ENG
  • Home
  • Insights
  • China Cybersecurity and Data Protection - Monthly Update - August 2023 Issue

China Cybersecurity and Data Protection - Monthly Update - August 2023 Issue

Published

Sep 13 2023

Written By

michael dong Module
Michael Dong

Associate
China

james gong Module
James Gong

Partner
China

tanya luo Module
Tanya Luo

Associate
China

This newsletter summarizes the latest developments in cybersecurity and data protection in China with a focus on the legislative, enforcement and industry developments in this area.

If you would like to subscribe for our newsletters and be notified of our events on China cybersecurity and data protection, please contact James Gong at [email protected].

 
Follow the links below to view our views. 

Our Views

China to Strengthen Financial Data Regulation

What You Need to Know about China’s New Personal Information Audit Requirements

What You Need to Know About China’s New Generative AI Measures

China to Strengthen Generative AI Regulation

Practical Considerations and Insights on Contractual Necessity under PIPL

 
Follow the links below to view the official policy document on the People’s Republic of China Government websites.

Legislative Developments

  1. President Xi stresses advancing high-quality development of cybersecurity, informatization work

    Recently, President Xi Jinping has stressed the need to thoroughly implement the important guidelines of the Communist Party of China Central Committee on boosting China's strength in cyberspace, and to vigorously advance the high-quality development of the work on cybersecurity and informatization. In the new era, the significance of cybersecurity and informatization work has gained substantial prominence. Xi stressed adherence to several principles, including the Party exercising leadership over cyberspace affairs and developing cyberspace affairs for the people. He also underscored the need to coordinate development and security, strengthen the capability to ensure cybersecurity of the country, and promote building a community of a shared future in cyberspace.

  2. Newly amended Counterespionage Law of China came into force

    On 1 July, the newly amended Counterespionage Law of the People's Republic of China came into force, establishing a close connection between data security and national security. The key provisions related to data and personal information protection, as well as cybersecurity, are as follows:

    (1) Engaging in the unauthorized provision of data or conducting cyberattacks against specific authorities is categorized as acts falling within the scope of espionage.

    (2) It is strictly forbidden for individuals or organizations to unlawfully acquire or possess documents, data, materials, or items that qualify as state secrets.

    (3) National security agencies and their personnel bear the responsibility of safeguarding the confidentiality of commercial secrets, individual privacy, and personal information obtained in the course of their counter-espionage duties.

  3. Seven departments jointly announced Interim Measures for Management of Generative Artificial Intelligence Services

    On 13 July, the Cyberspace Administration of China (the “CAC”), together with other six departments released the Interim Measures for the Management of Generative Artificial Intelligence Services (the “AI Measures”), effective on 15 August 2023.

    The AI Measures aim to promote the healthy development and standardised application of generative AI technology. They emphasize maintaining a positive and prudent approach when implementing classification and grading supervision, while encouraging independent innovation and international cooperation in the field of generative AI technology.

    The main focus of these measures is on the obligations of generative AI service providers, including:

    (1) Processing training data in accordance with the law.

    (2) Establishing clear and lawful labelling rules and adhering to them during the research and development process of generative AI technology.

    (3) Assuming the responsibilities of network information content producers and fulfilling relevant obligations in accordance with the law.

    (4) Taking effective measures to prevent minors from becoming dependent on or addicted to generative AI services.

    (5) Fulfilling obligations to protect users' input information and usage records, refraining from unlawfully collecting, storing, or providing them to others.

    (6) Promptly taking action to rectify and report any illegal content to the relevant authorities when discovered.

  4. CAC issued Provisions on Cyber Violence Information Governance (Draft for Comments)

    On 7 July, the CAC issued the Provisions on Cyber Violence Information Governance (Draft for Comments) (the “Cyber Violence Provisions”). The Cyber Violence Provisions aim to effectively protect victims against cyber violence risks. Key aspects covered include the definition of cyber violence information, the designation of competent authorities like the CAC and local cyberspace administrations, and the obligations of network information service providers. These obligations include managing information content, monitoring and alerting about cyber violent information, handling such information appropriately, establishing prevention mechanisms, and implementing special measures for cyber violent information involving minors.

