China Monthly Data Protection Update: April 2025

Jet Deng
Dacheng
Contact
LinkedIn
Facebook
X
Send
Embed

[co-author: Ken Dai]

Developments Highlights

This monthly report outlines key developments in China’s data protection sector for April. The following events merit special attention:

  • CAC Releases Second Draft Amendment to Cybersecurity Law for Public Feedback: On March 28, 2025, the CAC in collaboration with relevant departments, further drafted the Revised Draft Amendment to the Cybersecurity Law of the People’s Republic of China (Second Version for Public Comments) and published it for comments. The deadline for feedback is April 27, 2025.

  • CAC and the Ministry of Public Security Jointly Issued the Measures for the Security Management of the Application of Face Recognition Technology: On March 13, CAC and the Ministry of Public Security jointly issued the Measures for the Security Management of the Application of Face Recognition Technology, which will come into effect on June 1, 2025.The Measures clarifies the basic requirements for processing facial information using face recognition technology, the processing rules for handling facial information with face recognition technology, the security norms for the application of face recognition technology, as well as the supervisory and management responsibilities.

  • CAC and Three Other Departments Jointly Issued the Measures for Identification of Artificial Intelligence-Generated Synthetic Content: On March 7, CAC along with other relevant departments jointly issued the Measures for Identification of Artificial Intelligence-Generated Synthetic Contents, which will be implemented on September 1, 2025. The Measures aims to promote the healthy development of artificial intelligence, regulate the identification of AI-generated and synthesized content, protect the legitimate rights and interests of citizens, entities, and other organizations, and safeguard social and public interests.

Legislation

CAC Releases Second Draft Amendment to Cybersecurity Law for Public Feedback

On March 28, 2025, the Cyberspace Administration of China (“CAC”) in collaboration with relevant departments, further drafted the Revised Draft Amendment to the Cybersecurity Law of the People’s Republic of China (Second Version for Public Comments) and published it for comments. The deadline for feedback is April 27, 2025. 1

CAC and the Ministry of Public Security Jointly Issued the Measures for the Security Management of the Application of Face Recognition Technology

On March 13, CAC and the Ministry of Public Security jointly issued the Measures for the Security Management of the Application of Face Recognition Technology, which will come into effect on June 1, 2025. The Measures clarifies the basic requirements for processing facial information using face recognition technology, the processing rules for handling facial information with face recognition technology, the security norms for the application of face recognition technology, as well as the supervisory and management responsibilities. 2

One-Year Anniversary of the Implementation of the Provisions on Promoting and Regulating Cross-Border Data Flow: Positive Achievements in Outbound Data Transfer Security Management

Since the promulgation and implementation of the Provisions on Promoting and Regulating Cross-border Data Flow on March 22, 2024, positive achievements have been made in the management of outbound data transfer security. The achievements include advancements in measures to facilitate cross-border data flows, efficiency in conducting security assessments for outbound data transfer, implementation of the negative list system, propaganda and implementation of policies on outbound data transfer security management, and cross-border cooperation in this regard. 3

CAC and Three Other Departments Jointly Issued the Measures for Identification of Artificial Intelligence-Generated Synthetic Contents

On March 7, CAC along with other relevant departments jointly issued the Measures for Identification of Artificial Intelligence-Generated Synthetic Contents, which will be implemented on September 1, 2025. The Measures aims to promote the healthy development of artificial intelligence, regulate the identification of AI-generated and synthesized content, protect the legitimate rights and interests of citizens, entities, and other organizations, and safeguard social and public interests. 4

NPC to Review and Amend the Cybersecurity Law in 2025, Strengthen Legislative Research on AI Industries

On March 8, Zhao Leji, Chairman of the Standing Committee of the National People’s Congress, proposed in the work report that in 2025, it is necessary to advance legislation with high quality and implement the requirements for deepening reforms in the legislative field. This includes amending the Cybersecurity Law and strengthening legislative research around emerging areas such as artificial intelligence, digital economy, and big data. 5

