Core Points - The National Cybersecurity Notification Center reported that 45 mobile applications were found to illegally collect and use personal information [1] - The findings were based on laws such as the Cybersecurity Law and the Personal Information Protection Law, as part of a special action plan for personal information protection [1] - Specific applications like "4399 Game Box," "Hello," and "Tantan" were highlighted for various violations regarding personal information collection practices [1] Summary by Category - **Illegal Collection of Personal Information** - 45 mobile applications were identified for violating personal information collection regulations [1] - The applications failed to list the purposes, methods, and scope of personal information collection [1] - **Specific Application Violations** - "4399 Game Box" was noted for collecting personal information beyond necessary limits and frequency [1] - "Hello" began collecting personal information without user consent and exceeded authorized collection limits [1] - "Tantan" also collected personal information at frequencies exceeding necessary limits [1] - **Follow-up Actions** - Eight applications from a previous report were still found to have issues upon retesting, leading to their removal from distribution platforms [2]

为切实提升社会公众的个人信息保护意识，构建安全稳定的金融环境，民生银行济南槐荫支行近期组织 开展了形式多样的个人信息保护宣传活动。活动聚焦厅堂客户与周边商户两大群体，通过多维度宣传教 育，助力公众筑牢信息安全防线。 支行立足网点服务优势，将金融知识普及与日常业务办理深度融合。在营业厅内，专门设立了公众教育 区，陈列各类个人信息保护宣传资料，并配备金融知识专员为客户提供一对一讲解。工作人员重点介绍 了常见APP收集个人信息的范围、信息泄露的潜在风险，以及如何通过设置隐私权限、谨慎授权等方式 为个人信息"加密"。同时，针对信息泄露后的维权流程，支行详细讲解了正规投诉渠道，帮助客户掌握 依法维权的有效途径。 针对周边商户这一信息流转关键环节，支行组建专项宣传团队，开展"网格化"普法服务。工作人员采 取"走访+驻点"相结合的模式，深入商户发放《个人信息保护指南》，并结合金融诈骗典型案例，生动 阐释违规收集、滥用客户信息的法律后果。特别针对小微企业，宣传团队详细解读了《个人信息保护 法》中关于信息采集、存储、使用的合规要求，指导商户完善客户信息管理机制，从源头防范信息泄露 风险。 此次活动有效提升了参与公众对个人信息保 ...

Core Viewpoint - The National Cybersecurity Notification Center has announced that 45 mobile applications are found to illegally collect and use personal information, highlighting the need for enhanced personal information protection and public privacy awareness [1] Group 1: Violations Identified - The identified applications have issues such as not disclosing collection and usage rules, failing to list collection purposes individually, and collecting information beyond authorized limits [1] - Notable applications mentioned include "Qing E," "4399 Game Box," and "Che Lun Driving Test App" [1] Group 2: Regulatory Actions - Relevant platforms have taken action by removing some of the problematic applications from their stores [1] - The announcement aims to strengthen personal information protection measures [1]

Core Viewpoint - The article discusses the pervasive use of facial recognition technology in real estate sales offices in China, highlighting privacy concerns and the lack of compliance with new regulations aimed at protecting personal data [3][4]. Group 1: Surveillance in Real Estate Sales Offices - Real estate sales offices are equipped with numerous cameras, often without clear signage indicating their presence or purpose [5][9]. - Visitors often feel the need to disguise themselves to avoid having their facial data collected and recorded, which can affect their ability to choose different agents [6][12]. - The cameras are used to track visitors and determine if they are first-time clients, with facial data typically stored for 1 to 3 months [6][12]. Group 2: Compliance Issues - The new regulations require clear signage and consent for facial recognition data collection, which many sales offices fail to provide [8][14]. - There are reports of companies collecting facial data without proper consent, leading to administrative penalties [20][21]. - Experts argue that the current practices violate the principle of necessity, as the purpose of data collection is not clearly communicated to clients [14][21]. Group 3: Industry Practices and Implications - Real estate developers use facial recognition to differentiate between direct clients and those referred by agents, impacting commission structures [13][22]. - The technology is seen as a "secret weapon" to control commission costs and ensure that sales staff benefit from direct sales [13][22]. - There are alternative methods suggested for verifying client identity that do not rely on facial recognition, such as using access cards or QR codes [23].

