Core Viewpoint - The Supreme People's Court has released its first set of guiding cases focused on the judicial protection of data rights, addressing key issues such as data ownership, utilization of data products, personal information protection, and the delivery of online platform accounts [1][2][3]. Group 1: Judicial Protection of Data Rights - The release of the 47th batch of guiding cases marks a significant step in the judicial protection of data rights, responding to societal concerns regarding data ownership and personal information protection [1][2]. - The guiding cases aim to unify the standards for adjudicating similar cases, thereby enhancing the legal framework surrounding data rights [3][5]. Group 2: Growth of Data-Related Cases - The number of data-related cases has significantly increased, with the number of first-instance cases in 2024 being double that of 2021, indicating a growing recognition of data rights in the legal system [3]. - Courts are applying relevant laws such as the Civil Code and the Personal Information Protection Law to effectively handle disputes involving personality rights and property rights related to data [3][5]. Group 3: Specific Guiding Cases - The six guiding cases cover various areas including unfair competition, tort liability, personal information protection, and enforcement [4]. - Case 262 involves a dispute over unfair competition due to data scraping from an online platform, affirming that platform operators can seek legal protection when their business interests are harmed [4][8]. - Case 263 clarifies that providing associated account services with user authorization does not constitute unfair competition if it does not disrupt market order [4][17]. - Case 264 establishes that data processors who collect and process enterprise data without causing harm to the enterprise's rights are not liable for tort [4][25]. - Case 265 addresses the excessive collection of personal information by an app operator, ruling that such actions can infringe on user rights if not necessary for service provision [4][36]. - Case 266 confirms that collecting personal information for credit services under a "pay later" model is necessary for fulfilling contractual obligations [4][46]. Group 4: Future Directions - The Supreme People's Court plans to strengthen the adjudication of data-related cases and further unify judicial standards to promote the compliant and efficient circulation of data, thereby enhancing the value of data elements in the digital economy [5].

Core Viewpoint - The National Cybersecurity Incident Response Center reported that 38 mobile applications were found to illegally collect and use personal information, highlighting ongoing concerns regarding data privacy and compliance with laws such as the Cybersecurity Law and the Personal Information Protection Law [1]. Group 1: Company Overview - Shanghai Yanshan Technology Co., Ltd. (formerly known as Shanghai 2345 Network Holdings Group Co., Ltd.) has undergone several name changes, with the most recent occurring in August 2023 [2]. - The company operates several well-known software products, including 2345.com, 2345 browser, and various other applications that cover both PC and mobile platforms [1]. Group 2: Regulatory Compliance - The detection of illegal data practices in 38 mobile applications was conducted by the Ministry of Public Security's Computer Information System Security Product Quality Supervision and Inspection Center, emphasizing the importance of compliance with national regulations [1]. - Specific issues identified in the 2345 browser included failure to clearly list the purposes, methods, and scope of personal information collection, as well as exceeding the scope of user authorization [1].

