Core Points - The National Internet Information Office and the Ministry of Public Security released a draft regulation on personal information protection for large internet platforms, establishing criteria for identifying such platforms and their obligations for personal information protection [1][3] - The draft regulation aligns with previous regulations and emphasizes the principle that greater capabilities entail greater responsibilities in digital economy regulation [1][3] Group 1: Identification Criteria for Large Platforms - Large platforms are identified based on having over 50 million registered users or over 10 million monthly active users, providing significant network services, and handling data that could impact national security and economic operations if compromised [5][6] - Traditional internet platforms like Tencent, Alibaba, and ByteDance, as well as emerging AI companies and smart device manufacturers, are likely to fall under this regulation [3][6] Group 2: Compliance and Reporting Requirements - Large platforms must appoint a personal information protection officer and establish a dedicated team to manage personal information protection, including creating internal management systems and emergency response plans [9][10] - The draft regulation requires platforms to publish annual social responsibility reports on personal information protection, addressing previous shortcomings in compliance and transparency [9][10] Group 3: Independent Supervision Mechanism - The draft regulation proposes the establishment of independent supervisory committees composed mainly of external members to oversee personal information protection compliance [12][13] - These committees will have specific responsibilities, including monitoring compliance systems, evaluating the impact of personal information protection measures, and maintaining regular communication with users [13][14]

Core Viewpoint - The article discusses the newly released draft regulations for personal information protection by large internet platforms in China, emphasizing the responsibilities and obligations these platforms must adhere to in safeguarding user data [1][3]. Group 1: Regulatory Framework - The draft regulations define large internet platforms based on user scale, specifically those with over 50 million registered users or 10 million monthly active users [5]. - Major companies like Tencent, Alibaba, ByteDance, and emerging AI firms such as DeepSeek and MiniMax are included under this definition, indicating a broader scope of regulation [3][5]. - The principle of "with great power comes great responsibility" is highlighted, indicating that larger platforms will face stricter compliance requirements [1][3]. Group 2: Compliance Requirements - Large platforms are required to establish dedicated personal information protection teams responsible for creating and implementing internal management systems and emergency response plans [10]. - The regulations mandate that personal information collected within China must be stored in domestic data centers, and platforms must conduct compliance audits and risk assessments [11]. - There is an emphasis on the need for platforms to publish social responsibility reports regarding personal information protection, which has previously been inadequately addressed by many companies [10]. Group 3: Independent Oversight - The draft regulations propose the establishment of independent supervisory committees composed mainly of external members to oversee personal information protection practices [13][15]. - These committees are tasked with monitoring compliance, evaluating the protection of sensitive personal information, and ensuring regular communication with users [15]. - Concerns are raised about the feasibility of these committees, as many platforms have yet to take significant steps towards establishing them [14].

Core Viewpoint - The draft regulations on personal information protection for large internet platforms have been released, establishing criteria for identifying such platforms and outlining their obligations for personal information protection [1][2]. Group 1: Identification of Large Platforms - The draft specifies that platforms with over 50 million registered users or 10 million monthly active users will be classified as large internet platforms, which includes traditional internet giants and emerging AI companies [3][4]. - Companies like DeepSeek, MiniMax, and Kimi, as well as smart device manufacturers such as OPPO, vivo, and Honor, are also likely to fall under this classification due to their user base [1][3]. Group 2: Responsibilities and Compliance - Large platforms are required to establish dedicated personal information protection teams, appoint responsible personnel, and publish annual social responsibility reports regarding personal information protection [6][7]. - The draft emphasizes the need for platforms to store personal information generated within China in domestic data centers and to conduct compliance audits and risk assessments [7]. Group 3: Independent Supervision - The draft regulations propose the establishment of independent supervisory committees composed mainly of external members to oversee personal information protection compliance [10][11]. - These committees will be responsible for monitoring compliance with personal information protection regulations and will need to maintain regular communication with users [11].