Core Viewpoint - The National Cybersecurity Incident Response Center reported that 64 mobile applications are illegally collecting and using personal information, including apps from seven financial institutions [1][2][3]. Summary by Sections Violations Identified - The 64 mobile applications are associated with 13 types of violations, with three major categories being highlighted: 1. Privacy policies not clearly listing the purposes, methods, and scope of personal information collection, affecting 25 apps including those from Longjiang Bank and Shengan Securities [5]. 2. Failure to provide users with a way to withdraw consent for personal information collection, impacting 30 apps including those from Industrial Securities and Hainan Airlines [6]. 3. Lack of appropriate security measures such as encryption and de-identification, involving 29 apps including those from Chengtong Securities and Zhilian Recruitment [7]. Types of Applications Affected - The identified applications span various sectors, including dining, gaming, recruitment, social networking, life services, and financial services. Notable brands like Starbucks and several tea brands were also mentioned [9]. Financial Institutions Involved - The financial institutions implicated include four securities firms and three banks, with specific versions of their applications listed. For instance, Chengtong Securities (version 6.0.3.0) and Longjiang Bank (version 2.00.03) are among those noted [9]. Previous Reports and Ongoing Actions - Since 2025, the National Cybersecurity Incident Response Center has released six lists of violating mobile applications, with several financial institutions previously named. The ongoing initiative aims to address typical violations and ensure the protection of personal information [10].

Core Insights - The investigation reveals that despite e-commerce platforms implementing privacy measures, there are numerous intermediaries offering "decryption" services for personal information at a low cost, indicating a significant gap in personal data protection [1] Group 1: Causes of Personal Information Leakage - The primary reason for personal information leakage is the existence of a substantial marketing profit chain that relies on personal data, with underground markets for personal information trading remaining active [2] - Weak regulatory oversight in the multiple stages of personal information handling during online shopping contributes to the leakage, as data may have been exposed before encryption measures were implemented [2] - Incomplete legislation and management loopholes in internet platform real-name authentication are major factors leading to ongoing personal information leaks [2] Group 2: Recommendations for Improvement - It is essential to identify the channels through which personal information is leaked, whether through technical means or internal breaches, and to enhance regulatory oversight accordingly [3] - Regulatory bodies should increase compliance monitoring of personal information usage by logistics and courier companies, which typically do not need to retain extensive user data [3] - There should be an increase in administrative penalties for violations of personal information rights, including warnings, detention, or fines, and a clear definition of civil liabilities for offenders to enhance the cost of violations [3]

最终，东莞中院判决某公司在厂区公告栏处张贴向郑某赔礼道歉的声明，以消除对郑某的影响。因 某公司已撤回张贴的通知书，侵权行为已经停止，且持续时间较短，影响较小，郑某亦未举证证明其精 神遭受损害并造成了严重后果，对郑某诉请的赔偿精神损害抚慰金，法院不予支持。 【法官说法】 个人信息的使用应遵循合法、正当、必要原则 自然人的姓名、出生日期、电话号码、身份证号码、住址等是个人信息，适用个人信息保护的规 定。个人信息的使用应当遵循合法、正当、必要原则。处理个人信息，应采取对个人权益影响最小的方 式，不得过度处理，并应征得权利人同意，在取得权利人授权使用后，应当采取技术措施保护个人私密 信息。擅自公布属于个人信息中的私密信息，侵犯隐私权的，应承担相关法律责任。 法官提醒，公司与员工存在劳动争议需向员工发送书面函件，可按照相关劳动法律法规的规定，直 接向员工本人发送。即便因工作需要在公司内部公开相关函件内容，也应当对其中包含的员工本人身份 证号码、家庭地址等个人私密信息进行有效遮蔽处理，确保这些个人隐私不被他人知晓。对员工离职原 因的描述应当客观属实，不得影响员工后续就业。如进行非客观的负面评价，使员工的一般性社会评价 降 ...

