央视网消息：据"国家网络安全通报中心"微信公众号消息，依据《网络安全法》《个人信息保护法》等 法律法规，按照《中央网信办、工业和信息化部、公安部、市场监管总局关于开展2025年个人信息保护 系列专项行动的公告》要求，经国家计算机病毒应急处理中心检测，72款移动应用存在违法违规收集使 用个人信息情况，现通报如下。 1、在App首次运行时未通过弹窗等明显方式提示用户阅读隐私政策等收集使用规则；以默认选择同意 隐私政策等非明示方式征求用户同意；隐私政策难以访问；个人信息处理者在处理个人信息前，未以显 著方式、清晰易懂的语言真实、准确、完整地向个人告知个人信息处理者的名称或者姓名、联系方式、 个人信息的保存期限等。涉及17款移动应用如下： 《UB+SEEK无线音箱》（版本1.8.1，华为应用市场）、《笨嘴神器股票数据分析交流平台》（微信小 程序）、《财富股研》（微信小程序）、《宠物托运丨易丰运宠》（微信小程序）、《大智慧》（版本 V1.10，华为应用市场IdeaHub专区）、《豆豆饭》（版本v2.3.5，华为应用市场）、《饭好办外卖》 （支付宝小程序）、《光环助手》（版本V1.2.0，AppStore）、《嗨玩租》（ ...

Core Viewpoint - The recent draft regulation by the National Internet Information Office aims to address the issue of excessive data collection and clarify the boundaries for personal information collection and usage by internet applications [1][2] Group 1: Issues in Data Collection - The internet applications have long been plagued by hidden rules regarding personal information profit, such as collecting user social networks through contact permissions and using microphone access for targeted advertising [1] - Many platforms disguise excessive data collection as "experience upgrades," employing tactics like "bundled consent" and "default selections" to lead users to unknowingly disclose personal information [1] - The forced operational model not only erodes user trust but also leads to frequent data misuse, hindering healthy industry development [1] Group 2: Objectives of the Draft Regulation - The draft regulation targets the core issues in the industry, aiming to further standardize the collection and usage of personal information by internet applications [2] - Certain provisions require applications to separate core functions from non-essential permissions, allowing users to grant permissions selectively and eliminating bundled consent [2] - The regulation emphasizes the "minimum necessity" principle, mandating that permission requests must be directly related to current functions and cease immediately after the task is completed [2] Group 3: Vision for Data Ecosystem - The draft is not intended to restrict data circulation but to create a "bounded circulation" data application ecosystem, encouraging companies to focus on service quality and transparent data collection [2] - Users should regain their rights to be informed and to choose, actively monitoring permission requests and utilizing their rights to report complaints [2] - Collaborative efforts are needed among all parties to protect user rights while allowing for the valuable application of data elements, supporting the development of AI and big data [2]

Core Viewpoint - The article highlights the detection of 70 mobile applications that violate personal information protection laws, emphasizing the need for compliance with privacy policies and user consent in data handling practices [1][2][3]. Group 1: Violations in User Consent and Information Handling - 23 mobile applications failed to provide clear notifications for users to read privacy policies upon first use, making it difficult for users to access these policies [1]. - 24 mobile applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [2]. - 14 mobile applications shared personal information with third parties without user consent or proper notification [3]. - 5 mobile applications began collecting personal information without obtaining user consent first [4]. - 4 mobile applications did not offer effective options for users to correct, delete personal information, or cancel their accounts [5]. - 2 mobile applications failed to process complaints and requests for personal rights in a timely manner [6]. - 23 mobile applications did not provide users with a way to withdraw consent for personal information collection [7]. Group 2: Security Measures and Policy Compliance - 34 mobile applications did not implement adequate security measures such as encryption or anonymization of personal information [11]. - 9 mobile applications lacked a privacy policy altogether, which is a significant compliance issue [12]. - 13 mobile applications did not have specific rules for handling personal information of minors, failing to obtain necessary parental consent [10]. - 1 mobile application did not inform users about the necessity and impact of processing sensitive personal information [9]. - 3 mobile applications used automated decision-making for information push and marketing without providing options for users to refuse [8].

