中国经济网北京8月19日讯 国家网络安全通报中心公众号13日发布消息"国家计算机病毒应急处理 中心检测发现70款违法违规收集使用个人信息的移动应用"。依据《网络安全法》《个人信息保护法》 等法律法规，按照《中央网信办、工业和信息化部、公安部、市场监管总局关于开展2025年个人信息 保护系列专项行动的公告》要求，经国家计算机病毒应急处理中心检测，70款移动应用存在违法违规 收集使用个人信息情况。 其中，《掌上华医》（版本V3.124.5，应用宝）存在以下问题：（一）隐私政策未逐一列出App （包括委托的第三方或嵌入的第三方代码、插件）收集使用个人信息的目的、方式、范围等；（二）个 人信息处理者向其他个人信息处理者提供其处理的个人信息的，未向个人告知接收方的名称或者姓名、 联系方式、处理目的、处理方式和个人信息的种类，并取得个人的单独同意；（三）未向用户提供撤回 同意收集个人信息的途径、方式；个人信息处理者未提供便捷的撤回同意的方式。 中国经济网记者查询应用商店发现，《掌上华医》运营商为北京华医网科技股份有限公司。北京华 医网科技股份有限公司第一大股东为天津红杉资本投资基金中心（有限合伙），持股比例为25.34% ...

Group 1 - The core issue highlighted is that "人人租" is listed among 70 mobile applications for illegally collecting and using personal information, alongside financial apps like 万达普惠 and 烟台银行 [2] - The specific violations by "人人租" include failure to clearly outline the purposes, methods, and scope of personal information collection in its privacy policy, lack of a clear way for users to withdraw consent, and inadequate security measures such as encryption and de-identification [2] - This action is part of the "2025 Personal Information Protection Special Action," driven by multiple government agencies, and is based on technical inspections of apps under the Personal Information Protection Law [2] Group 2 - Operators are required to complete rectifications within 15 working days, with potential legal consequences for non-compliance or severe violations, including business suspension or app removal [2] - As of August 14, "人人租" has not issued a formal announcement regarding its rectification plan, and its operations remain normal on its official website and app store page [2]

Group 1 - The National Cybersecurity Incident Response Center announced the detection of 70 mobile applications that illegally collect and use personal information, including several financial applications such as "Wanda Puhui" and "Yantai Bank Citizen e-loan" [2] - Yantai Bank's WeChat mini-program "Yantai Bank Citizen e-loan" has several issues, including failure to process complaints and reports within the promised timeframe, lack of a mechanism for users to exercise their rights, and no provided means for users to withdraw consent for personal information collection [3] - In July, Yantai Bank was penalized with a warning and a fine of 3.192 million yuan for multiple violations, including breaches of financial statistics regulations and failure to fulfill customer identity verification obligations [3]

金融消费者的信息安全权是受法律保护的重要权益，个人信息泄露不仅可能造成财产损失，更可能影响 个人信誉与社会安全。近年来，随着公众对个人信息保护的重视度不断提升，平安人寿山东分公司始终 以客户为中心，积极履行金融机构的社会责任，通过案例警示与专业建议，助力消费者提升风险防范能 力，共建安全和谐的金融环境。 三、陌生拜访"三步核验" 遇到自称金融机构人员的上门服务时，请保持理性判断： 以案为鉴：警惕信息泄露背后的连锁风险 近期，刘女士的遭遇为我们敲响了警钟。其爱人王先生在办理保单地址变更业务后，未妥善处理含有家 庭住址、保单信息等内容的业务批单，导致不法分子通过捡拾的凭证获取个人信息。随后，犯罪分子冒 充保险公司工作人员上门"回访"，诱导刘女士退保并购买所谓"高收益理财产品"。最终，刘女士不仅因 退保失去原有保障，所购"理财产品"更涉嫌非法集资，造成财产与权益的双重损失。 平安人寿山东分公司：四重防护，助您守好"钱袋子" 为避免类似事件发生，我们特别整理以下实用建议，帮助您筑牢金融安全屏障： 一、个人信息"无痕化"处理 日常办理金融业务时，请务必妥善保管取款凭条、业务批单、快递单据等含个人信息的材料。丢弃前， 建 ...

