Core Viewpoint - The National Cybersecurity Center has reported that 72 mobile applications are found to be in violation of personal information protection laws, highlighting significant issues in user consent and data handling practices. Group 1: User Consent Issues - 17 mobile applications failed to clearly inform users about privacy policies and data collection practices at the first run of the app, using default consent methods instead [1] - 34 mobile applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [2] - 17 mobile applications provided personal information to third parties without user consent or proper notification [3] Group 2: Data Collection Practices - 5 mobile applications began collecting personal information without obtaining user consent first, or continued to collect data despite user refusal [4] - 9 mobile applications did not provide effective means for users to correct, delete personal information, or cancel their accounts [5] - 3 mobile applications failed to process complaints and requests for personal rights in a timely manner [6] Group 3: User Rights and Security Measures - 22 mobile applications did not offer users a straightforward way to withdraw consent for data collection [7] - 25 mobile applications lacked adequate security measures such as encryption or anonymization of personal data [8] - 1 mobile application continued to display ads after the user closed the page, disrupting normal usage [9] Group 4: Sensitive Information Handling - 4 mobile applications processed sensitive personal information without obtaining separate user consent [6] - 6 mobile applications did not have specific rules for handling personal information of minors, failing to obtain parental consent [10] Group 5: Privacy Policy Compliance - 4 mobile applications were found to have no privacy policy at all [10] - 33 out of 71 previously reported applications still exhibited issues upon re-evaluation, leading to their removal from distribution platforms [10]

Core Viewpoint - The National Cybersecurity Center has reported that 72 mobile applications are found to be in violation of personal information protection laws, highlighting significant issues in user consent and data handling practices. Group 1: User Consent and Information Collection - 17 mobile applications failed to clearly inform users about privacy policies and data collection practices at the first run, using default consent methods instead [1] - 34 mobile applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [2] - 17 mobile applications did not inform users about third-party data sharing, failing to obtain separate consent for such actions [3] - 5 mobile applications collected personal information without user consent or continued to collect data despite user refusal [4] Group 2: User Rights and Data Management - 9 mobile applications did not provide effective mechanisms for users to correct, delete personal information, or cancel their accounts [5] - 3 mobile applications failed to process complaints and requests within promised timeframes, lacking a convenient mechanism for users to exercise their rights [6] - 22 mobile applications did not offer users a straightforward way to withdraw consent for data collection [7] Group 3: Data Security and Sensitive Information - 25 mobile applications did not implement adequate security measures such as encryption or anonymization [8] - 4 mobile applications processed sensitive personal information without obtaining separate consent from users [9] - 6 mobile applications did not have specific rules for handling personal information of minors, failing to obtain parental consent [10] Group 4: Advertising and Marketing Practices - 2 mobile applications used automated decision-making for marketing without providing options for users to opt-out or reject targeted advertising [6] - 1 mobile application continued to display ads after the user closed the page, disrupting normal usage [9] Group 5: Privacy Policy Compliance - 4 mobile applications were found to have no privacy policy at all [10] - 33 out of 71 previously reported applications still exhibited issues upon re-evaluation, leading to their removal from distribution platforms [10]

Core Viewpoint - The Jiangxi Provincial People's Procuratorate emphasizes its commitment to legal supervision and the effective handling of cases to uphold judicial fairness, with a focus on public interest litigation and collaboration with various departments [1] Group 1: Public Interest Litigation - In 2025, Jiangxi plans to handle 5,553 public interest litigation cases, including 5,344 administrative and 209 civil cases [1] - The procuratorate issued 3,719 prosecutorial suggestions to encourage administrative agencies to perform their duties, achieving a 95% response and rectification rate [1] - There was a 38.9% year-on-year increase in administrative public interest lawsuits filed, totaling 75 cases, all of which received favorable judicial support [1] Group 2: Supervision in National Resources and Personal Information Protection - The Jiangxi procuratorate initiated 507 public interest litigation cases in the national financial and land sectors, marking an 85% increase year-on-year, recovering assets valued at 190 million yuan [1] - A total of 194 cases were filed concerning personal information protection, leading to the rectification of 107 companies that violated citizens' personal information security [1]

