Click above|Follow us
Recently, in terms of legislation, the Measures for the Protection of Personal Information of Large-Scale Internet Platforms (Draft for Comment) and the Measures for the Administration of Network Security Identification (Draft for Comment) have been issued, focusing on end-to-end compliance of large-scale internet platforms and unified identification management for the cybersecurity capabilities of network products. The MPS has formulated the Measures for Cyberspace Security Supervision and Inspection by Public Security Organs (Draft for Comment) to improve law enforcement rules. The TC260 has issued draft practice guidelines focusing on personal information identification, de-identification, and anonymization. In terms of law enforcement, the CAC has released the results of centralized investigation and punishment of illegal and irregular labeling of AI-generated content. Overseas, the EU has put forward a digital omnibus legislative proposal to simplify existing rules on artificial intelligence, cybersecurity, and data protection; the White House has issued an executive order to accelerate AI technological breakthroughs; and Apple’s ATT framework is facing anti-monopoly allegations in Poland, among other developments.
HOTSPOT
HOTSPOT
CAC and MPS Issue the Measures for the Protection of Personal Information of Large-Scale Internet Platforms (Draft for Comment)
On November 22, 2025, the Cyberspace Administration of China (CAC) and the Ministry of Public Security (MPS) jointly issued the Measures for the Protection of Personal Information of Large-Scale Internet Platforms (Draft for Comment) (hereinafter referred to as the "Measures"), soliciting public opinions with the deadline for feedback on December 22, 2025. Focusing on "large-scale internet platforms" (a category of personal information processors specified in the Regulations on the Administration of Network Data Security), the Measures propose to implement directory management for such platforms, set higher requirements for their personal information processing activities and protection work, especially strengthen external supervision and social oversight, and emphasize establishing an end-to-end compliance chain covering personnel, institutions, and storage facilities.
For more information, please click here.
Source: CAC
TC260 Solicits Public Opinions on 3 Network Security Standard Practice Guidelines Including Personal Information Identification, De-identification, and Anonymization
On November 24, 2025, the National Information Security Standardization Technical Committee (TC260) solicited public opinions on 3 network security standard practice guidelines, including personal information identification, de-identification, and anonymization, with the deadline for feedback on December 7, 2025.
Among them, the Guidelines for Personal Information Identification (Draft for Comment) identifies personal information through four elements: "various types of information", "relevant to", "identified or identifiable", and "natural person", explains and gives examples of each element, and emphasizes that personal information identification shall be combined with specific contexts and specific scenario facts. The Guidelines for Personal Information De-identification (Draft for Comment) clarifies two main technical paths for de-identification: desensitization and pseudonymization, provides the implementation framework, process steps, and safety guarantee measures for pseudonymization, and offers identifier identification rules and examples, de-identification reference cases, and desensitization examples of common types of personal information. The Guidelines for Personal Information Anonymization (Draft for Comment) provides the judgment rules, implementation methods, application scenarios of anonymization, as well as personal information anonymization reference cases and technologies involved in anonymization processing, etc.
For more information, please click here.
Source: TC260
SAMR Solicits Public Opinions on the Guidelines for Anti-monopoly Compliance of Internet Platforms (Draft for Comment)
On November 15, 2025, to support and guide platform operators in effectively preventing anti-monopoly compliance risks, improving anti-monopoly compliance management mechanisms, protecting the legitimate rights and interests of relevant entities, maintaining a fair market competition order, and promoting the healthy development of the platform economy, the State Administration for Market Regulation (SAMR) issued the Guidelines for Anti-monopoly Compliance of Internet Platforms (Draft for Comment) (hereinafter referred to as the "Guidelines") and solicited public opinions.
In recent years, China’s platform economy has developed rapidly, with new formats and business models emerging continuously, and competition behaviors becoming increasingly complex. The Guidelines provide detailed rules for platform operators to identify monopoly risks and clarify behavioral boundaries, supporting and guiding them to accurately identify, evaluate, and prevent monopoly risks. It also systematically sorts out the types of monopoly behaviors in internet platform operations and offers compliance suggestions for key risk management and compliance assurance mechanisms.
