Core Viewpoint - The Ministry of Industry and Information Technology (MIIT) has conducted inspections revealing that 22 apps and SDKs have violated user rights, and these entities are required to rectify their issues or face legal consequences [1] Group 1: Violations Identified - A total of 22 apps and SDKs were found to infringe on user rights, including issues such as unauthorized collection and use of personal information [1] - Specific violations include excessive collection of personal information, failure to disclose information collection lists, and forced automatic renewals [2][3][4] Group 2: List of Apps and Developers - The app "妹聊" developed by Beijing Zhixing Technology Co., Ltd. was cited for unauthorized collection and excessive use of personal information [2] - "Sinzar" by Hainan Xinzhi Technology Co., Ltd. also faced similar issues regarding personal information [2] - Other apps like "PS 照片修复" and "好通行" were noted for frequently requesting excessive permissions [3][4] - The SDK "雷电 SDK" was highlighted for inadequate information disclosure and excessive permission requests [4]

Core Viewpoint - The article highlights the detection of 71 mobile applications that violate personal information protection laws, as mandated by various regulations, including the Cybersecurity Law and the Personal Information Protection Law. These applications have been found to improperly collect and use personal information without adequate user consent or transparency [1][2][3]. Group 1: Violations in User Consent and Transparency - 13 mobile applications failed to provide clear notifications to users regarding the collection and use of personal information upon first use, including the lack of accessible privacy policies [1]. - 31 mobile applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [2]. - 13 mobile applications did not inform users about the transfer of their personal information to other processors, including the lack of obtaining separate consent [3]. Group 2: User Rights and Account Management - 5 mobile applications did not offer effective options for users to correct, delete personal information, or cancel their accounts, and set unreasonable conditions for these actions [4][5]. - 2 mobile applications failed to process complaints and reports within the promised timeframe and lacked a mechanism for users to exercise their rights [5]. - 23 mobile applications did not provide users with a convenient way to withdraw consent for personal information collection [6]. Group 3: Security Measures and Sensitive Information - 27 mobile applications did not implement appropriate security measures such as encryption or de-identification of personal information [7]. - 3 mobile applications did not inform users about the necessity and impact of processing sensitive personal information [8]. - 3 mobile applications did not establish specific rules for processing personal information of minors and failed to obtain consent from guardians [9]. Group 4: Absence of Privacy Policies - 5 mobile applications were found to have no privacy policy at all, which is a direct violation of personal information protection regulations [9].

Core Viewpoint - A total of 71 mobile applications have been identified as illegally collecting and using personal information, as per the requirements of various laws and regulations including the Cybersecurity Law and the Personal Information Protection Law [1] Group 1 - The detection was conducted by the National Computer Virus Emergency Response Center [1] - The findings are part of a broader initiative outlined in the announcement by the Central Cyberspace Administration, Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration for Market Regulation regarding the 2025 series of special actions for personal information protection [1] - The identified applications are in violation of the legal framework established for personal information protection [1]

原标题：新修改的网络安全法本月起施行—— 加强安全监管，促进人工智能健康发展（法治聚焦） 对销售或提供未经安全认证的网络关键设备增设罚则 近年来，人工智能技术迅猛发展，成为网络安全风险挑战的新变量，也是提升网络安全保护水平的新增 量。新修改的网络安全法第二十条规定：国家支持人工智能基础理论研究和算法等关键技术研发，推进 训练数据资源、算力等基础设施建设，完善人工智能伦理规范，加强风险监测评估和安全监管，促进人 工智能应用和健康发展。此外，该法同时明确支持运用人工智能提升网络安全保护水平。 "网络安全法的这一修改，体现了统筹发展和安全的立场。"中国政法大学法治政府研究院院长、教授赵 鹏表示，"既要支持、鼓励技术的创新与发展，又要推动其平稳地融入社会之中，从而保护受影响的法 律权益。" 不久前，北京某企业开发的APP被查明，在后台运行且用户未使用任何功能情况下，收集上传用户应用 程序安装、卸载信息。用户使用上传AI头像等功能时，调用非必要存储权限。 网信部门认定，其行为超出了实现个人信息处理目的最小必要范围，同时违反网络安全法、个人信息保 护法等法律法规，依法责令其改正，并予以警告、罚款处罚。 网络安全法与数据安 ...