Authorities

Yunda under Investigation by the State Post Bureau due to Significant Vulnerabilities in Customer Security Management

On March 19, 2025, the State Post Bureau released news stating that some franchise enterprises of Yunda Express had significant vulnerabilities in the security management of the customers, leading to fraudulent promotional materials entering the delivery channel and causing significant property losses. The State Post Bureau has filed a case against Shanghai Yunda Cargo Ltd. in accordance with the law. 6

The 3.15 Evening News Exposed the Chaos in the Industry of Big Data Customer Acquisition Software Stealing Consumers’ Private Information

In the 3.15 Evening News of 2025, several incidents of big data customer acquisition software stealing users’ privacy were exposed. These customer acquisition software companies used crawler technics to embed themselves into well-known internet platforms, stealing consumers’ personal information and reselling it to merchants. They were also capable of capturing personal information of users who called specific numbers, visited specific websites, or used specific apps through telecommunications operators. 7

Ministry of Public Security Announced 10 Typical Cases involving Infringement of Citizens’ Personal Information

On March 18, the Ministry of Public Security announced 10 typical cases of cracking down on crimes involving the infringement of citizens’ personal information in accordance with the law. Over the past year, public security organs across the country have deeply promoted the “Clean Network” special action, closely monitoring key links such as information acquisition, information resale, and information use. They have taken strong measures to destroy a number of personal information trading platforms and resolutely cut off the criminal chain of infringing upon citizens’ personal information. 8

China Consumers Association and Two other Departments Jointly Published the Research Report on Analysis of Issues Related to Excessive Collection and Leakage of Personal Information

In March, the China Cybersecurity Association, China Consumers Association, and Xinhuanet jointly compiled the Research Report on Analysis of Issues Related to Excessive Collection and Leakage of Personal Information. The research report, based on 11 typical cases, points out the typical issues of excessive collection and leakage of personal information. 9

Courts Litigation

SPP: 5,061 Public Interest Litigation Cases in the Field of Personal Information Protection Handled in 2024

On March 9, 2025, the Supreme People’s Procuratorate (“SPP”) released the White Paper on Public Interest Litigation Work of the Supreme People’s Procuratorate (2024), disclosing that procuratorial organs across the country handled 5,061 cases related to personal information protection. The Supreme People’s Procuratorate guided local procuratorates to prioritize the protection of sensitive personal information, such as biometric data, medical and health information, financial accounts, and location traces, in their case handling efforts. This initiative aims to strengthen the protection of personal information and enhance the level of information security. 10

  1. https://www.cac.gov.cn/2025-03/28/c_1744779434867328.htm
  2. https://www.cac.gov.cn/2025-03/21/c_1744174262156096.htm?sessionid=-781246546
  3. https://mp.weixin.qq.com/s/z-r9bj7ReZAzT0aP6V4TiQ?scene=25#wechat_redirect
  4. https://www.cac.gov.cn/2025-03/14/c_1743654684782215.htm
  5. https://mp.weixin.qq.com/s/SPa8QrhHW8fS68B_dD_YRQ?scene=25#wechat_redirect
  6. https://mp.weixin.qq.com/s/E-f8Qh2MHplFEAz11Ryr3Q?scene=25#wechat_redirect
  7. https://mp.weixin.qq.com/s/9pb0tsQ4hlBT-fUljRwoFg?scene=25#wechat_redirect
  8. https://www.mps.gov.cn/n2254098/n4904352/c10003380/content.html?sessionid=-776318907
  9. https://mp.weixin.qq.com/s/lWGGvMNXokh4-0HQFV-7LA?scene=25#wechat_redirect
  10. https://www.spp.gov.cn/xwfbh/wsfbh/202503/t20250309_688675.shtml
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Dacheng

Written by:

Dacheng
Dacheng
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Dacheng on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide