Core Viewpoint - The Ministry of Industry and Information Technology (MIIT) has released a notice regarding the infringement of user rights by certain apps and SDKs, highlighting the ongoing efforts to protect personal information in compliance with relevant laws and regulations [1] Group 1: Regulatory Actions - The MIIT's notice is part of a broader initiative launched by four government departments, including the Central Cyberspace Administration, to conduct a special action series for personal information protection in 2025 [1] - The notice cites violations of the Personal Information Protection Law, Cybersecurity Law, Telecommunications Regulations, and the Regulations on the Protection of Personal Information of Telecommunications and Internet Users [1] Group 2: Findings and Compliance - A recent inspection by third-party testing agencies identified 23 apps and SDKs that were found to infringe on user rights, including specific versions of Multi-Screen Interaction and Flower Diary, which were noted for excessive and inappropriate data collection practices [1] - The MIIT has mandated that the identified apps and SDKs must rectify their issues in accordance with the regulations, with potential legal actions for non-compliance [1]

新京报贝壳财经讯 8月4日，据工信微报消息，根据中央网信办、工业和信息化部、公安部、市场监管总局等四部门联合发布的《关于开展 2025年个人信息保护系列专项行动的公告》，依据《个人信息保护法》《网络安全法》《电信条例》《电信和互联网用户个人信息保护规定》 等法律法规，我部对APP、SDK违法违规收集使用个人信息等问题开展治理。近期，经组织第三方检测机构进行抽查，共发现23款APP及SDK 存在侵害用户权益行为（详见附件），现予以通报。 | | DUN | 什仅有限公司 | | | 日心图片 儿/五大内 | | --- | --- | --- | --- | --- | --- | | | | | | | SDK 信息公示不到位 | | | | | | | 超范围收集个人信息 | | | | | | | 强制用户使用定向推 | | | 果玩游戏联 | 山东新岱宗网络 | | | 送功能 | | 19 | 运 SDK | 文化有限公司 | 官网 | 4.6.6 | 强制、频繁、过度索 | | | | | | | 取权限 | | | | | | | SDK 信息公示不到位 | | | | | | | 超范围收集个人 ...

中国网络空间安全协会：5款App完成个人信息收集使用优化改进 智通财经8月4日电，中国网络空间安全协会8月4日发布公告称，为规范App收集使用个人信息行为，保 护个人信息权益，中国网络空间安全协会组织指导邮件快件寄递、二手车交易、旅游服务等3类5款App 运营方，对照《中华人民共和国网络安全法》等法律法规，重点针对超范围收集个人信息、过度调用敏 感权限、权限设置和账号注销不便等个人信息收集使用问题完成了优化改进。5款App运营方已在应用 商店或者官网上架优化改进版本，并承诺升级版本持续保持合规水平。 ...

Core Viewpoint - The conference highlighted the importance of personal information security in the AI era, emphasizing the role of domestic tools like Quark AI in protecting privacy and preventing risks [1][3]. Group 1: Personal Information Security Challenges - The current AI era presents severe challenges for personal information protection, including data breaches and the intelligent upgrading of fraud methods [3]. - The use of domestic systems and software is emphasized as a crucial path to building a security defense [3]. Group 2: Quark AI Applications - Quark AI's high school entrance examination product has served over 160 million users, providing deep search, intelligent selection of subjects, and reports, ensuring data autonomy and compliance with legal frameworks [3][4]. - Quark AI camera innovatively prevents online fraud through multi-modal recognition technology, allowing users to quickly identify suspicious links and images without direct interaction [4]. Group 3: Collaborative Governance and User Responsibility - The need for collaboration among government, enterprises, and social organizations to build a governance system is stressed, with citizens encouraged to choose reliable domestic tools as the first line of defense for personal information protection [4]. - Domestic platforms like Quark adhere to national regulations in data storage and algorithm design, empowering users to take control of their information security [4].

