing unauthorized access to user information by contractor staff, constituting an infringement of the plaintiff's privacy rights [3]. - The ruling mandated the communication company to issue a written apology and pay 500 yuan in compensation for emotional distress, while rejecting other claims from the plaintiff [3]. Group 3: Legal Implications - The judge emphasized that information processors must ensure data security and are liable for any infringement caused by unauthorized use of personal information, particularly in marketing contexts [4]. - The ruling reflects a broader trend of increasing scrutiny on how companies manage and protect personal data, especially in light of the Personal Information Protection Law [4][5]. Group 4: Recommendations - Information processors are advised to enhance compliance management and supervision of third-party contractors to prevent unauthorized use of personal data [5]. - Citizens are encouraged to document any instances of harassment or data breaches to protect their rights and contribute to a safer social environment [5].

Core Points - The article highlights a case of identity theft where an individual, referred to as Xiao Zhang, was wrongfully accused of defaulting on a bank loan due to the misuse of his personal information by criminals [1] Group 1: Incident Overview - Xiao Zhang received a court notice regarding a 500,000 yuan loan that he allegedly defaulted on, despite never having taken out such a loan [1] - The investigation revealed that a criminal gang had illegally collected sensitive personal data from Xiao Zhang during a promotional event, leading to the fraudulent loan application in his name [1] Group 2: Bank's Recommendations - The bank advises individuals to properly dispose of documents containing personal information, such as delivery slips and receipts, to prevent identity theft [1] - It is recommended to annotate the purpose on copies of identification documents to limit their use and to clear the photocopier's memory after use [1] - Individuals are cautioned to carefully verify the credibility of websites before participating in online surveys to avoid disclosing personal information [1] - The bank warns that using free WiFi can expose personal information and suggests using dedicated app clients for banking transactions while setting WiFi connections to manual [1]

Core Viewpoint - Jiangsu Provincial Communication Administration emphasizes the protection of user rights and has initiated actions against APPs that violate personal information protection laws [1] Group 1: Regulatory Actions - Jiangsu Provincial Communication Administration has released a report on APPs that infringe on user rights, as part of a series of actions for personal information protection in 2025 [1] - The administration is conducting inspections on financial and utility APPs to address illegal collection and use of personal information [1] Group 2: Compliance Status - As of now, seven APPs have not completed the required rectifications, including three financial software applications [1] - The non-compliant financial APPs include "Shan Yong Hua" from Nanjing Mantanghong Information Technology Co., "Xiao Cheng Borrowing" from Nanjing Lezai Technology Microloan Co., and "Donghai Tong" from Donghai Securities Co. [1]

Core Viewpoint - The article emphasizes the importance of the Personal Information Protection Law in safeguarding individual data and enhancing information security in the digital age, highlighting the need for legal protection against data misuse and breaches [2][3]. Group 1: Legal Protection of Personal Information - Personal information is defined as any data that can identify a specific individual, including basic identity information, biometric data, and sensitive personal information [2]. - The law covers personal information collected by tax authorities during tax management and service processes [2]. Group 2: Principles of Information Processing - Organizations must adhere to five key principles when handling personal information: legality, necessity, minimal data collection, transparency, and security [3]. - Tax authorities are required to implement high-level security measures to prevent data breaches [3]. Group 3: User Rights - Individuals possess seven essential rights regarding their personal information, including the right to be informed, the right to restrict processing, and the right to request deletion under certain conditions [7]. - Taxpayers can exercise these rights in relation to their tax information, such as requesting copies of tax records [7]. Group 4: Application Scenarios and Compliance - The article discusses the need to combat "big data discrimination," ensuring users have the right to know and refuse algorithm-based pricing [8]. - It also emphasizes the regulation of facial recognition technology, which should only be used for public safety and requires explicit consent for other uses [9][10]. Group 5: Tax Incentives for New Energy Vehicles - New energy vehicles purchased between January 1, 2024, and December 31, 2025, are exempt from vehicle purchase tax, with a maximum exemption of 30,000 yuan per vehicle [19]. - From January 1, 2026, to December 31, 2027, these vehicles will be subject to a 50% reduction in purchase tax, with a maximum reduction of 15,000 yuan per vehicle [19]. Group 6: Exemption from Vehicle and Vessel Tax - Eligible new energy vehicles are fully exempt from vehicle and vessel tax, provided they meet specific criteria [20]. - The criteria include being pure electric commercial vehicles, plug-in hybrid vehicles, or fuel cell commercial vehicles that comply with national standards [21].