Core Viewpoint - The article discusses the new "Automotive Data Export Security Guidelines (2025 Edition)" proposed by the Ministry of Industry and Information Technology and other departments, aiming to establish a secure and efficient mechanism for the cross-border flow of automotive data while ensuring compliance with national laws and regulations [4][5]. Summary by Sections Introduction of the Issue - The guidelines are a response to the rapid development of the intelligent connected vehicle industry in China and the significant increase in automotive exports, which reached 5.859 million units in 2024, a year-on-year increase of 19.3% [5]. Analysis of the Main Content of the Guidelines - The new guidelines differ significantly from the previous "Automotive Data Security Management Provisions (Trial)" issued in 2021, providing clearer and more comprehensive guidance on data export paths, technical protection requirements, and compliance flexibility [7][8]. Key Changes in the Guidelines - The guidelines expand the definition of automotive data processors to include telecommunications operators, autonomous driving service providers, and platform operators, reflecting the evolving landscape of the automotive industry [8][9]. Data Export Behavior Regulations - The guidelines specify that data export behaviors include transmitting data collected within China to overseas entities and allowing foreign entities to access data stored domestically [9]. Data Export Path Regulations - Three main paths for data export are established: safety assessment declaration, standard contract signing, and personal information protection certification, with specific thresholds for each [9][10]. Important Data Definition - The guidelines introduce a three-dimensional framework for identifying important data, categorizing it based on business scenarios, data types, and judgment rules, addressing the long-standing challenge of identifying important data in the automotive sector [11][12]. Implementation Process for Data Export - The guidelines detail the implementation process for data export, including data identification, path determination, and safety assessment, requiring automotive data processors to comply with various legal obligations [14][15]. Safety Protection Requirements - The guidelines outline safety protection requirements for data export, including management, technical protection, logging, and emergency response measures to ensure data security during transmission [15]. Challenges and Opportunities for Automotive Enterprises - The guidelines present significant compliance challenges for automotive companies, including the complexity of identifying important data and the increased operational costs associated with compliance [17][18]. - Conversely, the guidelines also create structural development opportunities, allowing companies to leverage compliance as a competitive advantage and participate in international standard-setting [18][19].

Core Viewpoint - The National Computer Virus Emergency Response Center has detected 70 mobile applications that illegally collect and use personal information, violating laws such as the Cybersecurity Law and the Personal Information Protection Law [1][4]. Group 1: Violations in User Consent and Information Handling - 13 applications failed to clearly inform users about their privacy policies and the handling of personal information before processing it [1]. - 38 applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [1]. - 17 applications did not inform users about the recipients of their personal information and did not obtain separate consent [1]. - 7 applications began collecting personal information without obtaining user consent [2]. - 5 applications did not provide effective options for users to correct, delete personal information, or cancel their accounts [2]. - 7 applications failed to process complaints and reports within the promised timeframe [2]. - 28 applications did not provide a way for users to withdraw consent for personal information collection [2]. - 2 applications used automated decision-making for information push and marketing without providing options to refuse [2]. - 1 application processed sensitive personal information without obtaining separate consent [3]. - 12 applications did not establish specific rules for handling personal information of minors [3]. Group 2: Security and Compliance Issues - 31 applications did not implement adequate security measures such as encryption or de-identification [3]. - 2 applications had advertisements that could not be closed easily [3]. - 5 applications lacked a privacy policy altogether [3]. - 25 applications from a previous report were found to still have issues and have been removed from distribution platforms [4].

Core Viewpoint - The National Cybersecurity Notification Center has reported that over 60 mobile applications, including those from seven financial institutions, are found to be illegally collecting and using personal information [1][2][3] Group 1: Violations Identified - A total of 13 types of violations were identified among the 60+ mobile applications [2] - The most common violations include: - Lack of detailed privacy policies outlining the purpose, method, and scope of personal information collection, affecting 25 applications including those from Longjiang Bank and ShenGang Securities [1][2] - Failure to provide users with a way to withdraw consent for personal information collection, impacting 30 applications including those from Industrial Bank and Hainan Airlines [2] - Inadequate security measures such as encryption and de-identification, affecting 29 applications including those from Chengtong Securities and Zhilian Recruitment [2] Group 2: Financial Institutions Involved - The financial institutions implicated include four brokerages: Chengtong Securities, Industrial Bank, ShenGang Securities, and Wukuang Securities, as well as three banks: Longjiang Bank, Wuhai Bank, and Haixia Bank [1][2] - Specific versions of the mobile applications that were flagged include: - Chengtong Securities (version 6.0.3.0), ShenGang Securities (version 3.1.7), Industrial Bank (version 8.9.0), Wukuang Securities (version 3.40.2), Wuhai Bank (version 5.0.1), Haixia Bank (version 4.0.0), and Longjiang Bank (version 2.00.03) [2][3] Group 3: Broader Implications - The violations are not limited to financial applications; they also encompass a wide range of sectors including dining, gaming, recruitment, and lifestyle services [2] - The National Cybersecurity Notification Center has released six lists of violating mobile applications since 2025, indicating a persistent issue within the industry [3] - The central authorities are conducting a series of special actions to protect personal information, with a focus on addressing typical violations and ensuring compliance [3]

