Core Insights - The investigation reveals that despite e-commerce platforms implementing privacy measures, there are numerous intermediaries offering "decryption" services for personal information at a low cost, indicating a significant gap in personal data protection [1] Group 1: Causes of Personal Information Leakage - The primary reason for personal information leakage is the existence of a substantial marketing profit chain that relies on personal data, with underground markets for personal information trading remaining active [2] - Weak regulatory oversight in the multiple stages of personal information handling during online shopping contributes to the leakage, as data may have been exposed before encryption measures were implemented [2] - Incomplete legislation and management loopholes in internet platform real-name authentication are major factors leading to ongoing personal information leaks [2] Group 2: Recommendations for Improvement - It is essential to identify the channels through which personal information is leaked, whether through technical means or internal breaches, and to enhance regulatory oversight accordingly [3] - Regulatory bodies should increase compliance monitoring of personal information usage by logistics and courier companies, which typically do not need to retain extensive user data [3] - There should be an increase in administrative penalties for violations of personal information rights, including warnings, detention, or fines, and a clear definition of civil liabilities for offenders to enhance the cost of violations [3]

Core Viewpoint - The case highlights the importance of personal information protection in China, emphasizing that companies must adhere to legal standards when handling employee personal data [1][2][3] Group 1: Legal Framework - The implementation of the Personal Information Protection Law and the Civil Code has established a legal framework for personal information protection in China [1] - The Civil Code specifies that individuals have the right to privacy, and any organization or individual must not infringe upon this right through various means [2] - Personal information is defined broadly, including names, identification numbers, addresses, and other sensitive data that must be protected [2] Group 2: Case Details - The case involved a company that publicly posted an employee's personal information, including their ID number and address, which was deemed an infringement of privacy rights [1][2] - The employee, Zheng, sought a public apology and compensation for emotional distress due to the unauthorized disclosure of personal information [1][3] Group 3: Court Ruling - The court ruled that the company exceeded the necessary limits in using Zheng's personal information, constituting an infringement and requiring the company to issue a public apology [2][3] - The court did not support Zheng's claim for emotional distress compensation, citing the short duration and limited impact of the infringement [3] Group 4: Legal Guidance - Companies must follow the principles of legality, necessity, and appropriateness when handling personal information, ensuring minimal impact on individual rights [4] - It is advised that companies communicate sensitive information directly to employees and protect personal data from public disclosure [4] - Negative evaluations of employees should be factual and not harm their future employment opportunities, as this could lead to further legal issues [4]

个人信息安全与隐私保护无小事。因此，欲破此局，需从企业责任、监管框架到用户赋权三端共同发 力，构建刚柔并济的治理体系。 首先，APP运营者必须抛弃"能收则收"的原始冲动，将个人信息保护由合规负担转化为核心责任。企业 应主动关注监管动态，摸清行业合规边界，尤其处理大量或敏感信息时，技术防护（如加密存储、内外 网隔离）应成标配而非点缀。须知，用户信任乃数字时代最珍贵的信任货币，若隐私协议沦为"阅读理 解题"，技术防护形同虚设，那么用户每一次被迫勾选，都在无声侵蚀企业赖以生存的根基。 其次，监管之手需更精细有力。可借鉴《自然人网店管理规范》中"分类施策"的智慧，对APP进行分级 分类管理：为不同业务场景及体量的应用量身定制规则，避免"一刀切"窒息创新。同时强化"负面清 单"思维，严打默认勾选、捆绑同意等"擦边球"行为，压实平台主体责任，让违规者付出代价。柔性监 管亦不可缺——如设立整改缓冲期，以差异化激励替代单纯处罚，在规范与活力间寻得平衡。 近日，国家网络与信息安全信息通报中心通报了65款存在违法违规收集使用个人信息情况的移动应用 （APP），涉及未显著告知隐私政策、未经用户同意向第三方共享数据、未提供有效注销功 ...