Core Viewpoint - The National Cybersecurity Center reported that 38 mobile applications were found to illegally collect and use personal information, violating laws such as the Cybersecurity Law and the Personal Information Protection Law [1][11]. Group 1: Violations of Personal Information Collection - Two applications failed to publicly disclose their rules for collecting and using personal information: "家政加" (5.3.5, VIVO) and "聘巢" (1.0.2, 应用宝) [1]. - Nineteen applications did not list the purposes, methods, and scope of personal information collection: "联想乐云" (6.8.20, 应用宝), "画啦啦美术课堂" (5.22.9, OPPO), "智通直聘" (11.14.0, 应用宝), among others [2]. - Four applications did not inform users of the purpose when requesting permission to collect personal information: "e家政" (4.0.10, VIVO), "in" (3.4.130, 豌豆荚), "聘巢" (1.0.2, 应用宝), and "找零工" (4.2.6, 豌豆荚) [3]. - Four applications failed to inform users of the purpose when collecting sensitive personal information: "我要聘" (1.2.10, VIVO), "闪电直聘" (3.1.0, 百度), "吉工家" (7.6.6, 百度), and "建筑招工" (7.6.5, 百度) [4]. - Three applications began collecting personal information before obtaining user consent: "秀色直播" (9.3.6, 华为), "微米浏览器" (BrowserV8.0.20250403, 百度), and "当日急聘" (7.4.4, VIVO) [5]. - Nineteen applications collected personal information beyond the scope authorized by users [6]. Group 2: Excessive Information Collection - Three applications had personal information protection policies that described the collection of information beyond what was necessary for their functions: "地铁查询宝" (1.1.7, 小米), "文件解压管家" (1.4.0, 小米), and "微车" (8.6.3, VIVO) [7]. - One application had permissions for collecting personal information that exceeded the necessary range for its functions: "爱看书免费小说" (8.2.4, 华为) [8]. - Six applications collected personal information more frequently than necessary for their functions: "豆果美食" (8.2.15.2, 华为), "百思漂流瓶" (9.13.81, 华为), "优惠券" (6.0.0, 小米), "乐播投屏" (5.11.80, 应用宝), "卡牛信用管家" (9.2.2, 应用宝), and "轻喜到家" (2.6.7, VIVO) [10]. - Two applications required users to enable permissions not needed for current functions: "同城招聘" (1.1.1, VIVO) and "找零工" (4.2.6, 豌豆荚) [12]. - One application forced users to provide unnecessary personal information: "好兔视频" (1.6.36.1, 华为) [13]. Group 3: User Rights and Options - One application did not provide users with a way to correct or supplement their personal information: "当日急聘" (7.4.4, VIVO) [14]. - One application did not offer a way for users to cancel their accounts: "找零工" (4.2.6, 豌豆荚) [15]. - Two applications set unreasonable conditions or additional requirements in the account cancellation process: "597直聘" (6.5.0, 应用宝) and "快马日结" (6.7.00, 百度) [16]. - Three applications did not provide options to exit or disable personalized display modes: "壁纸多多" (6.9.9.1, 豌豆荚), "找零工" (4.2.6, 豌豆荚), and "汇博招聘" (5.0.3, 豌豆荚) [17].

Group 1 - The article reports that 38 mobile applications, including "Jiazhengjia" and "Pinchao," have been found to illegally collect and use personal information according to the National Cybersecurity Notification Center [1] - This action is part of a broader initiative outlined in the announcement by the Central Cyberspace Administration, Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration for Market Regulation regarding personal information protection for 2025 [1]

"您的航班延误了，可以申请300元赔偿"，接到这样的电话，你会相信吗？近日，在浙江嘉兴出差的李 先生就掉进了这样一个精心设计的骗局。骗子冒充航空公司客服，不仅准确说出他的航班信息，还"热 心"指导他操作退款。结果，李先生一通操作下来，非但没拿到300元赔偿，反被转走4万多元，这到底 是怎么一回事呢？ 冒充航空公司诈骗电话：由于是我们航空公司机械故障的原因，导致航班取消了，所以我们航空公司给 每位旅客补贴了300元的延误补偿金，我协助您去领取一下这个航班延误险金。 这是一通自称航空公司客服打来的电话，正是因为听信了对方的这番说辞，李先生才掉进了骗子的陷 阱。2024年5月，正准备在第二天搭乘飞机回家的李先生突然接到了一通电话，当时电话里的客服称李 先生次日的航班因故临时取消，可以申请办理退改签业务，关键是可以额外获得补偿款300元。 这名客服提出，退改签首先需要验证个人账户是否安全。由于对方能准确说出李先生的行程及个人信 息，着急回家的他并没有多想，便按照对方的要求一步步进行了操作。 就这样，李先生反复操作了几次，但所谓的"验证"始终没有成功。随后，那名客服又再次提出，需要李 先生与航空公司的对公账户再进行一轮 ...