Source: SAMR
https://www.samr.gov.cn/hd/zjdc/art/2025/art_8e05960782204036af6b9583f1413378.html
NEWSLETTER
NEWSLETTER
(Click on the source or copy the corresponding link to view the details)
LEGISLATION
CAC and MPS Issue the Measures for the Protection of Personal Information of Large-Scale Internet Platforms (Draft for Comment)
Source: CAC
MPS Issues the Measures for Cyberspace Security Supervision and Inspection by Public Security Organs (Draft for Comment)
Source: MPS
https://www.mps.gov.cn/n2254536/n4904355/c10316016/content.html
CAC Issues the Measures for the Administration of Network Security Identification (Draft for Comment)
Source: CAC
SAMR Solicits Public Opinions on the Guidelines for Anti-monopoly Compliance of Internet Platforms (Draft for Comment)
Source: SAMR
https://www.samr.gov.cn/hd/zjdc/art/2025/art_8e05960782204036af6b9583f1413378.html
SAMR Solicits Public Opinions on the Measures for E-commerce Platforms to Assist in Investigating and Handling Trademark Infringement Cases (Draft for Comment)
Source: SAMR
https://www.samr.gov.cn/hd/zjdc/art/2025/art_0d4a120758a7437e8a0b69b6016c5fbb.html?sessionid=-1872927072
TC260 Solicits Public Opinions on 3 Network Security Standard Practice Guidelines (Personal Information Identification, De-identification, Anonymization)
Source: TC260
Multiple Departments in Shanghai Issue the Guidelines for Network Data Security and Personal Information Protection Compliance of Internet Enterprises Engaged in Medical Services in Shanghai
Source: Shanghai Cyberspace Administration
Hunan Cyberspace Administration Solicits Public Opinions on the Benchmarks for the Discretionary Power of Cyberspace Administrative Penalties in Hunan Province (Draft for Comment)
Source: Hunan Cyberspace Administration
General Technical Requirements for Customer Service-Type Virtual Digital Humans (GB/T 46483-2025) Officially Released
Source: Shanghai Cyberspace Administration
INDUSTRY TRENDS
CAC Releases the Results of Centralized Investigation and Punishment of Apps with Illegal and Irregular Content Labeling
Source: CAC
Supreme People's Court (SPC) Releases Typical Cases of Governing Malicious Intellectual Property Litigation
Source: SPC
Supreme People's Court (SPC) Releases Typical Cases of Network Protection of Minors and Punishment of Illegal and Criminal Acts
Source: SPC
National Data Administration (NDA): Launch of the First Batch of 12 Pilot Projects for the Development and Utilization of Data Resources by State-owned Enterprises
Source: NDA
Public Security Ministry's Computer Information System Security Product Quality Supervision and Inspection Center Notifies 40 Mobile Applications
Source: Cyberspace Security Bureau of the MPS
Guangdong Cyberspace Administration Issues the Guidelines for the Filing of Standard Contracts for Cross-border Flow of Personal Information in the Guangdong-Hong Kong-Macao Greater Bay Area, Shifting Standard Contract Filing Online
Source: Guangdong Cyberspace Administration
Shanghai Higher People's Court Releases a Contract Fraud Case of "Freeloading Traffic" Through Exploiting Advertising Platform Settlement Vulnerabilities
Source: Shanghai Higher People's Court
Shanghai Cyberspace Administration Issues the Announcement on the Registration Information of Generative Artificial Intelligence Services in Shanghai (November 19)
Source: Shanghai Cyberspace Administration
Shanghai Cyberspace Administration Releases Ten Typical Disposal Cases of Optimizing the Business Network Environment
Source: Shanghai Cyberspace Administration
Shanghai Cyberspace Administration Releases the Long-term Governance Results of the Application of "Facial Recognition" Technology
Source: Shanghai Cyberspace Administration