Core Points - The Supreme People's Court of China has ruled that network service providers must bear liability for excessive collection of personal information from consumers [1][2] - The case involved a dictionary app that forced users to agree to a privacy policy without proper consent, leading to a violation of personal information rights [1][2] Group 1: Legal Implications - The court found that the app's automatic selection of the consent option without user knowledge violated the requirement for informed consent [2] - The app's refusal to provide services if users declined to agree to the privacy policy was deemed a denial of basic service [2] - The company was ordered to delete the collected personal information and apologize to the user, as well as compensate for reasonable legal expenses [2] Group 2: Company Behavior - The company had previously modified its privacy policy during the litigation process to include a feature for users to withdraw consent [2] - The case highlights the importance of compliance with personal information protection laws, specifically Articles 15 and 16 [2]

"我们点击进入这个医院的应用程序，在没有任何授权的情况下，后台已经收集了用户的个人信息，比 如安卓ID、应用列表、外部存储文件等，这属于典型的违规行为。"日前，北京市互联网信息办公室网 络安全协调处孟翔边演示边向记者介绍。 针对移动互联网应用程序在使用过程中侵害用户个人信息权益等问题，近期，北京市互联网信息办公室 联合市场监管、公安、政数、通管，以及教育、住建、交通、商务、文旅、卫健、体育等行业主管部 门，聚焦11个民生消费领域应用程序，开展数据安全和个人信息保护专项整治，包含智慧停车、线上点 餐、运动健身、酒店住宿、线上诊疗、少儿培训、房产中介、租借充电宝、生活服务（洗衣、理发）、 电影购票、网上加油等，覆盖北京市各类经营主体（服务商）5万余家。 检测人员随机抽取了197款应用程序进行远程技术检测，发现并督导整改问题388个。其中，未公开收集 使用规则、未征得用户同意收集个人信息、传输通道认证授权机制不完善、未提供账号注销功能等问题 较为集中。 演示 通过小程序获取个人信息 未经用户同意收集个人信息，是北京市互联网信息办公室在近期数据安全和个人信息保护专项整治中， 检测发现的较为突出的问题。 成效 发现并督 ...

Core Viewpoint - The frequent violations of personal information collection by mobile applications highlight a persistent issue in the industry, necessitating a multi-faceted approach to address the privacy dilemma [1][4][7]. Group 1: Violations and Regulatory Actions - The National Cybersecurity and Information Security Information Notification Center reported 65 mobile applications for illegal collection and use of personal information, marking the second large-scale naming this year [1]. - In April, the National Computer Virus Emergency Response Center had already reported 13 applications for similar violations across various sectors, including food delivery, finance, and social media [1]. - In 2024, the Ministry of Industry and Information Technology reported 50 applications with user rights violations, with 27 of them exhibiting forced, frequent, and excessive permission requests [2]. Group 2: User Behavior and Awareness - A significant number of users, approximately 77.8%, rarely or never read privacy agreements when installing applications, and 69.69% ignore updates to these agreements [3]. - Users often feel compelled to agree to privacy policies to access essential app functions, leading to a compromise of their personal information [2]. Group 3: Legal Framework and Compliance Challenges - A comprehensive legal framework exists, including the Cybersecurity Law, Data Security Law, and Personal Information Protection Law, aimed at regulating personal information handling [4]. - Despite the established regulations, the persistent non-compliance by mobile applications is attributed to the technical complexity of apps, the hidden nature of data collection, and users' lack of awareness [4][5]. Group 4: Recommendations for Improvement - Experts suggest a collaborative governance approach involving regulatory frameworks, corporate compliance, and technological safeguards to enhance personal data protection [7]. - It is recommended that app operators stay informed about regulatory disclosures and adhere to compliance standards, especially when handling large volumes of personal or sensitive information [7]. - Users should be vigilant about privacy policy compliance indicators, such as the presence of consent pop-ups and the clarity of information presented [8].

输入一段你想要的问题，生成式人工智能就可以根据你的需求从海量的数据中检索分析生成你想要的文字、图像甚至视频，在方便快捷的同时，其潜在的个 人信息泄露风险也引发担忧。 如何在生成式人工智能时代筑牢个人信息安全防线？在这两天举行的2025年中国网络文明大会各分论坛上，与会嘉宾围绕这一焦点议题展开深入探讨。 中国科学技术大学网络空间安全学院执行院长 俞能海：生成式人工智能技术，说到底它是基于数据的。现在的问题是我们的数据本身，现在各种大模型它 都是要有数据、语料进来，这些语料从个人信息保护角度，哪些语料给、哪些语料不给，源头数据怎么管控，尤其在个人信息保护中间起的作用非常大。 与此同时，基于强大的数据搜集和逻辑能力，人工智能可以综合公开数据、个人数据，结合行为分析挖掘出更深层的数据。 中国科学技术大学网络空间安全学院执行院长 俞能海：信息化给我们带来非常好的一面，但确确实实也给我们留下了新的问题。你只要用了系统，一定会 留痕，自己很多的信息，可能是敏感信息，你自己认为已经把它去掉了，但是通过整合、信息关联，可能在输出的点，它会就被泄露出来。 针对深度伪造技术 发展主动防御技术 如何在保护数据安全和推动人工智能发展中 ...