9月18日，工信部通报29款存在侵害用户权益行为的APP。 | 29 | IIZI. 自 \1 \ | 不元ドロリコイツ | ×11 ±4, | 0.0.28 | 违规收集个人信息 | | --- | --- | --- | --- | --- | --- | | | 舰店 | 有限公司 | 程序 | | | 记者注意到，29款APP包括：甜果美甲、pstyle派斯造型、京体通、SIP Cafe咪咪咖啡、江门市中心医院、窝窝外卖、檀力寄存、骑乐时代、童虎旧衣服回 收、Tims天好咖啡、巨好租、西掌勺的小程序、新天地（301277）超市小程序、第一大药房医保购药小程序、索易养生小程序、桂芳推拿、筋斗云外卖 点餐、喜味到外卖、快哒校园|校内外卖、追尚外卖、途简单|行李寄存、订生日蛋糕同城配送-圣思町、金点驿充、松木山自行车俱乐部、心卓零食、果粉 之家手机专营店、猫知己、美佳辰、iKF官方旗舰店。 根据中央网信办、工业和信息化部、公安部、市场监管总局等四部门联合发布的《关于开展2025年个人信息保护系列专项行动的公告》，依据《个人信息 保护法》《网络安全法》《电信条例》《电信和互联网用户个人信息保护规定》等法律法规 ...

在金融消费者服务与保护工作持续强化的背景下，作为数字经济时代消费者获得金融服务的重要渠道， 金融App的合规发展受到关注。 《中国经营报》记者注意到，今年以来，已有多款金融类App因为存在个人信息处理不当的情况被有关 部门通报。 9月初，中国互联网金融协会（以下简称"中互金协会"）发布《关于进一步加强金融领域App自律检查 的通知》表示，依据国家相关法律法规和金融管理部门相关要求，决定进一步加强金融领域App自律检 查工作。 此外，还有一些用户对移动金融App的困惑在于同意收集个人信息，但却不知道如何终止收集。 一位法律人士表示，当前法律框架内的保护手段主要是规定个人信息处理者的义务，以及赋予个人信息 主体权利，相关法定义务包括但不限于：处理个人信息前的告知和获取同意，制定内部管理制度和操作 规程，采取相应的加密、去标识化等安全技术措施，响应个人信息主体的权利请求等。同时，法律也赋 予了个人信息主体知情、决定、查阅、复制、更正、删除、要求解释说明等权利，个人信息主体可随时 行使这些法定权利，以保护其个人合法权益。 记者注意到，在中互金协会第6期通报中，发现有App未向用户提供撤回同意收集个人信息的途径、方 式 ...

Core Points - Personal privacy is a crucial right, and its breach can lead to financial losses [1] Case Details - Mr. Zhang insured his family with an accident insurance policy. He received a call from a "customer service" claiming to be from the insurance company, accurately stating his name, insurance type, and home address. The caller offered to upgrade his policy and refund part of the premium, requesting his bank card number and SMS verification code for identity confirmation. Trusting the information, Mr. Zhang provided the details, resulting in a loss of 5,000 yuan from his bank account within half an hour. He later discovered that scammers had obtained his insurance information through illegal means and impersonated the company to commit fraud [2]. Case Analysis - Scammers collected personal insurance information through illegal channels, using the accuracy of the information to lower the victim's guard. They lured the victim with the promise of "benefit upgrades" to extract critical information such as bank card numbers and verification codes, ultimately leading to unauthorized withdrawals. This behavior violates the Personal Information Protection Law, infringing on privacy and constituting fraud [3].