文 丨 《 BUG》栏目 周文猛 因为获取用户定位信息并进行门店营销，星巴克又一次站到了风口浪尖。 近日，有博主发文质疑星巴克 App 滥用精准定位，向自己进行"追杀式"推销。据悉， 在短 短 3 分钟内，该博主先后收到了两条星巴克门店产品信息的推送，邀请其"到店品鉴"。随 即，此举引发大量网友反感。 《 BUG 》栏目注意到，在数十页长的隐私政策文档中，星巴克仅在最靠后的附件文件中提 及可能存在第三方 SDK "根据定位推送信息"的提示，但最为核心的用户信息获取及用途介 绍环节，却只字未提收集到的用户信息会被用于广告"推送"。 在与《 BUG 》栏目沟通中，河北厚诺律师事务所律师、知名法律博主雷家茂直言："根据 个人信息法规定，应当以显著方式、清晰易懂的语言进行提示，如果设置得很隐蔽、很隐 晦，也不通俗易懂，亦有违法律规定。" 显然，星巴克对于用户定位信息的获取和用途说明，在透明性、通俗性等方面仍有改进空 间。但对于前述问题，《 BUG 》栏目多次沟通星巴克方面，截至发稿公司暂无回应。 3分钟内App弹两条广告 据前述博主提供的图片内容，在短短 3 分钟内，其先后收到了两条星巴克门店产品信息的 推送，邀请其 ...

格隆汇11月21日｜Meta CEO扎克伯格、公司现任及前任高层同意支付1.9亿美元，以和解Meta股东指控 他们违反Facebook用户隐私、因此对公司造成损害的诉讼。股东原先向扎克伯格等人索偿高达80亿美 元，被告则否认所有指控。衍生诉讼所追回的款项将由董事及管理层支付给公司，并间接惠及股东。董 事会亦同意加强董事操守、内幕交易及举报人保护等相关政策。是次和解终结了股东长期以来的衍生诉 讼。 来源：格隆汇APP ...

【环球网科技综合报道】11月20日消息，据WebProNewS报道，困扰欧洲网民多年的Cookie弹窗问题有望得到彻底解决。欧盟委员会近日宣布一项拟议改革 方案，计划通过统一隐私设置规则，终结网络浏览中的"Cookie弹窗噩梦"，为用户打造更便捷的在线体验。 这项改革是欧盟"数字一揽子改革方案"的重要组成部分，核心目标是简化数字领域监管规则，平衡用户隐私保护与上网便捷性。根据新方案，欧盟将推动用 户在浏览器层面进行全局Cookie偏好设置，网站需严格遵守用户的统一选择，无需再让用户为每个访问站点单独点击"接受"或"拒绝"。 改革将分阶段推进：初期网站Cookie提示将简化为单次点击的"是/否"选项，降低用户操作成本；后续随着技术方案集成至主流浏览器，将实现更高效的全 局隐私管理。新规同时明确，网站需在至少六个月内持续遵守用户的Cookie选择，同时针对网站访问量统计等"无害用途"，禁止显示不必要的Cookie横幅， 进一步减少弹窗干扰。 欧盟委员会表示，当前泛滥的Cookie弹窗已导致用户多为快速进入网站而随意点击，并非基于隐私保护的真实选择。此次规则现代化升级，将在强化终端设 备保护的基础上，让公民更自主地 ...

Core Points - Hangzhou Bank announced the revision of the "Hangzhou Bank WeChat Channel User Privacy Protection Agreement" to enhance user privacy protection and ensure compliance with operational standards in WeChat mini-programs [1][2] Summary by Sections Revision Details - The revision expands the scope of the agreement from the original single login channel of WeChat Business Hall to include WeChat channels, which now encompasses both WeChat Business Hall and WeChat mini-programs [2] - A new list of third-party SDKs and marketing authorization agreements has been added to the agreement [2] - Modifications have been made to align with the newly revised "Children's Personal Information Protection Rules," specifically regarding the handling of minors' information [2] Implementation - The updated "Hangzhou Bank WeChat Channel User Privacy Protection Agreement" will take effect on October 31, 2025, requiring customers to re-sign the new agreement upon logging into Hangzhou Bank's WeChat channels [2] - Customers who do not agree with the updated terms can request to terminate their services with Hangzhou Bank [2]

Core Points - Apple is under investigation in France regarding the use of voice recordings collected by its Siri voice assistant, raising significant concerns about user privacy protection [1][3] - The investigation was initiated by the French Human Rights League (LDH) based on testimony from a former Apple contractor, Thomas Le Bonniec, who revealed that sensitive user recordings, including those of cancer patients, were analyzed [3] - The case is being handled by the Paris prosecutor's office's cybercrime division, and the investigation is ongoing with results yet to be announced [3] Company Practices - The core issue of the investigation revolves around Apple's practice of collecting user recordings through Siri, which is integrated into most of its devices and has the capability to record and store audio interactions [3] - Apple claims that the recording feature is optional for users and is intended to improve service quality, with some data potentially retained for up to two years and reviewed by contractors [3] - In January, Apple emphasized that it does not retain audio recordings of Siri interactions unless users explicitly choose to help improve Siri, and even then, the recordings are used solely for that purpose [3]

Core Viewpoint - The recent surge in discussions about "Alipay account authorization management" highlights the importance of user awareness regarding personal data sharing and the need for regular audits of authorized applications [1][2]. Group 1: User Authorization Insights - Users have discovered a significant number of applications authorized through Alipay, with some individuals reporting up to 171 authorization entries dating back to 2015 [2][4]. - The authorized applications primarily fall into two categories: e-commerce services and transportation-related mini-programs, with some authorizations traceable to a decade ago [4][9]. Group 2: User Guidance and Recommendations - Alipay customer service recommends that users regularly clean up authorizations for applications that are infrequently used or no longer in service, such as those related to temporary services like hotel charging or transportation mini-programs [6][11]. - The process for revoking application authorization is straightforward and can be done through the Alipay app by navigating to the "User Protection Center" [7][9]. Group 3: Privacy and Data Security - Alipay emphasizes its commitment to user privacy and data security, stating that third-party applications can only access user information after explicit user consent, adhering to principles of "user explicit authorization" and "minimization" [11][12]. - Users are also advised to be cautious of the "no-password payment/automatic deduction" feature, which can lead to unintended charges even after an application has been uninstalled [12][14].

