Core Points - The Ministry of Industry and Information Technology of China is soliciting opinions on the draft mandatory national standard for "Safety Technical Requirements for Children's Watches" [1][2] - The standard addresses various aspects including battery safety, network security, prevention of internet addiction, and payment control [1] - The definition of children's watches includes those designed for children aged 3 to 14 years, with smart features such as communication and location tracking [1] Summary by Categories Information Security - The standard specifies six aspects to ensure product safety, requiring watches to have security management mechanisms for applications or installation programs to prevent malicious software [1][2] Data Security and Personal Information Protection - Eight aspects are outlined to ensure data security, including the need for dedicated rules for processing children's personal information and restrictions on default access to microphone, camera, and location services [1][2] Content Security - Ten aspects are proposed to ensure content safety, including the establishment of a dedicated content pool for children and the prohibition of pre-installed generative voice Q&A applications [2] Biometric Recognition - The standard includes provisions for biometric recognition, allowing registered users to deactivate this feature and requiring watches to have detection capabilities for anti-spoofing attacks [2]

Core Points - The article discusses the legal implications of personal information protection in the context of digital transactions, highlighting a case where a consumer's information was allegedly shared without consent [1][2][3] - The Beijing Internet Court ruled that the collection of transaction information by a WeChat mini-program without explicit consent constitutes a violation of personal information rights [2] Group 1: Legal Framework - According to China's Personal Information Protection Law, personal information processors must obtain consent from individuals before processing their data, or it must be necessary for the performance of a contract [2] - The court found that the WeChat mini-program did not clearly inform consumers about the collection of their transaction data in its user agreement or privacy policy [2] Group 2: Case Details - The consumer, Mr. Ma, argued that his offline shopping information was unlawfully obtained by the WeChat mini-program, leading to a lawsuit for an apology [1] - The court determined that the transaction details, such as store location and payment amount, are considered personal information and that the mini-program's data collection was not essential for the payment process [2] Group 3: Industry Implications - The Beijing Internet Court has seen a wide range of cases related to personal information protection across various sectors, including social media, e-commerce, and financial services [3] - The court emphasized the importance of public awareness regarding personal information protection and advised consumers to be cautious about sharing their data [3]

Core Viewpoint - iQIYI is facing scrutiny for allegedly violating personal information protection laws, prompting the company to initiate an internal investigation and commit to compliance updates [1][2]. Group 1: Company Response - iQIYI acknowledged the report from the National Computer Virus Emergency Response Center regarding issues with personal information collection in its application version X9M_m1e_17.0.0.20221018, which was developed by a partner [1]. - The company is actively collaborating with its partner to rectify the identified issues and plans to release a compliant version of the application [1]. Group 2: Legal Context - According to the Personal Information Protection Law, personal information processors must obtain consent from individuals before processing their data, and such consent must be informed and voluntary [2]. - The law stipulates that if individual consent is required, it should be obtained in a clear and explicit manner [2]. Group 3: Financial Performance - iQIYI reported a revenue of 29.23 billion yuan for the previous year, reflecting an 8% year-on-year decline [2]. - The company's net profit attributable to the company under non-GAAP standards was 1.51 billion yuan, down 47% year-on-year [2]. - Membership revenue for the year was approximately 17.76 billion yuan, representing a 13% decrease compared to the previous year [2].

Core Viewpoint - iQIYI has acknowledged issues related to personal information collection and usage in its application, and is taking steps to rectify these problems in collaboration with its partners [1][2]. Group 1: Company Response - iQIYI has initiated an internal investigation following the report from the National Computer Virus Emergency Response Center regarding its application version X9M_m1e_17.0.0.20221018 [1]. - The company emphasizes its commitment to personal information protection and plans to release a compliant version of the application [1]. Group 2: Regulatory Context - The National Cybersecurity and Information Security Information Notification Center reported that 65 mobile applications, including iQIYI's, were found to be in violation of personal information protection laws [2]. - The report is part of a broader initiative under the 2025 personal information protection action plan mandated by various regulatory bodies [2]. Group 3: Specific Violations Identified - iQIYI's application was flagged for five specific violations, including failure to inform users about third-party data sharing and not providing adequate options for users to manage their personal information [3]. - Other issues included delays in processing user requests for data correction or deletion, lack of mechanisms for users to withdraw consent for data collection, and inadequate options for users to refuse automated marketing [3].

Core Viewpoint - iQIYI has responded to concerns regarding personal information collection issues identified in a report by the National Computer Virus Emergency Response Center, emphasizing its commitment to user data protection and compliance [1] Group 1: Company Response - The company has initiated an internal investigation following the report's findings about its application version X9M_m1e_17.0.0.20221018, which was launched in October 2022 [1] - iQIYI clarified that the problematic version was developed and provided by a partner for a specific brand's in-car application [1] - The company is actively working with its partner to address the reported issues and plans to release a compliant updated version of the application [1] Group 2: Commitment to Data Protection - iQIYI reiterated its commitment to fulfilling its responsibilities regarding personal information protection and aims to provide safe and high-quality services to its users [1]

工业和信息化部此前发布的《工业和信息化部关于进一步提升移动互联网应用服务能力的通知》要 求，从事个人信息处理活动，应具有明确合理的目的，不得仅以服务体验、产品研发、算法推荐、风险 控制等为由，强制要求用户同意超范围或者与服务场景无关的个人信息处理行为。用户拒绝提供非当前 服务所必需的个人信息时，不得影响用户使用该服务的基本功能。 当移动互联网为经济社会发展提供强大驱动力时，也给社会治理带来了新的挑战。用户数据安全问 题之所以常常会牵动舆论神经，不仅是因为数据商业化运用带来的"大数据杀熟"等问题，更在于一旦出 现数据泄露，这些信息往往会为电信网络诈骗、敲诈勒索、恶意账号注册等犯罪提供"精准制导"。 数字经济时代，以APP安全为代表的网络安全关系到个体层面的隐私保护，产业层面的科技竞争、 创新和发展以及国家层面的数据安全和全球数字竞争力。避免手机APP过度索权，需要划定权限边界。 当前要做的，除了确保相关应用索取的权限与功能相匹配、明确商家的权责，还须加大监管和执法力 度，比如加强应用商店的审核标准，严格落实相关禁令等。 随着移动互联网技术的快速发展，从社交到出行、从办公到娱乐，APP已经渗透到人们生活的方方 面 ...

