Core Viewpoint - iQIYI has responded to concerns regarding personal information collection issues identified in a report by the National Computer Virus Emergency Response Center, emphasizing its commitment to user data protection and compliance [1] Group 1: Company Response - The company has initiated an internal investigation following the report's findings about its application version X9M_m1e_17.0.0.20221018, which was launched in October 2022 [1] - iQIYI clarified that the problematic version was developed and provided by a partner for a specific brand's in-car application [1] - The company is actively working with its partner to address the reported issues and plans to release a compliant updated version of the application [1] Group 2: Commitment to Data Protection - iQIYI reiterated its commitment to fulfilling its responsibilities regarding personal information protection and aims to provide safe and high-quality services to its users [1]

工业和信息化部此前发布的《工业和信息化部关于进一步提升移动互联网应用服务能力的通知》要 求，从事个人信息处理活动，应具有明确合理的目的，不得仅以服务体验、产品研发、算法推荐、风险 控制等为由，强制要求用户同意超范围或者与服务场景无关的个人信息处理行为。用户拒绝提供非当前 服务所必需的个人信息时，不得影响用户使用该服务的基本功能。 当移动互联网为经济社会发展提供强大驱动力时，也给社会治理带来了新的挑战。用户数据安全问 题之所以常常会牵动舆论神经，不仅是因为数据商业化运用带来的"大数据杀熟"等问题，更在于一旦出 现数据泄露，这些信息往往会为电信网络诈骗、敲诈勒索、恶意账号注册等犯罪提供"精准制导"。 数字经济时代，以APP安全为代表的网络安全关系到个体层面的隐私保护，产业层面的科技竞争、 创新和发展以及国家层面的数据安全和全球数字竞争力。避免手机APP过度索权，需要划定权限边界。 当前要做的，除了确保相关应用索取的权限与功能相匹配、明确商家的权责，还须加大监管和执法力 度，比如加强应用商店的审核标准，严格落实相关禁令等。 随着移动互联网技术的快速发展，从社交到出行、从办公到娱乐，APP已经渗透到人们生活的方方 面 ...

Group 1 - The National Cybersecurity Notification Center reported 65 mobile applications that illegally collected and used personal information, violating the Cybersecurity Law and the Personal Information Protection Law [1] - Issues identified include lack of clear prompts for users to read privacy policies, difficulty in accessing privacy policies, failure to inform users about information recipients, and absence of effective personal information correction and deletion features [1] - Some applications did not obtain user consent for processing sensitive information, lacked rules for handling minors' information, and failed to implement necessary security measures [1] Group 2 - The notification aims to strengthen personal information protection [1]

Core Insights - OpenAI has released new models ChatGPT o3 and o4-mini, which possess advanced visual reasoning capabilities, allowing them to accurately identify and locate places from images [1][3][15] - The ability of AI to analyze images raises significant concerns regarding personal information protection, as it can deduce precise locations and even personal characteristics from seemingly innocuous photos [1][19] Group 1: AI Capabilities - ChatGPT o3 can analyze various details in images, such as vegetation, landmarks, and even specific items, to accurately determine the location where a photo was taken [3][10] - In tests, ChatGPT o3 demonstrated a high level of accuracy, with 60% of predictions having an error margin of less than 1.6 kilometers [17] - The model integrates image recognition, logical reasoning, and external database access to achieve location identification, even without GPS data [17][19] Group 2: Comparison with Other Models - Other models like Doubao and Quark AI camera showed lower accuracy in location identification compared to ChatGPT o3, often failing to pinpoint exact locations [15][16] - The visual reasoning capabilities of competing models are still developing, indicating that ChatGPT o3 currently leads in this area [15][16] Group 3: Privacy Concerns - The ability of AI to infer personal information from images poses a risk of privacy invasion, as it can identify not only locations but also user preferences and characteristics [18][19] - OpenAI has implemented restrictions to prevent the model from making unfounded inferences about individuals based on images, but these do not cover all aspects of location and personal data analysis [19][20] - Experts suggest that users should be cautious when sharing images online, as AI can utilize various visual cues to deduce sensitive information [20][21]