转自：北京日报客户端 李明君在合规经营与利用技术漏洞违规挣钱中反复拉扯，最终还是贪念占了上风。他的作案过程分为以 下3步： 第一步是偷用户购物车信息。他在自己的"券白领"网站里藏了一个计算机程序，只要有人在他网站领券 时登录过该线上购物平台，这个程序就会偷偷获取用户的购物平台登录信息。他再登录用户的购物平台 账号，专门偷看购物车内容。就这样，该购物平台76万用户的176万组cookie信息，被李明君偷偷储存 在了云服务器里。 第二步是根据偷来的购物车商品，用计算机程序生成一个假推广链接。因为购物车里的东西，用户购买 的概率非常大，这就相当于把用户想买的东西，都变成了"他推广的商品"。 靠着这套操作，李明君的佣金收入呈几何级增长，短短一年多的时间，他就骗取平台佣金1878万余元。 2025年3月，该线上购物平台安全运营专员在后台监测时，发现了一组诡异的数据：李明君及其关联账 户的提现金额高达2124万元，但大量用户根本没有浏览推广页面的记录，却显示"点击了推广链接"。 安全运营专员立即将此事报告给平台。平台立刻堵住了漏洞，并报警。警方顺着服务器线索，很快锁定 了李明君。2025年9月10日，浙江省绍兴市上虞区检 ...

Group 1 - The revised Cybersecurity Law of the People's Republic of China officially takes effect today, marking its first amendment since its introduction in 2016 [1] - The new law explicitly includes provisions related to artificial intelligence, supporting the development of foundational theories and key technologies [10][12] - The law emphasizes the importance of ethical norms for artificial intelligence, risk monitoring, and safety regulation to promote healthy development [15] Group 2 - The integration of artificial intelligence in community healthcare allows elderly individuals to access professional medical consultations without traveling to large hospitals [7][8] - The law aims to establish a balance between technological innovation and personal privacy protection, addressing concerns over data sensitivity in the digital age [21][24] - The revised law enhances penalties for network operators who violate regulations, aligning legal responsibilities with the level of risk involved [32][34]

Core Viewpoint - The newly revised Cybersecurity Law of the People's Republic of China officially takes effect, marking its first amendment since its introduction in 2016, with significant implications for artificial intelligence and data protection in daily life [10][25]. Group 1: Impact of Artificial Intelligence - Artificial intelligence is increasingly integrated into daily life, enhancing efficiency and serving as a companion for the elderly, particularly in community health services [8][10]. - The revised law explicitly supports the development of artificial intelligence, emphasizing the importance of its benefits to the public and enhancing overall happiness [12][10]. - AI applications in community health, such as robots assisting with health checks and video consultations, are becoming popular among the elderly, allowing them to access medical advice without traveling to hospitals [5][7]. Group 2: Data Protection Mechanisms - The revised Cybersecurity Law establishes a high standard for data protection, emphasizing the need for ethical norms and risk monitoring in AI applications [16][13]. - It mandates that network operators must strictly protect personal information and comply with existing laws, enhancing the legal framework for data privacy [28][30]. - The law increases penalties for violations, aligning legal responsibilities with the severity of risks, thus holding network operators accountable for data breaches [34][36]. Group 3: Balancing Innovation and Privacy - The law aims to balance technological innovation with the protection of personal privacy, addressing concerns over sensitive data collection by AI systems [22][24]. - It integrates beneficial rules from the Personal Information Protection Law, such as the reversal of the burden of proof, to strengthen individual rights [32][30]. - The law reinforces platform responsibilities, ensuring that digital service providers are accountable for user data protection, thereby enhancing overall cybersecurity [32][36].

