AI Photo: VCG

A local cybersecurity department of the public security authorities said on Monday that it has imposed administrative penalties on an artificial intelligence (AI) service company for failing to conduct personal information assessment.

The company, which specializes in providing foundational data (training data) for AI model training, did not conduct a personal information protection impact assessment as mandated by the Personal Information Protection Law before processing sensitive personal information such as facial data, said the department.

In response, the local public security bureau has issued administrative penalties against the company and ordered it to rectify the violations in accordance with the law.

The department further reminded all data processors providing generative AI services shall enhance security management of training data and associated processing activities, and to take effective measures to prevent and mitigate network and data security risks.

It urges that when collecting citizens' personal information, promptly obtain the consent of the collection subjects, conduct personal information protection impact assessments and data outbound security assessments before delivering data externally, and ensure the high-quality development of the AI industry with a higher level of training data security.

It also urged companies to obtain consent from the subject of collection in a timely manner when collecting personal information, perform personal information protection impact assessments and data export security evaluations prior to external data transfers, and ensure high-quality development of the AI industry with a higher level of training data security.

Global Times