Core Viewpoint - The National Cybersecurity Center has reported that 65 mobile applications are found to be in violation of personal information protection laws, highlighting significant issues in user consent and data handling practices [1][2][3][4][5][6][7][8] Group 1: User Consent and Information Collection - 9 applications failed to clearly inform users about their privacy policies and data collection practices at the first run [1] - 43 applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [2] - 16 applications did not inform users about the transfer of their personal information to other parties, nor did they obtain separate consent [3] - 4 applications began collecting personal information without obtaining user consent [4] Group 2: User Rights and Data Management - 9 applications lacked effective mechanisms for users to correct, delete personal information, or cancel their accounts, and did not respond timely to such requests [4] - 3 applications failed to process complaints and reports within the promised timeframe and lacked a convenient mechanism for users to exercise their rights [5] - 32 applications did not provide users with a way to withdraw consent for data collection [5] Group 3: Sensitive Information and Security Measures - 6 applications used automated decision-making for information push and marketing without providing options to refuse or alternatives [6] - 7 applications processed sensitive personal information without obtaining separate consent and did not inform users about the necessity and impact on their rights [6] - 15 applications did not implement adequate security measures such as encryption or de-identification of personal data [7] Group 4: Privacy Policy Compliance - 5 applications were found to have no privacy policy at all [8] - 31 out of 67 previously reported applications still exhibited issues upon re-evaluation, leading to their removal from distribution platforms [8]

但从实践来看，治理App信息收集乱象，不能仅靠事后通报，还需要在制度设计上不断做"加法"， 比如对违规行为设定更具威慑力的处罚标准；在技术手段上做"升级"，建立覆盖全周期的智能监测系 统，及时拦截违规收集行为；在用户参与上做"乘法"，在强化隐私保护知识普及的同时，畅通一键举 报、隐私反馈等渠道。让App在"阳光"下规范收集信息，是切实保护公民个人信息安全的必要举措，也 是推动个人信息保护走向技术向善的应有之义。 编辑：林楠特 通报提到的"未逐一列出收集使用个人信息的SDK""未提供个人信息收集使用规则"等，反映到用户 层面，其实就是公众使用App时常遇到的——软件强制收集与使用功能无关的信息、隐私协议被设 为"默认勾选"、难以找到撤回授权的通道等。此类乱象存在，一方面可能是App技术防护未能跟上，另 一方面，则是某些企业将用户数据当成了"隐形资产"，加上用户维权意识较为薄弱，客观上纵容了企业 的侥幸心理，让其愈发肆无忌惮。 个人信息安全是数字时代的"生命线"。随意收集用户位置、通信录、医疗记录等敏感信息，不仅可 能导致骚扰电话、精准诈骗等，也会让公众在未来使用App时产生不必要的困扰与焦虑。 值得关注的是，近 ...

Core Viewpoint - The ongoing governance of personal information collection by applications is highlighted, with specific issues identified in 15 apps and 16 SDKs regarding transparency and compliance with personal information protection laws [1][2][7]. Group 1: Issues Identified - 15 apps, including popular ones like Moji Weather TV version and Youdao Premium Course, failed to list the SDKs used for personal information collection and did not accurately state the purposes, methods, and scope of data collection [1][3][5]. - 16 SDKs were found to lack clear rules for personal information collection and did not respond timely to user rights requests, leading to increased risks of data misuse and compliance violations [2][6][7]. - The lack of transparency in data collection practices violates the "notice and consent" principle outlined in the Personal Information Protection Law, potentially exposing users to risks such as data theft and unauthorized sharing [7][9]. Group 2: Company Responses and Compliance - Companies like Moji Weather and Youdao have acknowledged the issues and are working towards compliance, with Moji Weather indicating that the TV version is not their main product and will undergo necessary rectifications [4][8]. - Some apps, such as Tuhu Car Maintenance, have already updated their versions to comply with the requirements, while others like Youdao Premium Course have not yet made necessary updates [8][9]. - The need for companies to enhance their understanding of legal regulations and improve compliance practices is emphasized, as non-compliance can lead to significant operational risks and reputational damage [9][10]. Group 3: Recommendations for Improvement - Companies are advised to integrate privacy design principles during the development of apps and SDKs, including data minimization and encryption [10]. - Establishing a security assessment system for SDKs and implementing dynamic permission management mechanisms are recommended to enhance data protection [10]. - Regular compliance audits and the establishment of user rights response systems are crucial for ensuring user rights are adequately protected [10].