Core Viewpoint - The article highlights the increasing issue of unsolicited insurance sales calls and marketing messages affecting individuals' daily lives, raising concerns about potential personal information leaks and privacy violations by insurance intermediaries [1][2][4]. Group 1: Impact on Consumers - Many users report receiving frequent insurance sales calls, especially when their insurance policies are nearing renewal, leading to frustration and confusion about how their personal information is being accessed [2][4]. - Users express concerns over the accuracy of the personal information used by sales agents, noting instances where agents possess detailed personal data despite the users never having purchased insurance from them [2][4]. Group 2: Privacy Policies and Information Collection - Investigations reveal that some insurance intermediaries, such as "Toubao Paipai," include clauses in their user agreements that allow extensive collection of personal information, including browsing history, under the guise of marketing preferences [5][9]. - The privacy policies of these intermediaries often obscure the extent of information collection, leading users to unknowingly consent to the sharing of their data with third parties for marketing purposes [5][8]. Group 3: Legal and Regulatory Concerns - Legal experts argue that the practices of these insurance intermediaries may violate consumer privacy rights, as users often do not fully understand the implications of the lengthy and complex user agreements they consent to [8][12]. - Regulatory bodies have been actively addressing the issue of personal information misuse in the financial sector, identifying problems such as forced consent and excessive data collection practices among insurance companies [11][12].

Core Viewpoint - The article discusses the unethical practices of AdventureX, particularly focusing on the sale of participant information and the lack of respect for privacy and legal standards [10][30][32]. Group 1: Unethical Practices - Selling participant information was a common practice at AdventureX, with the organization openly admitting to "selling user privacy" as a commercial achievement [10]. - The "Dreamer Database," which contains sensitive personal information, was sold to sponsors for thousands of dollars, violating personal information protection laws [30][32]. - The organization allegedly failed to obtain proper consent for processing sensitive information, which is a requirement under the Personal Information Protection Law [33][36]. Group 2: Legal Violations - The actions of AdventureX are said to constitute "infringement of citizens' personal information rights," as they did not follow legal protocols for data handling [32][39]. - The organization is accused of illegally cross-border data sharing without obtaining necessary approvals, violating national data security regulations [38][41]. - There are claims of excessive collection of personal information, which contradicts the initial purpose for which participants provided their data [42][44]. Group 3: Accountability and Transparency - The article calls for AdventureX to publicly disclose financial records, including sponsorship amounts and expenditures, to ensure transparency [47]. - It questions the organization's claim of being a non-profit or public service entity, demanding clarification on its legal status and financial practices [48][50]. - The author urges AdventureX to provide a list of database buyers and ensure that data usage complies with legal agreements [51][52].

Core Viewpoint - The issue of student information leakage is widespread across China, significantly affecting the normal lives of parents and students, and damaging the healthy ecology of the education industry [1][2]. Information Leakage Investigation - A survey revealed that parents, particularly those of middle school students, are receiving numerous harassment calls, with some reporting up to 20 calls in a single day due to leaked information [2]. - The investigation uncovered a black market for selling parents' information on social media platforms, indicating a systemic issue [2][5]. Legal Framework - The actions of educational institutions that collect and misuse personal information violate the Civil Code of the People's Republic of China, which protects individual privacy rights [2][3]. - The Personal Information Protection Law mandates that personal information must be collected lawfully and not excessively, with penalties for violations [3]. - Criminal liability may arise under Article 253 of the Criminal Law if institutions illegally obtain or sell personal information, leading to severe consequences [3]. Regulatory Actions - Authorities have urged schools in Guangzhou to conduct thorough checks on their information collection practices to ensure compliance with personal information protection laws [4]. - Platforms are enhancing their methods to identify and manage illegal content related to personal information sales [5]. Recommendations for Improvement - Experts suggest establishing a rapid reporting channel for educational harassment information and conducting special inspections of educational applications [6]. - There is a call for stronger source control by educational departments and regular internal audits to prevent information leaks [6][7]. Industry Accountability - The establishment of an industry blacklist and credit punishment mechanism is deemed necessary to deter the misuse of personal information by educational institutions [8]. - A combination of legal penalties and a public blacklist could create a comprehensive governance system that discourages violations and promotes compliance [8][9].