Core Points - The lawsuit initiated by MiHoYo against Tencent is primarily to obtain user data related to a civil case, highlighting the legal process for data retrieval in privacy matters [1][4] - Tencent's response emphasizes its compliance with privacy laws, stating that it cannot provide user data without a formal judicial request [1][4] - The case is linked to MiHoYo's efforts to combat leaks of unreleased game content, as indicated by previous actions against individuals sharing confidential information [2][7] Group 1: Legal Context - MiHoYo's lawsuit is a common legal strategy to access user data from platforms when pursuing claims against individuals for privacy violations [1][5] - Tencent's refusal to provide user information without judicial authorization is a protective measure under the Cybersecurity Law and Personal Information Protection Law of China [4][7] - The legal framework requires platforms to safeguard user data and only disclose it under specific circumstances, such as user consent or legal mandates [4][7] Group 2: Evidence and Investigation - MiHoYo may have identified some leakers but requires Tencent's data to uncover additional anonymous individuals involved in the leaks [7][8] - The lawsuit allows MiHoYo to formally request evidence, including chat logs and file transfer records, which could substantiate claims of intellectual property infringement [5][8] - The ability to access detailed records from Tencent could provide critical evidence for MiHoYo's case, including the identity of leakers and the specifics of the leaked content [7][8]

Core Points - The article discusses a privacy breach involving xAI's chatbot Grok, which has raised significant concerns about user privacy in the competitive AI chatbot market [1][4] - xAI has been criticized for sharing user conversations without adequate consent, leading to the indexing of over 370,000 user interactions by Google [3] Group 1: Privacy Breach Details - xAI published chat logs from Grok, allowing users to generate unique URLs for sharing conversations, which were also indexed by search engines like Google and Bing [3] - Sensitive information, including names, personal details, and passwords, was exposed through these shared conversations, posing a risk to user privacy [3] - Affected users, such as journalist Andrew Clifford, expressed dissatisfaction over the lack of consent for sharing their conversation content [3] Group 2: Implications and Responsibilities - The incident highlights the need for xAI to uphold its responsibility to protect user privacy as a prominent player in the AI industry [4] - There is a call for increased regulatory oversight of AI companies to ensure the protection of user rights and privacy [4]

Core Viewpoint - The article discusses the launch of a new privacy permission system by five major smartphone manufacturers in collaboration with Google, aimed at enhancing user privacy within the Android ecosystem [3][6][12]. Group 1: Privacy Permission System - The new privacy permission system allows for the reasonable opening of 19 categories of privacy data, significantly improving privacy protection capabilities in the Android ecosystem [3][12]. - The system emphasizes a dual-track approach to data and access, balancing privacy protection with user convenience [16][24]. - A unified permission review platform has been established to evaluate the rationality of permission requests and to prevent misuse [17][18]. Group 2: Industry Collaboration - The collaboration among OPPO, vivo, Xiaomi, Honor, and Lenovo signifies a shift towards a unified standard in the Android ecosystem, enhancing user experience [6][22]. - The Mobile Intelligent Terminal Ecological Alliance (ITGSA) plays a crucial role in this initiative, aiming to provide clear privacy protection guidelines for developers and applications [21][24]. - The involvement of Google indicates a transition in the Android ecosystem towards a collaborative model between manufacturers and the system [24][25]. Group 3: User Experience and Developer Impact - The new system allows users to have more precise control over their data sharing, which will shift the core competitive advantage of applications back to functionality and user experience [24]. - Developers can now integrate with a unified standard interface, reducing the effort required for multi-platform adaptation and allowing them to focus on delivering better services [24][25]. - The introduction of system controls, such as the Photo Picker, enables applications to access only selected data, thus enhancing user privacy while maintaining core functionalities [15][16].

Core Points - Meta Platforms Inc., the parent company of Facebook, has reached a settlement in a privacy lawsuit with investors, agreeing to resolve claims that executives allowed user privacy violations, resulting in significant financial losses for the company [1][3][4] - The lawsuit sought damages amounting to $8 billion (approximately 57.5 billion RMB) against CEO Mark Zuckerberg and 10 other current and former executives [1][3] Summary by Sections - **Settlement Agreement** - A settlement agreement was reached just before the scheduled court hearing, although specific details of the agreement were not disclosed [4] - The presiding judge, Katherine McCormick, acknowledged the settlement and adjourned the court [4] - **Allegations and Claims** - Investors accused the executives, including Mark Zuckerberg and board member Marc Andreessen, of negligence regarding user privacy, leading to substantial economic damages for the company [3][6] - The lawsuit aimed to hold the defendants accountable for billions in fines and legal costs incurred by the company over recent years [3] - **Previous Penalties** - In 2019, the Federal Trade Commission imposed a $5 billion fine on Facebook for failing to comply with a data protection agreement established in 2012 [6] - The plaintiffs are seeking personal asset compensation from the defendants, who have denied all allegations, labeling them as "extreme claims" [6]