Group 1 - The insurance industry is characterized as a "personal information-intensive industry," involving multiple data elements and long protection chains, with various risk points [3] - Some insurance intermediaries have user registration agreements that contain infringing clauses allowing the use of personal contact information for "partner product recommendations" [1][3] - The Personal Information Protection Law mandates that the collection and processing of personal information must adhere to the "minimum necessity" principle, limiting data collection to what is necessary for achieving processing purposes [3][4] Group 2 - Despite the establishment of a legal framework for data compliance in China, including the Cybersecurity Law, Data Security Law, and Personal Information Protection Law, violations in personal information collection persist [4] - The ambiguity of the "minimum necessity" principle, along with the opaque nature of data flow and misuse of technology, contributes to the ongoing issues of excessive data collection [4] - Effective governance of personal information misuse requires more than just user vigilance or corporate ethics; it necessitates detailed scenario rules, effective notification, increased violation costs, and rigid constraints [4]

Group 1 - The express delivery business in China has surpassed 1 trillion packages this year, raising concerns about the protection of personal information contained in these deliveries [1] - The Beijing Postal Administration has initiated a special inspection on privacy application in express delivery, urging companies to enhance the protection of users' personal information [1] - The Internet Information Office of Beijing will collaborate with the Postal Administration to conduct a special rectification on personal privacy protection in delivery scenarios [1] Group 2 - The concept of "privacy waybill" is introduced, which utilizes de-identification techniques to encrypt personal information such as names and contact details on delivery waybills [1] - Express companies, including SF Express, are implementing technical and management measures to improve user privacy protection, including the use of privacy waybills and virtual numbers [1] - SF Express has encrypted sensitive customer data in backend storage to ensure that even if data is illegally accessed, it cannot be viewed without the decryption key [1] Group 3 - The Internet Information Office is set to deepen the governance of illegal collection and use of personal information in offline consumption scenarios, conducting thorough inspections and rectifications [2] - Regular monitoring measures will be strengthened to ensure the protection of citizens' personal information rights [2]

Core Viewpoint - The article discusses the new regulatory phase of facial recognition technology in China, highlighting the crackdown on its misuse and the implementation of new laws to protect personal privacy [2][4][5]. Group 1: Regulatory Actions - Since April, the Chongqing Municipal Cyberspace Administration and other departments have initiated a special campaign against the misuse of facial recognition technology, focusing on issues like mandatory facial verification and lack of notification [2][4]. - The campaign has identified 131 problems across nearly 30 enterprises in seven key sectors, including education and banking, primarily related to inadequate privacy protocols and unauthorized data handling [5][6]. Group 2: Specific Cases and Findings - A notable case involved a company in Chongqing that collected over 12,000 customer records, including more than 5,000 facial images, without consent, leading to a fine of 10,000 yuan [3][4]. - The article emphasizes that facial recognition remains a prevalent method for identity verification in various public spaces, despite the lack of proper notification in many instances [3][6]. Group 3: Future Plans and Industry Standards - The Chongqing Municipal Cyberspace Administration plans to establish self-regulatory norms for personal information protection, collaborating with industry associations to create guidelines and promote best practices [6][7]. - There is a focus on enhancing privacy protection technologies in smart consumption scenarios, with support for research and development in this area [7]. Group 4: Public Awareness and Recommendations - The article suggests that the public should be more cautious about sharing biometric data and should prefer traditional verification methods when possible [8][9]. - It also encourages individuals to understand their rights under the Personal Information Protection Law and to report any violations regarding facial data collection [9].