中经记者 郑瑜 北京报道 随着《个人信息保护法》实施进入第四个年头，金融领域作为数据密集型行业，数据合规责任持续压 实。 国家计算机病毒应急处理中心近期发布通报，依据《网络安全法》《个人信息保护法》等法律法规，按 照《中央网信办、工业和信息化部、公安部、市场监管总局关于开展2025年个人信息保护系列专项行动 的公告》要求，检测到63款移动应用存在违法违规收集使用个人信息情况，其中也包括金融类APP。 同期，中国人民银行（以下简称"央行"）分支机构也公布了关于一家消费金融公司和一家小额贷款公司 的行政处罚，违规原因都涉及违反信用信息采集、提供、查询相关管理规定。 这也暴露出业务扩张和客群快速变化之下，一些金融机构在加强对信息授权的风险认知与保护措施方面 的薄弱环节。有律师向记者表示，从"最小必要"原则出发，机构要获得业务必要的个人信息授权并不困 难，真正的挑战是，机构如何压制更希望获得"额外的、非必要的"信息和数据的冲动。 信息保护承压 近期，央行湖北省分行公布了湖北消费金融股份有限公司（以下简称"湖北消金"）的行政处罚，公示表 显示，湖北消金违反信用信息采集、提供、查询相关管理规定。 该负责人同时表示，若金融 ...

Group 1 - The China Securities Regulatory Commission (CSRC) has requested Nanhua Futures (603093.SH) to provide supplementary explanations regarding its overseas business operations and compliance status, as well as the regulatory procedures for using the raised funds to supplement the capital of its overseas subsidiaries [1][2] - Nanhua Futures has submitted its application to the Hong Kong Stock Exchange for a main board listing, with CITIC Securities acting as its sole sponsor [1] - According to a report by Frost & Sullivan, Nanhua Futures ranks 8th among all futures companies in China by total revenue in 2023, and it ranks 1st among all non-financial institution-related futures companies [2] Group 2 - The CSRC has asked for clarification on whether the company's and its subsidiaries' business scope involves areas covered by the "Negative List of Foreign Investment Access (2024 Edition)" and whether they comply with foreign investment access policies before and after the listing [2] - The company is focused on providing comprehensive and customized derivatives and risk management services to industrial clients, financial institutions, and individual investors, while also aiming to offer diversified wealth management services to both domestic and overseas investors [2] - Nanhua Futures ranks 1st among all futures companies in China in terms of overseas revenue for 2023 [2]

Core Points - The Ministry of Public Security and other departments have released the "National Network Identity Authentication Public Service Management Measures," effective from July 15, 2025, allowing individuals to voluntarily apply for a network number and certificate using valid identification [1][14]. - The new system reduces the risk of personal information exposure by allowing users to authenticate their identity without revealing sensitive information like their ID number, only providing a verification of "yes" or "no" to platforms [1][3]. - The initiative aims to combat issues related to personal information theft and fraud, particularly in the context of rampant telecom scams [3][12]. Summary by Sections National Network Identity Authentication Service - The service consists of a network number (a unique identifier without personal information) and a network certificate (which carries non-explicit identity information) [5][11]. - Users can apply for these services through the "National Network Identity Authentication" app, which requires identity verification via NFC and facial recognition [6][10]. Implementation and Adoption - Over 400 applications, including major platforms like WeChat, Taobao, and Baidu, have integrated this service, allowing users to register accounts and verify identities without exposing personal information [11][12]. - The app has been downloaded 16 million times, with 8 million network numbers and certificates issued, and 12 million authentication services provided [10][11]. Benefits and Use Cases - The service is being utilized in various sectors, including government services, education, and tourism, to enhance user experience and reduce the need for physical identity verification [12][13]. - It helps mitigate risks of identity fraud in sensitive areas like finance and cultural tourism, where accurate identity verification is crucial [12][13]. Future Prospects - The management measures are expected to expand the service's application across more scenarios, including traffic management apps [13][14]. - The initiative is designed to be free for the public and businesses, focusing on protecting personal information and facilitating convenience [14].