  5. CAC and other three departments jointly issued updated Catalogue of Network Critical Equipment and Network Security Products

    On 3 July, the CAC, together with the Ministry of Industry and Information Technology (the “MIIT”), the Ministry of Public Security (the “MPS”), and the Certification and Accreditation Administration of China (the “CNCA”), issued a notice regarding the updates to the Catalogue of Network Critical Equipment and Network Security Products (the “Product Catalogue”). The revised Product Catalogue now includes four types of network critical equipment and 34 types of network security products. According to the requirements stated in the Product Catalogue, any network critical equipment and network security products listed must undergo security certification or security testing conducted by competent institutions in accordance with the relevant mandatory national standards before being sold or made available.

  6. People's Bank of China issued draft measures for data security management for its own operations

    On 24 July, the People's Bank of China (the "PBOC") released the Measures for the Security Management of Data related to the PBOC's Activity (Draft for Comments) (the “PBOC Measures”). The PBOC Measures consist of eight chapters with a total of 57 articles, covering various aspects such as data classification and grading, general security requirements, management and technical measures for data protection, risk monitoring and auditing, incident addressing measures, and legal responsibilities.

  7. MIIT and National Administration of Financial Regulation jointly issued Opinions on Promoting Standardized and Healthy Development of Cybersecurity Insurance

    On 2 July, the MIIT and the National Administration of Financial Regulation jointly issued the Opinions on Promoting the Standardized and Healthy Development of Cybersecurity Insurance (the “Opinions on Cybersecurity Insurance”). With an aim to accelerate the integration and innovation of the cybersecurity industry and financial services while guiding the healthy and orderly development of cybersecurity insurance, the Opinions on Cybersecurity Insurance propose several key measures, including establishing and improving the policy framework for cybersecurity insurance, promoting innovation in cybersecurity insurance products and services, leveraging cybersecurity technology to enhance insurance development, stimulating demand in the cybersecurity industry, and fostering the ecosystem for the development of cybersecurity insurance.

  8. National Railway Administration issued Administrative Measures for Railway Critical Information Infrastructure Security Protection (Draft for Comments)

    On 18 July, the National Railway Administration (the “NRA”) issued the Administrative Measures for Railway Critical Information Infrastructure Security Protection (Draft for Comment) (the “Railway Administrative Measures”). The Railway Administrative Measures outline the methods for identifying railway critical information infrastructure, the responsibilities and obligations of railway critical information infrastructure operators, and the supervisory obligations of the NRA.

  9. Ministry of Human Resources and Social Security issued Administrative Provisions on Human Resources Service Agencies

    On 30 June, the Ministry of Human Resources and Social Security issued the Administrative Provisions on Human Resources Service Agencies (the "HR Administrative Provisions"). The HR Administrative Provisions, effective on August 1, are the first comprehensive regulations aimed at systematically governing HR service agencies and their activities. They outline guidelines for the handling of personal information and specify the cybersecurity and personal information protection obligations of HR service agencies, including (1) establishing mechanisms for personal information protection and security monitoring; (2) establishing and improving mechanisms for reviewing information release and complaint handling; and (3) ensuring lawful storage of information.

  10. Beijing Municipal Bureau of Economy and Information Technology issued Management Measures for Authorised Operation of Public Data Zones in Beijing (Draft for Comments)

    On 18 July, the Beijing Municipal Bureau of Economy and Information Technology issued the Management Measures for the Authorised Operation of Public Data Zones in Beijing (Draft for Comments) (the “Beijing Management Measures”). The Beijing Management Measures outline the management mechanism, working process, and requirements for operators of public data zones, as well as the requirements for data management and the management and evaluation of public data security.