Core Points - The National Cybersecurity Notification Center reported that 64 mobile applications were found to illegally collect and use personal information, including apps from 7 financial institutions [1][5] - The violations involved 13 types of misconduct, with 5 major categories identified as "high-risk" behaviors [3][4] Group 1: Financial Institutions - Four brokerage firms and three banks were named, including Chengtong Securities, Xingye Securities, Shengan Securities, Wukuang Securities, Longjiang Bank, Wuhai Bank, and Haixia Bank [1][5] - Specific issues included failure to inform users about the recipients of their personal information and not obtaining separate consent, affecting apps from Chengtong Securities, Haixia Bank, Xingye Securities, and Wukuang Securities [6] - Chengtong Securities did not implement necessary security measures such as encryption, while Xingye Securities failed to provide users with a way to withdraw consent for data collection [6] Group 2: Violations and Categories - The five major categories of violations included: 1. Lack of clear notification to users about privacy policies at the first app launch [3] 2. Incomplete privacy policies that did not specify the purposes, methods, and scope of personal information collection [3] 3. Failure to inform users about the transfer of their personal information to other parties [3][6] 4. No provision for users to easily withdraw consent for data collection [4][6] 5. Inadequate security measures such as encryption and de-identification [4] - Other industries affected included food and beverage, gaming, transportation, and lifestyle services, with notable brands like Starbucks, Hualala, and others being implicated [7]

Core Insights - The Central Cyberspace Administration of China has detected violations of user rights in 15 apps and 16 SDKs, highlighting issues such as failure to list the SDKs collecting personal information and lack of clarity on the rules for personal information collection [1][6]. Group 1: Issues Identified in Apps - Eight of the 15 problematic apps failed to list the SDKs collecting personal information, including Moji Weather TV version (1.3.8) and Dongman Zhi Jia (3.9.13) [1][2]. - Seven apps did not accurately specify the purpose, method, and scope of personal information collection by the SDKs, including Youdao Premium Course (6.8.2) and Tuhu Car (7.10.5) [1][3]. Group 2: Issues Identified in SDKs - Among the 16 problematic SDKs, three did not provide rules for personal information collection, including CTP Penetration Collection and Jinsida Penetration Collection [3][4]. - Four SDKs, such as Xigua Video, failed to explain measures for responding to user requests regarding personal information rights in their collection rules [3][4]. Group 3: Regulatory Actions and Compliance - The Central Cyberspace Administration requires the operators of the identified apps and SDKs to complete rectifications within 15 working days from the announcement and report back on their compliance [6]. - The regulatory body will conduct follow-up inspections and take legal actions based on the rectification results [6].

0 0 0 0 I 000H00HH00 H o 0 0 0 1 0 ------ 00 T 1 1000 I 0 0 0 0 0 r 0 0 0 0 1 0 0 0 0 0 000 0 0 0 0 0 0 0 o Ho :国家网络安全 一点宣传周 0 0 0 0 0 1 0 0 0 0 0 OHOHO 1 0 0 0 0 0 0 101 0 l 主 0 0 1 (--------- 2- (2) 0 0 1 - China Cybersecurity Week 0 ------- 0 0 1 l 11 0 0 1 0 0 1 0 0 0 T 1 1 - 0 0 0 0 1 0 0 0 0 0 0 0 0 c 4 pend from the 0 0 0 0 0 0 0 0 0 0 0 e 0 0 格安全 你我同行 0 0 0 c 0 0 8 3 融网络安全宣传手册 中国人民银行 THE PEOPLE'S BANK OF CHINA 《中华人民共和国网络安全法》 《中华人民共和国网络安全法》由中 华人民共和国第十二届全国人民代表大会 常务委员会第二十四次会议于2016年11月 7日表决通过,自2017年6月1日 ...