个人信息安全与隐私保护无小事。因此，欲破此局，需从企业责任、监管框架到用户赋权三端共同发 力，构建刚柔并济的治理体系。 首先，APP运营者必须抛弃"能收则收"的原始冲动，将个人信息保护由合规负担转化为核心责任。企业 应主动关注监管动态，摸清行业合规边界，尤其处理大量或敏感信息时，技术防护（如加密存储、内外 网隔离）应成标配而非点缀。须知，用户信任乃数字时代最珍贵的信任货币，若隐私协议沦为"阅读理 解题"，技术防护形同虚设，那么用户每一次被迫勾选，都在无声侵蚀企业赖以生存的根基。 其次，监管之手需更精细有力。可借鉴《自然人网店管理规范》中"分类施策"的智慧，对APP进行分级 分类管理：为不同业务场景及体量的应用量身定制规则，避免"一刀切"窒息创新。同时强化"负面清 单"思维，严打默认勾选、捆绑同意等"擦边球"行为，压实平台主体责任，让违规者付出代价。柔性监 管亦不可缺——如设立整改缓冲期，以差异化激励替代单纯处罚，在规范与活力间寻得平衡。 近日，国家网络与信息安全信息通报中心通报了65款存在违法违规收集使用个人信息情况的移动应用 （APP），涉及未显著告知隐私政策、未经用户同意向第三方共享数据、未提供有效注销功 ...

Core Points - The Supreme People's Court of China has ruled that network service providers must bear liability for excessive collection of personal information from consumers [1][2] - The case involved a dictionary app that forced users to agree to a privacy policy without proper consent, leading to a violation of personal information rights [1][2] Group 1: Legal Implications - The court found that the app's automatic selection of the consent option without user knowledge violated the requirement for informed consent [2] - The app's refusal to provide services if users declined to agree to the privacy policy was deemed a denial of basic service [2] - The company was ordered to delete the collected personal information and apologize to the user, as well as compensate for reasonable legal expenses [2] Group 2: Company Behavior - The company had previously modified its privacy policy during the litigation process to include a feature for users to withdraw consent [2] - The case highlights the importance of compliance with personal information protection laws, specifically Articles 15 and 16 [2]

"我们点击进入这个医院的应用程序，在没有任何授权的情况下，后台已经收集了用户的个人信息，比 如安卓ID、应用列表、外部存储文件等，这属于典型的违规行为。"日前，北京市互联网信息办公室网 络安全协调处孟翔边演示边向记者介绍。 针对移动互联网应用程序在使用过程中侵害用户个人信息权益等问题，近期，北京市互联网信息办公室 联合市场监管、公安、政数、通管，以及教育、住建、交通、商务、文旅、卫健、体育等行业主管部 门，聚焦11个民生消费领域应用程序，开展数据安全和个人信息保护专项整治，包含智慧停车、线上点 餐、运动健身、酒店住宿、线上诊疗、少儿培训、房产中介、租借充电宝、生活服务（洗衣、理发）、 电影购票、网上加油等，覆盖北京市各类经营主体（服务商）5万余家。 检测人员随机抽取了197款应用程序进行远程技术检测，发现并督导整改问题388个。其中，未公开收集 使用规则、未征得用户同意收集个人信息、传输通道认证授权机制不完善、未提供账号注销功能等问题 较为集中。 演示 通过小程序获取个人信息 未经用户同意收集个人信息，是北京市互联网信息办公室在近期数据安全和个人信息保护专项整治中， 检测发现的较为突出的问题。 成效 发现并督 ...