  11. Shanghai Municipal People's Congress issued Draft Provisions on Promoting Data Circulation and Transactions in Pudong New Area

    On 26 July, the Shanghai Municipal People's Congress issued the Draft Provisions on Promoting Data Circulation and Transactions in the Pudong New Area. The primary objectives are to: (1) define the responsibilities of all parties involved and specify the general requirements for promoting data circulation and transaction; (2) explore the mechanism under the Opinions on Building Basic Systems for Data to Better Give Full Play to the Role of Data Resources for the separation of data property rights, which include the rights related to data resource holding, data processing and use, and data product operation; (3) establish the rules for data circulation and transactions to foster exchange transactions and regulate over-the-counter (OTC) transactions; and (4) create a healthy data market ecology by developing the safe harbour mechanism for data transactions and optimizing the dispute resolution mechanism for such transactions.

  12. Shanghai Cyberspace Administration proposed six suggestions to protect consumers’ personal information when ordering food online

    The Shanghai Cyberspace Administration (the “Shanghai CA”), along with the Municipal Administration for Market Regulation (the “Shanghai MAMR”) and the Municipal Commission of Commerce (the “Shanghai MCC”), is actively cracking down on widespread illegal practices in the catering industry, including excessive data collection and deceptive or even forced access to unnecessary personal information of consumers. To enhance personal information protection for consumers when scanning codes and ordering meals, the Shanghai CA has put forth the following six suggestions:

    (1) Only proceed with using online services if provided with a privacy policy.

    (2) Avoid providing personal information unless necessary.

    (3) Do not authorize access to the phone number through one-click login.

    (4) Exercise caution to prevent disclosing the precise location under false pretences.

    (5) Refrain from providing personal information or following accounts solely for membership benefits.

    (6) Decline targeted marketing advertising.

  13. Zhejiang issued Interim Guidelines for Construction of Corporate Chief Data Officer System

    On 14 July, the Zhejiang Province issued the Interim Guidelines for the Construction of the Corporate Chief Data Officer System in Zhejiang Province (the “Zhejiang CDO Guidelines”). The Zhejiang CDO Guidelines outline an enterprise-led, government-guided, value-centric, multi-party collaboration, and compliant development approach for establishing the corporate Chief Data Officer (the “CDO”) system. The content covers the following:

    (1) Corporate CDO system establishment: Position the CDO at the decision-making level, integrating it into the company's articles of incorporation and management policies.

    (2) CDO roles and responsibilities: Develop data strategies, integrate data assets, implement data projects, and ensure data security.

    (3) CDO qualifications: Possess data strategy thinking, value mining skills, and legal and security awareness.

  14. Jiangxi issued Master Plan for Digital Government Construction

    On 27 July, the Jiangxi Provincial People's Government issued the Master Plan for Digital Government Construction in Jiangxi Province (the "Jiangxi Master Plan"), which outlines the overarching requirements and framework, development path, and primary tasks to establish a digital government. The Jiangxi Master Plan emphasizes the implementation of five major systems: the digital duty performance capacity system, safety and support system, institutional rules system, data resources system, and platform support system. Additionally, it identifies 21 key tasks accompanied by action lists, specifying the responsible departments and corresponding timeframes for their completion.

  15. Guangdong Cyberspace Administration issued Notice on Filing of Standard Contract for Personal Information Export

    On 10 July, the Guangdong Cyberspace Administration issued a notice regarding the filing of the standard contract for personal information export. The objective is to provide guidance and support to personal information processors in the province, ensuring proper filing of the standard contract for personal information export. The notice includes specific instructions on the scope of application, required documentation for filing, filing procedures, and the contact information to access filing consultation services.

  16. Hebei Cyberspace Administration issued Guidance for Filing Standard Contract for Personal Information Export

    On 8 July, the Hebei Cyberspace Administration issued the Hebei Guidance for Filing the Standard Contract for Personal Information Export (First Edition) (the "Hebei Guidance"). The objective is to provide guidance and support to personal information processors in the province, ensuring proper filing of the standard contract for personal information export. The Hebei Guidance includes specific instructions on the scope of application (including the applicable subject and situation along with relevant explanations), the timeframe, methods, procedures, and required documentation for filing, and the contact information to access filing consultation services.