Core Viewpoint - The report highlights the detection of 38 mobile applications that violate personal information protection laws, indicating a significant issue in compliance with regulations such as the Cybersecurity Law and the Personal Information Protection Law [1][10]. Group 1: Violations of Personal Information Collection - Two applications failed to publicly disclose their rules for collecting and using personal information: "家政加" and "聘巢" [1]. - Nineteen applications did not list the purposes, methods, and scope of personal information collection: "联想乐云", "画啦啦美术课堂", "智通直聘", "才通直聘", "达管家", "同城招聘", "e家政", "快马日结", "2345浏览器", "微米浏览器", "淘最热点", "当日急聘", "闪电直聘", "吉工家", "建筑招工", "微车", "in", "找零工", "汇博招聘" [2]. - Four applications did not inform users of the purpose when requesting permission to collect personal information: "e家政", "in", "聘巢", "找零工" [3]. - Four applications failed to inform users of the purpose when collecting sensitive personal information: "我要聘", "闪电直聘", "吉工家", "建筑招工" [4]. - Three applications began collecting personal information before obtaining user consent: "秀色直播", "微米浏览器", "当日急聘" [5]. - Nineteen applications collected personal information beyond the scope authorized by users: "联想乐云", "画啦啦美术课堂", "达管家", "德管家", "他趣", "同城招聘", "e家政", "快马日结", "2345浏览器", "微米浏览器", "淘最热点", "当日急聘", "闪电直聘", "吉工家", "建筑招工", "微车", "in", "找零工", "汇博招聘" [6]. Group 2: Inadequate User Rights and Information - Three applications had personal information protection policies that described the need for information collection beyond necessary functions: "地铁查询宝", "文件解压管家", "微车" [6]. - One application declared the collection of personal information permissions in its configuration file that exceeded necessary functions: "爱看书免费小说" [7]. - Six applications collected personal information beyond the necessary scope of their functions: "豆果美食", "百思漂流瓶", "优惠券", "乐播投屏", "卡牛信用管家", "轻喜到家" [9]. - One application collected personal information more frequently than necessary: "家宝兔" [9]. - Two applications required users to enable permissions not needed for current functions: "同城招聘", "找零工" [9]. - One application forced users to provide unnecessary personal information: "e家政" [9]. - One application did not provide users with a way to correct or supplement their personal information: "当日急聘" [9]. - One application did not offer a way for users to cancel their accounts: "找零工" [9]. - Two applications set unreasonable conditions or additional requirements in the account cancellation process: "597直聘", "快马日结" [9]. - Three applications did not provide an option to exit or close personalized display modes: "壁纸多多", "找零工", "汇博招聘" [9].

Core Insights - A significant case of personal information leakage involving 800,000 records has been reported in Gansu Province, highlighting vulnerabilities in data protection and the rise of a "decryption intermediary" industry due to the enforcement of the Personal Information Protection Law [3][4]. Group 1: Crime Methodology - The "no inventory e-commerce" model allows merchants to sell orders to other merchants who fulfill them, creating a profit margin for the original seller. This model has been disrupted by new data protection laws, leading to the emergence of decryption intermediaries [4]. - The criminal operation involved a network where insiders from courier companies provided access to encrypted order information, which was then sold to "no inventory e-commerce" merchants, forming a complete crime chain [4][5]. - Law enforcement has arrested 18 individuals and seized over 800,000 personal records and more than 350,000 yuan in cash, indicating the scale of the operation [4]. Group 2: Industry Implications - The case illustrates a common issue in the industry where internal management failures and poor control over access rights lead to data leaks, often involving insiders [5]. - The reliance on third-party vendors in business processes increases the risk of information leakage, as smaller companies may lack the necessary technical capabilities and management structures [5]. - Experts suggest that the low technical barrier for such crimes poses significant risks, emphasizing the need for improved legal frameworks and corporate data protection measures to mitigate these vulnerabilities [5].