Shanghai Cyberspace Administration Carries Out Special Law Enforcement on "AI Abuse", Taking 54 Apps Illegally Using Gen AI Technology Off the Shelf
Source: Shanghai Cyberspace Administration
Shanghai Communications Administration Issues the Notice on Apps (SDKs) Infringing on Users' Rights and Interests (10th Batch in 2025)
Source: Shanghai Communications Administration
Shanghai Communications Administration Issues the Notice on Apps (SDKs) Infringing on Users' Rights and Interests (10th Batch in 2025)
Source: Shanghai Communications Administration
Shandong Higher People's Court Releases a Contract Dispute Case Between a Trading Company and a Technology Company Arising from the Suspension of an AI Digital Human Anchor by the Platform
Source: Shandong Higher People's Court
Guangzhou Intermediate People's Court Concludes the First Case in Guangdong Province Arising from the Disclosure of Personal Information in Carbon Quota Transactions
Source: Guangzhou Intermediate People's Court
Two Entities Punished by Public Security Organs for Failing to Complete the Level Protection Evaluation
Source: Tongren Public Security Bureau
Xiangxi Prefecture Cyberspace Administration Imposes an Administrative Penalty on a School for Failing to Fulfill Data Security Protection Obligations
Source: Hunan Cyberspace Administration
Gansu Communications Administration Issues the Notice on Disposing of Apps and Mini Programs Infringing on Users' Rights and Interests (6th Batch in 2025)
Source: Gansu Communications Administration
Shaanxi Cyberspace Police Legally Investigate a Case of Data Leakage Caused by an Attack on a Drone Management Platform
Source: Cyberspace Security Bureau of the MPS
Changsha Cyberspace Administration Releases Typical Law Enforcement Cases Related to Personal Information Protection
OVERSEAS
EU:
Court of Justice of the European Union (CJEU) Dismisses Amazon's Lawsuit Against Its Designation as a VLOP Under the DSA
Source: CJEU
https://curia.europa.eu/jcms/upload/docs/application/pdf/2025-11/cp250144en.pdf
European Commission (EC) Issues a Digital Omnibus Legislative Proposal to Simplify Existing Rules on AI, Cybersecurity, and Data
Source: European Commission
https://commission.europa.eu/news-and-media/news/simpler-digital-rules-help-eu-businesses-grow-2025-11-19_en
EC Releases the 2030 Consumer Agenda
Source: EC
https://commission.europa.eu/news-and-media/news/2030-consumer-agenda-strengthening-consumer-protection-competitiveness-and-sustainable-growth-2025-11-19_en
EC Releases a Digital Omnibus on AI Regulation Proposals
Source: EC
https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-ai-regulation-proposal
EC Launches Market Investigations into Cloud Computing Services Under the DMA
Source: EC
https://digital-markets-act.ec.europa.eu/commission-launches-market-investigations-cloud-computing-services-under-digital-markets-act-2025-11-18_en
EC Releases a Report on the Application of Article 33 of the DSA and Its Interaction with Other Legal Acts
Source: EC
https://digital-strategy.ec.europa.eu/en/library/report-application-article-33-regulation-eu-20222065-dsa-and-interaction-regulation-other-legal
Council of the European Union Adopts Rules for Speeding Up the Handling of Cross-border Data Protection Complaints
Source: Council of the European Union
https://www.consilium.europa.eu/en/press/press-releases/2025/11/17/council-adopts-new-eu-law-to-speed-up-handling-cross-border-data-protection-complaints/
EC Evaluates the Interaction of the DSA with Other EU Laws and Its Designation Thresholds for VLOPs and VLOSEs
Source: EC
https://digital-strategy.ec.europa.eu/en/news/commission-evaluates-digital-services-acts-interaction-other-eu-laws-and-its-designation-threshold