  17. Yunnan Cyberspace Administration issued Guidance for Filing Standard Contract for Personal Information Export

    On 21 July, the Yunnan Cyberspace Administration issued the Yunnan Guidance for Filing the Standard Contract for Personal Information Export (First Edition) (the "Yunnan Guidance"). The objective is to provide guidance and support to personal information processors in the province, ensuring proper filing of the standard contract for personal information export. The Yunnan Guidance includes specific instructions on the scope of application (including the applicable subject and situation along with relevant explanations), the methods, requirements, procedures, and required documentation for filing, and the contact information to access filing consultation services.

  18. Jiangsu Cyberspace Administration issued Guidance for Filing Standard Contract for Personal Information Export

    On 7 July, the Jiangsu Cyberspace Administration issued the Jiangsu Guidance for Filing the Standard Contract for Personal Information Export (First Edition) (the "Jiangsu Guidance"). The objective is to provide guidance and support to personal information processors in the province, ensuring proper filing of the standard contract for personal information export. The Jiangsu Guidance includes specific instructions on the scope of application (including the applicable subject and situation along with relevant explanations), the methods, requirements, procedures, and required documentation for filing, and the contact information to access filing consultation services.

  19. Hubei Cyberspace Administration issued Guidance for Filing Standard Contract for Personal Information Export

    On 5 July, the Hubei Cyberspace Administration issued the Hubei Guidance for Filing the Standard Contract for Personal Information Export (First Edition) (the "Hubei Guidance"). The objective is to provide guidance and support to personal information processors in the province, ensuring proper filing of the standard contract for personal information export. The Hubei Guidance includes specific instructions on the scope of application (including the applicable subject and situation along with relevant explanations), the methods, requirements, procedures, and required documentation for filing, and the contact information to access filing consultation services.

  20. Zhejiang released Q&As (I) on Filing Standard Contract for Personal Information Export

    On 11 July, the Zhejiang Cyberspace Administration issued the first set of Q&As addressing various inquiries related to filing the standard contract for personal information export. This Q&As provide clarification on important topics including the requirements, methods, and procedures for filing, the designated rectification period, the requirements for conducting personal information protection impact assessment, and whether personal information processors have the discretion to formulate or revise the standard contract.

  21. Beijing Municipal Communications Administration issued Implementation Rules for Management of Data Security in Telecoms Sector

    On 25 July, the Beijing Municipal Communications Administration (the “Beijing MCA”) issued the Implementation Rules for the Management of Data Security in the Telecoms Sector in Beijing, which establish requirements for data processors in the telecoms sector regarding both basic data security protection and full life-cycle data security protection.

    The basic data security protection requirements encompass several key measures. These include conducting a data review at least once a year, identifying important data and core data, and completing the necessary filing procedures. Additionally, data processors must develop appropriate protective measures based on the classification and grading of their data. It is also essential for organizations to allocate personnel responsible for data security management, conduct regular data security audits, and establish an emergency response plan and drills for handling data security incidents.

    In accordance with the full life-cycle data security protection requirements, different levels of data necessitate tailored protection requirements and operational procedures. These measures apply to various stages, including data collection, storage, use, processing, transmission, provision, and disclosure.

  22. National Information Security Standardization Technical Committee issued Information Security Technology – Framework for Network Security Product Interconnection (Draft for comments)

    On 19 July, the National Information Security Standardization Technical Committee (the “TC260”) released the Information Security Technology - Framework for Network Security Product Interconnection (Draft for Comments). This is aimed to guide the design, development, and application of network security product interconnection by providing a framework for interconnection functions and information. The interconnectivity functions encompass identification, protection, monitoring, and disposal, while the interconnectivity information is classified into six categories: behavioural, alarm, asset, vulnerability, threat, and event information.

