Core Points - The case involves a social media platform where personal information of an individual, Zheng, was illegally collected and publicly shared, leading to online harassment [1][2] - The Beijing Internet Court ruled that both the user who published the infringing content and the platform that failed to ensure information security must bear liability for the infringement [4][7] Group 1: Incident Overview - Zheng's personal information, including account details and identification documents, was illegally collected and published due to differing opinions on a celebrity event [2][4] - The platform only took minimal actions, such as making the content private or deleting it, without further measures to protect user information [1][9] Group 2: Legal Proceedings - The technology company claimed it fulfilled its legal obligations as a network service provider and argued that the personal information leak was not possible due to their security measures [2][8] - The defendant, Zhang, denied using the social media platform and claimed the IP address of the infringing account was from a foreign country, but did not provide evidence of account theft [3][4] Group 3: Court Findings - The court determined that Zhang was the actual user of the infringing account and had violated Zheng's privacy and reputation by publicly sharing sensitive information [4][6] - The court highlighted that the technology company had data security management vulnerabilities and failed to take adequate measures to protect user information, leading to multiple users being similarly affected [8][9] Group 4: Implications for the Industry - The case illustrates the emerging trend of "opening boxes" as a form of online violence, combining doxxing and cyberbullying [10] - The court emphasized that online platforms must continuously improve their technical and management measures to fulfill their obligations in safeguarding personal information [10]

Core Viewpoint - The National Cybersecurity Incident Response Center has identified 68 mobile applications that illegally collect and use personal information, including apps from two brokerage firms, Yintai Securities and Caida Securities [1][2]. Group 1: Violations Identified - The 68 mobile applications were found to have 13 types of violations, with three major issues highlighted: 1. Privacy policies not clearly listing the purposes, methods, and scope of personal information collection, affecting 30 applications [1]. 2. Failure to provide users with a way to withdraw consent for personal information collection, impacting 35 applications, including Caida Securities' app "Caida Financial Daily" (version 3.65) [1][2]. 3. Lack of appropriate security measures such as encryption and anonymization, affecting 31 applications [2]. Group 2: Specific Brokerage Apps - The identified brokerage applications include: - "Yintai Zhangyibao" (version 5.1.0) from Yintai Securities, which violated multiple regulations [2]. - "Caida Financial Daily" (version 3.65) from Caida Securities, which also failed to comply with several requirements [2][3]. Group 3: Previous Reports - Since 2025, the National Cybersecurity Incident Response Center has released eight lists of illegal mobile applications, with several brokerage apps being named in previous reports [3].

Core Viewpoint - The National Cybersecurity Notification Center has reported that 68 mobile applications, including those from Yintai Securities and Caida Securities, have been found to illegally collect and use personal information [1] Group 1: Violations and Impact - A total of 68 mobile applications were identified with 13 types of violations related to personal information collection and usage [1] - The applications span various categories, including dining, gaming, social networking, lifestyle services, and financial applications [1]

Core Viewpoint - The National Cybersecurity and Information Security Information Notification Center reported 64 mobile applications that illegally collected and used personal information, including several well-known tea beverage brands' ordering mini-programs, highlighting significant privacy issues within the industry [1][2]. Group 1: Overview of Violations - Among the 64 problematic applications, 30 did not provide users with a way to withdraw consent for personal information collection, indicating a severe issue [1]. - 29 applications failed to implement necessary security measures such as encryption and de-identification [1]. - 25 applications did not clearly outline the purposes, methods, and scope of personal information collection in their privacy policies [1]. Group 2: Specific Applications Highlighted - The application "霸王茶姬" (version 5.78.8) exhibited four types of issues, including a lack of clear privacy policy details and failure to provide timely responses for user requests regarding personal information [2]. - "太平洋咖啡会员" (version 3.3.0) also faced four issues, notably not informing users about the privacy policy at the app's first run and not obtaining user consent before collecting personal information [2]. Group 3: Detection and Reporting - The problematic applications were detected by the National Computer Virus Emergency Response Center between May 23, 2025, and June 11, 2025 [3].

Core Viewpoint - The National Cybersecurity and Information Security Information Notification Center reported that 64 mobile applications are found to illegally collect and use personal information [1] Group 1 - 64 mobile applications have been detected for illegal collection and usage of personal information [1]

Core Points - The case highlights the misuse of AI technology for personal information security breaches, specifically through the creation of fake compromising images for extortion purposes [1][2] - The defendants, using AI, synthesized fake nude photos of victims and sent extortion letters, resulting in a total illicit gain of 140,000 RMB [1] - The court sentenced the defendants to three years in prison and a fine of 30,000 RMB, emphasizing the seriousness of extortion crimes [2] Summary by Sections - **AI Technology Misuse**: The case illustrates how AI can be exploited to create realistic fake images, posing significant risks to personal information security [1][2] - **Criminal Actions**: The defendants collected personal data online, created fake images, and sent extortion letters to victims, leading to substantial financial gain [1] - **Legal Consequences**: The court's ruling reflects the legal system's stance on extortion, with the defendants receiving a three-year prison sentence and a monetary penalty [2] - **Public Awareness**: The judge's remarks serve as a warning to the public about the dangers of sharing personal information and the need for vigilance against extortion attempts [2]