EDPB Organizes a Stakeholder Event on Anonymization and Pseudonymization
Source: EDPB
https://www.edpb.europa.eu/news/news/2025/stakeholder-event-anonymisation-and-pseudonymisation-express-your-interest_en
European Supervisory Authorities Announce the List of Critical ICT Third-Party Providers Designated Under the DORA
Source: EIOPA
https://www.eiopa.europa.eu/european-supervisory-authorities-designate-critical-ict-third-party-providers-under-digital-2025-11-18_en#:~:text=The%20European%20Supervisory%20Authorities%20%28EBA%2C%20EIOPA%2C%20and%20ESMA,in%20the%20implementation%20of%20the%20DORA%20oversight%20framework
CJEU Rules That Sending Newsletters Promoting Paid Services to Free Users Constitutes Direct Marketing
Source: CJEU
https://curia.europa.eu/juris/document/document.jsf?text=&docid=306136&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=4667790
EC Launches a Whistleblower Tool for the AI Act
Source: EC
https://digital-strategy.ec.europa.eu/en/news/commission-launches-whistleblower-tool-ai-act#:~:text=The%20European%20Commission%20today%20launched%20a%20whistleblower%20tool,the%20centre%20of%20AI%20expertise%20within%20the%20Commission
EC Requests Shein to Provide Information on the Sale of Illegal Products Under the DSA
Source: EC
https://digital-strategy.ec.europa.eu/en/news/commission-requests-shein-provide-information-sale-illegal-products-under-digital-services-act
United States (US):
White House Launches the Genesis Mission to Build an Integrated AI Platform and Accelerate AI Technological Breakthroughs
Source: The White House
https://www.whitehouse.gov/presidential-actions/2025/11/launching-the-genesis-mission/#:~:text=The%20Genesis%20Mission%20will%20build%20an%20integrated%20AI,hypotheses%2C%20automate%20research%20workflows%2C%20and%20accelerate%20scientific%20breakthroughs
California Attorney General (AG) Reaches a $1.4 Million Settlement with JamCity Over Its Failure to Provide an Opt-out Option in Gaming Apps
Source: California Attorney General (AG)
https://oag.ca.gov/news/press-releases/attorney-general-bonta-secures-14-million-settlement-mobile-app-gaming-company?print=true
CalPrivacy Releases an Infographic on What to Know Before the 2026 CCPA Updates Take Effect
Source: CalPrivacy
https://cppa.ca.gov/pdf/things_to_know_before_2026_updates.pdf
Senate Introduces the Algorithmic Accountability Act
Source: Senate Member's Website
https://www.curtis.senate.gov/wp-content/uploads/2025/11/Bill-Text.pdf
Suno Reaches a Lawsuit Settlement with Warner Music Group (WMG) to Establish a Partnership for Music Model Development
Source: Suno
https://suno.com/blog/wmg-partnership
US Supreme Court Rules That Meta's Acquisitions of Instagram and WhatsApp Did Not Violate Anti-monopoly Laws
Source: CNN
https://edition.cnn.com/2025/11/18/tech/meta-antitrust-suit-decision-not-monopoly
Logitech Confirms to the US Securities and Exchange Commission (SEC) That It Suffered a Cyber Attack Leading to Data Leakage, with No Sensitive Information Involved
Source: National Engineering Research Center for Information Security
https://mp.weixin.qq.com/s/KJYAEbX3Ne3XlXxbCJ3f1A
DJI Issues a Statement Entitled "What’s Going On with DJI in the U.S.?" in Response to the Provision in the US National Defense Authorization Act (NDAA) for Fiscal Year 2025 Requiring National Security Agencies to Conduct Security Audits on Chinese Drone Manufacturers
Source: DJI Official Website
https://viewpoints.dji.com/blog/whats-going-on-with-dji-in-the-u.s
Spain:
Meta Ordered to Pay a €479 Million Fine by Madrid Court for Violating GDPR Through Illegal Use of Personal Data for Advertising
Source: RTE