    Enforcement Developments

  23. CAC released law enforcement report for first half of 2023

    On 31 July, the CAC released the law enforcement report for the first half of 2023. During this period, cyberspace administrations nationwide summoned the operators of 5,518 websites, suspended the functionality or updates of 188 websites, removed 120 Apps, and shut down 87 WeChat mini-programs. Furthermore, in collaboration with telecom authorities, cyberspace administrations cancelled 7,704 illegal websites and urged relevant websites and platforms to remove 39,100 illegal accounts in compliance with the law.

  24. MPS held press conference on updates in safeguarding national network and data security

    On 6 July, the MPS held a press conference to provide an update on the efforts to safeguard national network and data security. The conference is aimed to inform the public about the performance of public security organs across the country in implementing measures to protect national network and data security. These measures encompass various actions, such as enhancing the graded protection mechanism for network security, promoting the security protection of critical information infrastructure, strengthening data security protection, conducting network security supervision and administrative law enforcement, and cracking down on illegal and criminal activities that pose threats to network and data security.

  25. MIIT called out 31 Apps infringing on users' rights and interests

    On 7 July, the MIIT released a list of 31 Apps (the 4th batch in 2023 and the 30th batch in total) that were found to have infringed on users' rights and interests. In a recent initiative, the MIIT engaged a third-party testing agency to inspect Apps and third-party software development kits (SDKs) widely used for leisure and entertainment, practical tools, and mobility and travel purposes. As a result of this inspection, the MIIT identified and named 31 Apps (SDKs) that were found to have infringed upon users' rights and interests. Notable Apps on the list include Beijing Bus, ZhongAn Insurance, and Mafengwo.

  26. Beijing MCA identified 11 Apps for inadequate rectification and removed 18 Apps

    The Beijing MCA recently conducted a sampling inspection as part of its ongoing campaign to ensure App privacy compliance and network data security. During this inspection, several problematic Apps were identified, exhibiting various issues including: (1) collecting personal information against the necessity principle; (2) illegally providing personal information to third parties; (3) failing to expressly indicate the purpose, method and scope of personal information collection and use; (4) collecting and using personal information without obtaining user consent; (5) failing to disclose the rules for personal information collection and use; (6) application data backup risks; and (7) excessive autostart of Apps.

    On 29 July, the Beijing MCA released a list of 11 Apps that had not yet completed the necessary rectifications. Furthermore, it declared that 18 Apps, previously called out on 29 June for infringing upon users' rights and interests, would be removed from all App stores as they had not completed the required rectifications within the specified timeframe.

  27. Guangdong Municipal Communications Administration identified 116 Apps for inadequate rectification and removed 12 Apps

    On 20 July, the Guangdong Municipal Communications Administration (the “Guangdong MCA”) named 116 Apps that had not completed the necessary rectifications. The problems identified included: illegal collection and/or use of personal information, mandatory and excessive requests for permissions, excessive autostart of Apps, and difficulty for users to cancel their accounts. The 116 Apps were given a deadline of 28 July to complete the required rectifications, failing which they would face corresponding penalties. Furthermore, the Guangdong MCA declared that 12 Apps, previously called out on 16 May for infringing upon users' rights and interests, would be removed from all App stores as they had not completed the required rectifications within the specified timeframe.

  28. Zhejiang Provincial Municipal Communications Administration called out 17 Apps infringing on users' rights and interests

    In a recent action, the Zhejiang Provincial Municipal Communications Administration (the “Zhejiang MCA”) engaged a third-party testing agency to inspect Apps widely used for online shopping, practical tools, and learning and education purposes. The inspections aimed to identify and address various issues, such as the illegal collection of personal information, mandatory push notifications, excessive requests for permissions, and excessive autostart of apps. On 21 July, the Zhejiang MCA released a list of 17 Apps that had not yet completed the necessary rectifications. These Apps were given a deadline of 31 July to complete the required rectifications, failing which they would face corresponding penalties.