Group 1 - The National Cybersecurity Notification Center reported 65 mobile applications that illegally collected and used personal information, violating the Cybersecurity Law and the Personal Information Protection Law [1] - Issues identified include lack of clear prompts for users to read privacy policies, difficulty in accessing privacy policies, failure to inform users about information recipients, and absence of effective personal information correction and deletion features [1] - Some applications did not obtain user consent for processing sensitive information, lacked rules for handling minors' information, and failed to implement necessary security measures [1] Group 2 - The notification aims to strengthen personal information protection [1]

Core Insights - OpenAI has released new models ChatGPT o3 and o4-mini, which possess advanced visual reasoning capabilities, allowing them to accurately identify and locate places from images [1][3][15] - The ability of AI to analyze images raises significant concerns regarding personal information protection, as it can deduce precise locations and even personal characteristics from seemingly innocuous photos [1][19] Group 1: AI Capabilities - ChatGPT o3 can analyze various details in images, such as vegetation, landmarks, and even specific items, to accurately determine the location where a photo was taken [3][10] - In tests, ChatGPT o3 demonstrated a high level of accuracy, with 60% of predictions having an error margin of less than 1.6 kilometers [17] - The model integrates image recognition, logical reasoning, and external database access to achieve location identification, even without GPS data [17][19] Group 2: Comparison with Other Models - Other models like Doubao and Quark AI camera showed lower accuracy in location identification compared to ChatGPT o3, often failing to pinpoint exact locations [15][16] - The visual reasoning capabilities of competing models are still developing, indicating that ChatGPT o3 currently leads in this area [15][16] Group 3: Privacy Concerns - The ability of AI to infer personal information from images poses a risk of privacy invasion, as it can identify not only locations but also user preferences and characteristics [18][19] - OpenAI has implemented restrictions to prevent the model from making unfounded inferences about individuals based on images, but these do not cover all aspects of location and personal data analysis [19][20] - Experts suggest that users should be cautious when sharing images online, as AI can utilize various visual cues to deduce sensitive information [20][21]

Core Viewpoint - The National Cybersecurity Center has reported that 65 mobile applications are found to be in violation of personal information protection laws, highlighting significant issues in user consent and data handling practices [1][2][3][4][5][6][7][8] Group 1: User Consent and Information Collection - 9 applications failed to clearly inform users about their privacy policies and data collection practices at the first run [1] - 43 applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [2] - 16 applications did not inform users about the transfer of their personal information to other parties, nor did they obtain separate consent [3] - 4 applications began collecting personal information without obtaining user consent [4] Group 2: User Rights and Data Management - 9 applications lacked effective mechanisms for users to correct, delete personal information, or cancel their accounts, and did not respond timely to such requests [4] - 3 applications failed to process complaints and reports within the promised timeframe and lacked a convenient mechanism for users to exercise their rights [5] - 32 applications did not provide users with a way to withdraw consent for data collection [5] Group 3: Sensitive Information and Security Measures - 6 applications used automated decision-making for information push and marketing without providing options to refuse or alternatives [6] - 7 applications processed sensitive personal information without obtaining separate consent and did not inform users about the necessity and impact on their rights [6] - 15 applications did not implement adequate security measures such as encryption or de-identification of personal data [7] Group 4: Privacy Policy Compliance - 5 applications were found to have no privacy policy at all [8] - 31 out of 67 previously reported applications still exhibited issues upon re-evaluation, leading to their removal from distribution platforms [8]

但从实践来看，治理App信息收集乱象，不能仅靠事后通报，还需要在制度设计上不断做"加法"， 比如对违规行为设定更具威慑力的处罚标准；在技术手段上做"升级"，建立覆盖全周期的智能监测系 统，及时拦截违规收集行为；在用户参与上做"乘法"，在强化隐私保护知识普及的同时，畅通一键举 报、隐私反馈等渠道。让App在"阳光"下规范收集信息，是切实保护公民个人信息安全的必要举措，也 是推动个人信息保护走向技术向善的应有之义。 编辑：林楠特 通报提到的"未逐一列出收集使用个人信息的SDK""未提供个人信息收集使用规则"等，反映到用户 层面，其实就是公众使用App时常遇到的——软件强制收集与使用功能无关的信息、隐私协议被设 为"默认勾选"、难以找到撤回授权的通道等。此类乱象存在，一方面可能是App技术防护未能跟上，另 一方面，则是某些企业将用户数据当成了"隐形资产"，加上用户维权意识较为薄弱，客观上纵容了企业 的侥幸心理，让其愈发肆无忌惮。 个人信息安全是数字时代的"生命线"。随意收集用户位置、通信录、医疗记录等敏感信息，不仅可 能导致骚扰电话、精准诈骗等，也会让公众在未来使用App时产生不必要的困扰与焦虑。 值得关注的是，近 ...