Core Viewpoint - The article highlights the prevalence of illegal background checks in the recruitment market, emphasizing the need for clearer regulations and compliance to protect job seekers' rights and ensure fair hiring practices [1][2]. Group 1: Background Check Practices - Background checks have become a routine part of the hiring process, reflecting companies' efforts to optimize their hiring autonomy through risk control [1]. - While compliant background checks can verify the authenticity of job seekers' information and assess job suitability, there is a tendency for "over-expansion" and "substantive abuse" in current practices [2][3]. - Violations of personal information rights and privacy can lead to legal risks for companies, including lawsuits and reputational damage [1][2]. Group 2: Legal Framework and Regulations - There is currently no unified law specifically regulating background checks in China; relevant regulations are scattered across various laws and industry standards [2]. - The Personal Information Protection Law is central to regulating background check behavior, requiring explicit authorization from job seekers and clear communication of the purpose and scope of information processing [2]. - The Labor Contract Law restricts the information that can be collected to that directly related to the employment contract, while the Civil Code protects personal privacy and reputation [2][3]. Group 3: Legal Issues in Background Checks - Unauthorized background checks violate procedural requirements, depriving job seekers of their right to be informed about the processing of their personal information [3]. - Background check companies must obtain explicit consent from job seekers, especially when dealing with sensitive personal information [3][4]. - Using non-job-related litigation records and personal credit information as core hiring criteria lacks both legality and rationality, infringing on job seekers' equal employment rights [4][5]. Group 4: Responsibilities of Background Check Companies - Background check companies have a high obligation to verify the information they collect, ensuring it is legal, reliable, and relevant to the job [6]. - Failure to fulfill these obligations can lead to defamation claims against the background check companies [6]. Group 5: Illegal Services and Their Implications - The provision of illegal services, such as falsifying documents or removing negative credit records, poses significant legal risks and can lead to various criminal charges [7]. - Engaging in such services can result in invalid employment contracts for job seekers and potential liability for companies that rely on falsified information [7]. Group 6: Recommendations for Governance - Legislative measures are needed to define the scope and processes of background checks, establishing a negative list of prohibited inquiries [8]. - Regulatory bodies should enforce compliance audits and impose severe penalties on illegal data acquisition practices [8][9]. - Enhancing channels for job seekers to report violations and providing efficient dispute resolution mechanisms are essential for protecting their rights [8][9].

Core Viewpoint - The revised Cybersecurity Law, passed on October 28, 2025, will take effect on January 1, 2026, marking the first significant amendment since its implementation in 2017. The revisions focus on "four enhancements and one connection," including strengthening cybersecurity principles, improving penalties, promoting AI application, and ensuring alignment with personal information protection laws [1][3]. Group 1: Key Enhancements - The new law emphasizes the leadership of the Communist Party and the overall national security concept, stating that cybersecurity work must adhere to these principles [4][9]. - A dedicated clause for artificial intelligence has been added, supporting research and development in AI technologies and establishing ethical norms for AI [5][9]. - The law introduces a tiered penalty system linked to the severity of violations, with fines for serious breaches potentially reaching up to 10 million [10]. Group 2: Legal Responsibilities and Penalties - The law specifies that network operators must handle personal information in compliance with the Cybersecurity Law and other relevant laws, ensuring legal accountability [6][10]. - Penalties for selling or providing unverified cybersecurity products have been clarified, with fines and potential business suspensions for non-compliance [5][7]. - The law expands jurisdiction over foreign entities that threaten China's cybersecurity, allowing for legal actions and asset freezes against them [8][9]. Group 3: Coordination with Other Laws - The revised law enhances coordination with the Civil Code, Personal Information Protection Law, and Data Security Law, ensuring a cohesive legal framework for data handling and cybersecurity [10]. - It includes provisions for lighter penalties under certain circumstances, aligning with the Administrative Penalty Law [10].

Core Viewpoint - The National Cybersecurity Notification Center reported that 54 mobile applications were found to be in violation of personal information protection laws, highlighting significant issues in data collection practices across various apps. Group 1: Violations of Personal Information Collection - 29 mobile applications failed to publicly disclose their rules for collecting and using personal information [1] - 5 mobile applications did not list the purposes, methods, and scope of personal information collection [2] - 6 mobile applications did not inform users of the purpose when requesting permissions to collect personal information [3] Group 2: Consent and Authorization Issues - 3 mobile applications began collecting personal information before obtaining user consent [4] - 4 mobile applications collected personal information beyond the scope authorized by users [5] - 1 mobile application had permissions for collecting personal information that exceeded necessary functional requirements [6] Group 3: User Rights and Complaint Mechanisms - 3 mobile applications collected personal information beyond what was necessary for their functions [7] - 7 mobile applications required users to enable permissions not needed for current functionalities [8] - 4 mobile applications did not provide users with channels for complaints regarding personal information [9] Group 4: Information Correction and Deletion - 8 mobile applications did not offer users a way to correct or supplement their personal information [10] - 7 mobile applications failed to provide specific methods for users to delete their personal information [11] - 8 mobile applications did not offer users a way to cancel their accounts [12] Group 5: Account Cancellation Issues - 2 mobile applications set unreasonable conditions or additional requirements in the account cancellation process [13] - 1 mobile application was found to have misleading or deceptive advertising practices [14] Group 6: Previous Violations - 9 out of 40 previously reported mobile applications continued to have issues upon retesting, leading to their removal from distribution platforms [14]