Core Viewpoint - The article discusses new regulations introduced by the China Banking Association aimed at addressing issues in the post-loan collection process for personal consumer loans, particularly focusing on the prohibition of harassment during debt collection [3][4]. Group 1: Regulatory Overview - The new guidelines, titled "Guidelines for Financial Institutions' Personal Consumer Loan Collection Work (Trial)," set specific rules for collection practices, including a ban on collection calls from 10 PM to 8 AM and limiting the number of calls to a debtor to no more than six times per day [3][5]. - The guidelines consist of seven chapters and fifty-four articles, focusing on self-regulation within the industry, defining collection behaviors, and establishing norms for external collection agencies [4][5]. Group 2: Collection Behavior Standards - The guidelines emphasize that collection activities must be conducted within reasonable limits, with specific restrictions on the frequency and timing of calls, reiterating previous standards set in 2021 and 2025 [5][6]. - The document outlines that collection actions should be respectful and confidential, adhering to national regulations on personal information protection [7][8]. Group 3: Prohibited Practices - Eight major prohibited practices are outlined, including impersonating government officials, using threats or intimidation, and unauthorized entry into private spaces for collection purposes [9][10]. - The guidelines also prohibit external collection agencies from subcontracting collection tasks without the consent of the lending institution [10].

智通财经记者 | 张倩楠 智通财经编辑 | 刘海川 2026年1月22日，最高人民检察院发布了一批个人信息保护检察公益诉讼典型案例。其中一起涉及部分 物业及房地产企业在人脸识别技术运用过程中存在个人信息泄露安全隐患的问题。 案例显示，重庆某科技有限公司的物业管理居住场所涉及人脸信息储备数量高达150万条，存在10个以 上风险问题；重庆某生活服务有限公司管理涉及13个小区，小区进出设备主要以人脸识别为主，存在4 个风险问题；重庆某置业有限公司在人脸识别技术使用过程中存在6个风险问题。 智通财经注意到，风险隐患主要为：采集的人脸信息通过互联网传输，采集14岁以下未成年人信息时未 取得监护人同意，人脸信息等个人敏感信息未进行本地化存储，对人脸信息处理未采取数据脱敏、加密 存储，未对敏感数据进行加密传输，隐私协议未明确告知处理者处理目的、保存期限等，未与第三方数 据处理者签署安全协议等普遍性问题。 值得注意的是，业主具有对个人信息处理的决定权，有权拒绝录入人脸信息。然而，物业公司将人脸识 别作为出入小区的唯一验证方式的案例屡见不鲜。 当"刷脸进门"已成常态，人脸信息泄露可能导致连锁风险。北京理工大学智能科技法律研究中 ...

Core Insights - Ping An Good Doctor has become the first company in the medical health industry to receive national-level personal information protection certification from the Central Cyberspace Administration of China [1] - The certification aims to standardize personal information processing activities and enhance data security in the healthcare sector [1] Group 1: Certification and Standards - The personal information protection certification is a national standard certification system jointly promoted by the State Administration for Market Regulation and the National Cyberspace Administration since 2022 [1] - The company’s personal information protection capabilities have been confirmed to fully comply with the national standard GB/T35273-2020, indicating its leading position in personal information protection in China [1] Group 2: Future Commitment and Industry Impact - The company plans to continue prioritizing data security and personal information protection as medical insurance and commercial insurance gradually integrate and medical AI develops rapidly [1] - The company aims to enhance its ESG development philosophy, improve personal information protection mechanisms, and strengthen overall data security capabilities to provide high-quality, efficient, and reliable healthcare services [1]