Core Viewpoint - Recent announcement by the Central Cyberspace Administration of China (CAC) highlights that 15 apps, including popular ones like墨迹天气tv版 and 途虎养车, have been flagged for issues related to personal information collection [1][2]. Group 1: Regulatory Actions - The CAC, along with other governmental bodies, has initiated a series of special actions for personal information protection, in accordance with various laws including the Cybersecurity Law and the Personal Information Protection Law [2]. - The identified apps failed to adequately disclose the SDKs used for collecting personal information, as well as the purposes, methods, and scope of such data collection [2][3]. Group 2: Specific Apps and SDKs - A list of apps, including 烟台出行, 亲邻开门, and 学霸在线, were noted for not accurately listing the SDKs and their data collection practices [3]. - SDKs such as CTP and 金仕达 were also mentioned for not providing rules for personal information collection and failing to respond to user rights requests in a timely manner [4]. Group 3: Compliance and Rectification - The involved app and SDK operators are required to complete rectification within 15 working days from the announcement and report back to the authorities [4]. - The CAC will conduct follow-up inspections and take necessary actions based on the compliance status [4].

Group 1 - 15 apps, including Moji Weather TV version, were reported for issues related to personal information collection and usage [2][3] - Specific problems include failure to provide personal information collection rules and not responding to user complaints in a timely manner [3][4] Group 2 - Shanghai Hongqiao Airport and Beijing Capital Airport launched a trial voluntary transfer service for flights between the two airports [5] - The service is available for specific flights operated by China Eastern Airlines and Air China, allowing passengers to change flights under certain conditions [5] Group 3 - During the May Day holiday, the Yangtze River Delta railway sent over 20 million passengers, with a daily average exceeding 4 million, marking a year-on-year increase of over 10% [6] - On May 1, a record 4.268 million passengers were sent in a single day [6] Group 4 - Google announced plans to appeal against a court ruling in the U.S. Department of Justice's advertising technology case [15][16] - The company disagrees with the court's decision regarding its Google Ad Manager tool [16] Group 5 - Skechers is set to be privatized in a deal worth approximately $9.4 billion, with shareholders given options for cash or a combination of cash and equity [21] - The transaction is expected to be completed in the third quarter of this year [21] Group 6 - Li Ning has officially signed a partnership with the Chinese Olympic Committee to provide sportswear for the 2025-2028 period [19] - The partnership includes support for multiple international sporting events, including the 2028 Los Angeles Olympics [19] Group 7 - A new logistics supply chain project in Xuchang, Henan, is expected to generate an annual output value of approximately 2.5 billion yuan [22][23] - The project is a collaboration between Pang Donglai and JD Logistics, with a total investment of 1.25 billion yuan [22]

（原标题：直播顾客用餐，逾越了权利边界） 当你走进某个餐厅大快朵颐，可曾想到，自己有可能被直播？据报道，近日，有网友发帖反映，某餐饮 店在直播时拍摄到了顾客用餐的画面。网友觉得不适，表示不想再去该门店用餐。此帖发出后，引起了 公众的热议。 倘若餐厅想要毫无麻烦地直播，只有两种办法：一种是镜头远离顾客，避免将顾客纳入直播画面中，成 为直播的一部分，侵犯他人的隐私权和个人信息权利。另一种办法则是，事先告知消费者，并且征得他 们的许可。在个人信息保护法等法律中，也明确了"知情""同意"的基本原则，如果不是"为履行法定职 责或者法定义务所必需""为应对突发公共卫生事件，或者紧急情况下为保护自然人的生命健康和财产安 全所必需"等，有关主体不能擅自处理个人信息，否则就要承担不利后果。 类似餐厅直播顾客用餐现象，并非个案孤例。此前，有媒体报道过，某火锅店老板喜欢在店里做直播， 以此招揽生意，有顾客入镜直播间后，认为火锅店老板侵犯了自己的肖像权，将其告上法庭，最终获赔 500元。其实，随着直播的全民化、全域化，不仅是在餐厅，机场，医院、地铁站、火车站乃至博物 馆、图书馆等公共场所，都是一些主播经常直播和拍摄短视频的场所，常有 ...