  29. Beijing MCA held symposium on network and data security supervision of telecoms and Internet industry

    On 30 June, the Beijing MCA held the symposium for 2023 on network and data security supervision of the telecoms and Internet industry in Beijing. The symposium was attended by Party group members and deputy directors of the regulator and more than 50 representatives from relevant enterprises. During the symposium, an overview of Beijing's information and communication industry's network and data security initiatives was presented. Additionally, the Notice on Further Strengthening the Management of Network Security Protection in the Telecoms and Internet Industry was interpreted, and the key tasks concerning network and data security in the upcoming phase were assigned. The symposium also provided a platform for seven enterprise representatives to deliver speeches and share their opinions on the subject matter.

  30. Beijing Cyberspace Administration held guidance meeting and issued rectification notifications to enterprises regarding app privacy issues

    On 13 July, the Beijing Cyberspace Administration, in collaboration with the Beijing branch of the National Computer Network Emergency Response Technical Team/Coordination Center of China (the “CNCERT/CC”), organised a guidance meeting to inform ten enterprises of the problems identified in the Apps they operate. The problems were found in a special action targeting the illegal collection of personal information. A Rectification Notification was issued to each of the enterprises, requiring them to complete the required rectification within a specified timeframe.

  31. Shanghai took comprehensive measures to safeguard consumer privacy in parking lots

    In mid-July, Shanghai initiated a law enforcement action targeting parking lots as part of its wider campaign to protect consumers' personal information rights and interests. Concerns were raised regarding certain shopping mall parking lots in the city that mandated consumers to register for membership or follow the malls' WeChat account when scanning a code to pay for parking fees. To address this issue, the cyberspace and market supervision regulators in Shanghai took various measures, including on-site law enforcement and conducting interviews. Currently, 64 car parks in shopping malls located in key business areas across the city have adopted "clean codes" for charging parking fees. This new system enables consumers to pay their parking fees directly by entering their car license plate number and clicking on the payment button, streamlining the process into just two simple steps.

  32. Shanghai MCA conducted network and data security inspection

    On 3 July, the Shanghai MCA announced the commencement of the 2023 network and data security inspection for the telecoms and Internet industry. The inspection targets various entities, including basic telecoms enterprises providing public Internet network information services, Internet enterprises (including cloud platform service providers, App and mini-program operators, Internet of Vehicles (IoV) enterprises, industrial Internet platforms, and identifier resolution node enterprises), and domain name registration service agencies. The primary objectives of the inspection encompass evaluating the implementation of the construction of network and data security support systems, communication network security measures, IoV network security grading and filing management, network security protection in industrial Internet enterprises, network data security protection, and the safeguarding of personal information and user rights.

    Industry Developments

  33. MIIT launched filing process for pilot demonstration projects in development of big data industry for 2023

    On 11 July, the MIIT issued a notice to launch the filing process for pilot demonstration projects in the development of the big data industry for the year 2023. The primary objective is to identify a selection of innovative, effective, and exemplary projects that will contribute to the high-quality advancement of the big data industry. This initiative covers 13 different directions within four key fields, namely big data application, digital governance application, data management and circulation, and data security control.

  34. People Data released Blue Book on Data Protection for Minors in China (2023)

    On 4 July, People Data, a subsidiary of the People's Daily, published the Blue Book on Data Protection for Minors in China (2023). This report delves into the crucial topic of safeguarding minors' data and provides an overview of existing legislation, regulatory frameworks, and technological practices in this field. The report also compiles valuable insights on the exploration and practices undertaken by various brands and platforms in the realm of children's data protection.

  35. Beijing MCA held seminar on personal information protection for App developers in Beijing

    On 25 July, the Beijing MCA, in collaboration with the China Academy of Information and Communications Technology, held a training seminar on personal information protection for App developers in Beijing. The seminar drew the participation of nearly 200 representatives from 128 Internet enterprises based in Beijing. During the seminar, participants were provided with detailed explanations of the Notice of the MIIT on Further Improving Mobile Internet Application Service Capability, the Technical Requirements for SDK User Rights and Interests and Personal Information Protection were introduced, as well as the Case Studies on SDK User Rights and Interests Protection and Rectification Procedures. Experts in the field conducted training sessions on various topics, including the development of the personal information protection industry for mobile applications, compliance audit methods for personal information protection, and the role of mobile application services in facilitating the digital transformation of enterprises.