Group 1 - The core issue revolves around a class-action lawsuit against Apple regarding Siri's alleged unauthorized recording of conversations, with a settlement approved by a California court [1][2] - Affected users who purchased Siri-enabled devices between September 17, 2014, and December 31, 2024, can claim compensation, with a maximum of five devices per user [1] - Initial compensation estimates were $20 per device, with a maximum payout of $100 per individual, but actual payouts are approximately $8.02 per device and a maximum of $40.1 per individual [1] Group 2 - Apple proposed a settlement amounting to $95 million (approximately 695 million RMB) to resolve the lawsuit without admitting to the allegations of personal information collection [2]

近日，平安健康互联网股份有限公司（股票简称"平安好医生"，1833.HK，以下简称"平安健康"或"公 司"）率先通过中央网信办个人信息保护认证，成为全国首批、医疗健康行业首家获得此国家级认证的 企业，标志着其用户个人信息保护能力达到国内领先水平，更是其发展医险协同及企业健管业务的安全 基石。 据悉，个人信息保护认证是国家市场监督管理总局会同国家网信办自2022年起联合推行的国家标准认证 制度，旨在通过认证规范个人信息处理活动，提升个人信息保护水平，加强网络数据安全保护。在历经 涵盖140多项认证标准和规范的落实情况的严格审查后，平安健康个人信息保护能力被专业机构确认已 完全符合GB/T 35273-2020《信息安全技术个人信息安全规范》国家标准要求。 在数字化与医疗健康深度融合的背景下，平安健康以"系统性构建可持续发展生态（Comprehensive Sustainability）""先进科技赋能（Advanced Technology Empowerment）""数据安全基石（Robust Information Security Protection）"和"普惠医疗与社会责任担当（Extensive S ...

Core Viewpoint - Ping An Good Doctor (1833.HK) has become the first company in the medical and health industry to obtain national-level personal information protection certification in China, highlighting its commitment to data security and privacy protection [2]. Group 1: Certification and Standards - The personal information protection certification is a national standard certification system jointly promoted by the State Administration for Market Regulation and the National Internet Information Office since 2022, aimed at regulating personal information processing activities and enhancing data security [2]. - The certification reflects the company's leading position in personal information protection, demonstrating its institutional framework, technical capabilities, and ongoing management standards [2]. Group 2: Industry Implications - The handling of medical health data involves sensitive personal privacy, and the legality and security of related information processing activities are crucial for public trust and industry reputation [2]. - As medical insurance and commercial insurance gradually integrate and medical AI develops rapidly, the company will continue to prioritize data security and personal information protection [2]. Group 3: ESG Commitment - The certification serves as a strong endorsement of the company's commitment to the ESG sustainable development philosophy, emphasizing "technology for good and a caring heart" [2]. - The company aims to enhance its personal information protection mechanisms and overall data security capabilities while providing high-quality, efficient, and reliable medical health and elderly care services [2].

Core Insights - Ping An Good Doctor has become the first company in the healthcare sector to obtain national-level personal information protection certification, indicating its leading capability in user data protection [1][3] Group 1: Certification and Standards - The personal information protection certification is a national standard initiated by the State Administration for Market Regulation and the National Internet Information Office, aimed at enhancing personal data protection and network data security [3] - The certification process involved a rigorous review of over 140 standards and regulations, confirming that Ping An Good Doctor meets the GB/T 35273-2020 national standard for personal information security [3] Group 2: Commitment to Data Security - As a pioneer in the internet healthcare sector, Ping An Good Doctor prioritizes user data security as a vital aspect of its business development, recognizing the sensitivity of healthcare data and its impact on public trust and industry reputation [3] - The company has received multiple authoritative certifications in data security, including ISO 27001, ISO 27701, and ISO 27799, ensuring effective protection of data security and user privacy across all business areas [4] Group 3: Future Directions - Moving forward, with the integration of medical insurance and commercial insurance and the rapid development of medical AI, Ping An Good Doctor will continue to emphasize data security and personal information protection [5] - The company aims to enhance its personal information protection mechanisms and overall data security capabilities, contributing to the compliance, safety, and sustainable development of the healthcare industry [5]