https://www.rte.ie/news/business/2025/1120/1544971-spain-orders-meta-to-pay-479m-to-digital-media-firms/
Spanish Data Protection Agency (AEPD) Releases an Encryption Guide for Freelancers and Small and Medium-sized Enterprises (SMEs)
Source: AEPD
https://www.aepd.es/prensa-y-comunicacion/notas-de-prensa/la-agencia-publica-guia-ayudar-a-autonomos-y-pymes
Prime Minister Announces an Investigation into Meta Over Alleged Mass Privacy Breaches
Source: EuroWeekly News
https://euroweeklynews.com/2025/11/19/spain-launches-investigation-into-meta-over-alleged-mass-privacy-breach/
AEPD Fines Aena Airports €10 Million Over Facial Recognition Issues
Source: EuroWeekly News
https://euroweeklynews.com/2025/11/26/aena-hit-with-e10-million-fine-over-airport-facial-recognition/
Turkey: KVKK Releases Guidelines on Generative AI and Personal Data Protection
Source: KVKK
https://www.kvkk.gov.tr/SharedFolderServer/CMSFiles/MTY5MjNmNmIwZWY3YTE.pdf
Netherlands: A Wind Turbine Technical Manager Convicted of Stealing Electricity and Computer Intrusion (Illegal Access to Routers and Servers) for Deploying Cryptocurrency Mining Machines and Helium Nodes in the Company's Internal Industrial Network
Source: SecRSS
https://www.secrss.com/articles/85159
Denmark: Datatilsynet Releases Guidelines on the Provision of Employee Data by Suppliers to Purchasers for Compliance Purposes
Source: Datatilsynet
https://www.datatilsynet.dk/presse-og-nyheder/nyhedsarkiv/2025/nov/videregivelse-af-personoplysninger-som-dokumentation-for-overholdelse-af-arbejdsklausuler#:~:text=Datatilsynet%20har%20udarbejdet%20en%20vejledende%20udtalelse%20om%20leverand%C3%B8rers,som%20dokumentation%20for%20overholdelse%20af%20arbejdsklausuler%20i%20kontrakten
Poland: Office of Competition and Consumer Protection (UOKIK) Officially Files an Anti-monopoly Lawsuit Against Three Apple Entities, Accusing Them of Abusing Dominant Market Position Through the ATT Framework
Source: UOKIK
https://uokik.gov.pl/czy-apple-ogranicza-konkurencje-prezes-uokik-stawia-zarzuty
Germany: Bundestag Adopts the Law Implementing the NIS2 Directive
Source: BSI
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2025/251113_NIS-2-Umsetzungsgesetz.html
India: Data Security Council of India (DSCI) Releases a Summary of Data Protection Rules
Source: DSCI
https://www.dsci.in/resource/content/insight-brief-digital-personal-data-protection-rules-2025
France: CNIL Releases Its 10th Innovation and Foresight Report - "Data After Us", Exploring the Issue of Digital Death
Source: CNIL
https://www.cnil.fr/en/cnil-publishes-10th-innovation-and-foresight-report
Ireland: Irish High Court Continues the Stay on the Decision That TikTok Should Stop Transferring Data to China
Source: Irishtimes
https://www.irishtimes.com/business/2025/11/17/high-court-continues-stay-on-decision-tiktok-should-stop-transferring-data-to-china/
Japan: CloudFlare Ordered to Compensate Copyright Owners 500 Million Yen for Constituting Contributory Infringement by Providing CDN Services to Pirate Websites; Repeated Automatic Transmission Through CDN Caching Does Not Constitute Pure "Incidental Use", Clarifying the Liability Boundaries of CDN Service Providers in Copyright Protection
Source: Tokyo District Court
https://www.courts.go.jp/assets/hanrei/hanrei-pdf-95079.pdf
Thailand: Digital Economy and Society Ministry (DES) and Personal Data Protection Commission (PDPC) Suspend the Iris Scan Encryption Token Scheme and Order the Deletion of 1.2 Million Biometric Records Violating the Personal Data Protection Act (PDPA)
Source: National Thailand
https://www.nationthailand.com/news/general/40058731
Note
本文由Gen AI翻译,仅供参考。
Translated by Gen AI service. For reference only.
本期编辑:吴佳蔚 陈煜烺 陈瑞庭 陈曦宇 张丽