  36. Shanghai conducted legal training on personal information protection in catering industry

    Recently, the Shanghai CAC, in conjunction with the Shanghai MCC and other departments, provided legal trainings and administrative guidance in batches on personal information protection in the catering industry and took proactive measures to raise awareness among catering businesses. On 4 July, representatives from over 80 renowned food and beverage chains like Haidilao, Guimanlong, Domino's, Diandude, and Heytea, participated in the first batch of training courses specifically focused on personal information protection. This initial session encompassed more than 16,000 restaurants.

  37. CAC released Test Report on Personal Information Collection by E-book Apps

    On 27 July, the CAC released the Test Report on Personal Information Collection by E-book Apps. The test involved the evaluation of eight e-book Apps selected from 19 different App stores, each with a cumulative download counts of 100 million. The results revealed that these Apps sought five types of system permissions under four distinct scenarios, including access to location data, device information, the app list, and the clipboard. Notably, it was observed that none of the Apps requested permissions to access the camera, the microphone, or the address book.

  38. CAC released Test Report on Personal Information Collection by Cloud Storage Apps

    On 27 July, the CAC released the Test Report on Personal Information Collection by Cloud Storage Apps. The test involved the evaluation of five cloud storage Apps selected from 19 different App stores, each with a cumulative download counts of 100 million. The results revealed that these Apps sought five types of system permissions under four distinct scenarios, including access to location data, device information, the app list, the clipboard, and storage. Notably, it was observed that none of the Apps requested permissions to access the camera, the microphone, or the address book.

  39. CAC released Test Report on Personal Information Collection by Photo Editing Apps

    On July 27, the CAC released the Test Report on Personal Information Collection by Photo Editing Apps. The test involved the evaluation of five photo editing Apps selected from 19 different App stores, each with a cumulative download counts of 100 million. The results revealed that these Apps sought five types of system permissions under four distinct scenarios, including access to location data, device information, the app list, the clipboard, and the camera. Notably, it was observed that none of the Apps requested permissions to access the microphone or the address book.

  40. Inaugural spatial data transaction was launched in Beijing

    On 29 June, the Beijing Institute of Surveying and Mapping successfully completed the first spatial data transaction in China via the Beijing International Big Data Exchange (the “Beijing Data Exchange”). This transaction marked the first time a national surveying and mapping institution registered with the Beijing Data Exchange, the first data asset registration in the spatial field; and the first data transaction in the spatial domain. The landmark transaction holds significant importance as a demonstrative case within the nationwide efforts to promote the implementation of basic data systems in China.

  41. Chengdu Data Group Co. Ltd. was formally established

On July 5, Chengdu Data Group Co. Ltd. (the "Chengdu Data Group") was formally established, with a registered capital of 4 billion CNY yuan and headquartered in Chengdu Hi-tech Industrial Development Zone. As the first state-owned enterprise in the Chengdu-Chongqing region with data as its core business, the Chengdu Data Group is driven by a development vision to become the creator of a first-class digital economy ecosystem in the country. With a focus on serving urban development strategies, the company will also play a vital role in investment and financing, operation services, and ecological construction.

Latest insights

More Insights
Headphones on pink

A Step Towards Fairness? The UK Voluntary Code of Good Practice on Transparency in Music Streaming explained

May 16 2024

Read More
grass sports field with marking lines

ASA Checklist: Euro 2024

May 16 2024

Read More
Generative AI

AI in the workplace: Shaping the next generation

May 15 2024

Read More
More Insights

Related capabilities

Privacy and Data Protection Technology & Communications
Previous July Issue