Group 1 - The Beijing Municipal Cyberspace Administration, in collaboration with various departments, is enhancing mechanisms to govern the illegal collection and use of personal information across multiple sectors [1] - The special governance focuses on the collection and use of facial recognition information in public places and personal information in offline consumption scenarios [1] - The governance scope includes industries such as transportation, accommodation and tourism, education and training, culture and sports, logistics and commerce, leisure and entertainment, automated vending, transportation services, retail payment, property management, and express delivery [1]

Core Viewpoint - The article highlights the detection of 33 mobile applications that violate personal information protection laws, as mandated by various Chinese regulations, including the Cybersecurity Law and the Personal Information Protection Law [1][2][3]. Summary by Categories Non-compliance with Information Collection Rules - One mobile application, "比陌" (1.1.2, Baidu Mobile Assistant), failed to publicly disclose its rules for collecting and using personal information [1]. - Fourteen applications did not list the purposes, methods, and scope of personal information collection, including "映客直播" (9.7.25, Huawei App Market) and "悦享家生活" (9.7.1, Huawei App Market) [2]. Lack of User Notification - One application, "即陌" (1.0.12.2, 豌豆荚), did not inform users of the purpose when requesting permissions to collect personal information [3]. - Another application, "Nico" (8.32.2, VIVO App Store), failed to notify users of the purpose when collecting sensitive personal information [4]. Unauthorized Information Collection - Three applications, including "零售云" (8.32.0, VIVO App Store), began collecting personal information before obtaining user consent [5]. - Fourteen applications, such as "宝宝树孕育" (9.91.2, Huawei App Market) and "花生日记" (6.3.0, Xiaomi App Store), collected personal information beyond the scope authorized by users [6]. Excessive Permissions and Information Collection - Three applications, including "宝宝树孕育" (9.91.2, Huawei App Market), had permissions to collect personal information that exceeded necessary functional requirements [7]. - Fourteen applications, such as "得间免费小说" (5.4.2.1, Huawei App Market) and "映客直播" (9.7.25, Huawei App Market), collected personal information more frequently than necessary [8]. Misleading Advertising Practices - Three applications, including "随手电筒" (7.0.3, 应用宝), were found to engage in misleading or deceptive advertising practices [9]. Follow-up on Previous Violations - Eight applications from a previous report were found to still have issues and have been removed from relevant distribution platforms [10].

Core Viewpoint - The release of the "Guidelines for Safe Triggering of Shake Advertising" aims to standardize practices in the industry to address the issue of unintended ad redirection caused by shake advertising, ensuring user autonomy and protection of personal information [1][2][5]. Group 1: Guidelines Overview - The "Guidelines" specify that app and SDK operators must provide easy options for users to disable shake advertising and set reasonable triggering thresholds to protect user choice [1][5]. - The guidelines are based on legal and policy standards, emphasizing the need for transparency, user autonomy, and personal information protection [2][5]. Group 2: Technical Requirements - The guidelines require that third-party SDK operators must clearly indicate the actions needed to trigger ads and provide a prominent option to close ads [6][7]. - Specific parameters for triggering sensitivity are suggested, such as an acceleration threshold of no less than 15 m/s² and a minimum operation time of 3 seconds [6][7]. Group 3: Industry Response - Several apps, including Tencent Video, Didi, and Bilibili, have already implemented features allowing users to easily enable or disable shake advertising [10][12]. - The guidelines are part of a broader initiative by regulatory bodies to address user rights and improve the advertising experience, following previous complaints and legal actions against misleading ad practices [8][10].