Core Viewpoint - The increasing application of facial recognition technology in various sectors raises significant concerns regarding personal information security, prompting the introduction of regulatory measures to ensure safe usage [1][12]. Group 1: Regulatory Framework - The "Facial Recognition Technology Application Security Management Measures" will take effect on June 1, aiming to standardize the use of facial recognition technology and protect personal information [1][12]. - Organizations must obtain explicit consent from individuals before processing their facial information, allowing individuals the right to withdraw consent easily [2][5]. - For entities processing facial information of over 100,000 individuals, a registration requirement is established, mandating submission of relevant materials to local internet information departments within 30 working days [2]. Group 2: Special Provisions for Vulnerable Groups - The regulation includes specific provisions for vulnerable groups, such as the elderly and disabled, ensuring that their facial information is processed in compliance with accessibility standards and the principle of minimal necessity [7][3]. - In cases where individuals do not consent to facial recognition, alternative and reasonable identity verification methods must be provided [5][4]. Group 3: Public Space Regulations - The regulation stipulates that facial recognition devices in public spaces must be necessary for public safety, with clearly defined areas for information collection and prominent signage [11][10]. - The installation of facial recognition devices is prohibited in private spaces within public venues, such as hotel rooms and restrooms [11]. Group 4: Risks and Awareness - The unique and permanent nature of facial information poses significant risks if leaked, potentially endangering personal and public safety [12][14]. - Individuals are encouraged to enhance their awareness of facial information security, being cautious about sharing personal images and videos, and regularly reviewing privacy settings on applications [14][16].

Group 1 - The National Cybersecurity Incident Response Center detected 63 mobile applications that illegally collect and use personal information [1] - The "Xiamen Bank Enterprise Banking" app (version 8.0.0) failed to clearly inform users about its privacy policy and the handling of personal information [1] - The "Ximalaya" app (version 6.1.1.01) did not adequately disclose the purposes, methods, and scope of personal information collection [2] Group 2 - The previous report identified 65 problematic mobile applications, with 16 still having issues upon retesting, leading to their removal from distribution platforms [2] - Xiamen Bank, established in 1996, is the first city commercial bank in mainland China with Taiwanese capital and is listed with stock code 601187.SH [2] - The largest shareholder of Xiamen Bank is the Xiamen Municipal Finance Bureau, holding 19.18%, while the second largest is Fubon Financial Holding from Taiwan, holding 18.03% [2] Group 3 - Ximalaya, founded in 2012, is a popular online audio sharing platform that offers a wide range of audio content for users of all ages, totaling 340 million audio pieces across 101 categories [3]

Core Points - The implementation of facial recognition technology raises concerns about personal information security, particularly regarding unauthorized collection and misuse of facial data for fraudulent activities [1] - The National Internet Information Office and the Ministry of Public Security have introduced the "Facial Recognition Technology Application Security Management Measures," effective from June 1, which aims to regulate the use of facial recognition technology [2] Group 1 - The new regulations require that facial recognition technology must have specific purposes and sufficient necessity, minimizing the impact on personal rights, and implementing strict protective measures [2] - Organizations must inform individuals about the collection of their facial data and obtain explicit consent, ensuring that data is stored locally and not transmitted over the internet without consent [2] - The regulations establish a non-exclusive verification principle, stating that if other non-facial recognition methods can achieve the same purpose, facial recognition should not be the sole verification method [2] Group 2 - The regulations address the rights of vulnerable groups, stipulating that the processing of facial information for disabled individuals and the elderly must comply with accessibility standards [3] - For minors under the age of fourteen, consent from parents or guardians is required before processing their facial information [3]

Group 1 - The National Cybersecurity and Information Security Information Notification Center reported that the "Tailin Electric" app (version 3.3.5) has multiple violations regarding the collection and use of personal information [1] - Violations include not listing the rules for collecting and using personal information in a structured manner, declaring permissions unrelated to the app's business functions, and requiring users to provide personal information for unused features [1] - The app was detected between April 16, 2025, and May 15, 2025, with the source being the application market "App Treasure" [1] Group 2 - The official customer service of Tailin Group stated that the requirement for users to fill in their birthday and gender may have led to the violations, and they assured that user privacy would be protected [1] - The "Tailin Intelligent" app, which is a service tool for electric vehicle users, offers features such as smart unlocking, one-click vehicle locating, and card unlocking [2] - Currently, the "Tailin Electric" app cannot be found on application markets, only the "Tailin Intelligent" app (current version 3.3.6) is available, both developed by Tailin Technology Co., Ltd. [1]