Core Viewpoint - The case highlights the illegal purchase of personal information by insurance companies to boost sales, leading to severe legal consequences for involved executives and a broader discussion on data privacy in the insurance industry [1][3][12]. Group 1: Case Details - Six executives from Tianan Insurance and China Life Insurance were found guilty of purchasing over 200,000 pieces of personal information to enhance their insurance sales [1][3]. - The data included sensitive information such as names, ID numbers, phone numbers, and vehicle details, sold at prices ranging from 0.7 to 0.9 yuan per entry [3][4]. - The illegal activities spanned from 2019 to 2022, with significant transactions including 90,000 entries for 90,000 yuan and 30,000 entries for 37,500 yuan [3][4][5]. Group 2: Legal Proceedings - The first-instance court ruled that the actions constituted a serious violation of personal information rights, leading to fines and penalties for the involved parties [7][9]. - The second-instance court upheld the original verdict, dismissing the defendants' claims of legality and procedural violations in evidence collection [8][9]. Group 3: Industry Implications - The case reflects a troubling trend in the insurance industry where illegal data acquisition has become a "common practice" to meet sales targets [10][12]. - Previous cases have shown a pattern of similar illegal activities within the insurance sector, indicating a systemic issue with data reliance for sales [12]. - New regulations are being introduced to enforce stricter data protection measures in the financial and insurance sectors, aiming to curb such illegal practices [13][14].

Core Viewpoint - The insurance industry is facing significant challenges regarding the protection of personal information, as recent incidents reveal that personal data is being illegally sold by insiders within insurance companies [1][2][3]. Group 1: Incident Overview - A recent criminal ruling disclosed that several employees from Tianan Property Insurance Company were involved in the illegal purchase and sale of personal information, leading to penalties for the offenders [2]. - The data sold included sensitive information such as vehicle identification numbers, ID numbers, phone numbers, names, addresses, and insurance expiration dates, highlighting the severity of the data breach [3]. Group 2: Regulatory Environment - The financial regulatory authorities are increasing scrutiny on personal information protection within the insurance sector, with new regulations set to be implemented by December 2024 [4]. - The principle of accountability for data management is emphasized, requiring insurance companies to clearly define responsibilities for data security across various business areas [4]. Group 3: Recommendations for Improvement - Insurance companies are advised to establish robust customer information security management systems in compliance with the Personal Information Protection Law, detailing responsibilities and operational norms for data handling [5]. - Collaboration among insurance companies, regulatory bodies, and law enforcement is essential to effectively protect consumer personal information and address violations [5][6].

保险业"内鬼"狂飙 监管重锤砸向数据黑产 作者：李秀梅 车险将要到期推销电话不停，只买了一份保险却收到了几十条推销短信，不用怀疑，你的个人信息被泄 露了。 8月19日，北京商报记者注意到，近期中国裁判文书网公布了一则刑事裁定书，显示杨某某、何某某、 俞某某等人为拓展保险业务，购买公民个人信息数万条，犯下侵犯公民个人信息罪。而这些个人信息， 同样来自于保险公司，一位"内鬼"倒卖。 当前，保险业数字化程度不断提升，侵害公民个人信息权益的问题也随之而来。如何保护好客户的个人 信息，是保险公司面临的新课题。 倒卖车险信息遭罚 身为保险公司部门负责人，不考虑如何扩展业务，竟动了歪心思，想通过购买客户信息"走偏门"？近期 中国裁判文书网公布的一则刑事判决书，将某保险公司多名员工侵犯保险客户个人信息的犯罪细节公布 于众。 判决书显示，杨某某为天安财险安庆中心支公司原总经理，何某某为天安财险安庆中心支公司电销部门 原负责人，俞某某为天安财险黄山中心支公司电销部门原负责人。2020年3—12月期间，杨某某为推动 电销部门工作，安排何某某通过向杨某(另案处理)转账3.75万元，两次从杨某处购买公民个人信息3万余 条。2019年3 ...